From dickenson at cfmc.com Sun Mar 1 01:32:10 2009 From: dickenson at cfmc.com (Jim Dickenson) Date: Sun Mar 1 01:32:23 2009 Subject: New Server, same old problem In-Reply-To: <55002.24.90.249.47.1235857909.squirrel@www.engineno9inc.com> Message-ID: When you start MailScanner does sendmail start up its instances to read from MailScanner's output queue? On my system I have these instances of sendmail running: sendmail: accepting connections sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue sendmail: Queue runner@00:15:00 for /var/spool/mqueue -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Alden Levy > Reply-To: MailScanner discussion > Date: Sat, 28 Feb 2009 16:51:49 -0500 (EST) > To: > Subject: New Server, same old problem > > I've been running MS for a few years now, and I love it. This list has > been a tremendous help whether I'm just lurking or have a specific > question. > > Right now, I have MS 4.74.16 installed. When I go to start it up (after > following all of the instructions and turning off sendmail), mail flows in > fine, but I cannot telnet in to the mail server, nor can I send mail. It > seems that this would be a sendmail issue, but when I shut down MS and > start up sendmail, everything flows fine. > > Thanks! > > Alden Levy > Engine No. 9, Inc. > 130 West 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 (fax) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maxsec at gmail.com Sun Mar 1 09:46:19 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sun Mar 1 09:46:29 2009 Subject: {?} Re: MailScanner on FreeBSD amd64 box In-Reply-To: <20090227224522.GA20118@doctor.nl2k.ab.ca> References: <20090227173538.GB27379@doctor.nl2k.ab.ca> <72cf361e0902271334p4b2eeedftb8c0d838212e5115@mail.gmail.com> <20090227224522.GA20118@doctor.nl2k.ab.ca> Message-ID: <72cf361e0903010146o45c61b65ye1638f23a80dd0fb@mail.gmail.com> 2009/2/27 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem : > On Fri, Feb 27, 2009 at 09:34:20PM +0000, Martin Hepworth wrote: >> 2009/2/27 Dave Shariff Yadallee - System Administrator a.k.a. The Root >> of the Problem : >> > Right why am I not getting additional headers being added on like >> > >> > X-NetKnow-InComing-4-74-16-1-MailScanner-Information: Please contact the ISP >> > ? ? ? ?for more information >> > X-NetKnow-InComing-4-74-16-1-MailScanner-ID: n1RHGBtC023165 >> > X-NetKnow-InComing-4-74-16-1-MailScanner: Found to be clean >> > X-NetKnow-InComing-4-74-16-1-MailScanner-IP-Protocol: IPv4 >> > X-NetKnow-InComing-4-74-16-1-MailScanner-From: >> > ? ? ? ?mailscanner-bounces@lists.mailscanner.info >> > X-NetKnow-InComing-4-74-16-1-MailScanner-Watermark: >> > ? ? ? ?1236186980.11499@thj+H7U1KQPNQ95fTV5HZA >> > >> > >> > The box I am referring to is running FreeBsd 6.4 on amd64 and I did not >> > do a port (the port tree is out of date). >> > >> > -- >> > This message has been scanned for viruses and >> > dangerous content by MailScanner, and is >> > believed to be clean. >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> >> >> In that case your MTA isn't queuing email for MailScanner. what MTA >> and how did you install? >> > > The most current version of Sendmail. > >> -- >> Martin Hepworth >> Oxford, UK >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Then I'd double check the sendmail settings as it's not queuing locally but delivering straight away. NB with a non-ports install you have to config everything (including the MTA) youself. -- Martin Hepworth Oxford, UK From linuxhousedn at yahoo.com Sun Mar 1 11:42:39 2009 From: linuxhousedn at yahoo.com (Linux Advocate) Date: Sun Mar 1 11:42:49 2009 Subject: New installation of Mailscanner In-Reply-To: References: <360980.41233.qm@web51112.mail.re2.yahoo.com> Message-ID: <861338.33123.qm@web51108.mail.re2.yahoo.com> thanx kal. ----- Original Message ---- > From: Kai Schaetzl > Subject: Re: New installation of Mailscanner > > you do not need any of these extra perl packages if you used that repo we > told you on the centos-list. i did. >If you used the other method the only > additional module you need is the tnef one. That is in the tarball and can > be installed separately. Or from rpmforge. > From linuxhousedn at yahoo.com Sun Mar 1 11:49:51 2009 From: linuxhousedn at yahoo.com (Linux Advocate) Date: Sun Mar 1 11:50:01 2009 Subject: New installation of Mailscanner In-Reply-To: References: <360980.41233.qm@web51112.mail.re2.yahoo.com> Message-ID: <274176.33223.qm@web51111.mail.re2.yahoo.com> thanx. > > Hi! > > > a.) How do i test my installation? is there some sample spam messages that can > be used to test. > > b.) MailScanner -V shows; > > > > b.1) > > > > LibClamAV Warning: ************************************************** > > LibClamAV Warning: *** The virus database is older than 7 days! *** > > LibClamAV Warning: *** Please update it as soon as possible. *** > > LibClamAV Warning: ************************************************** > > > > how do i update this database? > > This is a ClamAV question. But you can run freshclam for example. Thats in > the Clam manuals and FAQs also btw. > > > b.2) there are some modules missing; how do i iinstall them or do i ignore > them > > > > > > > > 1.30 Archive::Tar > > 0.17 bignum > > missing Business::ISBN <---- missing ? > > So install them :-) > > Bye, > Raymond. > -- > MailScanner mailing list From MailScanner at ecs.soton.ac.uk Sun Mar 1 14:21:16 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 1 14:21:37 2009 Subject: Crash protection Message-ID: <49AA99DC.1080708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released version 4.75.2, which has the new feature some people have been asking for. Implemented crash-protection, by limiting the number of attempts made at processing any given message. There are 2 new configuration settings: "Maximum Processing Attempts" which is set to 6 by default, and "Processing Attempts Database" which is set to /var/spool/MailScanner/incoming/Processing.db by default. To disable this feature, just set "Maximum Processing Attempts = 0". To clean out the database, just stop MailScanner and delete the database file. It's enabled by default in this beta. It currently just runs a counter of the number of times the message has been attempted. I didn't want to make it time-based, as then you would run into trouble if for some reason you stopped MailScanner but left the incoming MTA open, so you could work on the system while not rejecting mail. Then there might be quite a big gap between the time it arrived in the queue and the time it is processed. All suggestions on how to improve this feature are most welcome! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJqpnfEfZZRxQVtlQRAlMiAJ4y61tWZ10ExXPpDynukYIbNCl28wCdE6cK lQ+n2a0AY/6BAboMZ2RXdnA= =A6Wb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From butler at globeserver.com Sun Mar 1 14:33:02 2009 From: butler at globeserver.com (Philip Butler) Date: Sun Mar 1 14:34:37 2009 Subject: Issues with DWF Autocad files... Message-ID: <13A75C14-8916-43B5-B073-0D8417E9916A@globeserver.com> Hi all, I am having an issue with some Autocad (.DWF) files. It seems that these files are basically a zip type format with some .tmp files within. I have had one person tell me that the .tmp sub-files are font caches or something. I have tried adding .dwf to the filetype rules to allow, but MS still unzips and finds the .tmp files. I can remove the .tmp line from the filename.rules.conf file and MS will then allow the message to pass, but it's obvious that this is not an optimal solution. Is there a way to unconditionally allow .dwf files and stop scanning within for the filename rules ?? It would be nice if it would still scan for viruses, but to nix the filetype rules. I have searched the net and MS list archives and haven't found anything that pops out at me. That's not to say this hasn't been answered before - I just haven't found it. Thanks, Phil From raymond at prolocation.net Sun Mar 1 15:14:05 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 1 15:14:14 2009 Subject: Crash protection In-Reply-To: <49AA99DC.1080708@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: Hi Julian, > Implemented crash-protection, by limiting the number of attempts made at > processing any given message. There are 2 new configuration settings: > "Maximum Processing Attempts" which is set to 6 by default, and > "Processing Attempts Database" which is set to Thats cool! > /var/spool/MailScanner/incoming/Processing.db by default. > To disable this feature, just set "Maximum Processing Attempts = 0". > To clean out the database, just stop MailScanner and delete the database > file. > > It's enabled by default in this beta. > > It currently just runs a counter of the number of times the message has > been attempted. I didn't want to make it time-based, as then you would > run into trouble if for some reason you stopped MailScanner but left the > incoming MTA open, so you could work on the system while not rejecting > mail. Then there might be quite a big gap between the time it arrived in > the queue and the time it is processed. > > All suggestions on how to improve this feature are most welcome! A way to notify a operator that this is happening. So a cron or something to send out a hourly report or something so at least you know something is stuck ;) Thanks, Raymond. From MailScanner at ecs.soton.ac.uk Sun Mar 1 15:21:36 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 1 15:21:58 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: <49AAA800.5000607@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/3/09 15:14, Raymond Dijkxhoorn wrote: > Hi Julian, > >> Implemented crash-protection, by limiting the number of attempts made at >> processing any given message. There are 2 new configuration settings: >> "Maximum Processing Attempts" which is set to 6 by default, and >> "Processing Attempts Database" which is set to > > Thats cool! > >> /var/spool/MailScanner/incoming/Processing.db by default. >> To disable this feature, just set "Maximum Processing Attempts = 0". >> To clean out the database, just stop MailScanner and delete the database >> file. >> >> It's enabled by default in this beta. >> >> It currently just runs a counter of the number of times the message has >> been attempted. I didn't want to make it time-based, as then you would >> run into trouble if for some reason you stopped MailScanner but left the >> incoming MTA open, so you could work on the system while not rejecting >> mail. Then there might be quite a big gap between the time it arrived in >> the queue and the time it is processed. >> >> All suggestions on how to improve this feature are most welcome! > > A way to notify a operator that this is happening. So a cron or > something to send out a hourly report or something so at least you > know something is stuck ;) At the moment it just logs it. I might add a command-line option to MailScanner to make it report the contents of the database table. Would that do? You could then have a cron job that ran that command, and if it produced anything then it could mail it to the postmaster. > > Thanks, > Raymond. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJqqgDEfZZRxQVtlQRAn5eAJ9YV6RLJM7Ozc+o8/vg3nZ0pzvUHwCeMvFL AGf8HnAUOC6GZJwCumbKHfE= =xhMG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Sun Mar 1 15:25:45 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sun Mar 1 15:25:54 2009 Subject: Crash protection In-Reply-To: <49AAA800.5000607@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49AAA800.5000607@ecs.soton.ac.uk> Message-ID: Hi! >>> All suggestions on how to improve this feature are most welcome! >> A way to notify a operator that this is happening. So a cron or >> something to send out a hourly report or something so at least you >> know something is stuck ;) > At the moment it just logs it. I might add a command-line option to > MailScanner to make it report the contents of the database table. Would > that do? You could then have a cron job that ran that command, and if it > produced anything then it could mail it to the postmaster. Sure, thats fine. Bye, Raymond. From MailScanner at ecs.soton.ac.uk Sun Mar 1 16:45:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 1 16:46:07 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49AAA800.5000607@ecs.soton.ac.uk> Message-ID: <49AABBBB.60107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/3/09 15:25, Raymond Dijkxhoorn wrote: > Hi! > >>>> All suggestions on how to improve this feature are most welcome! > >>> A way to notify a operator that this is happening. So a cron or >>> something to send out a hourly report or something so at least you >>> know something is stuck ;) > >> At the moment it just logs it. I might add a command-line option to >> MailScanner to make it report the contents of the database table. Would >> that do? You could then have a cron job that ran that command, and if it >> produced anything then it could mail it to the postmaster. > > Sure, thats fine. Take a look at 4.75.3. It adds a command "processing_messages_alert" which runs the command MailScanner --processing which outputs a dump of the table, excluding messages which are only being processed for the first time (ie it only prints records for which tries>1). The "processing_messages_alert" turns that into an email message which it sends to you according to your MailScanner.conf setup. It's a very simple script, feel free to rip it apart and improve it. You can run the command MailScanner --processing yourself, but be warned it will only generate any output if there is something to tell you. In the Linux RPM distributions of MailScanner, that script is run hourly to alert the sysadmin that there might be something wrong. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJqru9EfZZRxQVtlQRAqsZAJ9lJUzpgkNG6Q5UZ7t0p57nl2S9LQCg1rt1 1HseekapBUyS91ubDd6/+uY= =rt+I -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 1 16:49:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 1 16:49:43 2009 Subject: Issues with DWF Autocad files... In-Reply-To: <13A75C14-8916-43B5-B073-0D8417E9916A@globeserver.com> References: <13A75C14-8916-43B5-B073-0D8417E9916A@globeserver.com> Message-ID: <49AABC92.9050800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you have "Find Archives By Content = yes" then it will always apply the filename and filetype checks to the contents of attachments which are really archives, regardless of the filename. So you cannot avoid the checks this way, except by setting that switch to "no" at which point people can get past your filename traps by just zipping the dodgy file and renaming the zip file so it doesn't end in ".zip". After all, what's the difference between a file in an archive that is really a DWF file generated by Autocad, and a malicious file in an archive which the attacker chose to call "pretty.dwf"? Jules. On 1/3/09 14:33, Philip Butler wrote: > Hi all, > > I am having an issue with some Autocad (.DWF) files. It seems that > these files are basically a zip type format with some .tmp files > within. I have had one person tell me that the .tmp sub-files are > font caches or something. > > I have tried adding .dwf to the filetype rules to allow, but MS still > unzips and finds the .tmp files. I can remove the .tmp line from the > filename.rules.conf file and MS will then allow the message to pass, > but it's obvious that this is not an optimal solution. > > Is there a way to unconditionally allow .dwf files and stop scanning > within for the filename rules ?? It would be nice if it would still > scan for viruses, but to nix the filetype rules. > > I have searched the net and MS list archives and haven't found > anything that pops out at me. That's not to say this hasn't been > answered before - I just haven't found it. > > Thanks, > > Phil > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJqryTEfZZRxQVtlQRAlVlAJ9+o9GPzH/WcPXOdQB/bu4dTaBsawCbBJ+6 MYaluo5oir0Qjk1htUKQDJM= =8VrL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 1 19:11:01 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 1 19:11:30 2009 Subject: Crash protection In-Reply-To: <49AABBBB.60107@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49AAA800.5000607@ecs.soton.ac.uk> <49AABBBB.60107@ecs.soton.ac.uk> Message-ID: <49AADDC5.10608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/3/09 16:45, Julian Field wrote: > * PGP Signed: 03/01/09 at 16:45:49 > > > > On 1/3/09 15:25, Raymond Dijkxhoorn wrote: >> Hi! >> >>>>> All suggestions on how to improve this feature are most welcome! >> >>>> A way to notify a operator that this is happening. So a cron or >>>> something to send out a hourly report or something so at least you >>>> know something is stuck ;) >> >>> At the moment it just logs it. I might add a command-line option to >>> MailScanner to make it report the contents of the database table. Would >>> that do? You could then have a cron job that ran that command, and >>> if it >>> produced anything then it could mail it to the postmaster. >> >> Sure, thats fine. > Take a look at 4.75.3. It adds a command "processing_messages_alert" > which runs the command > MailScanner --processing > which outputs a dump of the table, excluding messages which are only > being processed for the first time (ie it only prints records for > which tries>1). The "processing_messages_alert" turns that into an > email message which it sends to you according to your MailScanner.conf > setup. > > It's a very simple script, feel free to rip it apart and improve it. > You can run the command > MailScanner --processing > yourself, but be warned it will only generate any output if there is > something to tell you. > > In the Linux RPM distributions of MailScanner, that script is run > hourly to alert the sysadmin that there might be something wrong. I have added some more code since then that generates a proper sender error and local postmaster notice whenever it scraps a message due to it triggering the crash-protection. I'll make it leave these messages in the "processing-messages" database so that the alert every hour will still report them. Otherwise you won't probably notice anything is wrong unless your users send you the "message tried to kill MailScanner" reports or you actually read the postmaster notices. The message ids will stay in the database forever, or until you kill the database file, which you can do at pretty much any time, so long as you "reload" MailScanner after you do it. Check out 4.75.4. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJqt3KEfZZRxQVtlQRAtOLAKC2dUhxqmUI3Xr7b6/JjTbAajiceQCg1U5I L1hzD4zSMNZQUfu2s/wBr1I= =i5Zw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alden at engineno9inc.com Mon Mar 2 00:13:41 2009 From: alden at engineno9inc.com (Alden Levy) Date: Mon Mar 2 00:13:46 2009 Subject: New Server, same old problem In-Reply-To: <55002.24.90.249.47.1235857909.squirrel@www.engineno9inc.com> References: <55002.24.90.249.47.1235857909.squirrel@www.engineno9inc.com> Message-ID: <000001c99acb$be3fa350$6001a8c0@AldenLap> As it turns out, I was mistaken when I said I couldn't telnet in. I can. I just can't send email from my desktop (nor can my users). The server, itself can send, as I can from SquirrelMail. Sorry about that. I think I had that problem on my last server! An example of the error I get is: sendmail[7153]: n21NtsYp007153: IPNAME_HERE [xxx.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA These are my instances of sendmail: sendmail: accepting connections sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue sendmail: Queue runner@00:15:00 for /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue Thanks for helping! --Alden >Date: Sat, 28 Feb 2009 17:32:10 -0800 >From: Jim Dickenson >Subject: Re: New Server, same old problem >To: MailScanner Mail List >Message-ID: >Content-Type: text/plain; charset="US-ASCII" > >When you start MailScanner does sendmail start up its instances to read from >MailScanner's output queue? On my system I have these instances of sendmail >running: > >sendmail: accepting connections >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue >sendmail: Queue runner@00:15:00 for /var/spool/mqueue >-- >Jim Dickenson >mailto:dickenson@cfmc.com > >CfMC >http://www.cfmc.com/ > From: Alden Levy > Reply-To: MailScanner discussion > Date: Sat, 28 Feb 2009 16:51:49 -0500 (EST) > To: > Subject: New Server, same old problem > > I've been running MS for a few years now, and I love it. This list has > been a tremendous help whether I'm just lurking or have a specific > question. > > Right now, I have MS 4.74.16 installed. When I go to start it up (after > following all of the instructions and turning off sendmail), mail flows in > fine, but I cannot telnet in to the mail server, nor can I send mail. It > seems that this would be a sendmail issue, but when I shut down MS and > start up sendmail, everything flows fine. > > Thanks! > > Alden Levy -----Original Message----- From: Alden Levy [mailto:alden@engineno9inc.com] Sent: Saturday, February 28, 2009 4:52 PM To: mailscanner@lists.mailscanner.info Subject: New Server, same old problem I've been running MS for a few years now, and I love it. This list has been a tremendous help whether I'm just lurking or have a specific question. This time, it's another question: This is the second server I've switched my MS install to, and the second time I've had a problem. Unfortunately, I can't find the guy who helped me the first time around. So, I was hoping someone here would be able to help. In any event, here are the specifics: Until recently, I had two servers running MS (one FC3!) and one CentOS 4. I have now consolidated onto one server running CentOS 5.2. All of the servers had been running Ensim (now, Parallels Pro 10.x). However, I have always run MS outside of Ensim. I copied the MS directory (/etc/MailScanner) from the CentOS 4 server, and tried to harmonize my sendmail.mc with the one from the old server as well. I installed a new MS and upgraded the conf files. The old servers are now long gone. Right now, I have MS 4.74.16 installed. When I go to start it up (after following all of the instructions and turning off sendmail), mail flows in fine, but I cannot telnet in to the mail server, nor can I send mail. It seems that this would be a sendmail issue, but when I shut down MS and start up sendmail, everything flows fine. The only change that I can recall making from my last instance was using clamd instead of clamav. I tried switching back to clamav, but I still had these issues. I have been running sendmail with spamc/spamd and clamd until I could get this fixed, but I don't have to tell you that this doesn't give me the flexibility or control that running MS does. The results of MailScanner --lint are: Trying to setlogsock(unix) Read 856 hostnames from the phishing whitelist Read 4798 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.74.16) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. I have found clamd scanners installed, and will use them all by default. Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Likewise, spamassassin -D --lint doesn't give any errors. MailScanner -v lists all of the required modules. The only optional ones I'm missing are: Encode::Detect, ExtUtils::CBuilder, ExtUtils::ParseXS, Mail::ClamAV, Net::LDAP, and SAVI. It reports my SA as version 3.002004 I'm running Perl v. 5.8.8 and sendmail 8.13.8 I'm happy to post any of my sendmail.mc sendmail.cf, MS or SA files (or whatever else might be relevant upon request. Any help or a kick in the right direction would be greatly appreciated. Thanks! Alden Levy Engine No. 9, Inc. 130 West 57th Street, Suite 2F New York, NY 10019 (212) 981-1122 (212) 504-9598 (fax) From maillists at conactive.com Mon Mar 2 00:43:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 2 00:43:26 2009 Subject: Crash protection In-Reply-To: <49AA99DC.1080708@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sun, 01 Mar 2009 14:21:16 +0000: > To disable this feature, just set "Maximum Processing Attempts = 0". Could you please consider this as a default? As has become very clear in the newsgroup only very few people are affected by the problem. So, this feature, which probably comes with a small performance hit, shouldn't be on by default. Have a good night! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Mar 2 00:43:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 2 00:43:26 2009 Subject: New Server, same old problem In-Reply-To: <000001c99acb$be3fa350$6001a8c0@AldenLap> References: <55002.24.90.249.47.1235857909.squirrel@www.engineno9inc.com> <000001c99acb$be3fa350$6001a8c0@AldenLap> Message-ID: Alden Levy wrote on Sun, 1 Mar 2009 19:13:41 -0500: > An example of the error I get is: > sendmail[7153]: n21NtsYp007153: IPNAME_HERE [xxx.xxx.xxx.xxx] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA well, most simple suggestion: you haven't setup SMTP AUTH correctly. Telnet from the same machine you are using the client on and try to send a mail manually. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From alex at rtpty.com Mon Mar 2 01:16:26 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 2 01:16:38 2009 Subject: New Server, same old problem In-Reply-To: <000001c99acb$be3fa350$6001a8c0@AldenLap> References: <55002.24.90.249.47.1235857909.squirrel@www.engineno9inc.com> <000001c99acb$be3fa350$6001a8c0@AldenLap> Message-ID: <24e3d2e40903011716o1b277a36r7c0cea23bf192bf8@mail.gmail.com> You probably didn't remove the "listen only on localhost" line common to most CentOS/RedHat systems. You probably don't remember doing it on the old system. Look for: dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Addr=127.0.0.1, Name=MTA')dnl Remove "Addr=127.0.0.1, " from that line and sendmail should listen on all interfaces. On Sun, Mar 1, 2009 at 7:13 PM, Alden Levy wrote: > As it turns out, I was mistaken when I said I couldn't telnet in. I can. > I > just can't send email from my desktop (nor can my users). The server, > itself can send, as I can from SquirrelMail. Sorry about that. I think I > had that problem on my last server! > > An example of the error I get is: > sendmail[7153]: n21NtsYp007153: IPNAME_HERE [xxx.xxx.xxx.xxx] did not issue > MAIL/EXPN/VRFY/ETRN during connection to MTA > > These are my instances of sendmail: > sendmail: accepting connections > > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue > sendmail: Queue runner@00:15:00 for > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue > > > Thanks for helping! > > --Alden > > > >Date: Sat, 28 Feb 2009 17:32:10 -0800 > >From: Jim Dickenson > >Subject: Re: New Server, same old problem > >To: MailScanner Mail List > >Message-ID: > > > >Content-Type: text/plain; charset="US-ASCII" > > > >When you start MailScanner does sendmail start up its instances to read > from > >MailScanner's output queue? On my system I have these instances of > sendmail > >running: > > > >sendmail: accepting connections > >sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue > >sendmail: Queue runner@00:15:00 for /var/spool/mqueue > >-- > >Jim Dickenson > >mailto:dickenson@cfmc.com > > > >CfMC > >http://www.cfmc.com/ > > > > > From: Alden Levy > > Reply-To: MailScanner discussion > > Date: Sat, 28 Feb 2009 16:51:49 -0500 (EST) > > To: > > Subject: New Server, same old problem > > > > I've been running MS for a few years now, and I love it. This list has > > been a tremendous help whether I'm just lurking or have a specific > > question. > > > > Right now, I have MS 4.74.16 installed. When I go to start it up (after > > following all of the instructions and turning off sendmail), mail flows > in > > fine, but I cannot telnet in to the mail server, nor can I send mail. It > > seems that this would be a sendmail issue, but when I shut down MS and > > start up sendmail, everything flows fine. > > > > Thanks! > > > > Alden Levy > > -----Original Message----- > From: Alden Levy [mailto:alden@engineno9inc.com] > Sent: Saturday, February 28, 2009 4:52 PM > To: mailscanner@lists.mailscanner.info > Subject: New Server, same old problem > > I've been running MS for a few years now, and I love it. This list has > been a tremendous help whether I'm just lurking or have a specific > question. > > This time, it's another question: This is the second server I've switched > my MS install to, and the second time I've had a problem. Unfortunately, > I can't find the guy who helped me the first time around. So, I was hoping > someone here would be able to help. > > In any event, here are the specifics: > Until recently, I had two servers running MS (one FC3!) and one CentOS 4. > I have now consolidated onto one server running CentOS 5.2. All of the > servers had been running Ensim (now, Parallels Pro 10.x). However, I have > always run MS outside of Ensim. > > I copied the MS directory (/etc/MailScanner) from the CentOS 4 server, and > tried to harmonize my sendmail.mc with the one from the old server as > well. I installed a new MS and upgraded the conf files. The old servers > are now long gone. > > Right now, I have MS 4.74.16 installed. When I go to start it up (after > following all of the instructions and turning off sendmail), mail flows in > fine, but I cannot telnet in to the mail server, nor can I send mail. It > seems that this would be a sendmail issue, but when I shut down MS and > start up sendmail, everything flows fine. > > The only change that I can recall making from my last instance was using > clamd instead of clamav. I tried switching back to clamav, but I still > had these issues. I have been running sendmail with spamc/spamd and clamd > until I could get this fixed, but I don't have to tell you that this > doesn't give me the flexibility or control that running MS does. > > The results of MailScanner --lint are: > Trying to setlogsock(unix) > Read 856 hostnames from the phishing whitelist > Read 4798 hostnames from the phishing blacklist > Checking version numbers... > Version number in MailScanner.conf (4.74.16) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > I have found clamd scanners installed, and will use them all by default. > Using locktype = posix > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature" > > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > Likewise, spamassassin -D --lint doesn't give any errors. > > MailScanner -v lists all of the required modules. The only optional ones > I'm missing are: Encode::Detect, ExtUtils::CBuilder, ExtUtils::ParseXS, > Mail::ClamAV, Net::LDAP, and SAVI. It reports my SA as version 3.002004 > > I'm running Perl v. 5.8.8 and sendmail 8.13.8 > > I'm happy to post any of my sendmail.mc sendmail.cf, MS or SA files (or > whatever else might be relevant upon request. > > Any help or a kick in the right direction would be greatly appreciated. > > Thanks! > > Alden Levy > Engine No. 9, Inc. > 130 West 57th Street, Suite 2F > New York, NY 10019 > (212) 981-1122 > (212) 504-9598 (fax) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090301/1fba8818/attachment.html From alden at engineno9inc.com Mon Mar 2 03:00:05 2009 From: alden at engineno9inc.com (Alden Levy) Date: Mon Mar 2 03:00:17 2009 Subject: New Server, same old problem In-Reply-To: <200903011201.n21C0gMR028725@safir.blacknight.ie> References: <200903011201.n21C0gMR028725@safir.blacknight.ie> Message-ID: <001901c99ae2$ff53faf0$6001a8c0@AldenLap> Alex Neuman alex at rtpty.com Mon Mar 2 01:16:26 GMT 2009 >You probably didn't remove the "listen only on localhost" line common to >most CentOS/RedHat systems. You probably don't remember doing it on the old >system. Look for: > >dnl # The following causes sendmail to only listen on the IPv4 loopback >address >dnl # 127.0.0.1 and not on any other network devices. Remove the loopback >dnl # address restriction to accept email from the internet or intranet. >dnl # >DAEMON_OPTIONS(`Port=smtp, Addr=127.0.0.1, Name=MTA')dnl > >Remove "Addr=127.0.0.1, " from that line and sendmail should listen on all >interfaces. Kai, AUTH seems to be set up correctly, as I can run sendmail without MailScanner and I can send and receive. Alex, I don't have this option, and sendmail does work. Is it possible that: A) My MailScanner_app_init is wrong? I believe this happened to me once before. B) MS is picking up a different sendmail.cf or doing something to it that it doesn't "like"? I'd be surprised, but I'm kind of grasping at straws if the above isn't an issue. The relevant (to me!) sections of MailScanner are: from StartinSendmail: elif [ $MTA = 'sendmail' ]; then /usr/bin/newaliases > /dev/null 2>&1 if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then make -C /etc/mail -s else for i in virtusertable access domaintable mailertable ; do if [ -f /etc/mail/$i ] ; then makemap hash /etc/mail/$i < /etc/mail/$i fi done fi $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID touch /var/run/sm-client.pid chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null success echo >From StartOutSendmail: elif [ $MTA = 'sendmail' ]; then $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \ -OPidFile=$OUTPID success echo The only other thing I've changed from my old servers is that I know use clamd instead of clamav. Is it possible this is all due to a permissions issue? Or, perhaps my MS.conf settings are off? --Alden From jonas at vrt.dk Mon Mar 2 09:08:00 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Mar 2 09:08:12 2009 Subject: Crash protection In-Reply-To: <49AA99DC.1080708@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: <004601c99b16$6290c390$27b24ab0$@dk> Wow nice! That?s, for me, the best new feature in a very long time. And you even prepared stuff to make it monitorable. Brilliant! I will deploy it within the week I think, and will get back if I notice anything odd. We unfortunately have had 2-3 situations with mailscanner crashing and holding up the queue as a result. This was very much awaited and wanted :) Thanks again Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From MailScanner at ecs.soton.ac.uk Mon Mar 2 09:58:45 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 2 09:59:04 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: <49ABADD5.7040404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/3/09 00:43, Kai Schaetzl wrote: > Julian Field wrote on Sun, 01 Mar 2009 14:21:16 +0000: > > >> To disable this feature, just set "Maximum Processing Attempts = 0". >> > > Could you please consider this as a default? As has become very clear in > the newsgroup only very few people are affected by the problem. So, this > feature, which probably comes with a small performance hit, shouldn't be > on by default. I am going to leave it switched on by default in these betas, as I want people to try it. However, I will try to remember to switch the default before I produce the next stable release. Can you remind me at the end of this month to set the default please? :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJq63VEfZZRxQVtlQRAoGcAKCK5Onqz4aKfLDR5yRbHqC3brkI8ACg9hmx 1GGaCdSffs2lhLL4XicwLO4= =6oWY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 2 10:02:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 2 10:03:13 2009 Subject: Crash protection In-Reply-To: <004601c99b16$6290c390$27b24ab0$@dk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <004601c99b16$6290c390$27b24ab0$@dk> Message-ID: <49ABAECA.30000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 **Note:** 4.75.5 requires you to delete /var/spool/MailScanner/incoming/Processing.db if you have just upgraded from an earlier beta in the range 4.75.1 - 4.75.4, as I have changed the database structure. I have improved it further. To avoid throwing away any good messages in a batch that contained a bad message, I am now waiting a random time between 2 and 6 minutes (i.e. 4 +- 2 minutes) before retrying a message that made MailScanner crash. This should randomise the batches well enough that good messages won't get caught up by mistake. Also, when a message is thrown away, it is not only quarantined and so on, but the details are moved to a separated "archive" table which is printed separately when you run "MailScanner --processing". Then you can easily see the difference between any messages currently being handled, and the contents of the list of all the messages that have ever been thrown away. Try out 4.75.5. Jules. On 2/3/09 09:08, Jonas Akrouh Larsen wrote: > Wow nice! > > That?s, for me, the best new feature in a very long time. > > And you even prepared stuff to make it monitorable. > > Brilliant! > > I will deploy it within the week I think, and will get back if I notice > anything odd. > > We unfortunately have had 2-3 situations with mailscanner crashing and > holding up the queue as a result. > > This was very much awaited and wanted :) > > Thanks again > > > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax: 7020 0978 > Web: www.techbiz.dk > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: windows-1252 wj8DBQFJq67KEfZZRxQVtlQRAhTaAKDMKLqp4qOf6KNL23pXwoTClh7pBQCghG47 tOW2MJB0vFs2ShGQXuMCMNc= =8cVe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at vrt.dk Mon Mar 2 11:39:59 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Mar 2 11:40:12 2009 Subject: OT: MailScanner & Nagios In-Reply-To: References: <7d9b3cf20902271206x249385c9l95a907408fd97bbc@mail.gmail.com> Message-ID: <006601c99b2b$9e56afb0$db040f10$@dk> The only mailscanner variables we monitor is the presence of the mailscanner process and ascoiated processes. And the avg. batch scan speeds. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro R Binks Sent: 27. februar 2009 21:25 To: MailScanner discussion Subject: Re: OT: MailScanner & Nagios On Fri, 27 Feb 2009, Eduardo Casarero wrote: > Hi everybody, is anyone using nagios to monitor MailScanner? i was > looking for some plugins to check mailscanner status, queues, etc. The > basic server monitoring is already set up, but if someone has already > coded some custom plugins for mailscanner and wants to share i would be > very happy :D > > if not, i'll have to do it my self. What exactly do you want to monitor? There are already plugins to check status of processes, and MailScanner itself doesn't have queues: the queues are for the MTA, and there are plugins to check them too. What MailScanner-specific items do you want to monitor that are not covered by the present Nagios plugins? Jethro. -- . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon Mar 2 14:00:50 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 2 14:00:55 2009 Subject: Crash protection In-Reply-To: <49ABADD5.7040404@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABADD5.7040404@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 02 Mar 2009 09:58:45 +0000: > Can you remind me at the end of this month to set the default please? :-) I'll try. Just installed 7.15.5-1 as the first of the 15 versions. Runs fine. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From t.d.lee at durham.ac.uk Mon Mar 2 14:04:44 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Mar 2 14:05:13 2009 Subject: Crash protection In-Reply-To: <49AA99DC.1080708@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: On Sun, 1 Mar 2009, Julian Field wrote: > I have just released version 4.75.2, which has the new feature some > people have been asking for. > > Implemented crash-protection, by limiting the number of attempts made at > processing any given message. There are 2 new configuration settings: > "Maximum Processing Attempts" which is set to 6 by default, and > "Processing Attempts Database" which is set to > /var/spool/MailScanner/incoming/Processing.db by default. > To disable this feature, just set "Maximum Processing Attempts = 0". > To clean out the database, just stop MailScanner and delete the database > file. Excellent development! Glad to see my idea coming to fruition. Thanks. I see you are now up to 4.75.5 . I've just installed it on a test server. But I suppose it's only really going to reveal its strengths (and possible issues yet to be shaken down) on a production machine. Given that I was a chief requester, naturally I feel honour-bound to help test it. Could you give an indication of your production-level confidence in the code? How high up the inbound MX-priority-tree should I reasonably think of installing it at present? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Mon Mar 2 14:18:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 2 14:18:54 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> Message-ID: <49ABEAB8.5080908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/3/09 14:04, David Lee wrote: > On Sun, 1 Mar 2009, Julian Field wrote: > >> I have just released version 4.75.2, which has the new feature some >> people have been asking for. >> >> Implemented crash-protection, by limiting the number of attempts made at >> processing any given message. There are 2 new configuration settings: >> "Maximum Processing Attempts" which is set to 6 by default, and >> "Processing Attempts Database" which is set to >> /var/spool/MailScanner/incoming/Processing.db by default. >> To disable this feature, just set "Maximum Processing Attempts = 0". >> To clean out the database, just stop MailScanner and delete the database >> file. > > Excellent development! Glad to see my idea coming to fruition. Thanks. 'Twas a good idea :-) > > I see you are now up to 4.75.5 . I've just installed it on a test > server. But I suppose it's only really going to reveal its strengths > (and possible issues yet to be shaken down) on a production machine. I can't think of anything significant to add to the code now, so the only changes will be bug-fixes. > > Given that I was a chief requester, naturally I feel honour-bound to > help test it. Could you give an indication of your production-level > confidence in the code? How high up the inbound MX-priority-tree > should I reasonably think of installing it at present? Start it off at the bottom (highest number) and intentionally kill it during a batch of messages. Do that twice and you should see "MailScanner --processing" start to print something. That way it should probably only be getting spam anyway, which will be an ideal test environment for it. Cheers for the idea in the first place! (even though I did change it a bit as I progressed... :) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJq+q4EfZZRxQVtlQRAuR4AKDGk+zRBTZwXbsk0VZM4d5cFcyIbQCgu3QZ PPGrpKhTm1ErhYoMCqIimNg= =+jZ9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Mon Mar 2 14:22:39 2009 From: davejones70 at gmail.com (Dave Jones) Date: Mon Mar 2 14:22:49 2009 Subject: OT: MailScanner & Nagios Message-ID: <67a55ed50903020622n12980a53va31648c51634aca0@mail.gmail.com> >Date: Mon, 2 Mar 2009 12:39:59 +0100 >From: "Jonas Akrouh Larsen" >Subject: RE: OT: MailScanner & Nagios >To: "'MailScanner discussion'" >Message-ID: <006601c99b2b$9e56afb0$db040f10$@dk> >Content-Type: text/plain; ? ? ? charset="us-ascii" > >The only mailscanner variables we monitor is the presence of the mailscanner >process and ascoiated processes. And the avg. batch scan speeds. > > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro R >Binks >Sent: 27. februar 2009 21:25 >To: MailScanner discussion >Subject: Re: OT: MailScanner & Nagios > >On Fri, 27 Feb 2009, Eduardo Casarero wrote: > >> Hi everybody, is anyone using nagios to monitor MailScanner? i was >> looking for some plugins to check mailscanner status, queues, etc. The >> basic server monitoring is already set up, but if someone has already >> coded some custom plugins for mailscanner and wants to share i would be >> very happy :D >> >> if not, i'll have to do it my self. > >What exactly do you want to monitor? ?There are already plugins to check >status of processes, and MailScanner itself doesn't have queues: the >queues are for the MTA, and there are plugins to check them too. ?What >MailScanner-specific items do you want to monitor that are not covered by >the present Nagios plugins? One directory that we monitor is the /var/spool/mqueue.in for the MailScanner inbound queue. ?The default Nagios plugin check_mailq will only get the default sendmail outbound queue in /var/spool/mqueue. ?The code below is a little crude but it works... ?MQ_DIR=/var/spool/mqueue.in ?MQ_IN_COUNT=`sudo /bin/ls -l $MQ_DIR/ | wc -l | awk '{print $1}'` ?((MQ_IN_COUNT=$MQ_IN_COUNT / 2)) Another useful Nagios script to run using NRPE is inbound and outbound queues by domains. ?If you have an important domain that you host which has common connectivity problems, then it's good to know when outbound mail to that domain is backing up. MQ_COUNT=`sudo mailq -qR$DOMAIN | grep -i "Total requests:" | awk '{print $3}'` Just wrap your normal beginning (check args) and ending (exit codes) Nagios plugin stuff around the above two snippets to make two scripts. You will need to have your "nagios" ID setup in sudo to make them work. And don't forget to disable the "requiretty" line in sudoers. Dave > >Jethro. From jvoorhees1 at gmail.com Mon Mar 2 14:33:59 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Mon Mar 2 14:34:08 2009 Subject: Archive Mail format Message-ID: Hi there: I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: Archive Mail = %rules-dir%/mail.archiving.rules The content of mail.archiving.rules is: To: *@computerdoctor.com.pe /var/spool/MailScanner/archive/_TOUSER_/Received From: *@computerdoctor.com.pe /var/spool/MailScanner/archive/_FROMUSER_/Sent MailScanner stores mail OK, I can browse e-mail classified by each user but there are some things about this that I'm not really sure: 1. MailScanner isn't supposed to archive every mail in Mbox format? Every archived mai it doesn't seem like a mbox message, the "file" command says the email message is only "data", and the content hasn't the order of a real e-mail message. Am I doing something wrong in my settings? How can I store email in mbox format o something legible? 2. Every archived mail is named as a queue file, something like 68CB2B4D2C2.1F599. Is it possible to define the way MS names its archived mails? Maybe something numerically sequential. Any help will be really appreciated, thanks From ecasarero at gmail.com Mon Mar 2 14:43:49 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Mar 2 14:43:59 2009 Subject: OT: MailScanner & Nagios In-Reply-To: <67a55ed50903020622n12980a53va31648c51634aca0@mail.gmail.com> References: <67a55ed50903020622n12980a53va31648c51634aca0@mail.gmail.com> Message-ID: <7d9b3cf20903020643o2b6249cex9dcb99cc47a50a62@mail.gmail.com> 2009/3/2 Dave Jones : >>Date: Mon, 2 Mar 2009 12:39:59 +0100 >>From: "Jonas Akrouh Larsen" >>Subject: RE: OT: MailScanner & Nagios >>To: "'MailScanner discussion'" >>Message-ID: <006601c99b2b$9e56afb0$db040f10$@dk> >>Content-Type: text/plain; ? ? ? charset="us-ascii" >> >>The only mailscanner variables we monitor is the presence of the mailscanner >>process and ascoiated processes. And the avg. batch scan speeds. >> >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro R >>Binks >>Sent: 27. februar 2009 21:25 >>To: MailScanner discussion >>Subject: Re: OT: MailScanner & Nagios >> >>On Fri, 27 Feb 2009, Eduardo Casarero wrote: >> >>> Hi everybody, is anyone using nagios to monitor MailScanner? i was >>> looking for some plugins to check mailscanner status, queues, etc. The >>> basic server monitoring is already set up, but if someone has already >>> coded some custom plugins for mailscanner and wants to share i would be >>> very happy :D >>> >>> if not, i'll have to do it my self. >> >>What exactly do you want to monitor? ?There are already plugins to check >>status of processes, and MailScanner itself doesn't have queues: the >>queues are for the MTA, and there are plugins to check them too. ?What >>MailScanner-specific items do you want to monitor that are not covered by >>the present Nagios plugins? > > One directory that we monitor is the /var/spool/mqueue.in for the MailScanner > inbound queue. ?The default Nagios plugin check_mailq will only get the > default sendmail outbound queue in /var/spool/mqueue. ?The code below is > a little crude but it works... > ?MQ_DIR=/var/spool/mqueue.in > ?MQ_IN_COUNT=`sudo /bin/ls -l $MQ_DIR/ | wc -l | awk '{print $1}'` > ?((MQ_IN_COUNT=$MQ_IN_COUNT / 2)) > > Another useful Nagios script to run using NRPE is inbound and outbound > queues by domains. ?If you have an important domain that you host which > has common connectivity problems, then it's good to know when outbound > mail to that domain is backing up. > > MQ_COUNT=`sudo mailq -qR$DOMAIN | grep -i "Total requests:" | awk '{print $3}'` > > Just wrap your normal beginning (check args) and ending (exit codes) > Nagios plugin stuff around the above two snippets to make two scripts. > You will need to have your "nagios" ID setup in sudo to make them work. > And don't forget to disable the "requiretty" line in sudoers. > > Dave > Thanks! this was what i was looking for! >> >>Jethro. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Mon Mar 2 14:47:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 2 14:48:17 2009 Subject: Archive Mail format In-Reply-To: References: Message-ID: <49ABF19D.3040806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Take a look at this setting: # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = no You presumably currently have that set to 'yes' as you are getting queue files. Switch it to 'no' and see if you prefer the output form. On 2/3/09 14:33, Jason Voorhees wrote: > Hi there: > > I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: > > Archive Mail = %rules-dir%/mail.archiving.rules > > The content of mail.archiving.rules is: > > To: *@computerdoctor.com.pe > /var/spool/MailScanner/archive/_TOUSER_/Received > From: *@computerdoctor.com.pe > /var/spool/MailScanner/archive/_FROMUSER_/Sent > > MailScanner stores mail OK, I can browse e-mail classified by each > user but there are some things about this that I'm not really sure: > > 1. MailScanner isn't supposed to archive every mail in Mbox format? > Every archived mai it doesn't seem like a mbox message, the "file" > command says the email message is only "data", and the content hasn't > the order of a real e-mail message. > Am I doing something wrong in my settings? How can I store email in > mbox format o something legible? > > 2. Every archived mail is named as a queue file, something like > 68CB2B4D2C2.1F599. Is it possible to define the way MS names its > archived mails? Maybe something numerically sequential. > > Any help will be really appreciated, thanks > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJq/GdEfZZRxQVtlQRAsXCAKCPV6WQsFrBCkckXwPw8OglaEjiIgCgg0Ig 2iRmXl9r9QscZ2p6rOcnXeg= =UKS+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jvoorhees1 at gmail.com Mon Mar 2 15:07:50 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Mon Mar 2 15:07:59 2009 Subject: Archive Mail format In-Reply-To: <49ABF19D.3040806@ecs.soton.ac.uk> References: <49ABF19D.3040806@ecs.soton.ac.uk> Message-ID: On Mon, Mar 2, 2009 at 9:47 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Take a look at this setting: > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = no > > You presumably currently have that set to 'yes' as you are getting queue > files. Switch it to 'no' and see if you prefer the output form. > Thanks for your reply :) I have 'Quarantine Whole Messages As Queue Files = no'. Anyway, isn't this only related to quarantine? Why this would affect the format of archived mails? Aren't those (Quarantine and Archived Mail) different settings? From steve.freegard at fsl.com Mon Mar 2 15:38:06 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Mar 2 15:38:16 2009 Subject: Archive Mail format In-Reply-To: References: Message-ID: <49ABFD5E.5000703@fsl.com> Jason Voorhees wrote: > Hi there: > > I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: > > Archive Mail = %rules-dir%/mail.archiving.rules > > The content of mail.archiving.rules is: > > To: *@computerdoctor.com.pe > /var/spool/MailScanner/archive/_TOUSER_/Received > From: *@computerdoctor.com.pe > /var/spool/MailScanner/archive/_FROMUSER_/Sent > > MailScanner stores mail OK, I can browse e-mail classified by each > user but there are some things about this that I'm not really sure: > > 1. MailScanner isn't supposed to archive every mail in Mbox format? > Every archived mai it doesn't seem like a mbox message, the "file" > command says the email message is only "data", and the content hasn't > the order of a real e-mail message. > Am I doing something wrong in my settings? How can I store email in > mbox format o something legible? Set 'Missing Mail Archive Is = file' instead of directory; this should cause 'Received' and 'Sent' to become mboxes (you might want to add _DATE_ into the path too as mbox files can only grow to 2Gb maximum). Regards, Steve. From jvoorhees1 at gmail.com Mon Mar 2 16:02:46 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Mon Mar 2 16:02:55 2009 Subject: Archive Mail format In-Reply-To: <49ABFD5E.5000703@fsl.com> References: <49ABFD5E.5000703@fsl.com> Message-ID: On Mon, Mar 2, 2009 at 10:38 AM, Steve Freegard wrote: > Jason Voorhees wrote: >> Hi there: >> >> I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: >> >> Archive Mail = ?%rules-dir%/mail.archiving.rules >> >> The content of mail.archiving.rules is: >> >> To: ? ? ? ? ? ? *@computerdoctor.com.pe >> /var/spool/MailScanner/archive/_TOUSER_/Received >> From: ? ? ? ? *@computerdoctor.com.pe >> /var/spool/MailScanner/archive/_FROMUSER_/Sent >> >> MailScanner stores mail OK, I can browse e-mail classified by each >> user but there are some things about this that I'm not really sure: >> >> 1. MailScanner isn't supposed to archive every mail in Mbox format? >> Every archived mai it doesn't seem like a mbox message, the "file" >> command says the email message is only "data", and the content hasn't >> the order of a real e-mail message. >> Am I doing something wrong in my settings? How can I store email in >> mbox format o something legible? > > Set 'Missing Mail Archive Is = file' instead of directory; this should > cause 'Received' and 'Sent' to become mboxes (you might want to add > _DATE_ into the path too as mbox files can only grow to 2Gb maximum). > Thanks Steve, that makes thing works as expected... I wasn't sure about the real meaning of that feature even when I read it a couple of times. But now that I'm reading mail logs I see that MS achive mails before content checkings. Is it posible to change the order MS archive mails? Maybe something like archiving before or after spam/virus/dangerous content checking, or even better let this option to rules decision > Regards, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Mon Mar 2 16:17:30 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 2 16:17:38 2009 Subject: Archive Mail format In-Reply-To: References: <49ABFD5E.5000703@fsl.com> Message-ID: <223f97700903020817o606916edp49c780500426e745@mail.gmail.com> 2009/3/2 Jason Voorhees : > On Mon, Mar 2, 2009 at 10:38 AM, Steve Freegard wrote: >> Jason Voorhees wrote: >>> Hi there: >>> >>> I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: >>> >>> Archive Mail = ?%rules-dir%/mail.archiving.rules >>> >>> The content of mail.archiving.rules is: >>> >>> To: ? ? ? ? ? ? *@computerdoctor.com.pe >>> /var/spool/MailScanner/archive/_TOUSER_/Received >>> From: ? ? ? ? *@computerdoctor.com.pe >>> /var/spool/MailScanner/archive/_FROMUSER_/Sent >>> >>> MailScanner stores mail OK, I can browse e-mail classified by each >>> user but there are some things about this that I'm not really sure: >>> >>> 1. MailScanner isn't supposed to archive every mail in Mbox format? >>> Every archived mai it doesn't seem like a mbox message, the "file" >>> command says the email message is only "data", and the content hasn't >>> the order of a real e-mail message. >>> Am I doing something wrong in my settings? How can I store email in >>> mbox format o something legible? >> >> Set 'Missing Mail Archive Is = file' instead of directory; this should >> cause 'Received' and 'Sent' to become mboxes (you might want to add >> _DATE_ into the path too as mbox files can only grow to 2Gb maximum). >> > Thanks Steve, that makes thing works as expected... I wasn't sure > about the real meaning of that feature even when I read it a couple of > times. > > But now that I'm reading mail logs I see that MS achive mails before > content checkings. Is it posible to change the order MS archive mails? > Maybe something like archiving before or after spam/virus/dangerous > content checking, or even better let this option to rules decision > Archiving _after_ content checks et al would kind of defeat the purpose of the archive... It should be pristine, untouched by MS... What you're after would be the non-spam quarantine ... just add "store" to the Non Spam Actions, and see how you like that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Mar 2 18:04:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 2 18:05:03 2009 Subject: Archive Mail format In-Reply-To: <223f97700903020817o606916edp49c780500426e745@mail.gmail.com> References: <49ABFD5E.5000703@fsl.com> <223f97700903020817o606916edp49c780500426e745@mail.gmail.com> Message-ID: <49AC1FB2.9010605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/3/09 16:17, Glenn Steen wrote: > 2009/3/2 Jason Voorhees: > >> On Mon, Mar 2, 2009 at 10:38 AM, Steve Freegard wrote: >> >>> Jason Voorhees wrote: >>> >>>> Hi there: >>>> >>>> I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: >>>> >>>> Archive Mail = %rules-dir%/mail.archiving.rules >>>> >>>> The content of mail.archiving.rules is: >>>> >>>> To: *@computerdoctor.com.pe >>>> /var/spool/MailScanner/archive/_TOUSER_/Received >>>> From: *@computerdoctor.com.pe >>>> /var/spool/MailScanner/archive/_FROMUSER_/Sent >>>> >>>> MailScanner stores mail OK, I can browse e-mail classified by each >>>> user but there are some things about this that I'm not really sure: >>>> >>>> 1. MailScanner isn't supposed to archive every mail in Mbox format? >>>> Every archived mai it doesn't seem like a mbox message, the "file" >>>> command says the email message is only "data", and the content hasn't >>>> the order of a real e-mail message. >>>> Am I doing something wrong in my settings? How can I store email in >>>> mbox format o something legible? >>>> >>> Set 'Missing Mail Archive Is = file' instead of directory; this should >>> cause 'Received' and 'Sent' to become mboxes (you might want to add >>> _DATE_ into the path too as mbox files can only grow to 2Gb maximum). >>> >>> >> Thanks Steve, that makes thing works as expected... I wasn't sure >> about the real meaning of that feature even when I read it a couple of >> times. >> >> But now that I'm reading mail logs I see that MS achive mails before >> content checkings. Is it posible to change the order MS archive mails? >> Maybe something like archiving before or after spam/virus/dangerous >> content checking, or even better let this option to rules decision >> >> > > Archiving _after_ content checks et al would kind of defeat the > purpose of the archive... It should be pristine, untouched by MS... > What you're after would be the non-spam quarantine ... just add > "store" to the Non Spam Actions, and see how you like that. > And remember there are variants on the "store" action, like this: # store - store the message in the (spam) quarantine # store-nonmcp - store the message in the non-MCP quarantine # store-mcp - store the message in the MCP quarantine # store-nonspam - store the message in the non-spam quarantine # store-spam - store the message in the spam quarantine # store- - store the message in the Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJrB+7EfZZRxQVtlQRAvKWAJwKB5jP0ck9XeUuYwFD2/sfgQKpngCg34cj phovvx6jTT81SbYiJRfHixs= =OvMg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jvoorhees1 at gmail.com Mon Mar 2 18:30:38 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Mon Mar 2 18:30:47 2009 Subject: Archive Mail format In-Reply-To: <223f97700903020817o606916edp49c780500426e745@mail.gmail.com> References: <49ABFD5E.5000703@fsl.com> <223f97700903020817o606916edp49c780500426e745@mail.gmail.com> Message-ID: On Mon, Mar 2, 2009 at 11:17 AM, Glenn Steen wrote: > 2009/3/2 Jason Voorhees : >> On Mon, Mar 2, 2009 at 10:38 AM, Steve Freegard wrote: >>> Jason Voorhees wrote: >>>> Hi there: >>>> >>>> I'm using Archiving feature of MailScanner 4.74.16-1 with this setting: >>>> >>>> Archive Mail = ?%rules-dir%/mail.archiving.rules >>>> >>>> The content of mail.archiving.rules is: >>>> >>>> To: ? ? ? ? ? ? *@computerdoctor.com.pe >>>> /var/spool/MailScanner/archive/_TOUSER_/Received >>>> From: ? ? ? ? *@computerdoctor.com.pe >>>> /var/spool/MailScanner/archive/_FROMUSER_/Sent >>>> >>>> MailScanner stores mail OK, I can browse e-mail classified by each >>>> user but there are some things about this that I'm not really sure: >>>> >>>> 1. MailScanner isn't supposed to archive every mail in Mbox format? >>>> Every archived mai it doesn't seem like a mbox message, the "file" >>>> command says the email message is only "data", and the content hasn't >>>> the order of a real e-mail message. >>>> Am I doing something wrong in my settings? How can I store email in >>>> mbox format o something legible? >>> >>> Set 'Missing Mail Archive Is = file' instead of directory; this should >>> cause 'Received' and 'Sent' to become mboxes (you might want to add >>> _DATE_ into the path too as mbox files can only grow to 2Gb maximum). >>> >> Thanks Steve, that makes thing works as expected... I wasn't sure >> about the real meaning of that feature even when I read it a couple of >> times. >> >> But now that I'm reading mail logs I see that MS achive mails before >> content checkings. Is it posible to change the order MS archive mails? >> Maybe something like archiving before or after spam/virus/dangerous >> content checking, or even better let this option to rules decision >> > > Archiving _after_ content checks et al would kind of defeat the > purpose of the archive... It should be pristine, untouched by MS... > What you're after would be the non-spam quarantine ... just add > "store" to the Non Spam Actions, and see how you like that. > Yes, you're right. I'll keep using the archiving feature as is. Thanks, bye > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hvdkooij at vanderkooij.org Mon Mar 2 20:45:15 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 2 20:45:25 2009 Subject: Earthlink filter? Message-ID: <49AC455B.4090400@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Does someone have rules to stop the nasty earthlink autoresponder messages? They send you some stupid message that you have to click an URL to allow a message to pass through to their loosers. The alternative is to blacklist their whole domain and write off their users along with their loosers. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmsRVgACgkQBvzDRVjxmYEksgCdGpBmsijruuVekRW/0QQcUUyT SdEAoIhC4aCFku6rSt4eWLXV+5JhErNH =aiOu -----END PGP SIGNATURE----- From ipcopper.ph at gmail.com Tue Mar 3 06:50:36 2009 From: ipcopper.ph at gmail.com (jan gestre) Date: Tue Mar 3 06:50:46 2009 Subject: Forward all domain emails tagged as spam Message-ID: Hi Guys, I want to forward all emails for all the domains hosted on the mailserver that is tagged as {Spam?} to e.g. spam@example.org. I've already set this parameter in MailScanner.conf Spam Actions = store forward spam@example.org Is the above enough? Will all emails tagged as {Spam?} be forwarded to the special account i.e. spam@example.org ? If not, what additional configuration do I need? TIA Jan From jim.barber at ddihealth.com Tue Mar 3 08:33:50 2009 From: jim.barber at ddihealth.com (Jim Barber) Date: Tue Mar 3 08:34:12 2009 Subject: Feature request: Multiple rules for MailScanner variable. In-Reply-To: <24e3d2e40902261939t3f33d23bv975df719283da23a@mail.gmail.com> References: <49A73F6C.5000009@ddihealth.com> <24e3d2e40902261939t3f33d23bv975df719283da23a@mail.gmail.com> Message-ID: <49ACEB6E.9040705@ddihealth.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090303/2bc2c1f5/attachment.html From jim.barber at ddihealth.com Tue Mar 3 08:37:27 2009 From: jim.barber at ddihealth.com (Jim Barber) Date: Tue Mar 3 08:37:44 2009 Subject: Feature request: Multiple rules for MailScanner variable. In-Reply-To: <49A7AFF8.5080207@ecs.soton.ac.uk> References: <49A73F6C.5000009@ddihealth.com> <49A7AFF8.5080207@ecs.soton.ac.uk> Message-ID: <49ACEC47.4030504@ddihealth.com> Julian Field wrote: > On 27/2/09 01:18, Jim Barber wrote: >> Hi Jules. >> >> I have a CustomFunction that checks for users that are using SMTP AUTH. >> eg: >> Spam Checks = &CheckSMTPAuth >> >> The above will skip spam checks for anyone that has authenticated to >> our mail server. >> >> I also have entries in my MailScanner.conf file that refer to rules >> files to turn off certain features for trusted networks. >> eg: >> Also Find Numeric Phishing = %rules-dir%/phishing.rules >> >> Where the /etc/MailScanner/MailScanner/rules/phishing.rules file will >> contain entries like so: >> >> # Local host >> From: 127.0.0.1 no >> >> # Internal subnets >> From: 10. no >> From: 192.168. no >> >> FromOrTo: default yes >> >> Which handles not doing numeric phishing checks on emails sent by >> internal users. >> >> However, what if I want to skip numeric phishing checks for both the >> networks defined in the rules file and anyone that has authenticated >> to the mail server? >> As far as I can tell, at the moment I'd need to make a new custom >> function that does both the SMTP AUTH check, and parses the rule file >> (or get a list of networks in any number of other ways). >> >> I was wondering if you could add a feature that is something like the >> following. >> Either allow a syntax like: >> >> Also Find Numeric Phishing = %rules-dir%/phishing.rules OR >> &CheckSMTPAuth >> >> Or being able to specify the same parameter multiple times and have >> each one checked. >> eg: >> Also Find Numeric Phishing = %rules-dir%/phishing.rules >> Also Find Numeric Phishing = &CheckSMTPAuth >> >> I guess the difficulty would be how to handle the "default" rules when >> you have multiple checks going on. >> Maybe just leave it up to the mail administrators to create custom >> rule files that don't have a default on the end, except for in the >> last one to be referenced... Maybe that would be a pain to support on >> these lists though :( >> >> Any thoughts? >> Or is the functionality I am looking for already there and I'm just >> missing it? > You can do it with a Custom Function that also looks at a ruleset. Look in > /usr/lib/MailScanner/MailScanner/CustomFunctions/Ruleset-from-Function.pm > and you'll find an example showing you exactly how to do it. > > Jules > Thanks Julian. I've found the example and will take a look. For you Debian users, it is under: /usr/share/doc/mailscanner/examples/CustomFunctions/Ruleset-from-Function.pm Alex, I've replied to you off-list about the CustomFunction with some limitations with mine and suggestions for how to improve it. Regards, ---------- Jim Barber DDI Health From jim.barber at ddihealth.com Tue Mar 3 08:39:27 2009 From: jim.barber at ddihealth.com (Jim Barber) Date: Tue Mar 3 08:39:45 2009 Subject: Feature request: Multiple rules for MailScanner variable. In-Reply-To: <49ACEC47.4030504@ddihealth.com> References: <49A73F6C.5000009@ddihealth.com> <49A7AFF8.5080207@ecs.soton.ac.uk> <49ACEC47.4030504@ddihealth.com> Message-ID: <49ACECBF.9000507@ddihealth.com> > Alex, I've replied to you off-list about the CustomFunction with some > limitations with mine and suggestions for how to improve it. > > Regards, > > ---------- > Jim Barber > DDI Health Or not off-list, by the look of it... Oops :) ---------- Jim Barber DDI Health From ram at netcore.co.in Tue Mar 3 09:45:13 2009 From: ram at netcore.co.in (ram) Date: Tue Mar 3 09:45:30 2009 Subject: Earthlink filter? In-Reply-To: <49AC455B.4090400@vanderkooij.org> References: <49AC455B.4090400@vanderkooij.org> Message-ID: <1236073513.32764.50.camel@darkstar.netcore.co.in> On Mon, 2009-03-02 at 21:45 +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Does someone have rules to stop the nasty earthlink autoresponder messages? > It should be easy to write rules , do you have any samples > They send you some stupid message that you have to click an URL to allow > a message to pass through to their loosers. > > The alternative is to blacklist their whole domain and write off their > users along with their loosers. > I wish I could do that. I will get rid of upto 30% of all my spam right at the MTA :-) From MailScanner at ecs.soton.ac.uk Tue Mar 3 10:02:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 3 10:02:39 2009 Subject: Forward all domain emails tagged as spam In-Reply-To: References: Message-ID: <49AD0022.5070805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/3/09 06:50, jan gestre wrote: > Hi Guys, > > I want to forward all emails for all the domains hosted on the > mailserver that is tagged as {Spam?} to e.g. spam@example.org. I've > already set this parameter in MailScanner.conf > > Spam Actions = store forward spam@example.org > > Is the above enough? Will all emails tagged as {Spam?} be forwarded to > the special account i.e. spam@example.org ? If not, what additional > configuration do I need? > You probably want to set the same in "High-Scoring Spam Actions" as well. But otherwise yes, it really is that easy :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJrQAiEfZZRxQVtlQRArFIAKD2l9bKwI8tcBPSUrvoCdGDhcDLUACgm8yb 0oeiil91DOp7Wgk9txiXa8c= =IY5J -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Tue Mar 3 10:36:49 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Mar 3 10:37:20 2009 Subject: Crash protection In-Reply-To: <49ABEAB8.5080908@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> Message-ID: On Mon, 2 Mar 2009, Julian Field wrote: > On 2/3/09 14:04, David Lee wrote: >> [...] >> Given that I was a chief requester, naturally I feel honour-bound to >> help test it. Could you give an indication of your production-level >> confidence in the code? How high up the inbound MX-priority-tree >> should I reasonably think of installing it at present? > Start it off at the bottom (highest number) and intentionally kill it > during a batch of messages. Do that twice and you should see > "MailScanner --processing" start to print something. That way it should > probably only be getting spam anyway, which will be an ideal test > environment for it. OK. Installed on an MX high-value (low-priority) machine. Testing it with "MailScanner --debug" etc. took a little more than two interrupts (perhaps successive "--debug" invocations were picking up different emails) but it seems to be OK. "MailScanner --processing" is showing some output for two or more attempts. So looking good! And in the log file I'm seeing messages of the form "Making attempt 2 at ..." which (in this controlled-test context) looks promising. Thanks. > Cheers for the idea in the first place! (even though I did change it a > bit as I progressed... :) You're welcome. The idea was simply a sketch of a possibility. Your change was to deliver a working product! Many thanks. An observation: "--processing" queries with "SELECT ... count>1". So on a busy, but well-working, server its output is always empty. Could there be a variant "count>0"? Thus on this same server there would generally be output, continually changing, reflecting (more or less) the active part of the inbound MS queue. Don't worry if you would rather not. Anyway, we have it in service, and I'll keep monitoring it. Many thanks again. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From t.d.lee at durham.ac.uk Tue Mar 3 10:55:34 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Mar 3 10:56:06 2009 Subject: bug in Spear-Phishing script? In-Reply-To: <49A7FF13.8040209@fsl.com> References: <49A7F6CA.2070403@ecs.soton.ac.uk> <49A7FF13.8040209@fsl.com> Message-ID: On Fri, 27 Feb 2009, Steve Freegard wrote: > Julian Field wrote: >> Does a "reload" cause a re-compile of all the SpamAssassin rules? > > Yeah it does; on reload the children are restarted by the parent and > therefore MailScanner::SA::initialise() is run by each child before it > starts waiting for messages. Thanks, Steve. In that case, could I recommend a switch from: service MailScanner restart to: service MailScanner reload so that (as mentioned before) the outbound sendmail/etc. queue runner continues running? Its hourly restart caused us problems of email not being reached. We also had a second problem creep up behind us: we started getting disk-filling, which turned out to be ".spamassassin/bayes_toks.expireNNNN" files. (The last time we saw such problems was years ago...) I suspect there can be some sort of interference between the periodic rebuild of bayes and this new hourly restart only getting part way through. Or something like that. Since I switched from "...restart" to "...reload", both these new problems (i.e. new with the spear-phishing script) have gone away. Oh! And might it be possible to distribute the script with MS itself? Perhaps abstract some of the config stuff (including a new enable/disable function) into a config file, so that the script is installed straight into "/etc/cron.hourly" (RPM distribution, at least). Julian: many, many thanks again for a great, and versatile, MS product. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Tue Mar 3 11:27:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 3 11:28:19 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> Message-ID: <49AD143D.1060404@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/3/09 10:36, David Lee wrote: > On Mon, 2 Mar 2009, Julian Field wrote: > >> On 2/3/09 14:04, David Lee wrote: >>> [...] >>> Given that I was a chief requester, naturally I feel honour-bound to >>> help test it. Could you give an indication of your production-level >>> confidence in the code? How high up the inbound MX-priority-tree >>> should I reasonably think of installing it at present? >> Start it off at the bottom (highest number) and intentionally kill it >> during a batch of messages. Do that twice and you should see >> "MailScanner --processing" start to print something. That way it should >> probably only be getting spam anyway, which will be an ideal test >> environment for it. > > OK. Installed on an MX high-value (low-priority) machine. > > Testing it with "MailScanner --debug" etc. took a little more than two > interrupts (perhaps successive "--debug" invocations were picking up > different emails) but it seems to be OK. "MailScanner --processing" is > showing some output for two or more attempts. So looking good! And > in the log file I'm seeing messages of the form "Making attempt 2 at > ..." which (in this controlled-test context) looks promising. > > Thanks. > > >> Cheers for the idea in the first place! (even though I did change it a >> bit as I progressed... :) > > You're welcome. The idea was simply a sketch of a possibility. Your > change was to deliver a working product! Many thanks. > > An observation: "--processing" queries with "SELECT ... count>1". So > on a busy, but well-working, server its output is always empty. Could > there be a variant "count>0"? Thus on this same server there would > generally be output, continually changing, reflecting (more or less) > the active part of the inbound MS queue. Don't worry if you would > rather not. No problem at all. Check out 4.75.6, which now supports "--processing=" as well as "--processing". You want to use "--processing=0" to get the output from it that you want. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJrRQ9EfZZRxQVtlQRAgaMAJ9NzkslFAt41By5Pjr5c0IJ3IOGjwCgiuyu iQU3GUXihFk1weTs1krkjQs= =5Mjz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jvoorhees1 at gmail.com Tue Mar 3 14:16:42 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Tue Mar 3 14:16:51 2009 Subject: Forward all domain emails tagged as spam In-Reply-To: References: Message-ID: Hi: On Tue, Mar 3, 2009 at 1:50 AM, jan gestre wrote: > Hi Guys, > > I want to forward all emails for all the domains hosted on the > mailserver that is tagged as {Spam?} to e.g. spam@example.org. I've > already set this parameter in MailScanner.conf > > Spam Actions = store forward spam@example.org > > Is the above enough? Will all emails tagged as {Spam?} be forwarded to > the special account i.e. spam@example.org ? If not, what additional > configuration do I need? > The configuration shown it will keep a copy of the spam message in the quarantine too. But according to your question... yes, that's everything you need to do to forward spam messages to certain account. Don't forget to do the same with "MCP Actions", and "High Scoring MCP Actions" if you use MCP. Bye > TIA > > Jan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From danielg at vodafone.is Tue Mar 3 15:03:14 2009 From: danielg at vodafone.is (=?iso-8859-1?Q?Dan=EDel_Kristinn_Gunnarsson?=) Date: Tue Mar 3 15:05:02 2009 Subject: Mailscanner scanning slowly Message-ID: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> Hi there ! Lately I've been running into some trouble with MailScanner + spamassassin. Let me explain my current setup. I have a high-load mailserver (100k+ emails per day) that transfers all emails to 2 dedicated servers running Mailscanner + spamassassin for scanning. Both machines have the exact same setup: SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 Both servers process almost equal amount of mail or about 50k each. The problem I'm having is that while server 2 is processing 10 mail scans in about ~60 secs, server 1 takes 300 secs to process them. Max unscanned and max unsafe messages per scan is set to 10 messages, no RBL checks set in MailScanner.conf, 10 children running and Delivery method is running in Batch, changing it to queue did nothing for me. I've tried lowering max children and messages per scanning batch but still it takes from 5 secs to 1 minute to scan a single message on server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, thoughts, tips and tricks are appreciated. ? Daniel Kristinn Gunnarsson T?knima?ur / Technician T?knibor? / Technical Support danielg@vodafone.is +354 599-9500 - 3? Vodafone Sk?tuvogi 2 104 Reykjav?k www.vodafone.is FYRIRVARI / DISCLAIMER ? From ms-list at alexb.ch Tue Mar 3 15:18:01 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue Mar 3 15:18:09 2009 Subject: Mailscanner scanning slowly In-Reply-To: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> Message-ID: <49AD4A29.1060807@alexb.ch> On 3/3/2009 4:03 PM, Dan?el Kristinn Gunnarsson wrote: > Hi there ! > > Lately I've been running into some trouble with MailScanner + > spamassassin. Let me explain my current setup. > > I have a high-load mailserver (100k+ emails per day) that transfers > all emails to 2 dedicated servers running Mailscanner + spamassassin > for scanning. Both machines have the exact same setup: > > SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz > MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 > > Both servers process almost equal amount of mail or about 50k each. > The problem I'm having is that while server 2 is processing 10 mail > scans in about ~60 secs, server 1 takes 300 secs to process them. Max > unscanned and max unsafe messages per scan is set to 10 messages, no > RBL checks set in MailScanner.conf, 10 children running and Delivery > method is running in Batch, changing it to queue did nothing for me. > I've tried lowering max children and messages per scanning batch but > still it takes from 5 secs to 1 minute to scan a single message on > server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, > thoughts, tips and tricks are appreciated. with that hardware, 50k msgs aren't heavy traffic. Could be DNS lag. Run a spam message thru spamassassin with -D dns: spamassassin -D dns < sample_spam that should make it clear if you have a DNS issue and can rule that out. Alex From danielg at vodafone.is Tue Mar 3 15:30:40 2009 From: danielg at vodafone.is (=?iso-8859-1?Q?Dan=EDel_Kristinn_Gunnarsson?=) Date: Tue Mar 3 15:33:22 2009 Subject: Mailscanner scanning slowly References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <49AD4A29.1060807@alexb.ch> Message-ID: <803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> DNS seems to be okay, average scan is about 3-5 secs using spamassassin -D dns < sample_spam - I'm caching DNS locally as well. ? Daniel Kristinn Gunnarsson T?knima?ur / Technician T?knibor? / Technical Support danielg@vodafone.is +354 599-9500 - 3? Vodafone Sk?tuvogi 2 104 Reykjav?k www.vodafone.is FYRIRVARI / DISCLAIMER ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: 3. mars 2009 15:18 To: MailScanner discussion Subject: Re: Mailscanner scanning slowly On 3/3/2009 4:03 PM, Dan?el Kristinn Gunnarsson wrote: > Hi there ! > > Lately I've been running into some trouble with MailScanner + > spamassassin. Let me explain my current setup. > > I have a high-load mailserver (100k+ emails per day) that transfers > all emails to 2 dedicated servers running Mailscanner + spamassassin > for scanning. Both machines have the exact same setup: > > SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz > MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 > > Both servers process almost equal amount of mail or about 50k each. > The problem I'm having is that while server 2 is processing 10 mail > scans in about ~60 secs, server 1 takes 300 secs to process them. Max > unscanned and max unsafe messages per scan is set to 10 messages, no > RBL checks set in MailScanner.conf, 10 children running and Delivery > method is running in Batch, changing it to queue did nothing for me. > I've tried lowering max children and messages per scanning batch but > still it takes from 5 secs to 1 minute to scan a single message on > server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, > thoughts, tips and tricks are appreciated. with that hardware, 50k msgs aren't heavy traffic. Could be DNS lag. Run a spam message thru spamassassin with -D dns: spamassassin -D dns < sample_spam that should make it clear if you have a DNS issue and can rule that out. Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Tue Mar 3 15:48:13 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue Mar 3 15:48:22 2009 Subject: Mailscanner scanning slowly In-Reply-To: <803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <49AD4A29.1060807@alexb.ch> <803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> Message-ID: <49AD513D.8060902@alexb.ch> On 3/3/2009 4:30 PM, Dan?el Kristinn Gunnarsson wrote: > DNS seems to be okay, average scan is about 3-5 secs using spamassassin -D dns < sample_spam - I'm caching DNS locally as well. so you saw no timeouts in debug? 3-5 seconds seems a bit long.... Is the cacher doing all the resolving itself or are you redirecting requests to some external DNS? if redirecting, better not to. -- next... are you using a RAM drive for Mailscanner's processing? This *can* become a drawback with 4GB and heavy traffic. does MailScanner --lint show anything "special", unusual? > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens > Sent: 3. mars 2009 15:18 > To: MailScanner discussion > Subject: Re: Mailscanner scanning slowly > > On 3/3/2009 4:03 PM, Dan?el Kristinn Gunnarsson wrote: >> Hi there ! >> >> Lately I've been running into some trouble with MailScanner + >> spamassassin. Let me explain my current setup. >> >> I have a high-load mailserver (100k+ emails per day) that transfers >> all emails to 2 dedicated servers running Mailscanner + spamassassin >> for scanning. Both machines have the exact same setup: >> >> SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz >> MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 >> >> Both servers process almost equal amount of mail or about 50k each. >> The problem I'm having is that while server 2 is processing 10 mail >> scans in about ~60 secs, server 1 takes 300 secs to process them. Max >> unscanned and max unsafe messages per scan is set to 10 messages, no >> RBL checks set in MailScanner.conf, 10 children running and Delivery >> method is running in Batch, changing it to queue did nothing for me. >> I've tried lowering max children and messages per scanning batch but >> still it takes from 5 secs to 1 minute to scan a single message on >> server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, >> thoughts, tips and tricks are appreciated. > > with that hardware, 50k msgs aren't heavy traffic. > > Could be DNS lag. > > Run a spam message thru spamassassin with -D dns: > > spamassassin -D dns < sample_spam > > that should make it clear if you have a DNS issue and can rule that out. > > Alex From maxsec at gmail.com Tue Mar 3 16:11:41 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Mar 3 16:11:52 2009 Subject: Mailscanner scanning slowly In-Reply-To: <803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <49AD4A29.1060807@alexb.ch> <803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> Message-ID: <72cf361e0903030811m59e960b5w9cf7707e072c4bd4@mail.gmail.com> Check you've turned off most of the RBL's in spamassasin...and also run sa-update regularly. there's some performance stuff in the wiki you should check through too. 2009/3/3 Dan?el Kristinn Gunnarsson : > DNS seems to be okay, average scan is about 3-5 secs using spamassassin -D dns < sample_spam - I'm caching DNS locally as well. > > > > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens > Sent: 3. mars 2009 15:18 > To: MailScanner discussion > Subject: Re: Mailscanner scanning slowly > > On 3/3/2009 4:03 PM, Dan?el Kristinn Gunnarsson wrote: >> Hi there ! >> >> Lately I've been running into some trouble with MailScanner + >> spamassassin. Let me explain my current setup. >> >> I have a high-load mailserver (100k+ emails per day) that transfers >> all emails to 2 dedicated servers running Mailscanner + spamassassin >> for scanning. Both machines have the exact same setup: >> >> SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz >> MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 >> >> Both servers process almost equal amount of mail or about 50k each. >> The problem I'm having is that while server 2 is processing 10 mail >> scans in about ~60 secs, server 1 takes 300 secs to process them. Max >> unscanned and max unsafe messages per scan is set to 10 messages, no >> RBL checks set in MailScanner.conf, 10 children running and Delivery >> method is running in Batch, changing it to queue did nothing for me. >> I've tried lowering max children and messages per scanning batch but >> still it takes from 5 secs to 1 minute to scan a single message on >> server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, >> thoughts, tips and tricks are appreciated. > > with that hardware, 50k msgs aren't heavy traffic. > > Could be DNS lag. > > Run a spam message thru spamassassin with -D dns: > > spamassassin -D dns < sample_spam > > that should make it clear if you have a DNS issue and can rule that out. > > Alex > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK From danielg at vodafone.is Tue Mar 3 16:20:00 2009 From: danielg at vodafone.is (=?iso-8859-1?Q?Dan=EDel_Kristinn_Gunnarsson?=) Date: Tue Mar 3 16:21:36 2009 Subject: Mailscanner scanning slowly References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <49AD4A29.1060807@alexb.ch><803D009CC861B7499158EE7E86E6BE8EC5D89E@sv02mxa.ITNET.IS> <49AD513D.8060902@alexb.ch> Message-ID: <803D009CC861B7499158EE7E86E6BE8EC5D8BC@sv02mxa.ITNET.IS> No timeouts at allt and the cacher is resolving by itself. I do have /var/spool/MailScanner/incoming mounted to tmpfs (/dev/shm): Filesystem Size Used Avail Use% Mounted on /dev/sda2 68G 4.7G 63G 7% / tmpfs 2.0G 8.0K 2.0G 1% /dev/shm tmpfs 2.0G 5.0M 2.0G 1% /var/spool/MailScanner/incoming I read somewhere that this was recommended to speed things up. ? Daniel Kristinn Gunnarsson T?knima?ur / Technician T?knibor? / Technical Support danielg@vodafone.is +354 599-9500 - 3? Vodafone Sk?tuvogi 2 104 Reykjav?k www.vodafone.is FYRIRVARI / DISCLAIMER ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: 3. mars 2009 15:48 To: MailScanner discussion Subject: Re: Mailscanner scanning slowly On 3/3/2009 4:30 PM, Dan?el Kristinn Gunnarsson wrote: > DNS seems to be okay, average scan is about 3-5 secs using spamassassin -D dns < sample_spam - I'm caching DNS locally as well. so you saw no timeouts in debug? 3-5 seconds seems a bit long.... Is the cacher doing all the resolving itself or are you redirecting requests to some external DNS? if redirecting, better not to. -- next... are you using a RAM drive for Mailscanner's processing? This *can* become a drawback with 4GB and heavy traffic. does MailScanner --lint show anything "special", unusual? > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens > Sent: 3. mars 2009 15:18 > To: MailScanner discussion > Subject: Re: Mailscanner scanning slowly > > On 3/3/2009 4:03 PM, Dan?el Kristinn Gunnarsson wrote: >> Hi there ! >> >> Lately I've been running into some trouble with MailScanner + >> spamassassin. Let me explain my current setup. >> >> I have a high-load mailserver (100k+ emails per day) that transfers >> all emails to 2 dedicated servers running Mailscanner + spamassassin >> for scanning. Both machines have the exact same setup: >> >> SLES 9.3 4gb RAM 2x 64-bit Dual Core AMD Opteron running at 2ghz >> MailScanner 4.71.10 SpamAssassin 3.2.5 Perl 5.8.3 Postfix 2.2.6 >> >> Both servers process almost equal amount of mail or about 50k each. >> The problem I'm having is that while server 2 is processing 10 mail >> scans in about ~60 secs, server 1 takes 300 secs to process them. Max >> unscanned and max unsafe messages per scan is set to 10 messages, no >> RBL checks set in MailScanner.conf, 10 children running and Delivery >> method is running in Batch, changing it to queue did nothing for me. >> I've tried lowering max children and messages per scanning batch but >> still it takes from 5 secs to 1 minute to scan a single message on >> server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, >> thoughts, tips and tricks are appreciated. > > with that hardware, 50k msgs aren't heavy traffic. > > Could be DNS lag. > > Run a spam message thru spamassassin with -D dns: > > spamassassin -D dns < sample_spam > > that should make it clear if you have a DNS issue and can rule that out. > > Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From wintermutecx at gmail.com Tue Mar 3 18:26:03 2009 From: wintermutecx at gmail.com (Dave) Date: Tue Mar 3 18:27:05 2009 Subject: regular expressions and space Message-ID: [root@mail2 tmp]# ls test*doc* test 123.doc test123.doc deny test*doc* - - test123.doc gets denied but test 123.doc does not. Should they both be denied? From jvoorhees1 at gmail.com Tue Mar 3 18:43:37 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Tue Mar 3 18:43:45 2009 Subject: Mailscanner scanning slowly In-Reply-To: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> Message-ID: Hi: On Tue, Mar 3, 2009 at 10:03 AM, Dan?el Kristinn Gunnarsson wrote: > Hi there ! > > Lately I've been running into some trouble with MailScanner + spamassassin. Let me explain my current setup. > > I have a high-load mailserver (100k+ emails per day) that transfers all emails to 2 dedicated servers running Mailscanner + spamassassin for scanning. Both machines have the exact same setup: > > SLES 9.3 > 4gb RAM > 2x 64-bit Dual Core AMD Opteron running at 2ghz > MailScanner 4.71.10 > SpamAssassin 3.2.5 > Perl 5.8.3 > Postfix 2.2.6 > > Both servers process almost equal amount of mail or about 50k each. The problem I'm having is that while server 2 is processing 10 mail scans in about ~60 secs, server 1 takes 300 secs to process them. Max unscanned and max unsafe messages per scan is set to 10 messages, no RBL checks set in MailScanner.conf, 10 children running and Delivery method is running in Batch, changing it to queue did nothing for me. I've tried lowering max children and messages per scanning batch but still it takes from 5 secs to 1 minute to scan a single message on server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, thoughts, tips and tricks are appreciated. > I suspect that is SpamAssassin who is working slowly. Have you tried to disable Spam Checks and then compare how much time takes MailScanner to scan messages? You could use a rules file to disable spam checks only for a couple of test sender e-mail addresses. You can confirm how much time is SpamAssassin spending on scanning messages doing some local scans manually: $ time spamassassin -L < /path-to/test-spam-message Then run the same test again without -L flag and compare. What special SpamAssassin settings do you have? What plugins are you using? Could you try disabling some of them. Share with us some of your tests and results > > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jvoorhees1 at gmail.com Tue Mar 3 18:49:26 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Tue Mar 3 18:49:34 2009 Subject: regular expressions and space In-Reply-To: References: Message-ID: Hi: On Tue, Mar 3, 2009 at 1:26 PM, Dave wrote: > [root@mail2 tmp]# ls test*doc* > test 123.doc ?test123.doc > Those aren't regular expressions, they're only wildcards. > > deny ? ?test*doc* ? ? ? ? ? ? ? - ? ? ? - > test*doc matches : tesdoc testdoc testtttdoc testttt....ttdoc * is any character any times in wildcards expressions * is 0, 1 or more occurrences of the previous caracter in regular expressions . is any character in regular expressions > > test123.doc ?gets denied but ?test 123.doc ?does not. > If you want to deny files of the form "test*doc*" (in wildcards syntax and without quotes) you should write the rule like this: deny test.*doc.* - - > > Should they both be denied? There are a lof of regular expressions tutorials at Internet that could be useful to you. Bye :) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Denis.Beauchemin at USherbrooke.ca Tue Mar 3 18:51:22 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 3 18:51:38 2009 Subject: regular expressions and space In-Reply-To: References: Message-ID: <49AD7C2A.9010503@USherbrooke.ca> Dave a ?crit : > [root@mail2 tmp]# ls test*doc* > test 123.doc test123.doc > > > deny test*doc* - - > > > test123.doc gets denied but test 123.doc does not. > > > Should they both be denied? > Dave, As a regular expression, "test*doc*" means "tes" followed by zero or more "t", followed by "do", followed by zero or more "c". You probably want "test.*\.doc$" which means "test" followed by zero or more characters, followed by ".doc" and nothing else afterwards. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From wintermutecx at gmail.com Tue Mar 3 19:28:40 2009 From: wintermutecx at gmail.com (Dave) Date: Tue Mar 3 19:28:50 2009 Subject: regular expressions and space In-Reply-To: <49AD7C2A.9010503@USherbrooke.ca> References: <49AD7C2A.9010503@USherbrooke.ca> Message-ID: Ugh, that's why I could never get reg expressions to work =D Ok .* is equal to * in wildcards. From danielg at vodafone.is Tue Mar 3 22:06:24 2009 From: danielg at vodafone.is (=?iso-8859-1?Q?Dan=EDel_Kristinn_Gunnarsson?=) Date: Tue Mar 3 22:08:42 2009 Subject: Mailscanner scanning slowly References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> Message-ID: <803D009CC861B7499158EE7E86E6BE8E032767@sv02mxa.ITNET.IS> Thanks for the pointers Jason, I'll get right on it in the morning ! Best regards, Daniel -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Jason Voorhees Sent: Tue 3.3.2009 18:43 To: MailScanner discussion Subject: Re: Mailscanner scanning slowly Hi: On Tue, Mar 3, 2009 at 10:03 AM, Dan?el Kristinn Gunnarsson wrote: > Hi there ! > > Lately I've been running into some trouble with MailScanner + spamassassin. Let me explain my current setup. > > I have a high-load mailserver (100k+ emails per day) that transfers all emails to 2 dedicated servers running Mailscanner + spamassassin for scanning. Both machines have the exact same setup: > > SLES 9.3 > 4gb RAM > 2x 64-bit Dual Core AMD Opteron running at 2ghz > MailScanner 4.71.10 > SpamAssassin 3.2.5 > Perl 5.8.3 > Postfix 2.2.6 > > Both servers process almost equal amount of mail or about 50k each. The problem I'm having is that while server 2 is processing 10 mail scans in about ~60 secs, server 1 takes 300 secs to process them. Max unscanned and max unsafe messages per scan is set to 10 messages, no RBL checks set in MailScanner.conf, 10 children running and Delivery method is running in Batch, changing it to queue did nothing for me. I've tried lowering max children and messages per scanning batch but still it takes from 5 secs to 1 minute to scan a single message on server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, thoughts, tips and tricks are appreciated. > I suspect that is SpamAssassin who is working slowly. Have you tried to disable Spam Checks and then compare how much time takes MailScanner to scan messages? You could use a rules file to disable spam checks only for a couple of test sender e-mail addresses. You can confirm how much time is SpamAssassin spending on scanning messages doing some local scans manually: $ time spamassassin -L < /path-to/test-spam-message Then run the same test again without -L flag and compare. What special SpamAssassin settings do you have? What plugins are you using? Could you try disabling some of them. Share with us some of your tests and results > > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From t.d.lee at durham.ac.uk Wed Mar 4 09:29:41 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Mar 4 09:30:06 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> Message-ID: On Tue, 3 Mar 2009, David Lee wrote: > [...] > Anyway, we have it in service, and I'll keep monitoring it. Something looking not quite right overnight (RPM 4.75.6-1). The system is handling a fair bit of mail, but not under any real stress, and the inbound queue usually has a few entries (occasionally empty; occasionally exceeding 20). Doing about 25,000 msgs/day. ------------------------------------------------------- [root@mailrelay5 ~]# date; MailScanner --processing=0 Wed Mar 4 09:09:49 GMT 2009 Currently being processed: Number of messages: 11 Tries Message Last Tried ===== ======= ========== 1 n2499fG4028919 Wed Mar 4 09:15:02 2009 1 n2499h9K028926 Wed Mar 4 09:14:21 2009 1 n2499g7W028925 Wed Mar 4 09:13:43 2009 1 n2460pEw028445 Wed Mar 4 06:05:35 2009 1 n2460mQf028411 Wed Mar 4 06:03:05 2009 1 n2410rkc021019 Wed Mar 4 01:06:54 2009 1 n2410ru4021020 Wed Mar 4 01:04:56 2009 1 n23M0osK026902 Tue Mar 3 22:05:33 2009 1 n23L0oBo004261 Tue Mar 3 21:05:06 2009 1 n23G0uhc025757 Tue Mar 3 16:04:31 2009 1 n23G0Jnl025407 Tue Mar 3 16:03:19 2009 [root@mailrelay5 ~]# ------------------------------------------------------- 1. Residual stuff from yesterday afternoon and overnight. The log files indicate that these were processed OK. (It so happens that all were "Spam Actions: message ... actions are delete".) 2. For the top entries, note the current time-of-day (c. 09.09) and the "last tried" time... which is in the future. (A few minutes later those top entries (09:xx:yy) have disappeared.) So it looks as though something is either recording or reporting an incorrect time. And I suppose there's a chance that a bug here might be precipitating the 'overnight residue' observation. Further, the log file has a small number of "Making attempt 2 at ..." per hour. Let me know if you want any more information or to try new versions, etc. All the best. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From danielg at vodafone.is Wed Mar 4 13:39:50 2009 From: danielg at vodafone.is (=?iso-8859-1?Q?Dan=EDel_Kristinn_Gunnarsson?=) Date: Wed Mar 4 13:41:41 2009 Subject: Mailscanner scanning slowly References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <803D009CC861B7499158EE7E86E6BE8E032767@sv02mxa.ITNET.IS> Message-ID: <803D009CC861B7499158EE7E86E6BE8EC5D989@sv02mxa.ITNET.IS> Alright, spamassassin -L takes 1 sec or less, while running it regularly takes from 5-8 secs. I'm going to cut down on some RBL's and see where that gets me. As for my current configuration I've changed the delivery method to queue and changed the max messages per batch from 30 to 10 and running 10 child processes. So far the mail is takes on average 40-60 secs to be delivered. I'll let you know what changes I'll do to spamassassin's configuration. ? Daniel Kristinn Gunnarsson T?knima?ur / Technician T?knibor? / Technical Support danielg@vodafone.is +354 599-9500 - 3? Vodafone Sk?tuvogi 2 104 Reykjav?k www.vodafone.is FYRIRVARI / DISCLAIMER ? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dan?el Kristinn Gunnarsson Sent: 3. mars 2009 22:06 To: MailScanner discussion; MailScanner discussion Subject: RE: Mailscanner scanning slowly Thanks for the pointers Jason, I'll get right on it in the morning ! Best regards, Daniel -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info on behalf of Jason Voorhees Sent: Tue 3.3.2009 18:43 To: MailScanner discussion Subject: Re: Mailscanner scanning slowly Hi: On Tue, Mar 3, 2009 at 10:03 AM, Dan?el Kristinn Gunnarsson wrote: > Hi there ! > > Lately I've been running into some trouble with MailScanner + spamassassin. Let me explain my current setup. > > I have a high-load mailserver (100k+ emails per day) that transfers all emails to 2 dedicated servers running Mailscanner + spamassassin for scanning. Both machines have the exact same setup: > > SLES 9.3 > 4gb RAM > 2x 64-bit Dual Core AMD Opteron running at 2ghz > MailScanner 4.71.10 > SpamAssassin 3.2.5 > Perl 5.8.3 > Postfix 2.2.6 > > Both servers process almost equal amount of mail or about 50k each. The problem I'm having is that while server 2 is processing 10 mail scans in about ~60 secs, server 1 takes 300 secs to process them. Max unscanned and max unsafe messages per scan is set to 10 messages, no RBL checks set in MailScanner.conf, 10 children running and Delivery method is running in Batch, changing it to queue did nothing for me. I've tried lowering max children and messages per scanning batch but still it takes from 5 secs to 1 minute to scan a single message on server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, thoughts, tips and tricks are appreciated. > I suspect that is SpamAssassin who is working slowly. Have you tried to disable Spam Checks and then compare how much time takes MailScanner to scan messages? You could use a rules file to disable spam checks only for a couple of test sender e-mail addresses. You can confirm how much time is SpamAssassin spending on scanning messages doing some local scans manually: $ time spamassassin -L < /path-to/test-spam-message Then run the same test again without -L flag and compare. What special SpamAssassin settings do you have? What plugins are you using? Could you try disabling some of them. Share with us some of your tests and results > > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Wed Mar 4 13:50:07 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 4 13:50:16 2009 Subject: Mailscanner scanning slowly In-Reply-To: <803D009CC861B7499158EE7E86E6BE8EC5D989@sv02mxa.ITNET.IS> References: <803D009CC861B7499158EE7E86E6BE8EC5D88E@sv02mxa.ITNET.IS> <803D009CC861B7499158EE7E86E6BE8E032767@sv02mxa.ITNET.IS> <803D009CC861B7499158EE7E86E6BE8EC5D989@sv02mxa.ITNET.IS> Message-ID: <49AE870F.9010901@alexb.ch> On 3/4/2009 2:39 PM, Dan?el Kristinn Gunnarsson wrote: > Alright, spamassassin -L takes 1 sec or less, while running it regularly takes from 5-8 secs. I'm going to cut down on some RBL's and see where that gets me. As for my current configuration I've changed the delivery method to queue and changed the max messages per batch from 30 to 10 and running 10 child processes. So far the mail is takes on average 40-60 secs to be delivered. > > I'll let you know what changes I'll do to spamassassin's configuration. If you have DCC enabled, try disabling for a while. At times, it can be a hog > > > Daniel Kristinn Gunnarsson > T?knima?ur / Technician > T?knibor? / Technical Support > danielg@vodafone.is > +354 599-9500 - 3 > > Vodafone > Sk?tuvogi 2 > 104 Reykjav?k > www.vodafone.is > > FYRIRVARI / DISCLAIMER > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dan?el Kristinn Gunnarsson > Sent: 3. mars 2009 22:06 > To: MailScanner discussion; MailScanner discussion > Subject: RE: Mailscanner scanning slowly > > Thanks for the pointers Jason, I'll get right on it in the morning ! > > Best regards, > Daniel > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info on behalf of Jason Voorhees > Sent: Tue 3.3.2009 18:43 > To: MailScanner discussion > Subject: Re: Mailscanner scanning slowly > > Hi: > > On Tue, Mar 3, 2009 at 10:03 AM, Dan?el Kristinn Gunnarsson > wrote: >> Hi there ! >> >> Lately I've been running into some trouble with MailScanner + spamassassin. Let me explain my current setup. >> >> I have a high-load mailserver (100k+ emails per day) that transfers all emails to 2 dedicated servers running Mailscanner + spamassassin for scanning. Both machines have the exact same setup: >> >> SLES 9.3 >> 4gb RAM >> 2x 64-bit Dual Core AMD Opteron running at 2ghz >> MailScanner 4.71.10 >> SpamAssassin 3.2.5 >> Perl 5.8.3 >> Postfix 2.2.6 >> >> Both servers process almost equal amount of mail or about 50k each. The problem I'm having is that while server 2 is processing 10 mail scans in about ~60 secs, server 1 takes 300 secs to process them. Max unscanned and max unsafe messages per scan is set to 10 messages, no RBL checks set in MailScanner.conf, 10 children running and Delivery method is running in Batch, changing it to queue did nothing for me. I've tried lowering max children and messages per scanning batch but still it takes from 5 secs to 1 minute to scan a single message on server 1. CPU load goes from 0.4 to 0.8 on both servers. Any ideas, thoughts, tips and tricks are appreciated. >> > > I suspect that is SpamAssassin who is working slowly. Have you tried > to disable Spam Checks and then compare how much time takes > MailScanner to scan messages? You could use a rules file to disable > spam checks only for a couple of test sender e-mail addresses. > > You can confirm how much time is SpamAssassin spending on scanning > messages doing some local scans manually: > > $ time spamassassin -L < /path-to/test-spam-message > > Then run the same test again without -L flag and compare. > > What special SpamAssassin settings do you have? What plugins are you > using? Could you try disabling some of them. > > Share with us some of your tests and results >> >> Daniel Kristinn Gunnarsson >> T?knima?ur / Technician >> T?knibor? / Technical Support >> danielg@vodafone.is >> +354 599-9500 - 3 >> >> Vodafone >> Sk?tuvogi 2 >> 104 Reykjav?k >> www.vodafone.is >> >> FYRIRVARI / DISCLAIMER >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From bbecken at aafp.org Wed Mar 4 15:37:45 2009 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 4 15:37:59 2009 Subject: Too many attachments - Enhancement request Message-ID: <49AE4BD9.BC55.0068.3@aafp.org> Running MailScanner v4.74.16 Yesterday I got a call that a client was not receiving "digest" email from a Lyris List Server. I scanned the mail logs and found the following message: maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC At first I thought it was the "Maximum Attachments Per Message" in MailScanner.conf, but that was set to '200'. Maximum Attachments Per Message = 200 I then checked MailWatch to and discovered that the error was related to Viruses, so I looked at the following settings: # In every batch of virus-scanning, limit the maximum # a) number of unscanned messages to deliver # b) number of potentially infected messages to unpack and scan # c) total size of unscanned messages to deliver # d) total size of potentially infected messages to unpack and scan Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 First thing I noted was that the items are out of order "a) != Max Unscanned Bytes Per Scan = 100m Perhaps Julian could change the order of these items in the next release? Since the email in question had over 40 attachments, that left two possible choices: Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 One of these is the possible culprit for me to tinker with. Enhancement request: Rather than just long "Too many attachments" could the message log also include what MailScanner "setting" triggered the error. example message log: Before: maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC After: maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (Max Unsafe Messages Per Scan) (221) in 382851CA8007.738AC Also, how is the MailScannerCounter of 221 in the message log useful? How is it used for debugging? thanks! Brad From Denis.Beauchemin at USherbrooke.ca Wed Mar 4 16:12:30 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 4 16:12:42 2009 Subject: Too many attachments - Enhancement request In-Reply-To: <49AE4BD9.BC55.0068.3@aafp.org> References: <49AE4BD9.BC55.0068.3@aafp.org> Message-ID: <49AEA86E.1020609@USherbrooke.ca> Brad Beckenhauer a ?crit : > Running MailScanner v4.74.16 > > Yesterday I got a call that a client was not receiving "digest" email from a Lyris List Server. I scanned the mail logs and found the following message: > > maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC > > > At first I thought it was the "Maximum Attachments Per Message" in MailScanner.conf, but that was set to '200'. > > Maximum Attachments Per Message = 200 > > I then checked MailWatch to and discovered that the error was related to Viruses, so I looked at the following settings: > > # In every batch of virus-scanning, limit the maximum > # a) number of unscanned messages to deliver > # b) number of potentially infected messages to unpack and scan > # c) total size of unscanned messages to deliver > # d) total size of potentially infected messages to unpack and scan > > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > First thing I noted was that the items are out of order "a) != Max Unscanned Bytes Per Scan = 100m > > Perhaps Julian could change the order of these items in the next release? > > Since the email in question had over 40 attachments, that left two possible choices: > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > > One of these is the possible culprit for me to tinker with. > > Enhancement request: > Rather than just long "Too many attachments" could the message log also include what MailScanner "setting" triggered the error. > > example message log: > Before: > maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC > > After: > maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (Max Unsafe Messages Per Scan) (221) in 382851CA8007.738AC > > Also, how is the MailScannerCounter of 221 in the message log useful? How is it used for debugging? > > thanks! > Brad > > > Brad, Whenever I see that message it's because the email has more than 200 attachments. It happens quite often with some mailing lists' digests. I had to use a rule file to bypass that limit: Maximum Attachments Per Message = %rules-dir%/max.attachments.rules max.attachments.rules: From: *@LISTSERV.SYR.EDU 500 FromOrTo: default 200 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Wed Mar 4 17:47:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 4 17:48:13 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> Message-ID: <49AEBECB.50107@ecs.soton.ac.uk> On 4/3/09 09:29, David Lee wrote: > On Tue, 3 Mar 2009, David Lee wrote: > >> [...] >> Anyway, we have it in service, and I'll keep monitoring it. > > > Something looking not quite right overnight (RPM 4.75.6-1). > > The system is handling a fair bit of mail, but not under any real > stress, and the inbound queue usually has a few entries (occasionally > empty; occasionally exceeding 20). Doing about 25,000 msgs/day. > > ------------------------------------------------------- > [root@mailrelay5 ~]# date; MailScanner --processing=0 > Wed Mar 4 09:09:49 GMT 2009 > Currently being processed: > > Number of messages: 11 > Tries Message Last Tried > ===== ======= ========== > 1 n2499fG4028919 Wed Mar 4 09:15:02 2009 > 1 n2499h9K028926 Wed Mar 4 09:14:21 2009 > 1 n2499g7W028925 Wed Mar 4 09:13:43 2009 > 1 n2460pEw028445 Wed Mar 4 06:05:35 2009 > 1 n2460mQf028411 Wed Mar 4 06:03:05 2009 > 1 n2410rkc021019 Wed Mar 4 01:06:54 2009 > 1 n2410ru4021020 Wed Mar 4 01:04:56 2009 > 1 n23M0osK026902 Tue Mar 3 22:05:33 2009 > 1 n23L0oBo004261 Tue Mar 3 21:05:06 2009 > 1 n23G0uhc025757 Tue Mar 3 16:04:31 2009 > 1 n23G0Jnl025407 Tue Mar 3 16:03:19 2009 > [root@mailrelay5 ~]# > ------------------------------------------------------- > > 1. Residual stuff from yesterday afternoon and overnight. The log > files indicate that these were processed OK. (It so happens that all > were "Spam Actions: message ... actions are delete".) Okay I'll need to take a closer look at that. > > 2. For the top entries, note the current time-of-day (c. 09.09) and > the "last tried" time... which is in the future. (A few minutes later > those top entries (09:xx:yy) have disappeared.) So it looks as though > something is either recording or reporting an incorrect time. And I > suppose there's a chance that a bug here might be precipitating the > 'overnight residue' observation. Sorry, I shouldn't have said "Last Tried". More accurate would be "Next Try At". Just a reporting issue. > > > > Further, the log file has a small number of "Making attempt 2 at ..." > per hour. > > > Let me know if you want any more information or to try new versions, etc. > > All the best. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at techquility.net Wed Mar 4 18:15:14 2009 From: chris at techquility.net (Chris Barber) Date: Wed Mar 4 18:15:41 2009 Subject: Forwarded spam is caught, original message is not Message-ID: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> Hi All, I know this question has been asked before but I can't find a good answer. I have a couple of users who receive spam that is not caught by the MailScanner server. Then, they forward the spam to me and that forwarded message does get caught when coming back to me. I am on the same MailScanner server that they are on so the same rules should apply. I think it has to do with the encoding of the message because when they forward it using Thunderbird, the message hits rules that it did not hit on the way in the first time. These messages are also forwarded to me through the same server immediately usually. Here are the rules that score on one of these messages when it comes in to the user: 4.2 required 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.00 DIGEST_MULTIPLE Message hits more than one network digest check 0.00 HTML_MESSAGE HTML included in message 3.70 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) -0.00 SPF_PASS SPF: sender matches SPF record 0.00 SUBJ_BUY Subject line starts with Buy or Buying Here are the rules that hit when the same message is forwarded back to me: 4.2 required 0.00 HTML_MESSAGE HTML included in message 0.50 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 1.50 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% 0.50 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.50 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 3.50 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist As you can see, the main difference is the URIBL hits. Why would they not hit on the original message? They do hit when the same message is forwarded back to me. This happens every day multiple times for these few users. I do not have much experience with this, so if someone could assist me I would be VERY grateful. I have attached a copy of one of these messages from the MailScanner quarantine directory. There are two files, one is the original, and the other is the forwarded message. Any insight would be appreciated. Regards, Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: messages.tar Type: application/x-tar Size: 10240 bytes Desc: messages.tar Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090304/233fdb96/messages.tar From MailScanner at ecs.soton.ac.uk Wed Mar 4 18:26:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 4 18:26:48 2009 Subject: Crash protection In-Reply-To: <49AEBECB.50107@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> <49AEBECB.50107@ecs.soton.ac.uk> Message-ID: <49AEC7D3.1000504@ecs.soton.ac.uk> On 4/3/09 17:47, Julian Field wrote: > > > On 4/3/09 09:29, David Lee wrote: >> On Tue, 3 Mar 2009, David Lee wrote: >> >>> [...] >>> Anyway, we have it in service, and I'll keep monitoring it. >> >> >> Something looking not quite right overnight (RPM 4.75.6-1). >> >> The system is handling a fair bit of mail, but not under any real >> stress, and the inbound queue usually has a few entries (occasionally >> empty; occasionally exceeding 20). Doing about 25,000 msgs/day. >> >> ------------------------------------------------------- >> [root@mailrelay5 ~]# date; MailScanner --processing=0 >> Wed Mar 4 09:09:49 GMT 2009 >> Currently being processed: >> >> Number of messages: 11 >> Tries Message Last Tried >> ===== ======= ========== >> 1 n2499fG4028919 Wed Mar 4 09:15:02 2009 >> 1 n2499h9K028926 Wed Mar 4 09:14:21 2009 >> 1 n2499g7W028925 Wed Mar 4 09:13:43 2009 >> 1 n2460pEw028445 Wed Mar 4 06:05:35 2009 >> 1 n2460mQf028411 Wed Mar 4 06:03:05 2009 >> 1 n2410rkc021019 Wed Mar 4 01:06:54 2009 >> 1 n2410ru4021020 Wed Mar 4 01:04:56 2009 >> 1 n23M0osK026902 Tue Mar 3 22:05:33 2009 >> 1 n23L0oBo004261 Tue Mar 3 21:05:06 2009 >> 1 n23G0uhc025757 Tue Mar 3 16:04:31 2009 >> 1 n23G0Jnl025407 Tue Mar 3 16:03:19 2009 >> [root@mailrelay5 ~]# >> ------------------------------------------------------- >> >> 1. Residual stuff from yesterday afternoon and overnight. The log >> files indicate that these were processed OK. (It so happens that all >> were "Spam Actions: message ... actions are delete".) > Okay I'll need to take a closer look at that. Please try the attached MessageBatch.pm (which I have compressed, of course). Please let me know if this fixes the problem. >> >> 2. For the top entries, note the current time-of-day (c. 09.09) and >> the "last tried" time... which is in the future. (A few minutes >> later those top entries (09:xx:yy) have disappeared.) So it looks as >> though something is either recording or reporting an incorrect time. >> And I suppose there's a chance that a bug here might be precipitating >> the 'overnight residue' observation. > Sorry, I shouldn't have said "Last Tried". More accurate would be > "Next Try At". Just a reporting issue. >> >> >> >> Further, the log file has a small number of "Making attempt 2 at ..." >> per hour. >> >> >> Let me know if you want any more information or to try new versions, >> etc. >> >> All the best. >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: MessageBatch.pm.gz Type: application/gzip Size: 10495 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090304/dff18e53/MessageBatch.pm.bin From ssilva at sgvwater.com Wed Mar 4 18:32:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 4 18:33:13 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> Message-ID: on 3-4-2009 10:15 AM Chris Barber spake the following: > Hi All, > > I know this question has been asked before but I can't find a good > answer. I have a couple of users who receive spam that is not caught by > the MailScanner server. Then, they forward the spam to me and that > forwarded message does get caught when coming back to me. I am on the > same MailScanner server that they are on so the same rules should apply. > > > I think it has to do with the encoding of the message because when they > forward it using Thunderbird, the message hits rules that it did not hit > on the way in the first time. These messages are also forwarded to me > through the same server immediately usually. > > > Here are the rules that score on one of these messages when it comes in > to the user: > 4.2 required > 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > 0.00 DIGEST_MULTIPLE Message hits more than one network digest check > 0.00 HTML_MESSAGE HTML included in message 3.70 PYZOR_CHECK Listed in > Pyzor (http://pyzor.sf.net/) -0.00 SPF_PASS SPF: sender matches SPF > record 0.00 SUBJ_BUY Subject line starts with Buy or Buying > > > Here are the rules that hit when the same message is forwarded back to > me: > 4.2 required > 0.00 HTML_MESSAGE HTML included in message 0.50 RAZOR2_CF_RANGE_51_100 > Razor2 gives confidence level above 50% 1.50 RAZOR2_CF_RANGE_E8_51_100 > Razor2 gives engine 8 confidence level above 50% 0.50 RAZOR2_CHECK > Listed in Razor2 (http://razor.sf.net/) 3.50 URIBL_JP_SURBL Contains an > URL listed in the JP SURBL blocklist 3.50 URIBL_OB_SURBL Contains an URL > listed in the OB SURBL blocklist > > As you can see, the main difference is the URIBL hits. Why would they > not hit on the original message? They do hit when the same message is > forwarded back to me. This happens every day multiple times for these > few users. > > > I do not have much experience with this, so if someone could assist me I > would be VERY grateful. I have attached a copy of one of these messages > from the MailScanner quarantine directory. There are two files, one is > the original, and the other is the forwarded message. Any insight would > be appreciated. > > Regards, > Chris > > A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits the cached lookup and is faster. Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an encoding issue, it it does, it is a DNS issue. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090304/64dbf292/signature.bin From jvoorhees1 at gmail.com Wed Mar 4 18:46:38 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Wed Mar 4 18:46:47 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> Message-ID: Hi: On Wed, Mar 4, 2009 at 1:15 PM, Chris Barber wrote: > Hi All, > > I know this question has been asked before but I can't find a good > answer. I have a couple of users who receive spam that is not caught by > the MailScanner server. Then, they forward the spam to me and that > forwarded message does get caught when coming back to me. I am on the > same MailScanner server that they are on so the same rules should apply. > > > I think it has to do with the encoding of the message because when they > forward it using Thunderbird, the message hits rules that it did not hit > on the way in the first time. These messages are also forwarded to me > through the same server immediately usually. > > > Here are the rules that score on one of these messages when it comes in > to the user: > 4.2 required > 2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > 0.00 DIGEST_MULTIPLE Message hits more than one network digest check > 0.00 HTML_MESSAGE HTML included in message 3.70 PYZOR_CHECK Listed in > Pyzor (http://pyzor.sf.net/) -0.00 SPF_PASS SPF: sender matches SPF > record 0.00 SUBJ_BUY Subject line starts with Buy or Buying > > > Here are the rules that hit when the same message is forwarded back to > me: > 4.2 required > 0.00 HTML_MESSAGE HTML included in message 0.50 RAZOR2_CF_RANGE_51_100 > Razor2 gives confidence level above 50% 1.50 RAZOR2_CF_RANGE_E8_51_100 > Razor2 gives engine 8 confidence level above 50% 0.50 RAZOR2_CHECK > Listed in Razor2 (http://razor.sf.net/) 3.50 URIBL_JP_SURBL Contains an > URL listed in the JP SURBL blocklist 3.50 URIBL_OB_SURBL Contains an URL > listed in the OB SURBL blocklist > > As you can see, the main difference is the URIBL hits. Why would they > not hit on the original message? They do hit when the same message is > forwarded back to me. This happens every day multiple times for these > few users. > > > I do not have much experience with this, so if someone could assist me I > would be VERY grateful. I have attached a copy of one of these messages > from the MailScanner quarantine directory. There are two files, one is > the original, and the other is the forwarded message. Any insight would > be appreciated. > > Regards, > Chris > Why don't you whitelist every message that comes from your own domain? Maybe a whitelist rule by IP address or domain sender would stop marking as spam internal messages. You can do this by a MailScanner rule or by the trusted networks feature of SpamAssassin. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From leolists at seidkr.com Wed Mar 4 19:43:52 2009 From: leolists at seidkr.com (=?ISO-8859-1?Q?Philip_Leonard_WV=D8T?=) Date: Wed Mar 4 19:44:18 2009 Subject: updating an old MS Message-ID: <49AED9F8.4020306@seidkr.com> I am currently running 4.51.6 on a Gentoo box. Is there anything I should look out for when I upgrade to the current stable version? I would be using the "other" unix install method. Philip From maillists at conactive.com Wed Mar 4 20:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 4 20:31:35 2009 Subject: Too many attachments - Enhancement request In-Reply-To: <49AE4BD9.BC55.0068.3@aafp.org> References: <49AE4BD9.BC55.0068.3@aafp.org> Message-ID: Brad Beckenhauer wrote on Wed, 04 Mar 2009 09:37:45 -0600: > maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC > > > At first I thought it was the "Maximum Attachments Per Message" in > MailScanner.conf, but that was set to '200'. > > Maximum Attachments Per Message = 200 well, and that message contained 221 according to MailScanner. > Also, how is the MailScannerCounter of 221 in the message log useful? How is it used for debugging? This is the number of attachments! You say it's only 40. Recheck and if it's still only 40 there might be a bug in the counter. But this "max unscanned" stuff has *nothing* to do with it. Read the explanation in the .conf. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From bbecken at aafp.org Wed Mar 4 22:09:40 2009 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 4 22:10:10 2009 Subject: Too many attachments - Enhancement request In-Reply-To: <49AEA86E.1020609@USherbrooke.ca> References: <49AE4BD9.BC55.0068.3@aafp.org> <49AEA86E.1020609@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Brad Beckenhauer a ?crit : >> Running MailScanner v4.74.16 >> >> Yesterday I got a call that a client was not receiving "digest" email >> from a Lyris List Server. I scanned the mail logs and found the >> following message: >> >> maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many >> attachments (221) in 382851CA8007.738AC >> >> >> At first I thought it was the "Maximum Attachments Per Message" in >> MailScanner.conf, but that was set to '200'. >> >> Maximum Attachments Per Message = 200 >> >> I then checked MailWatch to and discovered that the error was related >> to Viruses, so I looked at the following settings: >> >> # In every batch of virus-scanning, limit the maximum >> # a) number of unscanned messages to deliver >> # b) number of potentially infected messages to unpack and scan >> # c) total size of unscanned messages to deliver >> # d) total size of potentially infected messages to unpack and scan >> >> Max Unscanned Bytes Per Scan = 100m >> Max Unsafe Bytes Per Scan = 50m >> Max Unscanned Messages Per Scan = 30 >> Max Unsafe Messages Per Scan = 30 >> >> First thing I noted was that the items are out of order "a) != Max >> Unscanned Bytes Per Scan = 100m >> >> Perhaps Julian could change the order of these items in the next release? >> >> Since the email in question had over 40 attachments, that left two >> possible choices: >> Max Unscanned Messages Per Scan = 30 >> Max Unsafe Messages Per Scan = 30 >> >> One of these is the possible culprit for me to tinker with. >> >> Enhancement request: Rather than just long "Too many attachments" >> could the message log also include what MailScanner "setting" >> triggered the error. >> >> example message log: >> Before: >> maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many >> attachments (221) in 382851CA8007.738AC >> >> After: >> maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many >> attachments (Max Unsafe Messages Per Scan) (221) in 382851CA8007.738AC >> >> Also, how is the MailScannerCounter of 221 in the message log useful? >> How is it used for debugging? >> >> thanks! >> Brad >> >> >> > Brad, > > Whenever I see that message it's because the email has more than 200 > attachments. It happens quite often with some mailing lists' digests. > I had to use a rule file to bypass that limit: > Maximum Attachments Per Message = %rules-dir%/max.attachments.rules > > max.attachments.rules: > From: *@LISTSERV.SYR.EDU 500 > FromOrTo: default 200 > > Denis > Denis, Thank you.. I'll give that a try tonight. From ssilva at sgvwater.com Wed Mar 4 22:28:54 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 4 22:29:15 2009 Subject: updating an old MS In-Reply-To: <49AED9F8.4020306@seidkr.com> References: <49AED9F8.4020306@seidkr.com> Message-ID: on 3-4-2009 11:43 AM Philip Leonard WV?T spake the following: > I am currently running 4.51.6 on a Gentoo box. Is there anything I > should look out for when I upgrade to the current stable version? I > would be using the "other" unix install method. > > Philip The config options have changed a lot and there are lots more features. The module requirements have also changed, so check those. Make sure you run upgrade_mailscanner_conf and upgrade_languages_conf on the config files. 4.51.6 is soo old I can't remember all the changes. With an other install you can use symlinks and keep multiple installs around so you can go back easily if you have trouble. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090304/7aa5fdfc/signature.bin From bbecken at aafp.org Wed Mar 4 22:46:29 2009 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 4 22:46:53 2009 Subject: Too many attachments - Enhancement request In-Reply-To: References: <49AE4BD9.BC55.0068.3@aafp.org> Message-ID: Kai Schaetzl wrote: > Brad Beckenhauer wrote on Wed, 04 Mar 2009 09:37:45 -0600: > >> maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many attachments (221) in 382851CA8007.738AC >> >> >> At first I thought it was the "Maximum Attachments Per Message" in >> MailScanner.conf, but that was set to '200'. >> >> Maximum Attachments Per Message = 200 > > well, and that message contained 221 according to MailScanner. > >> Also, how is the MailScannerCounter of 221 in the message log useful? How is it used for debugging? > > This is the number of attachments! Good to know.. > > You say it's only 40. Recheck and if it's still only 40 there might be a bug in > the counter. But this "max unscanned" stuff has *nothing* to do with it. > Read the explanation in the .conf. Now I am suspicious about the counter. I've looked at another email that was tagged as having "Too many attachments". MailScanner reports it has (236). I've released that attachment and counted the email myself. Lyris (the List Server) generates a summary email and Lyris reports that the email had 62 total email in the Digest. Only two of the email in the digest had file attachments (a pdf and a gif). The count is way short of the 236 count reported in the maillog and the 200 in MailScanner.conf. I've added myself the listserver and added a ruleset that Dennis suggested. By Friday, I'll have a couple of digests. Brad > > Kai > From ssilva at sgvwater.com Wed Mar 4 23:14:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 4 23:15:18 2009 Subject: Too many attachments - Enhancement request In-Reply-To: References: <49AE4BD9.BC55.0068.3@aafp.org> Message-ID: on 3-4-2009 2:46 PM Brad Beckenhauer spake the following: > Kai Schaetzl wrote: >> Brad Beckenhauer wrote on Wed, 04 Mar 2009 09:37:45 -0600: >> >>> maillog.1:Mar 03 00:00:34 mxxx MailScanner[26495]: Too many >>> attachments (221) in 382851CA8007.738AC >>> >>> >>> At first I thought it was the "Maximum Attachments Per Message" in >>> MailScanner.conf, but that was set to '200'. >>> >>> Maximum Attachments Per Message = 200 >> >> well, and that message contained 221 according to MailScanner. >> >>> Also, how is the MailScannerCounter of 221 in the message log >>> useful? How is it used for debugging? >> >> This is the number of attachments! > Good to know.. > >> >> You say it's only 40. Recheck and if it's still only 40 there might be >> a bug in >> the counter. But this "max unscanned" stuff has *nothing* to do with it. >> Read the explanation in the .conf. > Now I am suspicious about the counter. I've looked at another email > that was tagged as having "Too many attachments". MailScanner reports > it has (236). I've released that attachment and counted the email myself. > > Lyris (the List Server) generates a summary email and Lyris reports that > the email had 62 total email in the Digest. Only two of the email in > the digest had file attachments (a pdf and a gif). The count is way > short of the 236 count reported in the maillog and the 200 in > MailScanner.conf. > > I've added myself the listserver and added a ruleset that Dennis > suggested. By Friday, I'll have a couple of digests. > AFAIR mailscanner counts each mime part as an attachment because mime-tools strips them that way before scanning. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090304/3afdc0de/signature.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 5 00:22:53 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 5 00:23:06 2009 Subject: Installing on SLES 10 SP2 Message-ID: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> I'm building a new MailScanner box (latest download, earlier today), and am trying to install, but am getting the following: ======= Installing tnef decoder error: File not found by glob: tnef*.i586.rpm Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: tnef >= 1.1.1 is needed by mailscanner-4.74.16-1.noarch ======= Perl-convert-tnef 0.17 is installed. A search on cpan shows it as current (unless I'm missing something). Is this an error in the script? Should I install with nodeps? Kinda hate resorting to that... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From maillists at conactive.com Thu Mar 5 00:31:26 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 5 00:31:38 2009 Subject: Too many attachments - Enhancement request In-Reply-To: References: <49AE4BD9.BC55.0068.3@aafp.org> Message-ID: Brad Beckenhauer wrote on Wed, 04 Mar 2009 16:46:29 -0600: > Lyris (the List Server) generates a summary email and Lyris reports that > the email had 62 total email in the Digest. Only two of the email in > the digest had file attachments (a pdf and a gif). The count is way > short of the 236 count reported in the maillog and the 200 in > MailScanner.conf. Look in the body and start counting. It doesn't matter how many mails there are in. There may be text and html parts, pictures, mailing list signatures. As Scott says you have to count the number of MIME compartments. Grep for lines starting with "--" and pipe that to wc -l. You might get some FPs, but it should be close to the number given by MS. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Kevin_Miller at ci.juneau.ak.us Thu Mar 5 00:36:37 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 5 00:36:52 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> Message-ID: <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> Kevin Miller wrote: > I'm building a new MailScanner box (latest download, earlier today), > and am trying to install, but am getting the following: > > ======= > Installing tnef decoder > > error: File not found by glob: tnef*.i586.rpm > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > tnef >= 1.1.1 is needed by mailscanner-4.74.16-1.noarch > ======= > > Perl-convert-tnef 0.17 is installed. A search on cpan shows it as > current (unless I'm missing something). > Is this an error in the script? Should I install with nodeps? Kinda > hate resorting to that... > > > ...Kevin A bit of further info - I ran updatedb and locate reports these files: /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.i386.rpm /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.x86_64.rpm So it looks like the script is looking for tnef-1.1.1 and the files bundled are 1.4.5-1 which I guess should be fixed. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From chris at techquility.net Thu Mar 5 05:55:01 2009 From: chris at techquility.net (Chris Barber) Date: Thu Mar 5 05:55:11 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> Message-ID: <43F62CA225017044BC84CFAF92B4333B06F231@sbsserver.Techquility.net> > > I do not have much experience with this, so if someone could assist me > I would be VERY grateful. I have attached a copy of one of these > messages from the MailScanner quarantine directory. There are two > files, one is the original, and the other is the forwarded message. > Any insight would be appreciated. > > Regards, > Chris > > >A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster. > >Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue. > Yes I quarantine all messages so this is a feasible test. I will post the results. Thanks for the suggestion. From hvdkooij at vanderkooij.org Thu Mar 5 07:03:09 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 5 07:03:21 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> Message-ID: <49AF792D.3050107@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Miller wrote: > Kevin Miller wrote: >> I'm building a new MailScanner box (latest download, earlier today), >> and am trying to install, but am getting the following: >> >> ======= >> Installing tnef decoder >> >> error: File not found by glob: tnef*.i586.rpm >> >> Now to install MailScanner itself. >> >> NOTE: If you get lots of errors here, run the install.sh script >> NOTE: again with the command "./install.sh nodeps" >> >> error: Failed dependencies: >> tnef >= 1.1.1 is needed by mailscanner-4.74.16-1.noarch >> ======= >> >> Perl-convert-tnef 0.17 is installed. A search on cpan shows it as >> current (unless I'm missing something). >> Is this an error in the script? Should I install with nodeps? Kinda >> hate resorting to that... >> >> >> ...Kevin > > A bit of further info - I ran updatedb and locate reports these files: > /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.i386.rpm > /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.x86_64.rpm > > So it looks like the script is looking for tnef-1.1.1 and the files bundled are 1.4.5-1 which I guess should be fixed. There is nothing to fix here. The requirements are for version 1.1.1 OR ABOVE. So 1.4.5 will match that requirement. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmveSsACgkQBvzDRVjxmYFC7ACeNVSCY1vacszPvKLsEq13Hspr tt0AoI4lwtgn6wqvxy87pR17IEeOODmn =UqU+ -----END PGP SIGNATURE----- From t.d.lee at durham.ac.uk Thu Mar 5 09:03:25 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Mar 5 09:03:54 2009 Subject: Crash protection In-Reply-To: <49AEC7D3.1000504@ecs.soton.ac.uk> References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> <49AEBECB.50107@ecs.soton.ac.uk> <49AEC7D3.1000504@ecs.soton.ac.uk> Message-ID: On Wed, 4 Mar 2009, Julian Field wrote: > On 4/3/09 17:47, Julian Field wrote: >> On 4/3/09 09:29, David Lee wrote: >>> On Tue, 3 Mar 2009, David Lee wrote: >>> [...] >>> 1. Residual stuff from yesterday afternoon and overnight. The log files >>> indicate that these were processed OK. (It so happens that all were "Spam >>> Actions: message ... actions are delete".) >> Okay I'll need to take a closer look at that. > Please try the attached MessageBatch.pm (which I have compressed, of course). > Please let me know if this fixes the problem. Will do; I have just installed it. (I made sure the inbound queue was empty and removed the previous "Processing.db" to give it a clean start.) Each day this machine does ~30K emails and I was seeing just a few (around 10) of these residual entries. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From maillists at conactive.com Thu Mar 5 13:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 5 13:31:33 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: <49AF792D.3050107@vanderkooij.org> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> Message-ID: Hugo van der Kooij wrote on Thu, 05 Mar 2009 08:03:09 +0100: > There is nothing to fix here. The requirements are for version 1.1.1 OR > ABOVE. > > So 1.4.5 will match that requirement. There is something wrong if the installer looks for it and can't find it. Quoting from the Kevin's postings: > error: File not found by glob: tnef*.i586.rpm > /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.i386.rpm > /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.x86_64.rpm see, what I mean? On a further note. I haven't used a newer Suse for quite some time now, but I believe you can go the same route as I recommend with CentOS/RHEL. Install all required Perl packages from a repo of your choice. Then use *only* the mailscanner*.rpm and not the install.sh Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Mar 5 14:03:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 5 14:03:28 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> Message-ID: <49AFDB98.6050609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/3/09 13:31, Kai Schaetzl wrote: > Hugo van der Kooij wrote on Thu, 05 Mar 2009 08:03:09 +0100: > > >> There is nothing to fix here. The requirements are for version 1.1.1 OR >> ABOVE. >> >> So 1.4.5 will match that requirement. >> > > There is something wrong if the installer looks for it and can't find it. > > Quoting from the Kevin's postings: > > >> error: File not found by glob: tnef*.i586.rpm >> It tried to work out if it should install the i386 or x86_64 by working from the architecture of your perl installation. In RedHat-based systems this always gives you i386 or x86_64, but apparently your SuSE system is giving i586 instead so it isn't finding the file. Install the rpm -Uvh tnef*.i386.rpm and then re-run install.sh and it will work fine. > > >> /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.i386.rpm >> /usr/local/src/mailstuff/MailScanner-4.74.16-1/tnef-1.4.5-1.x86_64.rpm >> > > see, what I mean? > > On a further note. I haven't used a newer Suse for quite some time now, > but I believe you can go the same route as I recommend with CentOS/RHEL. > Install all required Perl packages from a repo of your choice. Then use > *only* the mailscanner*.rpm and not the install.sh > > Kai > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJr9uZEfZZRxQVtlQRAiOyAJ9USHSephXuFaQJKt8BzX50yl681gCeLTn8 C+OBNdAmsz9fkKkKrjISgQs= =iJOt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at techquility.net Thu Mar 5 17:21:19 2009 From: chris at techquility.net (Chris Barber) Date: Thu Mar 5 17:21:52 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> Message-ID: <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> >A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster. > >Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue. > Scott, Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further? Thanks, Chris From ssilva at sgvwater.com Thu Mar 5 17:52:38 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 5 17:52:56 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> Message-ID: on 3-5-2009 9:21 AM Chris Barber spake the following: >> A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster. >> >> Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue. >> > > Scott, > > Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. > > Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further? > > Thanks, > Chris > > Can you pastebin an example somewhere so others can test it. That way we can eliminate or implicate your systems configs or module versions. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090305/4f059c28/signature.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 5 18:28:05 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 5 18:28:17 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: <49AFDB98.6050609@ecs.soton.ac.uk> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> <49AFDB98.6050609@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C0C884DB030@CITY-EXCHANGE07.cbj.local> Julian Field wrote: > It tried to work out if it should install the i386 or x86_64 by > working from the architecture of your perl installation. In > RedHat-based systems this always gives you i386 or x86_64, but > apparently your SuSE system is giving i586 instead so it isn't > finding the file. Install the rpm -Uvh tnef*.i386.rpm and then re-run > install.sh and it will work fine. OK, tried that, but it tells me that it can't install because of missing dependencies: rtld (GNU_HASH) Tried to find something w/rtld in it, but no go... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From maillists at conactive.com Thu Mar 5 19:31:32 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 5 19:31:44 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C0C884DB030@CITY-EXCHANGE07.cbj.local> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> <49AFDB98.6050609@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C0C884DB030@CITY-EXCHANGE07.cbj.local> Message-ID: Kevin Miller wrote on Thu, 5 Mar 2009 09:28:05 -0900: > OK, tried that, but it tells me that it can't install because of missing > dependencies: rtld (GNU_HASH) what is "it", the rpm or the install.sh? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From drew.marshall at trunknetworks.com Thu Mar 5 19:51:37 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Thu Mar 5 19:52:01 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use Message-ID: <200903051951.n25JppRp017503@safir.blacknight.ie> Hi all Just bumped into this one: MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 10 messages. max message size is '250000 trackback' Can't use string ("1909") as an ARRAY ref while "strict refs" in use at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. This is my first stray back to Linux (Usually play in FreeBSD world ) for a while but this is mt MailScanner -v Linux in1-b.mx.mail-launder.com 2.6.27-11-server #1 SMP Thu Jan 29 20:13:12 UTC 2009 x86_64 GNU/Linux This is Perl version 5.010000 (5.10.0) This is MailScanner version 4.74.16 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 0.22 bignum 1.08 Carp 2.011 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_14 Data::Dumper 2.27 Date::Parse 1.01 DirHandle 1.06 Fcntl 2.76 File::Basename 2.11 File::Copy 2.01 FileHandle 2.04 File::Path 0.18 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23_01 IO 1.14 IO::File 1.13 IO::Pipe 2.03 Mail::Header 1.88 Math::BigInt 0.21 Math::BigRat 3.07_01 MIME::Base64 5.426 MIME::Decoder 5.426 MIME::Decoder::UU 5.426 MIME::Head 5.426 MIME::Parser 3.07 MIME::QuotedPrint 5.426 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.07 Pod::Simple 1.13 POSIX 1.19 Scalar::Util 1.80 Socket 2.18 Storable 1.4 Sys::Hostname::Long 0.26 Sys::Syslog 1.26 Test::Pod 0.8 Test::Simple 1.9711 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.22 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.816_1 DB_File 1.14 DBD::SQLite 1.605 DBI 1.15 Digest 1.01 Digest::HMAC 2.36_01 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect 0.17010 Error 0.21 ExtUtils::CBuilder 2.18_02 ExtUtils::ParseXS 2.37 Getopt::Long missing Inline missing IO::String 1.09 IO::Zlib missing IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.006 Mail::SPF 1.999001 Mail::SPF::Query 0.280801 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP 4.007 NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.74 version missing YAML Don't think there is any thing else special about this box, it's just a bog standard Ubuntu 8.10 server install, with as much as possible installed via apt and running the latest stable release. I've not got to the clever stuff yet ;-) Not being a perl gruru and certainly not with Jules' fine work, I am now at the "help" stage :-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by our Mail Launder system www.mail-launder.com Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: 351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ From Kevin_Miller at ci.juneau.ak.us Thu Mar 5 20:34:05 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 5 20:34:15 2009 Subject: Installing on SLES 10 SP2 In-Reply-To: References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> <49AFDB98.6050609@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C0C884DB030@CITY-EXCHANGE07.cbj.local> Message-ID: <4A09477D575C2C4B86497161427DD94C0C884DB031@CITY-EXCHANGE07.cbj.local> Kai Schaetzl wrote: > Kevin Miller wrote on Thu, 5 Mar 2009 09:28:05 -0900: > >> OK, tried that, but it tells me that it can't install because of >> missing dependencies: rtld (GNU_HASH) > > what is "it", the rpm or the install.sh? The rpm... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Thu Mar 5 20:47:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 5 20:47:52 2009 Subject: OT: set sendmail client IPv6 address Message-ID: <49B03A5E.5030203@ecs.soton.ac.uk> Apparently Postfix has an option "smtp_bind_address6" which sets the IPv6 source address of outgoing SMTP connections. This is useful if your Postfix server has, like many IPv6-configured boxes, more than 1 IPv6 address. Can you do the same in sendmail? If so, how? In RedHat 5 and presumably CentOS 5, you always get a global IPv6 address based on the MAC address of the ethernet card combined with your local IPv6 subnet. We always add another global IPv6 address based on the machine's role as well, so that their IPv6 addresses in the DNS don't depend on the MAC address of the ethernet card. Sensible if you don't want to have to update your DNS just because a network card dies. So how do I either a) Stop RedHat 5 + CentOS 5 creating a global IPv6 address based on the MAC address, and/or b) Set the source IPv6 address of client SMTP connections my mail server makes to the outside world ? All ideas welcome! Cheers, Jules. -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 5 21:00:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 5 21:00:42 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903051951.n25JppRp017503@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> Message-ID: <49B03D54.6040307@ecs.soton.ac.uk> I think this is one for Glenn. Glenn? Any ideas? On 5/3/09 19:51, Drew Marshall wrote: > Hi all > > Just bumped into this one: > > MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 10 messages. > max message size is '250000 trackback' > Can't use string ("1909") as an ARRAY ref while "strict refs" in use > at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > This is my first stray back to Linux (Usually play in FreeBSD world ) > for a while but this is mt MailScanner -v > > Linux in1-b.mx.mail-launder.com 2.6.27-11-server #1 SMP Thu Jan 29 > 20:13:12 UTC 2009 x86_64 GNU/Linux > This is Perl version 5.010000 (5.10.0) > > This is MailScanner version 4.74.16 > Module versions are: > 1.00 AnyDBM_File > 1.18 Archive::Zip > 0.22 bignum > 1.08 Carp > 2.011 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_14 Data::Dumper > 2.27 Date::Parse > 1.01 DirHandle > 1.06 Fcntl > 2.76 File::Basename > 2.11 File::Copy > 2.01 FileHandle > 2.04 File::Path > 0.18 File::Temp > 0.92 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23_01 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.03 Mail::Header > 1.88 Math::BigInt > 0.21 Math::BigRat > 3.07_01 MIME::Base64 > 5.426 MIME::Decoder > 5.426 MIME::Decoder::UU > 5.426 MIME::Head > 5.426 MIME::Parser > 3.07 MIME::QuotedPrint > 5.426 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.07 Pod::Simple > 1.13 POSIX > 1.19 Scalar::Util > 1.80 Socket > 2.18 Storable > 1.4 Sys::Hostname::Long > 0.26 Sys::Syslog > 1.26 Test::Pod > 0.8 Test::Simple > 1.9711 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.38 Archive::Tar > 0.22 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.816_1 DB_File > 1.14 DBD::SQLite > 1.605 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36_01 Digest::MD5 > 2.11 Digest::SHA1 > missing Encode::Detect > 0.17010 Error > 0.21 ExtUtils::CBuilder > 2.18_02 ExtUtils::ParseXS > 2.37 Getopt::Long > missing Inline > missing IO::String > 1.09 IO::Zlib > missing IP::Country > missing Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.006 Mail::SPF > 1.999001 Mail::SPF::Query > 0.280801 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > missing Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.007 NetAddr::IP > missing Parse::RecDescent > missing SAVI > 2.64 Test::Harness > missing Test::Manifest > 2.0.0 Text::Balanced > 1.35 URI > 0.74 version > missing YAML > > Don't think there is any thing else special about this box, it's just > a bog standard Ubuntu 8.10 server install, with as much as possible > installed via apt and running the latest stable release. I've not got > to the clever stuff yet ;-) > > Not being a perl gruru and certainly not with Jules' fine work, I am > now at the "help" stage :-) > > Drew > > -- > In line with our policy, this message has been scanned for viruses and > dangerouscontent by our Mail Launder system www.mail-launder.com > Our email policy can be found at www.trunknetworks.com/policy > > Trunk Networks Limited is registered in Scotland with registration > number: 351063 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 5 21:38:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 5 21:39:14 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <49B03A5E.5030203@ecs.soton.ac.uk> References: <49B03A5E.5030203@ecs.soton.ac.uk> Message-ID: <49B0466B.5010206@ecs.soton.ac.uk> Just found the answer to this after mailing this list. CLIENT_OPTIONS(`Family=inet6, Addr=') is the answer, for anyone else who's interested. On 5/3/09 20:47, Julian Field wrote: > Apparently Postfix has an option "smtp_bind_address6" which sets the > IPv6 source address of outgoing SMTP connections. > This is useful if your Postfix server has, like many IPv6-configured > boxes, more than 1 IPv6 address. > > Can you do the same in sendmail? > If so, how? > > In RedHat 5 and presumably CentOS 5, you always get a global IPv6 > address based on the MAC address of the ethernet card combined with > your local IPv6 subnet. > We always add another global IPv6 address based on the machine's role > as well, so that their IPv6 addresses in the DNS don't depend on the > MAC address of the ethernet card. Sensible if you don't want to have > to update your DNS just because a network card dies. > > So how do I either > a) Stop RedHat 5 + CentOS 5 creating a global IPv6 address based on > the MAC address, > and/or > b) Set the source IPv6 address of client SMTP connections my mail > server makes to the outside world > ? > > All ideas welcome! > > Cheers, > Jules. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Mar 5 22:32:03 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 5 22:32:29 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <49B0466B.5010206@ecs.soton.ac.uk> References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> Message-ID: on 3-5-2009 1:38 PM Julian Field spake the following: > Just found the answer to this after mailing this list. > CLIENT_OPTIONS(`Family=inet6, Addr=') > is the answer, for anyone else who's interested. > > On 5/3/09 20:47, Julian Field wrote: >> Apparently Postfix has an option "smtp_bind_address6" which sets the >> IPv6 source address of outgoing SMTP connections. >> This is useful if your Postfix server has, like many IPv6-configured >> boxes, more than 1 IPv6 address. >> >> Can you do the same in sendmail? >> If so, how? >> >> In RedHat 5 and presumably CentOS 5, you always get a global IPv6 >> address based on the MAC address of the ethernet card combined with >> your local IPv6 subnet. >> We always add another global IPv6 address based on the machine's role >> as well, so that their IPv6 addresses in the DNS don't depend on the >> MAC address of the ethernet card. Sensible if you don't want to have >> to update your DNS just because a network card dies. >> >> So how do I either >> a) Stop RedHat 5 + CentOS 5 creating a global IPv6 address based on >> the MAC address, >> and/or >> b) Set the source IPv6 address of client SMTP connections my mail >> server makes to the outside world >> ? >> >> All ideas welcome! >> >> Cheers, >> Jules. >> > > Jules > I just found that, and saw your message just before I hit send. Sorry, but no IP6 here yet to play with. At least not externally. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090305/e7afb94a/signature.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 5 23:49:06 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 5 23:49:22 2009 Subject: Followup: was RE: Installing on SLES 10 SP2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C0C884DB031@CITY-EXCHANGE07.cbj.local> References: <4A09477D575C2C4B86497161427DD94C0C884DB02B@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB02D@CITY-EXCHANGE07.cbj.local> <49AF792D.3050107@vanderkooij.org> <49AFDB98.6050609@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C0C884DB030@CITY-EXCHANGE07.cbj.local> <4A09477D575C2C4B86497161427DD94C0C884DB031@CITY-EXCHANGE07.cbj.local> Message-ID: <4A09477D575C2C4B86497161427DD94C0C884DB037@CITY-EXCHANGE07.cbj.local> Kevin Miller wrote: > Kai Schaetzl wrote: >> Kevin Miller wrote on Thu, 5 Mar 2009 09:28:05 -0900: >> >>> OK, tried that, but it tells me that it can't install because of >>> missing dependencies: rtld(GNU_HASH) >> >> what is "it", the rpm or the install.sh? > > The rpm... > > ...Kevin After searching the web high and low, it seems that *lots* of folks are running into the same issue w/many different programs. It turns out that rtld(GNU_HASH) is a new part of glibc but isn't found in older versions. I looked inside Julian's tnef*.rpm and saw the source to tnef was available from sourceforge. I downloaded that, compiled it, created an rpm w/checkconfig then installed that. My rpm didn't have a dependency on rtld(GNU_HASH). Not sure why Julian's does, but maybe it was built on a CentOS or newer openSUSE box? Be good if he could build one against a SLES 10 SP2 box. If one isn't available I'd be happy to compile one and send it if a plain vanilla version is what is produced with chkconfig. I didn't give it any specific parameters or list any dependencies when it built. So, long story short, MailScanner installed, hopefully to no ill effect lacking the rtld(GNU_HASH) aspect. We'll see... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Fri Mar 6 09:12:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 6 09:13:18 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B03D54.6040307@ecs.soton.ac.uk> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> Message-ID: <49B0E915.5030602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn has taken a look at this, and the problem doesn't arise on his Perl 5.10 systems at all. And as he pointed out, it's my Perl not his :-) So is this something to do with Ubuntu's build of Perl? However, you could edit that line of PFDiskStore.pm and change it from this: while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { to this: while (${@{$body}}[int(scalar(@{$body})-1)] !~ /^\s*$/) { You should probably comment out the next line (the "print" statement) too. What I originally wrote is perfectly valid Perl, but it's managing to do the "-1" but then is leaving that as a string "1909" instead of using it as a number 1909 in the array reference. Let me know if that helps. You'll obviously need to restart MailScanner after making that change :-) Jules. On 5/3/09 21:00, Julian Field wrote: > I think this is one for Glenn. > > Glenn? Any ideas? > > On 5/3/09 19:51, Drew Marshall wrote: >> Hi all >> >> Just bumped into this one: >> >> MailScanner --debug >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Have a batch of 10 messages. >> max message size is '250000 trackback' >> Can't use string ("1909") as an ARRAY ref while "strict refs" in use >> at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. >> >> This is my first stray back to Linux (Usually play in FreeBSD world ) >> for a while but this is mt MailScanner -v >> >> Linux in1-b.mx.mail-launder.com 2.6.27-11-server #1 SMP Thu Jan 29 >> 20:13:12 UTC 2009 x86_64 GNU/Linux >> This is Perl version 5.010000 (5.10.0) >> >> This is MailScanner version 4.74.16 >> Module versions are: >> 1.00 AnyDBM_File >> 1.18 Archive::Zip >> 0.22 bignum >> 1.08 Carp >> 2.011 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121_14 Data::Dumper >> 2.27 Date::Parse >> 1.01 DirHandle >> 1.06 Fcntl >> 2.76 File::Basename >> 2.11 File::Copy >> 2.01 FileHandle >> 2.04 File::Path >> 0.18 File::Temp >> 0.92 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23_01 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.03 Mail::Header >> 1.88 Math::BigInt >> 0.21 Math::BigRat >> 3.07_01 MIME::Base64 >> 5.426 MIME::Decoder >> 5.426 MIME::Decoder::UU >> 5.426 MIME::Head >> 5.426 MIME::Parser >> 3.07 MIME::QuotedPrint >> 5.426 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.07 Pod::Simple >> 1.13 POSIX >> 1.19 Scalar::Util >> 1.80 Socket >> 2.18 Storable >> 1.4 Sys::Hostname::Long >> 0.26 Sys::Syslog >> 1.26 Test::Pod >> 0.8 Test::Simple >> 1.9711 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.38 Archive::Tar >> 0.22 bignum >> missing Business::ISBN >> missing Business::ISBN::Data >> missing Data::Dump >> 1.816_1 DB_File >> 1.14 DBD::SQLite >> 1.605 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36_01 Digest::MD5 >> 2.11 Digest::SHA1 >> missing Encode::Detect >> 0.17010 Error >> 0.21 ExtUtils::CBuilder >> 2.18_02 ExtUtils::ParseXS >> 2.37 Getopt::Long >> missing Inline >> missing IO::String >> 1.09 IO::Zlib >> missing IP::Country >> missing Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.006 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.280801 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> missing Net::DNS::Resolver::Programmable >> missing Net::LDAP >> 4.007 NetAddr::IP >> missing Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> missing Test::Manifest >> 2.0.0 Text::Balanced >> 1.35 URI >> 0.74 version >> missing YAML >> >> Don't think there is any thing else special about this box, it's just >> a bog standard Ubuntu 8.10 server install, with as much as possible >> installed via apt and running the latest stable release. I've not got >> to the clever stuff yet ;-) >> >> Not being a perl gruru and certainly not with Jules' fine work, I am >> now at the "help" stage :-) >> >> Drew >> >> -- >> In line with our policy, this message has been scanned for viruses >> and dangerouscontent by our Mail Launder system www.mail-launder.com >> Our email policy can be found at www.trunknetworks.com/policy >> >> Trunk Networks Limited is registered in Scotland with registration >> number: 351063 >> Registered Office 55-57 West High Street Inverurie AB51 3QQ >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJsOkWEfZZRxQVtlQRAoBJAKC2BxZ4PDr7pAsLIW6GGD61bGC6BACeNZdN ZU+mORyEKc5W77CrkCx5nUQ= =qSAn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Fri Mar 6 09:57:10 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 6 09:57:37 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> <49AEBECB.50107@ecs.soton.ac.uk> <49AEC7D3.1000504@ecs.soton.ac.uk> Message-ID: On Thu, 5 Mar 2009, David Lee wrote: > On Wed, 4 Mar 2009, Julian Field wrote: > [...] >> Please try the attached MessageBatch.pm (which I have compressed, of >> course). >> Please let me know if this fixes the problem. > > Will do; I have just installed it. (I made sure the inbound queue was empty > and removed the previous "Processing.db" to give it a clean start.) > [...] First, the bad news: it is still occuring, so the patch seems not to have made any difference. ----------------------------------------------------------- Tries Message Last Tried ===== ======= ========== 1 n2650oUu021398 Fri Mar 6 05:05:35 2009 1 n2647uja010341 Fri Mar 6 04:12:49 2009 1 n2610rCJ022463 Fri Mar 6 01:05:22 2009 1 n2610rjK022464 Fri Mar 6 01:03:38 2009 1 n25J0ovL023772 Thu Mar 5 19:03:52 2009 1 n25I0msJ026885 Thu Mar 5 18:04:11 2009 1 n25H0sF7025852 Thu Mar 5 17:06:29 2009 1 n25H0oK1025828 Thu Mar 5 17:06:26 2009 1 n25C0uSx007184 Thu Mar 5 12:05:31 2009 1 n25A0bJ6029642 Thu Mar 5 10:05:57 2009 1 n25A0qAP029669 Thu Mar 5 10:05:12 2009 1 n25A0ZJX029632 Thu Mar 5 10:04:27 2009 ----------------------------------------------------------- Now the possibly good news. Note that the times in both the above set and the previous set are consistently soon after the hour. Pattern? And when I look in the logfile for the sendmail id (the "n2..."), their final entries are followed within one or two seconds by all the MS processes catching a SIGHUP. More than coincidence? (The above times are actually "next retry" with a random addition to time-now; what they actually reflect are last updates to "Processing.db" from a few minutes earlier.) We have been running your spear-phishing script. And, of course, this has an hourly cron-job which ends: "service MailScanner reload". Again, more than coincidence? I suspect some sort of interaction. Going into the realms of speculation: When this new, db-enabled, version of MS has successfully processed any email it now has to do two things: 1. Deliver it to the next stage, e.g. out-queue (ham); deletion (spam) 2. Remove from "Processing.db" In all cases these need to happen as a single, atomic action. So I suspect there is at least one outcome (particularly when "spam actions are delete") in which these events are happening separately and non-atomically, with the risk of an MS restart coming between them. Guess: for a spam-deletion, MS firstly removes the {df,qf} pair from in-queue but only later gets around to removing it from "Processing.db". If MS stops (HUP signal, etc.) between them, then stale entries are left in "Processing.db". Is there sufficient signal-trapping to keep these things atomic? (There may be other areas where this might apply.) Plausible? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Fri Mar 6 10:08:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 6 10:09:01 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> <49AEBECB.50107@ecs.soton.ac.uk> <49AEC7D3.1000504@ecs.soton.ac.uk> Message-ID: <49B0F628.30703@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/3/09 09:57, David Lee wrote: > On Thu, 5 Mar 2009, David Lee wrote: > >> On Wed, 4 Mar 2009, Julian Field wrote: >> [...] >>> Please try the attached MessageBatch.pm (which I have compressed, of >>> course). >>> Please let me know if this fixes the problem. >> >> Will do; I have just installed it. (I made sure the inbound queue >> was empty and removed the previous "Processing.db" to give it a clean >> start.) >> [...] > > First, the bad news: it is still occuring, so the patch seems not to > have made any difference. It fixed one hole, you clearly have another. > > ----------------------------------------------------------- > Tries Message Last Tried > ===== ======= ========== > 1 n2650oUu021398 Fri Mar 6 05:05:35 2009 > 1 n2647uja010341 Fri Mar 6 04:12:49 2009 > 1 n2610rCJ022463 Fri Mar 6 01:05:22 2009 > 1 n2610rjK022464 Fri Mar 6 01:03:38 2009 > 1 n25J0ovL023772 Thu Mar 5 19:03:52 2009 > 1 n25I0msJ026885 Thu Mar 5 18:04:11 2009 > 1 n25H0sF7025852 Thu Mar 5 17:06:29 2009 > 1 n25H0oK1025828 Thu Mar 5 17:06:26 2009 > 1 n25C0uSx007184 Thu Mar 5 12:05:31 2009 > 1 n25A0bJ6029642 Thu Mar 5 10:05:57 2009 > 1 n25A0qAP029669 Thu Mar 5 10:05:12 2009 > 1 n25A0ZJX029632 Thu Mar 5 10:04:27 2009 > ----------------------------------------------------------- > > Now the possibly good news. > > Note that the times in both the above set and the previous set are > consistently soon after the hour. Pattern? And when I look in the > logfile for the sendmail id (the "n2..."), their final entries are > followed within one or two seconds by all the MS processes catching a > SIGHUP. More than coincidence? That'll be the Spear Phishing doing a restart or a reload. > > (The above times are actually "next retry" with a random addition to > time-now; what they actually reflect are last updates to > "Processing.db" from a few minutes earlier.) Agreed. What would be the best wording for the title of the table? I don't want to add another timestamp to the database record just so this output looks different. > > > We have been running your spear-phishing script. And, of course, this > has an hourly cron-job which ends: "service MailScanner reload". > Again, more than coincidence? No, not coincidence at all. > > > I suspect some sort of interaction. Going into the realms of > speculation: When this new, db-enabled, version of MS has successfully > processed any email it now has to do two things: > 1. Deliver it to the next stage, e.g. out-queue (ham); deletion (spam) > 2. Remove from "Processing.db" Agreed. There is some cleanup that happens when the MailScanner child is killed, I suspect I need to add a Processing.db cleanup to that code. > > In all cases these need to happen as a single, atomic action. So I > suspect there is at least one outcome (particularly when "spam actions > are delete") in which these events are happening separately and > non-atomically, with the risk of an MS restart coming between them. > > Guess: for a spam-deletion, MS firstly removes the {df,qf} pair from > in-queue but only later gets around to removing it from > "Processing.db". If MS stops (HUP signal, etc.) between them, then > stale entries are left in "Processing.db". > > Is there sufficient signal-trapping to keep these things atomic? > (There may be other areas where this might apply.) > > > Plausible? > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJsPYpEfZZRxQVtlQRAioNAJ42TQZVYFeDRoHLEsYhKwEs2Z8OXACeMeuh MRvDrOz8poRTrvJOc4QfOIY= =PmM5 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 6 11:24:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 6 11:24:26 2009 Subject: Crash protection In-Reply-To: References: <49AA99DC.1080708@ecs.soton.ac.uk> <49ABEAB8.5080908@ecs.soton.ac.uk> <49AEBECB.50107@ecs.soton.ac.uk> <49AEC7D3.1000504@ecs.soton.ac.uk> Message-ID: <49B107D0.1010402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just published 4.75.7 which has a load more code to try to sort out this problem. Let me know if it helps. Jules. On 6/3/09 09:57, David Lee wrote: > On Thu, 5 Mar 2009, David Lee wrote: > >> On Wed, 4 Mar 2009, Julian Field wrote: >> [...] >>> Please try the attached MessageBatch.pm (which I have compressed, of >>> course). >>> Please let me know if this fixes the problem. >> >> Will do; I have just installed it. (I made sure the inbound queue >> was empty and removed the previous "Processing.db" to give it a clean >> start.) >> [...] > > First, the bad news: it is still occuring, so the patch seems not to > have made any difference. > > ----------------------------------------------------------- > Tries Message Last Tried > ===== ======= ========== > 1 n2650oUu021398 Fri Mar 6 05:05:35 2009 > 1 n2647uja010341 Fri Mar 6 04:12:49 2009 > 1 n2610rCJ022463 Fri Mar 6 01:05:22 2009 > 1 n2610rjK022464 Fri Mar 6 01:03:38 2009 > 1 n25J0ovL023772 Thu Mar 5 19:03:52 2009 > 1 n25I0msJ026885 Thu Mar 5 18:04:11 2009 > 1 n25H0sF7025852 Thu Mar 5 17:06:29 2009 > 1 n25H0oK1025828 Thu Mar 5 17:06:26 2009 > 1 n25C0uSx007184 Thu Mar 5 12:05:31 2009 > 1 n25A0bJ6029642 Thu Mar 5 10:05:57 2009 > 1 n25A0qAP029669 Thu Mar 5 10:05:12 2009 > 1 n25A0ZJX029632 Thu Mar 5 10:04:27 2009 > ----------------------------------------------------------- > > Now the possibly good news. > > Note that the times in both the above set and the previous set are > consistently soon after the hour. Pattern? And when I look in the > logfile for the sendmail id (the "n2..."), their final entries are > followed within one or two seconds by all the MS processes catching a > SIGHUP. More than coincidence? > > (The above times are actually "next retry" with a random addition to > time-now; what they actually reflect are last updates to > "Processing.db" from a few minutes earlier.) > > > We have been running your spear-phishing script. And, of course, this > has an hourly cron-job which ends: "service MailScanner reload". > Again, more than coincidence? > > > I suspect some sort of interaction. Going into the realms of > speculation: When this new, db-enabled, version of MS has successfully > processed any email it now has to do two things: > 1. Deliver it to the next stage, e.g. out-queue (ham); deletion (spam) > 2. Remove from "Processing.db" > > In all cases these need to happen as a single, atomic action. So I > suspect there is at least one outcome (particularly when "spam actions > are delete") in which these events are happening separately and > non-atomically, with the risk of an MS restart coming between them. > > Guess: for a spam-deletion, MS firstly removes the {df,qf} pair from > in-queue but only later gets around to removing it from > "Processing.db". If MS stops (HUP signal, etc.) between them, then > stale entries are left in "Processing.db". > > Is there sufficient signal-trapping to keep these things atomic? > (There may be other areas where this might apply.) > > > Plausible? > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJsQfREfZZRxQVtlQRAh2NAJ9zqma08iQglWgb2QLCCnygTbNF1gCdHQVb VmdG3LNrMG3E+vD2fwW0LG8= =FbDr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at trunknetworks.com Fri Mar 6 16:35:35 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Fri Mar 6 17:02:12 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090306091804.B24181701A@out-b.mx.mail-launder.com> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> Message-ID: <200903061702.n26H25oE004095@safir.blacknight.ie> Jules I have made those changes to no effect. I am still getting the same error (With a different PID number of cause ;-) ). Any thing else I can do? Drew On 6 Mar 2009, at 09:12, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn has taken a look at this, and the problem doesn't arise on his > Perl 5.10 systems at all. > And as he pointed out, it's my Perl not his :-) > So is this something to do with Ubuntu's build of Perl? > > However, you could edit that line of PFDiskStore.pm and change it > from this: > while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > to this: > while (${@{$body}}[int(scalar(@{$body})-1)] !~ /^\s*$/) { > You should probably comment out the next line (the "print" > statement) too. > > What I originally wrote is perfectly valid Perl, but it's managing > to do > the "-1" but then is leaving that as a string "1909" instead of > using it > as a number 1909 in the array reference. > > Let me know if that helps. You'll obviously need to restart > MailScanner > after making that change :-) > > Jules. > > > On 5/3/09 21:00, Julian Field wrote: >> I think this is one for Glenn. >> >> Glenn? Any ideas? >> >> On 5/3/09 19:51, Drew Marshall wrote: >>> Hi all >>> >>> Just bumped into this one: >>> >>> MailScanner --debug >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> Building a message batch to scan... >>> Have a batch of 10 messages. >>> max message size is '250000 trackback' >>> Can't use string ("1909") as an ARRAY ref while "strict refs" in use >>> at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. >>> >>> This is my first stray back to Linux (Usually play in FreeBSD >>> world ) >>> for a while but this is mt MailScanner -v >>> >>> Linux in1-b.mx.mail-launder.com 2.6.27-11-server #1 SMP Thu Jan 29 >>> 20:13:12 UTC 2009 x86_64 GNU/Linux >>> This is Perl version 5.010000 (5.10.0) >>> >>> This is MailScanner version 4.74.16 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.18 Archive::Zip >>> 0.22 bignum >>> 1.08 Carp >>> 2.011 Compress::Zlib >>> 1.119 Convert::BinHex >>> 0.17 Convert::TNEF >>> 2.121_14 Data::Dumper >>> 2.27 Date::Parse >>> 1.01 DirHandle >>> 1.06 Fcntl >>> 2.76 File::Basename >>> 2.11 File::Copy >>> 2.01 FileHandle >>> 2.04 File::Path >>> 0.18 File::Temp >>> 0.92 Filesys::Df >>> 1.35 HTML::Entities >>> 3.56 HTML::Parser >>> 2.37 HTML::TokeParser >>> 1.23_01 IO >>> 1.14 IO::File >>> 1.13 IO::Pipe >>> 2.03 Mail::Header >>> 1.88 Math::BigInt >>> 0.21 Math::BigRat >>> 3.07_01 MIME::Base64 >>> 5.426 MIME::Decoder >>> 5.426 MIME::Decoder::UU >>> 5.426 MIME::Head >>> 5.426 MIME::Parser >>> 3.07 MIME::QuotedPrint >>> 5.426 MIME::Tools >>> 0.11 Net::CIDR >>> 1.25 Net::IP >>> 0.16 OLE::Storage_Lite >>> 1.04 Pod::Escapes >>> 3.07 Pod::Simple >>> 1.13 POSIX >>> 1.19 Scalar::Util >>> 1.80 Socket >>> 2.18 Storable >>> 1.4 Sys::Hostname::Long >>> 0.26 Sys::Syslog >>> 1.26 Test::Pod >>> 0.8 Test::Simple >>> 1.9711 Time::HiRes >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.38 Archive::Tar >>> 0.22 bignum >>> missing Business::ISBN >>> missing Business::ISBN::Data >>> missing Data::Dump >>> 1.816_1 DB_File >>> 1.14 DBD::SQLite >>> 1.605 DBI >>> 1.15 Digest >>> 1.01 Digest::HMAC >>> 2.36_01 Digest::MD5 >>> 2.11 Digest::SHA1 >>> missing Encode::Detect >>> 0.17010 Error >>> 0.21 ExtUtils::CBuilder >>> 2.18_02 ExtUtils::ParseXS >>> 2.37 Getopt::Long >>> missing Inline >>> missing IO::String >>> 1.09 IO::Zlib >>> missing IP::Country >>> missing Mail::ClamAV >>> 3.002005 Mail::SpamAssassin >>> v2.006 Mail::SPF >>> 1.999001 Mail::SPF::Query >>> 0.280801 Module::Build >>> 0.20 Net::CIDR::Lite >>> 0.63 Net::DNS >>> missing Net::DNS::Resolver::Programmable >>> missing Net::LDAP >>> 4.007 NetAddr::IP >>> missing Parse::RecDescent >>> missing SAVI >>> 2.64 Test::Harness >>> missing Test::Manifest >>> 2.0.0 Text::Balanced >>> 1.35 URI >>> 0.74 version >>> missing YAML >>> >>> Don't think there is any thing else special about this box, it's >>> just >>> a bog standard Ubuntu 8.10 server install, with as much as possible >>> installed via apt and running the latest stable release. I've not >>> got >>> to the clever stuff yet ;-) >>> >>> Not being a perl gruru and certainly not with Jules' fine work, I am >>> now at the "help" stage :-) >>> >>> Drew >>> >>> -- >>> In line with our policy, this message has been scanned for viruses >>> and dangerouscontent by our Mail Launder system www.mail-launder.com >>> Our email policy can be found at www.trunknetworks.com/policy >>> >>> Trunk Networks Limited is registered in Scotland with registration >>> number: 351063 >>> Registered Office 55-57 West High Street Inverurie AB51 3QQ >>> >> >> Jules >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFJsOkWEfZZRxQVtlQRAoBJAKC2BxZ4PDr7pAsLIW6GGD61bGC6BACeNZdN > ZU+mORyEKc5W77CrkCx5nUQ= > =qSAn > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 6 19:55:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 6 19:55:50 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903061702.n26H25oE004095@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> Message-ID: <49B17FB6.1050201@ecs.soton.ac.uk> If it's complaining that int(1909) cannot be used as an array ref, then there's not a whole lot I can do. You could try changing the line to while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { (i.e. add a "+0" to it) but there really isn't much more I can do. Try the +0 and let me know if it helps at all. This is a nasty Perl bug. On 6/3/09 16:35, Drew Marshall wrote: > Jules > > I have made those changes to no effect. I am still getting the same > error (With a different PID number of cause ;-) ). > > Any thing else I can do? > > Drew > > > On 6 Mar 2009, at 09:12, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Glenn has taken a look at this, and the problem doesn't arise on his >> Perl 5.10 systems at all. >> And as he pointed out, it's my Perl not his :-) >> So is this something to do with Ubuntu's build of Perl? >> >> However, you could edit that line of PFDiskStore.pm and change it >> from this: >> while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { >> to this: >> while (${@{$body}}[int(scalar(@{$body})-1)] !~ /^\s*$/) { >> You should probably comment out the next line (the "print" statement) >> too. >> >> What I originally wrote is perfectly valid Perl, but it's managing to do >> the "-1" but then is leaving that as a string "1909" instead of using it >> as a number 1909 in the array reference. >> >> Let me know if that helps. You'll obviously need to restart MailScanner >> after making that change :-) >> >> Jules. >> >> >> On 5/3/09 21:00, Julian Field wrote: >>> I think this is one for Glenn. >>> >>> Glenn? Any ideas? >>> >>> On 5/3/09 19:51, Drew Marshall wrote: >>>> Hi all >>>> >>>> Just bumped into this one: >>>> >>>> MailScanner --debug >>>> In Debugging mode, not forking... >>>> Trying to setlogsock(unix) >>>> Building a message batch to scan... >>>> Have a batch of 10 messages. >>>> max message size is '250000 trackback' >>>> Can't use string ("1909") as an ARRAY ref while "strict refs" in use >>>> at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. >>>> >>>> This is my first stray back to Linux (Usually play in FreeBSD world ) >>>> for a while but this is mt MailScanner -v >>>> >>>> Linux in1-b.mx.mail-launder.com 2.6.27-11-server #1 SMP Thu Jan 29 >>>> 20:13:12 UTC 2009 x86_64 GNU/Linux >>>> This is Perl version 5.010000 (5.10.0) >>>> >>>> This is MailScanner version 4.74.16 >>>> Module versions are: >>>> 1.00 AnyDBM_File >>>> 1.18 Archive::Zip >>>> 0.22 bignum >>>> 1.08 Carp >>>> 2.011 Compress::Zlib >>>> 1.119 Convert::BinHex >>>> 0.17 Convert::TNEF >>>> 2.121_14 Data::Dumper >>>> 2.27 Date::Parse >>>> 1.01 DirHandle >>>> 1.06 Fcntl >>>> 2.76 File::Basename >>>> 2.11 File::Copy >>>> 2.01 FileHandle >>>> 2.04 File::Path >>>> 0.18 File::Temp >>>> 0.92 Filesys::Df >>>> 1.35 HTML::Entities >>>> 3.56 HTML::Parser >>>> 2.37 HTML::TokeParser >>>> 1.23_01 IO >>>> 1.14 IO::File >>>> 1.13 IO::Pipe >>>> 2.03 Mail::Header >>>> 1.88 Math::BigInt >>>> 0.21 Math::BigRat >>>> 3.07_01 MIME::Base64 >>>> 5.426 MIME::Decoder >>>> 5.426 MIME::Decoder::UU >>>> 5.426 MIME::Head >>>> 5.426 MIME::Parser >>>> 3.07 MIME::QuotedPrint >>>> 5.426 MIME::Tools >>>> 0.11 Net::CIDR >>>> 1.25 Net::IP >>>> 0.16 OLE::Storage_Lite >>>> 1.04 Pod::Escapes >>>> 3.07 Pod::Simple >>>> 1.13 POSIX >>>> 1.19 Scalar::Util >>>> 1.80 Socket >>>> 2.18 Storable >>>> 1.4 Sys::Hostname::Long >>>> 0.26 Sys::Syslog >>>> 1.26 Test::Pod >>>> 0.8 Test::Simple >>>> 1.9711 Time::HiRes >>>> 1.02 Time::localtime >>>> >>>> Optional module versions are: >>>> 1.38 Archive::Tar >>>> 0.22 bignum >>>> missing Business::ISBN >>>> missing Business::ISBN::Data >>>> missing Data::Dump >>>> 1.816_1 DB_File >>>> 1.14 DBD::SQLite >>>> 1.605 DBI >>>> 1.15 Digest >>>> 1.01 Digest::HMAC >>>> 2.36_01 Digest::MD5 >>>> 2.11 Digest::SHA1 >>>> missing Encode::Detect >>>> 0.17010 Error >>>> 0.21 ExtUtils::CBuilder >>>> 2.18_02 ExtUtils::ParseXS >>>> 2.37 Getopt::Long >>>> missing Inline >>>> missing IO::String >>>> 1.09 IO::Zlib >>>> missing IP::Country >>>> missing Mail::ClamAV >>>> 3.002005 Mail::SpamAssassin >>>> v2.006 Mail::SPF >>>> 1.999001 Mail::SPF::Query >>>> 0.280801 Module::Build >>>> 0.20 Net::CIDR::Lite >>>> 0.63 Net::DNS >>>> missing Net::DNS::Resolver::Programmable >>>> missing Net::LDAP >>>> 4.007 NetAddr::IP >>>> missing Parse::RecDescent >>>> missing SAVI >>>> 2.64 Test::Harness >>>> missing Test::Manifest >>>> 2.0.0 Text::Balanced >>>> 1.35 URI >>>> 0.74 version >>>> missing YAML >>>> >>>> Don't think there is any thing else special about this box, it's just >>>> a bog standard Ubuntu 8.10 server install, with as much as possible >>>> installed via apt and running the latest stable release. I've not got >>>> to the clever stuff yet ;-) >>>> >>>> Not being a perl gruru and certainly not with Jules' fine work, I am >>>> now at the "help" stage :-) >>>> >>>> Drew >>>> >>>> -- >>>> In line with our policy, this message has been scanned for viruses >>>> and dangerouscontent by our Mail Launder system www.mail-launder.com >>>> Our email policy can be found at www.trunknetworks.com/policy >>>> >>>> Trunk Networks Limited is registered in Scotland with registration >>>> number: 351063 >>>> Registered Office 55-57 West High Street Inverurie AB51 3QQ >>>> >>> >>> Jules >>> >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.9.1 (Build 287) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-1 >> >> wj8DBQFJsOkWEfZZRxQVtlQRAoBJAKC2BxZ4PDr7pAsLIW6GGD61bGC6BACeNZdN >> ZU+mORyEKc5W77CrkCx5nUQ= >> =qSAn >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chris at techquility.net Sat Mar 7 02:59:18 2009 From: chris at techquility.net (Chris Barber) Date: Sat Mar 7 02:59:59 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> Message-ID: <43F62CA225017044BC84CFAF92B4333B06F24C@sbsserver.Techquility.net> on 3-5-2009 9:21 AM Chris Barber spake the following: >> A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster. >> >> Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue. >> > > Scott, > > Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. > > Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further? > > Thanks, > Chris > > > >Can you pastebin an example somewhere so others can test it. That way we can eliminate or implicate your systems configs or module >versions. > Here is the pastebin for the original messages which the URIBL rules miss on: http://pastebin.com/m6153469c Here it is for the forwarded message which does trigger the URIBL rules: http://pastebin.com/m25691788 Thanks again for taking a look at this. It has been plaguing me for many months now. -Chris From drew.marshall at trunknetworks.com Sat Mar 7 11:57:47 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Sat Mar 7 11:58:08 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090306200209.A82681701F@out-b.mx.mail-launder.com> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com> Message-ID: <200903071158.n27BvtsJ024657@safir.blacknight.ie> On 6 Mar 2009, at 19:55, Julian Field wrote: > If it's complaining that int(1909) cannot be used as an array ref, > then there's not a whole lot I can do. :-( > You could try changing the line to > while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { > (i.e. add a "+0" to it) but there really isn't much more I can do. > Try the +0 and let me know if it helps at all. Can't use string ("18") as an ARRAY ref while "strict refs" in use at / usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > This is a nasty Perl bug. :-(( Am I the only MailScanner user who has tried to get MS working on Unbuntu 8.10 Server? If so, then it's broken and don't bother trying it. If not, then my install is borked (Which at least is better as I can fix that!). Drew From iam at st-andrews.ac.uk Sat Mar 7 12:42:32 2009 From: iam at st-andrews.ac.uk (Ian McDonald) Date: Sat Mar 7 12:42:48 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903071158.n27BvtsJ024657@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com> <200903071158.n27BvtsJ024657@safir.blacknight.ie> Message-ID: <49B26BB8.5000109@st-andrews.ac.uk> Drew Marshall wrote: > > On 6 Mar 2009, at 19:55, Julian Field wrote: > >> If it's complaining that int(1909) cannot be used as an array ref, >> then there's not a whole lot I can do. > > :-( > >> You could try changing the line to >> while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { >> (i.e. add a "+0" to it) but there really isn't much more I can do. >> Try the +0 and let me know if it helps at all. > > Can't use string ("18") as an ARRAY ref while "strict refs" in use at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > >> This is a nasty Perl bug. > > :-(( > > Am I the only MailScanner user who has tried to get MS working on > Unbuntu 8.10 Server? If so, then it's broken and don't bother trying it. > If not, then my install is borked (Which at least is better as I can fix > that!). > > Drew Is anyone seeing this on Lenny? We're pretty close to moving our MX's over to it. -- ian From MailScanner at ecs.soton.ac.uk Sat Mar 7 16:01:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 7 16:01:48 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903071158.n27BvtsJ024657@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com> <200903071158.n27BvtsJ024657@safir.blacknight.ie> Message-ID: <49B29A56.1040409@ecs.soton.ac.uk> Okay, try changing the line to these two lines: my $line = int(scalar(@{$body})-1; while (${@{$body}}[$line] !~ /^\s*$/) { This really is a bug in Perl. Every variable has a string value and a numeric value, depending on context. So $a[1909] should equal $a["1909"]. But in this case it's using the string value, which it can't use, and not the numeric value, which it can. On 3/7/09 11:57 AM, Drew Marshall wrote: > > On 6 Mar 2009, at 19:55, Julian Field wrote: > >> If it's complaining that int(1909) cannot be used as an array ref, >> then there's not a whole lot I can do. > > :-( > >> You could try changing the line to >> while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { >> (i.e. add a "+0" to it) but there really isn't much more I can do. >> Try the +0 and let me know if it helps at all. > > Can't use string ("18") as an ARRAY ref while "strict refs" in use at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > >> This is a nasty Perl bug. > > :-(( > > Am I the only MailScanner user who has tried to get MS working on > Unbuntu 8.10 Server? If so, then it's broken and don't bother trying > it. If not, then my install is borked (Which at least is better as I > can fix that!). > > Drew Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Mar 7 16:30:03 2009 From: rcooper at dwford.com (Rick Cooper) Date: Sat Mar 7 16:30:18 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B26BB8.5000109@st-andrews.ac.uk> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Ian McDonald > Sent: Saturday, March 07, 2009 7:43 AM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") > as an ARRAY ref while "strict refs" in use > > Drew Marshall wrote: > > > > On 6 Mar 2009, at 19:55, Julian Field wrote: > > > >> If it's complaining that int(1909) cannot be used as an > array ref, > >> then there's not a whole lot I can do. > > > > :-( > > > >> You could try changing the line to > >> while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { > >> (i.e. add a "+0" to it) but there really isn't much more I can do. > >> Try the +0 and let me know if it helps at all. > > > > Can't use string ("18") as an ARRAY ref while "strict > refs" in use at > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > >> This is a nasty Perl bug. > > > > :-(( > > [..] Been looking at this and really have no way to test because I don't use postfix but try changing while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "****\n"; pop @{$body}; #print STDERR "."; } TO my $Bodyref = \@body; while (${@{$body}}[$#Bodyref] !~ /^\s*$/) { print "Line is ****" . ${@{$body}}[$#Bodyref] . "****\n"; pop @{$#Bodyref}; #print STDERR "."; } -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Mar 7 16:41:13 2009 From: rcooper at dwford.com (Rick Cooper) Date: Sat Mar 7 16:41:30 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY refwhile "strict refs" in use In-Reply-To: References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie><49B26BB8.5000109@st-andrews.ac.uk> Message-ID: <7097042B04BD4178B8793CD9C17578AE@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Saturday, March 07, 2009 11:30 AM > To: 'MailScanner discussion' > Subject: RE: Interesting Error - Can't use string ("1909") > as an ARRAY refwhile "strict refs" in use > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Ian McDonald > > Sent: Saturday, March 07, 2009 7:43 AM > > To: MailScanner discussion > > Subject: Re: Interesting Error - Can't use string ("1909") > > as an ARRAY ref while "strict refs" in use > > > > Drew Marshall wrote: > > > > > > On 6 Mar 2009, at 19:55, Julian Field wrote: > > > > > >> If it's complaining that int(1909) cannot be used as an > > array ref, > > >> then there's not a whole lot I can do. > > > > > > :-( > > > > > >> You could try changing the line to > > >> while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { > > >> (i.e. add a "+0" to it) but there really isn't much > more I can do. > > >> Try the +0 and let me know if it helps at all. > > > > > > Can't use string ("18") as an ARRAY ref while "strict > > refs" in use at > > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > > > >> This is a nasty Perl bug. > > > > > > :-(( > > > > [..] > > Been looking at this and really have no way to test because > I don't use > postfix but try changing > > while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] > . "****\n"; > pop @{$body}; > #print STDERR "."; > } > > TO > MAJOR Typo there, the pop @{$#Bodyref}; SHOULD BE pop @{$Bodyref}; Forgot to pull the # out when I copy pasted, sorry. > my $Bodyref = \@body; > > while (${@{$body}}[$#Bodyref] !~ /^\s*$/) { > print "Line is ****" . ${@{$body}}[$#Bodyref] . "****\n"; > pop @{$#Bodyref}; > #print STDERR "."; > } > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simon.walter at hp-factory.de Sat Mar 7 15:41:27 2009 From: simon.walter at hp-factory.de (Simon Walter) Date: Sat Mar 7 16:41:41 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B26BB8.5000109@st-andrews.ac.uk> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com> <200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> Message-ID: <20090307164127.46538d60@tharlab> Hi On Sat, 07 Mar 2009 12:42:32 +0000 Ian McDonald wrote: > Drew Marshall wrote: > > On 6 Mar 2009, at 19:55, Julian Field wrote: > > Can't use string ("18") as an ARRAY ref while "strict refs" in use > > at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > >> This is a nasty Perl bug. > > > > :-(( > > > > Am I the only MailScanner user who has tried to get MS working on > > Unbuntu 8.10 Server? If so, then it's broken and don't bother > > trying it. If not, then my install is borked (Which at least is > > better as I can fix that!). > > > > Drew > > Is anyone seeing this on Lenny? We're pretty close to moving our MX's > over to it. Yes I have seen it. I have tried to fix it, but without success. If I remember correctly this bug only occurs if the trackback feature is enabled. Max SpamAssassin Size = 200k trackback Try to disable it. I looked in EximDiskStore too and found no code for the trackback feature, so I though this have to be a work-in-progress feature and didn't dig deeper or tracked it. -- Regards Simon Walter From rcooper at dwford.com Sat Mar 7 16:55:11 2009 From: rcooper at dwford.com (Rick Cooper) Date: Sat Mar 7 16:55:25 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAYrefwhile "strict refs" in use In-Reply-To: <7097042B04BD4178B8793CD9C17578AE@SAHOMELT> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie><49B26BB8.5000109@st-andrews.ac.uk> <7097042B04BD4178B8793CD9C17578AE@SAHOMELT> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rick Cooper > Sent: Saturday, March 07, 2009 11:41 AM > To: 'MailScanner discussion' > Subject: RE: Interesting Error - Can't use string ("1909") > as an ARRAYrefwhile "strict refs" in use > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Rick Cooper > > Sent: Saturday, March 07, 2009 11:30 AM > > To: 'MailScanner discussion' > > Subject: RE: Interesting Error - Can't use string ("1909") > > as an ARRAY refwhile "strict refs" in use > > > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Ian McDonald > > > Sent: Saturday, March 07, 2009 7:43 AM > > > To: MailScanner discussion > > > Subject: Re: Interesting Error - Can't use string ("1909") > > > as an ARRAY ref while "strict refs" in use > > > > > > Drew Marshall wrote: > > > > > > > > On 6 Mar 2009, at 19:55, Julian Field wrote: > > > > > > > >> If it's complaining that int(1909) cannot be used as an > > > array ref, > > > >> then there's not a whole lot I can do. > > > > > > > > :-( > > > > > > > >> You could try changing the line to > > > > >> while (${@{$body}}[int(scalar(@{$body})-1)+0] !~ /^\s*$/) { > > > >> (i.e. add a "+0" to it) but there really isn't much > > more I can do. > > > >> Try the +0 and let me know if it helps at all. > > > > > > > > Can't use string ("18") as an ARRAY ref while "strict > > > refs" in use at > > > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > > > > > >> This is a nasty Perl bug. > > > > > > > > :-(( > > > > > > [..] > > > > Been looking at this and really have no way to test because > > I don't use > > postfix but try changing > > > > while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > > print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] > > . "****\n"; > > pop @{$body}; > > #print STDERR "."; > > } > > > > TO > > > > > MAJOR Typo there, the pop @{$#Bodyref}; SHOULD BE pop @{$Bodyref}; > Forgot to pull the # out when I copy pasted, sorry. > > > > my $Bodyref = \@body; > > > > while (${@{$body}}[$#Bodyref] !~ /^\s*$/) { > > print "Line is ****" . ${@{$body}}[$#Bodyref] . "****\n"; > > pop @{$#Bodyref}; > > #print STDERR "."; > > } > > > > > > > Actually, now that I think about it (if I am correctly reading into what this is supposed to do), I would think while (${@body}[$#body] !~ /^\s*$/) { print "Line is ****" . ${@body}[$#body] . "****\n"; pop @body; #print STDERR "."; } Would work just as well would it not? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at trunknetworks.com Sat Mar 7 17:03:05 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Sat Mar 7 17:03:28 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAYrefwhile "strict refs" in use In-Reply-To: <20090307165812.0CDEA1702F@out-b.mx.mail-launder.com> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie><49B26BB8.5000109@st-andrews.ac.uk> <7097042B04BD4178B8793CD9C17578AE@SAHOMELT> <20090307165812.0CDEA1702F@out-b.mx.mail-launder.com> Message-ID: <200903071703.n27H3KG7030978@safir.blacknight.ie> Rick On 7 Mar 2009, at 16:55, Rick Cooper wrote: > Actually, now that I think about it (if I am correctly reading into > what > this is supposed to do), I would think > > while (${@body}[$#body] !~ /^\s*$/) { > print "Line is ****" . ${@body}[$#body] . "****\n"; > pop @body; > #print STDERR "."; > } > > Would work just as well would it not? This one gives Global symbol "@body" requires explicit package name at /usr/share/ MailScanner//MailScanner/PFDiskStore.pm line 509. (5 times) Compilation failed in require at /usr/sbin/MailScanner line 354. Drew From drew.marshall at trunknetworks.com Sat Mar 7 17:07:18 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Sat Mar 7 17:07:32 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090307163317.C705917023@out-b.mx.mail-launder.com> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com> Message-ID: <200903071707.n27H7NdN031204@safir.blacknight.ie> Rick On 7 Mar 2009, at 16:30, Rick Cooper wrote: > Been looking at this and really have no way to test because I don't > use > postfix but try changing > > while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "**** > \n"; > pop @{$body}; > #print STDERR "."; > } > > TO > > my $Bodyref = \@body; > > while (${@{$body}}[$#Bodyref] !~ /^\s*$/) { > print "Line is ****" . ${@{$body}}[$Bodyref] . "****\n"; > pop @{$#Bodyref}; > #print STDERR "."; > } Note # removed. This produces: Global symbol "@body" requires explicit package name at /usr/share/ MailScanner//MailScanner/PFDiskStore.pm line 509. Global symbol "@Bodyref" requires explicit package name at /usr/share/ MailScanner//MailScanner/PFDiskStore.pm line 512. Global symbol "@Bodyref" requires explicit package name at /usr/share/ MailScanner//MailScanner/PFDiskStore.pm line 513. Compilation failed in require at /usr/sbin/MailScanner line 354. Drew From MailScanner at ecs.soton.ac.uk Sat Mar 7 18:07:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 7 18:07:56 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903071707.n27H7NdN031204@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com> <200903071707.n27H7NdN031204@safir.blacknight.ie> Message-ID: <49B2B7E5.9020606@ecs.soton.ac.uk> On 3/7/09 5:07 PM, Drew Marshall wrote: > Rick > > On 7 Mar 2009, at 16:30, Rick Cooper wrote: > >> Been looking at this and really have no way to test because I don't use >> postfix but try changing >> >> while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { Doesn't scalar(@{$body})-1 need to be $#{@{$body}} or something like that? As it needs to de-reference $body into an array, and then take $# of it? $#body won't work as @body is not an array, @{$body} is the array. >> print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "****\n"; >> pop @{$body}; >> #print STDERR "."; >> } >> >> TO >> >> my $Bodyref = \@body; >> >> while (${@{$body}}[$#Bodyref] !~ /^\s*$/) { >> print "Line is ****" . ${@{$body}}[$Bodyref] . "****\n"; >> pop @{$#Bodyref}; >> #print STDERR "."; >> } > > Note # removed. > > This produces: > > Global symbol "@body" requires explicit package name at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > Global symbol "@Bodyref" requires explicit package name at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 512. > Global symbol "@Bodyref" requires explicit package name at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 513. > Compilation failed in require at /usr/sbin/MailScanner line 354. > > > Drew Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Sat Mar 7 19:58:19 2009 From: rcooper at dwford.com (Rick Cooper) Date: Sat Mar 7 19:58:35 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B2B7E5.9020606@ecs.soton.ac.uk> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com><200903071707.n27H7NdN031204@safir.blacknight.ie> <49B2B7E5.9020606@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Saturday, March 07, 2009 1:08 PM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") > as an ARRAY ref while "strict refs" in use > > > > On 3/7/09 5:07 PM, Drew Marshall wrote: > > Rick > > > > On 7 Mar 2009, at 16:30, Rick Cooper wrote: > > > >> Been looking at this and really have no way to test > because I don't use > >> postfix but try changing > >> > >> while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > Doesn't scalar(@{$body})-1 need to be $#{@{$body}} or > something like that? > As it needs to de-reference $body into an array, and then > take $# of it? > $#body won't work as @body is not an array, @{$body} is the array. > >> print "Line is ****" . > ${@{$body}}[scalar(@{$body})-1] . "****\n"; > >> pop @{$body}; > >> #print STDERR "."; > >> } > >> This is what I get for not tracking everything from the beginning |-( If I am ready the calls through correctly (now) the ReadyBody function is call as ReadBody(\@original, MailScanner::Config::Value..... So my($body, $max) = @_; Is akin to my $body = \@orignal (I never looked at the top of the function to see it was $body, not @body) So while (${@{$body}}[$#body] !~ /^\s*$/) { print "Line is ****" . ${@{$body}}[$#body] . "****\n"; pop @{$body}; #print STDERR "."; } Now I am reading the code as cruise through the body from the last line up and pop the elements until we get to the first line that begins with white space. So I created this test (which works) : my @original = ('1', '2','3', '4', '5'); my $body = \@original; while (${@{$body}}[$#body] !~ /^3$/) { print "Checking ****" . ${@{$body}}[$#body] . "****\n"; pop @{$body}; #print STDERR "."; } foreach $line(@{${body}}){ print "Current Line : $line\n"; } Running the program outputs Checking ****5**** Checking ****4**** Current Line : 1 Current Line : 2 Current Line : 3 But now that I look at it, if the original code is just trying to read the last element anyway, why would you not just ${@{$body}}[-1] which is all $#body does anyway? I guess I must be confused, better have some beer. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 7 20:49:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 7 20:49:33 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com><200903071707.n27H7NdN031204@safir.blacknight.ie> <49B2B7E5.9020606@ecs.soton.ac.uk> Message-ID: <49B2DDC6.1090702@ecs.soton.ac.uk> Okay, so the new chunk of code just there says this: if ($configwords[1] =~ /tr[ua]/i) { #print STDERR "Trackback:\n"; while(${@{$body}}[$#body] !~ /^\s*$/) { #print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "****\n"; pop @{$body}; #print STDERR "."; } #print STDERR "\n"; $b->Done(); return; } See if that helps your problem. On 3/7/09 7:58 PM, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Saturday, March 07, 2009 1:08 PM > > To: MailScanner discussion > > Subject: Re: Interesting Error - Can't use string ("1909") > > as an ARRAY ref while "strict refs" in use > > > > > > > > On 3/7/09 5:07 PM, Drew Marshall wrote: > > > Rick > > > > > > On 7 Mar 2009, at 16:30, Rick Cooper wrote: > > > > > >> Been looking at this and really have no way to test > > because I don't use > > >> postfix but try changing > > >> > > >> while (${@{$body}}[scalar(@{$body})-1] !~ /^\s*$/) { > > Doesn't scalar(@{$body})-1 need to be $#{@{$body}} or > > something like that? > > As it needs to de-reference $body into an array, and then > > take $# of it? > > $#body won't work as @body is not an array, @{$body} is the array. > > >> print "Line is ****" . > > ${@{$body}}[scalar(@{$body})-1] . "****\n"; > > >> pop @{$body}; > > >> #print STDERR "."; > > >> } > > >> > > This is what I get for not tracking everything from the beginning |-( > > If I am ready the calls through correctly (now) the ReadyBody function is > call as > > ReadBody(\@original, MailScanner::Config::Value..... > > So my($body, $max) = @_; > > Is akin to my $body = \@orignal (I never looked at the top of the function > to see it was $body, not @body) > > So > > while (${@{$body}}[$#body] !~ /^\s*$/) { > print "Line is ****" . ${@{$body}}[$#body] . "****\n"; > pop @{$body}; > #print STDERR "."; > } > > > Now I am reading the code as cruise through the body from the last line up > and pop the elements until we get to the first line that begins with white > space. So I created this test (which works) : > > my @original = ('1', '2','3', '4', '5'); > my $body = \@original; > > while (${@{$body}}[$#body] !~ /^3$/) { > print "Checking ****" . ${@{$body}}[$#body] . "****\n"; > pop @{$body}; > #print STDERR "."; > } > > foreach $line(@{${body}}){ > print "Current Line : $line\n"; > } > > Running the program outputs > > Checking ****5**** > Checking ****4**** > Current Line : 1 > Current Line : 2 > Current Line : 3 > > But now that I look at it, if the original code is just trying to read the > last element anyway, why would you not just ${@{$body}}[-1] which is all > $#body does anyway? > > I guess I must be confused, better have some beer. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Mar 8 09:41:19 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 8 09:41:29 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: <43F62CA225017044BC84CFAF92B4333B06F24C@sbsserver.Techquility.net> References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F24C@sbsserver.Techquility.net> Message-ID: <49B392BF.3010400@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Barber wrote: > Here is the pastebin for the original messages which the URIBL rules miss on: > http://pastebin.com/m6153469c > > Here it is for the forwarded message which does trigger the URIBL rules: > http://pastebin.com/m25691788 > > > Thanks again for taking a look at this. It has been plaguing me for many months now. It has to do with the extra =0A= code. Basically it contains normal line breaks and the encoded line breaks. It seems that this is not uncommon with Microsoft messages as they allready clean that out for you. I am not sure who should clean this out before doing the checks. Or cleaning them out should be part of the checks. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmzkr0ACgkQBvzDRVjxmYH2ZQCfVIKYC/RDvjgYNZ0hFLUfBxqz qEEAnRLpgd/c8y64VFmkX5spMWz1T4QU =jK1K -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Mar 8 09:49:17 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 8 09:49:26 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> Message-ID: <49B3949D.90606@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > I just found that, and saw your message just before I hit send. > > Sorry, but no IP6 here yet to play with. At least not externally. IT takes about 5 minutes to get IPv6 to your network with a tunnelbroker. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmzlJoACgkQBvzDRVjxmYH+kgCdG0qLUTHrPil0yanNlVt1nG51 CjcAn20GoC3ggVt9ACvWBIUP+leXukPd =Pseq -----END PGP SIGNATURE----- From drew.marshall at trunknetworks.com Sun Mar 8 09:52:17 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Sun Mar 8 09:52:52 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090307205318.84AC91701F@out-b.mx.mail-launder.com> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com><200903071707.n27H7NdN031204@safir.blacknight.ie> <49B2B7E5.9020606@ecs.soton.ac.uk> <20090307205318.84AC91701F@out-b.mx.mail-launder.com> Message-ID: <200903080952.n289qi10018429@safir.blacknight.ie> On 7 Mar 2009, at 20:49, Julian Field wrote: > Okay, so the new chunk of code just there says this: > > if ($configwords[1] =~ /tr[ua]/i) { > #print STDERR "Trackback:\n"; > while(${@{$body}}[$#body] !~ /^\s*$/) { > #print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "**** > \n"; > pop @{$body}; > #print STDERR "."; > } > > #print STDERR "\n"; > $b->Done(); > return; > } > > See if that helps your problem. Ok new code in and the error reads: Global symbol "@body" requires explicit package name at /usr/share/ MailScanner//MailScanner/PFDiskStore.pm line 509. Compilation failed in require at /usr/sbin/MailScanner line 354. Drew From MailScanner at ecs.soton.ac.uk Sun Mar 8 11:20:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 8 11:21:16 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903080952.n289qi10018429@safir.blacknight.ie> References: <200903051951.n25JppRp017503@safir.blacknight.ie> <49B03D54.6040307@ecs.soton.ac.uk> <20090306091804.B24181701A@out-b.mx.mail-launder.com> <200903061702.n26H25oE004095@safir.blacknight.ie> <20090306200209.A82681701F@out-b.mx.mail-launder.com><200903071158.n27BvtsJ024657@safir.blacknight.ie> <49B26BB8.5000109@st-andrews.ac.uk> <20090307163317.C705917023@out-b.mx.mail-launder.com><200903071707.n27H7NdN031204@safir.blacknight.ie> <49B2B7E5.9020606@ecs.soton.ac.uk> <20090307205318.84AC91701F@out-b.mx.mail-launder.com> <200903080952.n289qi10018429@safir.blacknight.ie> Message-ID: <49B3AA15.1070507@ecs.soton.ac.uk> On 3/8/09 9:52 AM, Drew Marshall wrote: > On 7 Mar 2009, at 20:49, Julian Field wrote: > >> Okay, so the new chunk of code just there says this: >> >> if ($configwords[1] =~ /tr[ua]/i) { >> #print STDERR "Trackback:\n"; >> while(${@{$body}}[$#body] !~ /^\s*$/) { >> #print "Line is ****" . ${@{$body}}[scalar(@{$body})-1] . "****\n"; >> pop @{$body}; >> #print STDERR "."; >> } >> >> #print STDERR "\n"; >> $b->Done(); >> return; >> } >> >> See if that helps your problem. > > Ok new code in and the error reads: > > Global symbol "@body" requires explicit package name at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > Compilation failed in require at /usr/sbin/MailScanner line 354. Okay, try changing your line 509 to say this instead: while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { That does at least compile ( sorry about that :-( Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 8 11:37:58 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 8 11:38:42 2009 Subject: DKIM and MailScanner used in a mail forwarder Message-ID: <49B3AE16.4050502@ecs.soton.ac.uk> How badly does DKIM interact with MailScanner when MailScanner is used in a mail forwarding system? What could I do to improve the situation? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at trunknetworks.com Sun Mar 8 15:25:09 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Sun Mar 8 15:21:58 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090308112501.F1A2D1701F@out-b.mx.mail-launder.com> Message-ID: <200903081521.n28FLoG3025776@safir.blacknight.ie> ----- "Julian Field" wrote: > Okay, try changing your line 509 to say this instead: > while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { > That does at least compile ( sorry about that :-( No worries. You are right it does compile but.. MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 5 messages. max message size is '250000 trackback' Can't use string ("76") as an ARRAY ref while "strict refs" in use at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. :-( Drew From MailScanner at ecs.soton.ac.uk Sun Mar 8 15:34:41 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 8 15:35:02 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903081521.n28FLoG3025776@safir.blacknight.ie> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> Message-ID: <49B3E591.40001@ecs.soton.ac.uk> On 3/8/09 3:25 PM, Drew Marshall wrote: > ----- "Julian Field" wrote: > > >> Okay, try changing your line 509 to say this instead: >> while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { >> That does at least compile ( sorry about that :-( >> > No worries. You are right it does compile but.. > > MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 5 messages. > max message size is '250000 trackback' > Can't use string ("76") as an ARRAY ref while "strict refs" in use at /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > How about this then? (He says, desperately trying to work around a nast bug in Perl 5.10) my $bodysize = $#{@$body}+0; while (${@{$body}}[$bodysize+0] !~ /^\s*@/) { If that doesn't work either, I give up. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sun Mar 8 15:43:08 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun Mar 8 15:43:28 2009 Subject: Counts too high in "Deleted nn messages from processing-database" messages Message-ID: The new processing database feature writes log entries like Mar 8 04:58:03 sbh16 MailScanner[14914]: Deleted 120 messages from processing-database With MS 4.75.5, totalling the numbers from these messages over the course of a day gave essentially the same total as the numbers from the messages Mar 8 07:08:54 sbh16 MailScanner[2336]: New Batch: Scanning 30 messages, 133999 bytes With 4.75.7, the 'Deleted' total is much greater than the 'New Batch' total. For example (only one MailScanner child process) [root@sbh16 ~]# grep -E "New Batch|Deleted" /var/log/maillog [...] Mar 8 07:34:01 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 1750 bytes Mar 8 07:34:03 sbh16 MailScanner[2336]: Deleted 4 messages from processing-database Mar 8 07:42:46 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 4089 bytes Mar 8 07:42:53 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 07:45:11 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 4212 bytes Mar 8 07:45:16 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 07:49:46 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 2010 bytes Mar 8 07:49:48 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:02:48 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 6977 bytes Mar 8 08:02:50 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:20:51 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 2967 bytes Mar 8 08:20:55 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:21:37 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 15119 bytes Mar 8 08:21:41 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:25:53 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 1719 bytes Mar 8 08:25:55 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:28:07 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 2927 bytes Mar 8 08:28:14 sbh16 MailScanner[2336]: Deleted 4 messages from processing-database Mar 8 08:29:26 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 2198 bytes Mar 8 08:29:31 sbh16 MailScanner[2336]: Deleted 3 messages from processing-database Mar 8 08:32:37 sbh16 MailScanner[2336]: New Batch: Scanning 1 messages, 2818 bytes Mar 8 08:32:44 sbh16 MailScanner[2336]: Deleted 4 messages from processing-database [root@sbh16 ~]# -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From brent.addis at spit.gen.nz Sun Mar 8 22:45:45 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Sun Mar 8 22:46:56 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B3AE16.4050502@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> Message-ID: <1236552345.7716.2.camel@baddis-laptop> I use it, it's fine. Exim only signs when it actually sends the message, so it includes the mailscanner headers. No idea about postfix/sendmail/whatever else Make sure you have separate sending and receiving systems (Sending signs, receiving checks) On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: > How badly does DKIM interact with MailScanner when MailScanner is used > in a mail forwarding system? > What could I do to improve the situation? > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/a3b46758/attachment.html From MailScanner at ecs.soton.ac.uk Sun Mar 8 23:02:38 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 8 23:03:30 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <1236552345.7716.2.camel@baddis-laptop> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> Message-ID: <49B44E8E.6000007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But if you have a message from Paypal, for example, you can verify the signature on the way in, that's fine. But then if that user auto-forwards a copy of his mail to a Google or gmail account, won't MailScanner break Paypal's DKIM signature header by adding headers below it? I can't re-sign the message with Paypal's DKIM key of course. There's no point signing it with my own key as I wasn't the originator of the message, and so my domain doesn't appear in the From: header or even in the enveloper sender. Then when the message arrives at Gmail, Paypal's DKIM signature will be broken and Gmail will throw away the message as being fake (due to the broken DKIM sig). I can sign outgoing messages coming from my own users, that's no problem, but if I'm forwarding mail for a user then I break the originator's DKIM sig. To try to avoid this problem, I have added this (from my Change Log) To help stop MailScanner breaking DKIM signatures on messages, I have added a new configuration option "Place New Headers At Top Of Message". This is set to "no" by default, as I think the result looks a bit ugly. But if you have users forwarding mail from Ebay, Paypal or Yahoo! to Gmail or Googlemail accounts, you need to stop MailScanner breaking the DKIM signature, or Google will tend to drop the message as being fake. To avoid this happening, you must set three settings (at least): Place New Headers At Top Of Message = yes Multiple Headers = add Sign Clean Messages = no Then MailScanner will do its best not to alter the headers or body below the DKIM signature. In the three settings mentioned above, you can of course use rulesets so you don't do this to messages more than necessary. Do you think that will fix this problem? Jules. On 8/3/09 22:45, Brent Addis wrote: > I use it, it's fine. Exim only signs when it actually sends the > message, so it includes the mailscanner headers. > > No idea about postfix/sendmail/whatever else > > Make sure you have separate sending and receiving systems (Sending > signs, receiving checks) > > > > > On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: >> How badly does DKIM interact with MailScanner when MailScanner is used >> in a mail forwarding system? >> What could I do to improve the situation? >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book atwww.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me atJules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key:http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: UTF-8 wj8DBQFJtE6hEfZZRxQVtlQRAgzLAKDRXAetFJMwgLC6sBWCPWvRIjctHQCgnCn+ +YKx3bhoq6Ha0hT8xqm9KJM= =SHl0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 8 23:19:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 8 23:20:52 2009 Subject: Counts too high in "Deleted nn messages from processing-database" messages In-Reply-To: References: Message-ID: <49B4528F.8020303@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 258 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090308/54b84131/PGP.bin From brent.addis at spit.gen.nz Sun Mar 8 23:35:52 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Sun Mar 8 23:36:09 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B44E8E.6000007@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <49B44E8E.6000007@ecs.soton.ac.uk> Message-ID: <1236555352.7716.24.camel@baddis-laptop> It really depends how its being forwarded. Your average joe user will use outlook or some similar MUA which will be using their/your domain, not paypals. Do you mean redirect? (I haven't seen this used by an average joe MUA n a LONG time) On Sun, 2009-03-08 at 23:02 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > But if you have a message from Paypal, for example, you can verify the > signature on the way in, that's fine. But then if that user > auto-forwards a copy of his mail to a Google or gmail account, won't > MailScanner break Paypal's DKIM signature header by adding headers below > it? I can't re-sign the message with Paypal's DKIM key of course. > There's no point signing it with my own key as I wasn't the originator > of the message, and so my domain doesn't appear in the From: header or > even in the enveloper sender. > Then when the message arrives at Gmail, Paypal's DKIM signature will be > broken and Gmail will throw away the message as being fake (due to the > broken DKIM sig). > > I can sign outgoing messages coming from my own users, that's no > problem, but if I'm forwarding mail for a user then I break the > originator's DKIM sig. > > To try to avoid this problem, I have added this (from my Change Log) > > To help stop MailScanner breaking DKIM signatures on messages, I have > added a new configuration option "Place New Headers At Top Of Message". > This is set to "no" by default, as I think the result looks a bit ugly. > But if you have users forwarding mail from Ebay, Paypal or Yahoo! to > Gmail > or Googlemail accounts, you need to stop MailScanner breaking the DKIM > signature, or Google will tend to drop the message as being fake. To > avoid > this happening, you must set three settings (at least): > Place New Headers At Top Of Message = yes > Multiple Headers = add > Sign Clean Messages = no > Then MailScanner will do its best not to alter the headers or body below > the DKIM signature. > > In the three settings mentioned above, you can of course use rulesets so > you don't do this to messages more than necessary. > Do you think that will fix this problem? > > Jules. > > On 8/3/09 22:45, Brent Addis wrote: > > I use it, it's fine. Exim only signs when it actually sends the > > message, so it includes the mailscanner headers. > > > > No idea about postfix/sendmail/whatever else > > > > Make sure you have separate sending and receiving systems (Sending > > signs, receiving checks) > > > > > > > > > > On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: > >> How badly does DKIM interact with MailScanner when MailScanner is used > >> in a mail forwarding system? > >> What could I do to improve the situation? > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book atwww.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me atJules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> PGP public key:http://www.jules.fm/julesfm.asc > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use PGP or Thunderbird Enigmail to verify this message > Charset: UTF-8 > > wj8DBQFJtE6hEfZZRxQVtlQRAgzLAKDRXAetFJMwgLC6sBWCPWvRIjctHQCgnCn+ > +YKx3bhoq6Ha0hT8xqm9KJM= > =SHl0 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/4e55075f/attachment.html From brent.addis at spit.gen.nz Sun Mar 8 23:37:32 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Sun Mar 8 23:37:46 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B44E8E.6000007@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <49B44E8E.6000007@ecs.soton.ac.uk> Message-ID: <1236555452.7716.26.camel@baddis-laptop> oh. hang on. Fingers faster than brain. You mean remote MTA's running DKIM after your scanner has redirected it. Nne of our users run DKIM internally, they rely on us, so haven't actually hit it yet. On Sun, 2009-03-08 at 23:02 +0000, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > But if you have a message from Paypal, for example, you can verify the > signature on the way in, that's fine. But then if that user > auto-forwards a copy of his mail to a Google or gmail account, won't > MailScanner break Paypal's DKIM signature header by adding headers below > it? I can't re-sign the message with Paypal's DKIM key of course. > There's no point signing it with my own key as I wasn't the originator > of the message, and so my domain doesn't appear in the From: header or > even in the enveloper sender. > Then when the message arrives at Gmail, Paypal's DKIM signature will be > broken and Gmail will throw away the message as being fake (due to the > broken DKIM sig). > > I can sign outgoing messages coming from my own users, that's no > problem, but if I'm forwarding mail for a user then I break the > originator's DKIM sig. > > To try to avoid this problem, I have added this (from my Change Log) > > To help stop MailScanner breaking DKIM signatures on messages, I have > added a new configuration option "Place New Headers At Top Of Message". > This is set to "no" by default, as I think the result looks a bit ugly. > But if you have users forwarding mail from Ebay, Paypal or Yahoo! to > Gmail > or Googlemail accounts, you need to stop MailScanner breaking the DKIM > signature, or Google will tend to drop the message as being fake. To > avoid > this happening, you must set three settings (at least): > Place New Headers At Top Of Message = yes > Multiple Headers = add > Sign Clean Messages = no > Then MailScanner will do its best not to alter the headers or body below > the DKIM signature. > > In the three settings mentioned above, you can of course use rulesets so > you don't do this to messages more than necessary. > Do you think that will fix this problem? > > Jules. > > On 8/3/09 22:45, Brent Addis wrote: > > I use it, it's fine. Exim only signs when it actually sends the > > message, so it includes the mailscanner headers. > > > > No idea about postfix/sendmail/whatever else > > > > Make sure you have separate sending and receiving systems (Sending > > signs, receiving checks) > > > > > > > > > > On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: > >> How badly does DKIM interact with MailScanner when MailScanner is used > >> in a mail forwarding system? > >> What could I do to improve the situation? > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book atwww.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me atJules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> PGP public key:http://www.jules.fm/julesfm.asc > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use PGP or Thunderbird Enigmail to verify this message > Charset: UTF-8 > > wj8DBQFJtE6hEfZZRxQVtlQRAgzLAKDRXAetFJMwgLC6sBWCPWvRIjctHQCgnCn+ > +YKx3bhoq6Ha0hT8xqm9KJM= > =SHl0 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/94521c59/attachment.html From alex at rtpty.com Mon Mar 9 01:30:23 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 9 01:30:33 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <1236552345.7716.2.camel@baddis-laptop> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> Message-ID: <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> I believe it's been tried before with sendmail but, as Brent mentions, you have to have an instance of sendmail that does the actual signing after MailScanner's done with the message. On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis wrote: > I use it, it's fine. Exim only signs when it actually sends the message, > so it includes the mailscanner headers. > > No idea about postfix/sendmail/whatever else > > Make sure you have separate sending and receiving systems (Sending signs, > receiving checks) > > > > > On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: > > How badly does DKIM interact with MailScanner when MailScanner is used > in a mail forwarding system? > What could I do to improve the situation? > > Jules > > -- > Julian Field MEng CITP CEngwww.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090308/5326427f/attachment.html From MailScanner at ecs.soton.ac.uk Mon Mar 9 09:06:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 9 09:08:13 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> Message-ID: <49B4DC28.9080501@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/09 01:30, Alex Neuman wrote: > I believe it's been tried before with sendmail but, as Brent mentions, > you have to have an instance of sendmail that does the actual signing > after MailScanner's done with the message. Yes, I have separate incoming and outgoing mail systems. And yes, I guess I mean "redirect" and not "forward". Many ISP's offer mail forwarding ("redirecting") for addresses at a customer's domain. So how does anyone else deal with this problem? > > On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis > wrote: > > I use it, it's fine. Exim only signs when it actually sends the > message, so it includes the mailscanner headers. > > No idea about postfix/sendmail/whatever else > > Make sure you have separate sending and receiving systems (Sending > signs, receiving checks) > > > > > On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: >> How badly does DKIM interact with MailScanner when MailScanner is used >> in a mail forwarding system? >> What could I do to improve the situation? >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book atwww.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me atJules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key:http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtNwoEfZZRxQVtlQRAm6GAJ4osCLoxlCoYLArdqw4sKEB/tNUEACgkdys o+FwFCdcSrV8oCIfHJ2RFoI= =FDcC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 9 10:46:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 9 10:47:20 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B4DC28.9080501@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> <49B4DC28.9080501@ecs.soton.ac.uk> Message-ID: <49B4F3A1.3000906@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/09 09:06, Julian Field wrote: > * PGP Signed: 03/09/09 at 09:06:48 > > > > On 9/3/09 01:30, Alex Neuman wrote: >> I believe it's been tried before with sendmail but, as Brent >> mentions, you have to have an instance of sendmail that does the >> actual signing after MailScanner's done with the message. > Yes, I have separate incoming and outgoing mail systems. And yes, I > guess I mean "redirect" and not "forward". Many ISP's offer mail > forwarding ("redirecting") for addresses at a customer's domain. So > how does anyone else deal with this problem? >> >> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis > > wrote: >> >> I use it, it's fine. Exim only signs when it actually sends the >> message, so it includes the mailscanner headers. >> >> No idea about postfix/sendmail/whatever else >> >> Make sure you have separate sending and receiving systems (Sending >> signs, receiving checks) >> >> >> >> >> On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: >>> How badly does DKIM interact with MailScanner when MailScanner >>> is used >>> in a mail forwarding system? >>> What could I do to improve the situation? >>> >>> Jules It appears that DKIM doesn't take the order of most of the headers into account after all (I read the spec a bit more thoroughly). It only worries about the headers which are named in the "DKIM-Signature" header. So there's no need to move the new headers to the top of the message after all. Though I will probably leave the option in place, as people have asked for it in the past. Unfortunately the list of headers that appear in the list is a bit long, and includes some that MailScanner may inadvertently tweak, such as Content-Type, Content-Transfer-Encoding and Message-ID. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtPOhEfZZRxQVtlQRAobqAKC+5vzPmBZw+Wo2I3qSGhem0TEXgQCfTZRZ Ow5y9P3oRjHhNMGtQzKM8j8= =u59X -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Mon Mar 9 11:01:42 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 9 11:01:51 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B4F3A1.3000906@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> <49B4DC28.9080501@ecs.soton.ac.uk> <49B4F3A1.3000906@ecs.soton.ac.uk> Message-ID: <49B4F716.3060305@alexb.ch> On 3/9/2009 11:46 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 9/3/09 09:06, Julian Field wrote: >> * PGP Signed: 03/09/09 at 09:06:48 >> >> >> >> On 9/3/09 01:30, Alex Neuman wrote: >>> I believe it's been tried before with sendmail but, as Brent >>> mentions, you have to have an instance of sendmail that does the >>> actual signing after MailScanner's done with the message. >> Yes, I have separate incoming and outgoing mail systems. And yes, I >> guess I mean "redirect" and not "forward". Many ISP's offer mail >> forwarding ("redirecting") for addresses at a customer's domain. So >> how does anyone else deal with this problem? >>> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis >> > wrote: >>> >>> I use it, it's fine. Exim only signs when it actually sends the >>> message, so it includes the mailscanner headers. >>> >>> No idea about postfix/sendmail/whatever else >>> >>> Make sure you have separate sending and receiving systems (Sending >>> signs, receiving checks) >>> >>> >>> >>> >>> On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: >>>> How badly does DKIM interact with MailScanner when MailScanner >>>> is used >>>> in a mail forwarding system? >>>> What could I do to improve the situation? >>>> >>>> Jules > It appears that DKIM doesn't take the order of most of the headers into > account after all (I read the spec a bit more thoroughly). It only > worries about the headers which are named in the "DKIM-Signature" > header. So there's no need to move the new headers to the top of the > message after all. Though I will probably leave the option in place, as > people have asked for it in the past. > > Unfortunately the list of headers that appear in the list is a bit long, > and includes some that MailScanner may inadvertently tweak, such as > Content-Type, Content-Transfer-Encoding and Message-ID. Pls make sure that the move is not set per default. thx Alex From MailScanner at ecs.soton.ac.uk Mon Mar 9 11:04:23 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 9 11:04:42 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B4F716.3060305@alexb.ch> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> <49B4DC28.9080501@ecs.soton.ac.uk> <49B4F3A1.3000906@ecs.soton.ac.uk> <49B4F716.3060305@alexb.ch> Message-ID: <49B4F7B7.5010408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/09 11:01, Alex Broens wrote: > On 3/9/2009 11:46 AM, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 9/3/09 09:06, Julian Field wrote: >>> * PGP Signed: 03/09/09 at 09:06:48 >>> >>> >>> >>> On 9/3/09 01:30, Alex Neuman wrote: >>>> I believe it's been tried before with sendmail but, as Brent >>>> mentions, you have to have an instance of sendmail that does the >>>> actual signing after MailScanner's done with the message. >>> Yes, I have separate incoming and outgoing mail systems. And yes, I >>> guess I mean "redirect" and not "forward". Many ISP's offer mail >>> forwarding ("redirecting") for addresses at a customer's domain. So >>> how does anyone else deal with this problem? >>>> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis >>>> > wrote: >>>> >>>> I use it, it's fine. Exim only signs when it actually sends the >>>> message, so it includes the mailscanner headers. >>>> >>>> No idea about postfix/sendmail/whatever else >>>> >>>> Make sure you have separate sending and receiving systems (Sending >>>> signs, receiving checks) >>>> >>>> >>>> >>>> >>>> On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote: >>>>> How badly does DKIM interact with MailScanner when MailScanner >>>>> is used >>>>> in a mail forwarding system? >>>>> What could I do to improve the situation? >>>>> >>>>> Jules >> It appears that DKIM doesn't take the order of most of the headers >> into account after all (I read the spec a bit more thoroughly). It >> only worries about the headers which are named in the >> "DKIM-Signature" header. So there's no need to move the new headers >> to the top of the message after all. Though I will probably leave the >> option in place, as people have asked for it in the past. >> >> Unfortunately the list of headers that appear in the list is a bit >> long, and includes some that MailScanner may inadvertently tweak, >> such as Content-Type, Content-Transfer-Encoding and Message-ID. > > Pls make sure that the move is not set per default. Don't worry, I wouldn't do that to you! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtPe4EfZZRxQVtlQRAiohAKDgHk7DZty5b2n03/I+0GG76eMnOQCg7aer 0UHd4j+QlHDCw1x5Xhwnsds= =RPsg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devendra at multitech.co.in Mon Mar 9 21:21:12 2009 From: devendra at multitech.co.in (Devendra Kumar) Date: Mon Mar 9 11:44:09 2009 Subject: Which all port I should open for the MailScanner Message-ID: <49B58848.1030104@multitech.co.in> Hi All, I have configured MailScanner in my company. But I feel its not blocking the spam mails. I need to open some port for this in our firewall so that it could able to contact RBL sites. Can anyone help me to know the port numbers to be opened in Firewall. Regards Devendra Kumar Systems Engineer Multitech Software System India Pvt. Ltd. Bangalore-560095 -- This message has been scanned for viruses and dangerous content by Multiscanner, and is believed to be clean. From prandal at herefordshire.gov.uk Mon Mar 9 11:56:39 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Mar 9 11:57:00 2009 Subject: Which all port I should open for the MailScanner In-Reply-To: <49B58848.1030104@multitech.co.in> References: <49B58848.1030104@multitech.co.in> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA06227CEF@HC-MBX02.herefordshire.gov.uk> For RBLS, your MailScanner box should be running a local caching nameserver which has access to DNS (53/udp AND 53/tcp). Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devendra Kumar Sent: 09 March 2009 21:21 To: mailscanner@lists.mailscanner.info Subject: Which all port I should open for the MailScanner Hi All, I have configured MailScanner in my company. But I feel its not blocking the spam mails. I need to open some port for this in our firewall so that it could able to contact RBL sites. Can anyone help me to know the port numbers to be opened in Firewall. Regards Devendra Kumar Systems Engineer Multitech Software System India Pvt. Ltd. Bangalore-560095 -- This message has been scanned for viruses and dangerous content by Multiscanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Mon Mar 9 12:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 9 12:31:25 2009 Subject: DKIM and MailScanner used in a mail forwarder In-Reply-To: <49B4F3A1.3000906@ecs.soton.ac.uk> References: <49B3AE16.4050502@ecs.soton.ac.uk> <1236552345.7716.2.camel@baddis-laptop> <24e3d2e40903081830x378786dag68cfe60d88da28e4@mail.gmail.com> <49B4DC28.9080501@ecs.soton.ac.uk> <49B4F3A1.3000906@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 09 Mar 2009 10:46:57 +0000: > such as > Content-Type, Content-Transfer-Encoding You do not need to tweak these unless you add a signature or warning or remove files. Actually, for removing files you don't need to tweak it either, so adding a signature remains as the only cause. Let the user choose if they either want an unhampered DKIM or a signature. > Message-ID. MS must not ever change the Message-ID of a message. And I haven't ever seen it do this. Julian, if you do this in connection with some config setting (watermarking?) this behavior is very wrong. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rcooper at dwford.com Mon Mar 9 13:52:33 2009 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 9 13:52:50 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B3E591.40001@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> Message-ID: <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Sunday, March 08, 2009 11:35 AM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") > as an ARRAY ref while "strict refs" in use > > > > On 3/8/09 3:25 PM, Drew Marshall wrote: > > ----- "Julian Field" wrote: > > > > > >> Okay, try changing your line 509 to say this instead: > >> while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { > >> That does at least compile ( sorry about that :-( > >> > > No worries. You are right it does compile but.. > > > > MailScanner --debug > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 5 messages. > > max message size is '250000 trackback' > > Can't use string ("76") as an ARRAY ref while "strict > refs" in use at > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > How about this then? (He says, desperately trying to work > around a nast > bug in Perl 5.10) > > my $bodysize = $#{@$body}+0; > while (${@{$body}}[$bodysize+0] !~ /^\s*@/) { > > If that doesn't work either, I give up. > > Jules > And if that doesn't work wouldn't this do the same thing? my @bodycheck = @{$body}; for ($i=(@bodycheck-1);$i >= 0; $i--){ last if @bodycheck[$i] =~ /^\s*$/; print "Line is ****".@bodycheck[$i]."****\n"; pop @{$body}; } Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Mon Mar 9 17:12:51 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon Mar 9 17:13:00 2009 Subject: Counts too high in "Deleted nn messages from processing-database" messages In-Reply-To: <49B4528F.8020303@ecs.soton.ac.uk> References: <49B4528F.8020303@ecs.soton.ac.uk> Message-ID: <20090309171251.GA3332@msapiro> On Sun, Mar 08, 2009 at 11:19:43PM +0000, Julian Field wrote: > Try the attached patch to MessageBatch.pm and let me know if it helps. The patch appears to be working fine. [root@sbh16 ~]# grep -E "New Batch|Deleted" /var/log/maillog | tail -20 Mar 9 09:56:09 sbh16 MailScanner[11356]: New Batch: Scanning 30 messages, 158787 bytes Mar 9 09:56:09 sbh16 MailScanner[11356]: Deleted 30 messages from processing-database Mar 9 09:56:10 sbh16 MailScanner[11356]: New Batch: Found 131 messages waiting Mar 9 09:56:10 sbh16 MailScanner[11356]: New Batch: Scanning 30 messages, 158963 bytes Mar 9 09:56:10 sbh16 MailScanner[11356]: Deleted 30 messages from processing-database Mar 9 09:56:10 sbh16 MailScanner[11356]: New Batch: Found 101 messages waiting Mar 9 09:56:10 sbh16 MailScanner[11356]: New Batch: Scanning 30 messages, 158844 bytes Mar 9 09:56:11 sbh16 MailScanner[11356]: Deleted 30 messages from processing-database Mar 9 09:56:11 sbh16 MailScanner[11356]: New Batch: Found 71 messages waiting Mar 9 09:56:11 sbh16 MailScanner[11356]: New Batch: Scanning 30 messages, 158874 bytes Mar 9 09:56:12 sbh16 MailScanner[11356]: Deleted 30 messages from processing-database Mar 9 09:56:12 sbh16 MailScanner[11356]: New Batch: Found 41 messages waiting Mar 9 09:56:12 sbh16 MailScanner[11356]: New Batch: Scanning 30 messages, 159186 bytes Mar 9 09:56:13 sbh16 MailScanner[11356]: Deleted 30 messages from processing-database Mar 9 09:56:13 sbh16 MailScanner[11356]: New Batch: Scanning 11 messages, 58273 bytes Mar 9 09:56:15 sbh16 MailScanner[11356]: Deleted 11 messages from processing-database Mar 9 09:57:57 sbh16 MailScanner[11356]: New Batch: Scanning 1 messages, 2718 bytes Mar 9 09:57:59 sbh16 MailScanner[11356]: Deleted 1 messages from processing-database Mar 9 10:02:59 sbh16 MailScanner[11356]: New Batch: Scanning 1 messages, 1854 bytes Mar 9 10:03:03 sbh16 MailScanner[11356]: Deleted 1 messages from processing-database [root@sbh16 ~]# -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From rcooper at dwford.com Mon Mar 9 18:05:07 2009 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 9 18:05:24 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> Message-ID: <43184AE0CA954B68AB040C7D8221BE58@SAHOMELT> I am looking at this quote and see only one. I am not sure why there would have been more unless I clipped something Rick > -----Original Message----- > From: Kai Schaetzl [mailto:maillists@conactive.com] > Sent: Monday, March 09, 2009 11:31 AM > To: Rick Cooper > Subject: Re: Interesting Error - Can't use string ("1909") > as an ARRAY ref while "strict refs" in use > > Rick Cooper wrote on Mon, 9 Mar 2009 09:52:33 -0400: > > > > > > Hi Rick, sorry to interrupt, but, are you aware that you are > not using the > correct quote marker? There is an extra space before each of > your quote > markers. Software that honors only correct quote markers > (like mine) is > then not able to detect the line as quote (and color-code it for > instance). > Any chance you change it to the correct one and only ">" ? > > Cheers, > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 9 19:13:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 9 19:13:29 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> Message-ID: <49B56A46.3020209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/09 13:52, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Sunday, March 08, 2009 11:35 AM > > To: MailScanner discussion > > Subject: Re: Interesting Error - Can't use string ("1909") > > as an ARRAY ref while "strict refs" in use > > > > > > > > On 3/8/09 3:25 PM, Drew Marshall wrote: > > > ----- "Julian Field" wrote: > > > > > > > > >> Okay, try changing your line 509 to say this instead: > > >> while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { > > >> That does at least compile ( sorry about that :-( > > >> > > > No worries. You are right it does compile but.. > > > > > > MailScanner --debug > > > In Debugging mode, not forking... > > > Trying to setlogsock(unix) > > > Building a message batch to scan... > > > Have a batch of 5 messages. > > > max message size is '250000 trackback' > > > Can't use string ("76") as an ARRAY ref while "strict > > refs" in use at > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > > > How about this then? (He says, desperately trying to work > > around a nast > > bug in Perl 5.10) > > > > my $bodysize = $#{@$body}+0; > > while (${@{$body}}[$bodysize+0] !~ /^\s*@/) { > > > > If that doesn't work either, I give up. > > > > Jules > > > And if that doesn't work wouldn't this do the same thing? > > my @bodycheck = @{$body}; > This will involve making a copy of the entire message in memory. *Very* expensive thing to do, need to avoid this at all costs. > for ($i=(@bodycheck-1);$i>= 0; $i--){ > last if @bodycheck[$i] =~ /^\s*$/; > you don't really mean @bodycheck[$i] do you? Surely you mean $bodycheck[$i]? > print "Line is ****".@bodycheck[$i]."****\n"; > pop @{$body}; > } > So yes, it would do the same thing, but it will take a hell of a lot longer to do, and will use a lot more memory too. > Rick > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJtWpHEfZZRxQVtlQRAphbAJsE+NmZtDwIe9XtsprXaJut14PH1QCfaaW5 FwDnqgiZjBmw4CXBhPEZkNI= =1Xgy -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 9 19:20:20 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 9 19:20:48 2009 Subject: Forwarded spam is caught, original message is not In-Reply-To: <43F62CA225017044BC84CFAF92B4333B06F24C@sbsserver.Techquility.net> References: <43F62CA225017044BC84CFAF92B4333B06F226@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F23B@sbsserver.Techquility.net> <43F62CA225017044BC84CFAF92B4333B06F24C@sbsserver.Techquility.net> Message-ID: on 3-6-2009 6:59 PM Chris Barber spake the following: > on 3-5-2009 9:21 AM Chris Barber spake the following: >>> A DNS timeout on the surbl hits could explain it. The first time the surbl list lookup comes in just at the timeout, then the forward hits >the cached lookup and is faster. >>> >>> Do you quarantine all your messages? If so you could pull the original out and retest it. If it still doesn't hit, it is probably an >encoding issue, it it does, it is a DNS issue. >>> >> Scott, >> >> Looks like it is not a DNS issue. I put the original and forwarded messages back through the server and I had the same results. The original message does not hit the URIBL rules (even if I put it through many times) and the forwarded one does. The only difference I can see is the encoding. The URL's in the original have some extra characters it seems. See my original post for the queue files and you can see what I mean. >> >> Is this some new tactic that spammers are using to get around URL checking in the body of emails? How can I troubleshoot this further? >> >> Thanks, >> Chris >> >> > >> Can you pastebin an example somewhere so others can test it. That way we can eliminate or implicate your systems configs or module >versions. >> > > > Here is the pastebin for the original messages which the URIBL rules miss on: > http://pastebin.com/m6153469c > Content analysis details: (25.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 3.0 RCVD_IN_BACKSCATTER RBL: Received via a relay in Backscatter.org [65.54.246.102 listed in ips.backscatterer.org] 0.5 RCVD_IN_APEWS RBL: Received via a relay in APEWS [61.56.166.224 listed in l2.apews.org] 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: enlargementpillspharmacy.com] 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: enlargementpillspharmacy.com] 0.0 SUBJ_BUY Subject line starts with Buy or Buying 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.8 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.9 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 2.5 DIGEST_MULTIPLE Message hits more than one network digest check The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. > Here it is for the forwarded message which does trigger the URIBL rules: > http://pastebin.com/m25691788 > > Content analysis details: (8.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: enlargementpillspharmacy.com] 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: enlargementpillspharmacy.com] 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5176] 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.8 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. > Thanks again for taking a look at this. It has been plaguing me for many months now. > -Chris > The original hits very well on my system. But both hit the uribl rules. Here is my MailScanner -V to compare with your module versions MailScanner --version Running on Linux mail.sgvwater.com 2.6.9-78.0.13.ELsmp #1 SMP Wed Jan 14 15:55:36 EST 2009 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.7 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.13 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 0.21 bignum 1.03 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 0.19 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.14 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.33 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/a72be813/signature.bin From ssilva at sgvwater.com Mon Mar 9 19:28:16 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 9 19:28:39 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <49B3949D.90606@vanderkooij.org> References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> <49B3949D.90606@vanderkooij.org> Message-ID: on 3-8-2009 1:49 AM Hugo van der Kooij spake the following: > Scott Silva wrote: >> I just found that, and saw your message just before I hit send. > >> Sorry, but no IP6 here yet to play with. At least not externally. > > IT takes about 5 minutes to get IPv6 to your network with a tunnelbroker. > > Hugo. > Since the check signers have no interest, it will have to remain on the back burner unless there is an option that is free as in the beer I will want to be drinking while I learn something new! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/f486ce18/signature.bin From mark.wold at gmail.com Mon Mar 9 19:35:02 2009 From: mark.wold at gmail.com (Mark Wold) Date: Mon Mar 9 19:35:12 2009 Subject: Help with getting MailScanner to learn. Message-ID: We are a fairly small company and I have just recently installed MailScanner on my web server and have it screening all of our incoming mail and then forwarding on to our Exchange 2000 server. I am running MailScanner 4.74.16 on Suse 10.1. We have 3 main users receiving email on the system. 1 user gets a bit of email with {Spam?} in the subject line. Another user gets a fair amount of it. And the third gets a lot. I've looked over all of the emails and MailScanner is absolutely correct in that everything labeled "{Spam?}" is truly spam. I have searched but am just not finding how I can have MailScanner dump this stuff to the quarantine instaed of forwarding on to Exchange. I'd rather not have Exchange processing all of this as it is such a dog. Thanks, Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/e1245f20/attachment.html From alex at rtpty.com Mon Mar 9 19:48:38 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 9 19:48:49 2009 Subject: Help with getting MailScanner to learn. In-Reply-To: References: Message-ID: <24e3d2e40903091248t195afe3byd9a1780a178a1ff8@mail.gmail.com> What do you have for "Spam Actions" and "High Scoring Spam Actions" right now? On Mon, Mar 9, 2009 at 2:35 PM, Mark Wold wrote: > We are a fairly small company and I have just recently installed > MailScanner on my web server and have it screening all of our incoming mail > and then forwarding on to our Exchange 2000 server. I am running MailScanner > 4.74.16 on Suse 10.1. > > We have 3 main users receiving email on the system. 1 user gets a bit of > email with {Spam?} in the subject line. Another user gets a fair amount of > it. And the third gets a lot. I've looked over all of the emails and > MailScanner is absolutely correct in that everything labeled "{Spam?}" is > truly spam. I have searched but am just not finding how I can have > MailScanner dump this stuff to the quarantine instaed of forwarding on to > Exchange. I'd rather not have Exchange processing all of this as it is such > a dog. > > Thanks, > Mark > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090309/afc6bb63/attachment.html From rcooper at dwford.com Mon Mar 9 19:49:44 2009 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 9 19:49:59 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B56A46.3020209@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> Message-ID: <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Monday, March 09, 2009 3:13 PM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") > as an ARRAY ref while "strict refs" in use > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 9/3/09 13:52, Rick Cooper wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Julian Field > > > Sent: Sunday, March 08, 2009 11:35 AM > > > To: MailScanner discussion > > > Subject: Re: Interesting Error - Can't use string ("1909") > > > as an ARRAY ref while "strict refs" in use > > > > > > > > > > > > On 3/8/09 3:25 PM, Drew Marshall wrote: > > > > ----- "Julian Field" wrote: > > > > > > > > > > > >> Okay, try changing your line 509 to say this instead: > > > >> while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { > > > >> That does at least compile ( sorry about that :-( > > > >> > > > > No worries. You are right it does compile but.. > > > > > > > > MailScanner --debug > > > > In Debugging mode, not forking... > > > > Trying to setlogsock(unix) > > > > Building a message batch to scan... > > > > Have a batch of 5 messages. > > > > max message size is '250000 trackback' > > > > Can't use string ("76") as an ARRAY ref while "strict > > > refs" in use at > > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > > > > > How about this then? (He says, desperately trying to work > > > around a nast > > > bug in Perl 5.10) > > > > > > my $bodysize = $#{@$body}+0; > > > while (${@{$body}}[$bodysize+0] !~ /^\s*@/) { > > > > > > If that doesn't work either, I give up. > > > > > > Jules > > > > > And if that doesn't work wouldn't this do the same thing? > > > > my @bodycheck = @{$body}; > > > This will involve making a copy of the entire message in > memory. *Very* > expensive thing to do, need to avoid this at all costs. > > for ($i=(@bodycheck-1);$i>= 0; $i--){ > > last if @bodycheck[$i] =~ /^\s*$/; > > > you don't really mean @bodycheck[$i] do you? Surely you mean > $bodycheck[$i]? > > print "Line is ****".@bodycheck[$i]."****\n"; > > pop @{$body}; > > } > > > So yes, it would do the same thing, but it will take a hell of a lot > longer to do, and will use a lot more memory too. > > Rick > > > > Well really I doubt the need to make the copy, just seems somehow wrong to use a for loop on something that we are shortening with each iteration but since the loop is bottom up and the pop is from the bottom you could just use $body because you are effectively just operating on the last item at a given moment. And, pardon my lack of ability to wrap my head around perl's handling of arrays (yes I don't care what perl thinks, a hash is an associative array so it should be able to be addressed directly by index or by key without all the machinations) I think I would then mean for ($i=(@{$body}-1);$i >= 0; $i--){ last if @{$body}[$i] =~ /^\s*$/; print "Line $i is ****".@{$body}[$i]."****\n"; pop @{$body}; } If we are trying to do this by index->value not key->value. Again I am assuming the point is to pop off the body info from the end forward until reaching either a blank line or a line of nothing but white space. ?? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rick at duvals.ca Mon Mar 9 19:50:50 2009 From: rick at duvals.ca (Rick Duval) Date: Mon Mar 9 19:50:59 2009 Subject: Positive Score from Auto White LIst? Message-ID: <4baa40ce0903091250i79a996e9q61e6e3a572e5652d@mail.gmail.com> Today I got a positive (spam) score based on an auto whitelist (which I don't even use). Any idea where this is coming from? The message in MailWatch was: 24.37 AWL From: address is in the auto white-list Rick aasts From rick at duvals.ca Tue Mar 10 00:50:44 2009 From: rick at duvals.ca (Rick Duval) Date: Tue Mar 10 00:50:53 2009 Subject: Can't Disable Auto Whitelist??? Message-ID: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> In MailScanner.conf I set SpamAssassin Auto Whitelist = no in /etc/MailScanner/spam.assassin.prefs.conf I set use_auto_whitelist 0 Restart MailScanner, /var/log/maillog says (amongst other things of course) Mar 9 20:48:00 ib02 MailScanner[3325]: Enabling SpamAssassin auto-whitelist functionality... Where else can this be coming from??? Rick From jtp at jtpage.net Tue Mar 10 02:44:51 2009 From: jtp at jtpage.net (JTP10181) Date: Tue Mar 10 02:45:04 2009 Subject: Can't Disable Auto Whitelist??? In-Reply-To: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> References: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> Message-ID: <000601c9a12a$30774130$9165c390$@net> I have my settings the same as you but I don't see anything about whitelisting in my maillog You could try to disable the AWL plugin in /etc/mail/spamassassin/v310.pre # AWL - do auto-whitelist checks loadplugin Mail::SpamAssassin::Plugin::AWL Also try this from your MailScanner config root dir. grep -iR whitelist * see if you can find another place the setting might be enabled. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Duval Sent: Monday, March 09, 2009 7:51 PM To: MailScanner discussion Subject: Can't Disable Auto Whitelist??? In MailScanner.conf I set SpamAssassin Auto Whitelist = no in /etc/MailScanner/spam.assassin.prefs.conf I set use_auto_whitelist 0 Restart MailScanner, /var/log/maillog says (amongst other things of course) Mar 9 20:48:00 ib02 MailScanner[3325]: Enabling SpamAssassin auto-whitelist functionality... Where else can this be coming from??? Rick -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __________ Information from ESET NOD32 Antivirus, version of virus signature database 3920 (20090309) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Tue Mar 10 08:39:47 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Mar 10 08:39:57 2009 Subject: Can't Disable Auto Whitelist??? In-Reply-To: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> References: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> Message-ID: <72cf361e0903100139m73dfad10td933eb21e56ef159@mail.gmail.com> 2009/3/10 Rick Duval : > In MailScanner.conf I set > > SpamAssassin Auto Whitelist = no > > in /etc/MailScanner/spam.assassin.prefs.conf I set > > use_auto_whitelist 0 > > Restart MailScanner, /var/log/maillog says (amongst other things of course) > > Mar ?9 20:48:00 ib02 MailScanner[3325]: Enabling SpamAssassin > auto-whitelist functionality... > > Where else can this be coming from??? > > Rick > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Rick as another poster just said you need to disable this by commenting out the plugin in you *.pre files that are in the same place as youre mailscanner.cf and local.cf (normally /etc/mail/spamassassin) -- Martin Hepworth Oxford, UK From mark.wold at gmail.com Tue Mar 10 11:14:33 2009 From: mark.wold at gmail.com (Mark Wold) Date: Tue Mar 10 11:14:41 2009 Subject: Help with getting MailScanner to learn. In-Reply-To: <24e3d2e40903091248t195afe3byd9a1780a178a1ff8@mail.gmail.com> References: <24e3d2e40903091248t195afe3byd9a1780a178a1ff8@mail.gmail.com> Message-ID: Thanks! Your question was enough to point me in the right direction. And now that I've read that section, sorry for being such a newb... MW On Mon, Mar 9, 2009 at 14:48, Alex Neuman wrote: > What do you have for "Spam Actions" and "High Scoring Spam Actions" right > now? > > On Mon, Mar 9, 2009 at 2:35 PM, Mark Wold wrote: > >> We are a fairly small company and I have just recently installed >> MailScanner on my web server and have it screening all of our incoming mail >> and then forwarding on to our Exchange 2000 server. I am running MailScanner >> 4.74.16 on Suse 10.1. >> >> We have 3 main users receiving email on the system. 1 user gets a bit of >> email with {Spam?} in the subject line. Another user gets a fair amount of >> it. And the third gets a lot. I've looked over all of the emails and >> MailScanner is absolutely correct in that everything labeled "{Spam?}" is >> truly spam. I have searched but am just not finding how I can have >> MailScanner dump this stuff to the quarantine instaed of forwarding on to >> Exchange. I'd rather not have Exchange processing all of this as it is such >> a dog. >> >> Thanks, >> Mark >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090310/2a622a67/attachment.html From MailScanner at ecs.soton.ac.uk Tue Mar 10 12:00:29 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 12:00:51 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> Message-ID: <49B6565D.2020409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/09 19:49, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Monday, March 09, 2009 3:13 PM > > To: MailScanner discussion > > Subject: Re: Interesting Error - Can't use string ("1909") > > as an ARRAY ref while "strict refs" in use > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > On 9/3/09 13:52, Rick Cooper wrote: > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > > Behalf Of Julian Field > > > > Sent: Sunday, March 08, 2009 11:35 AM > > > > To: MailScanner discussion > > > > Subject: Re: Interesting Error - Can't use string ("1909") > > > > as an ARRAY ref while "strict refs" in use > > > > > > > > > > > > > > > > On 3/8/09 3:25 PM, Drew Marshall wrote: > > > > > ----- "Julian Field" wrote: > > > > > > > > > > > > > > >> Okay, try changing your line 509 to say this instead: > > > > >> while(${@{$body}}[$#{@$body}] !~ /^\s*$/) { > > > > >> That does at least compile ( sorry about that :-( > > > > >> > > > > > No worries. You are right it does compile but.. > > > > > > > > > > MailScanner --debug > > > > > In Debugging mode, not forking... > > > > > Trying to setlogsock(unix) > > > > > Building a message batch to scan... > > > > > Have a batch of 5 messages. > > > > > max message size is '250000 trackback' > > > > > Can't use string ("76") as an ARRAY ref while "strict > > > > refs" in use at > > > > /usr/share/MailScanner//MailScanner/PFDiskStore.pm line 509. > > > > > > > > > How about this then? (He says, desperately trying to work > > > > around a nast > > > > bug in Perl 5.10) > > > > > > > > my $bodysize = $#{@$body}+0; > > > > while (${@{$body}}[$bodysize+0] !~ /^\s*@/) { > > > > > > > > If that doesn't work either, I give up. > > > > > > > > Jules > > > > > > > And if that doesn't work wouldn't this do the same thing? > > > > > > my @bodycheck = @{$body}; > > > > > This will involve making a copy of the entire message in > > memory. *Very* > > expensive thing to do, need to avoid this at all costs. > > > for ($i=(@bodycheck-1);$i>= 0; $i--){ > > > last if @bodycheck[$i] =~ /^\s*$/; > > > > > you don't really mean @bodycheck[$i] do you? Surely you mean > > $bodycheck[$i]? > > > print "Line is ****".@bodycheck[$i]."****\n"; > > > pop @{$body}; > > > } > > > > > So yes, it would do the same thing, but it will take a hell of a lot > > longer to do, and will use a lot more memory too. > > > Rick > > > > > > > > Well really I doubt the need to make the copy, just seems somehow wrong to > use a for loop on something that we are shortening with each iteration but > since the loop is bottom up and the pop is from the bottom you could just > use $body because you are effectively just operating on the last item at a > given moment. > > And, pardon my lack of ability to wrap my head around perl's handling of > arrays (yes I don't care what perl thinks, a hash is an associative array so > it should be able to be addressed directly by index or by key without all > the machinations) I think I would then mean > > for ($i=(@{$body}-1);$i>= 0; $i--){ > last if @{$body}[$i] =~ /^\s*$/; > You can't do @array[$index] to access the index'th element of array. You mean $body->[$i] I *think*. I must admit I get a bit lost in all the redirections at times myself :-) for ($i=(@{$body}-1); $i>=0 $i--) { last if $body->[$i] =~ /^\s*$/; pop @{$body}; } definitely looks possible. > print "Line $i is ****".@{$body}[$i]."****\n"; > pop @{$body}; > } > > If we are trying to do this by index->value not key->value. Again I am > assuming the point is to pop off the body info from the end forward until > reaching either a blank line or a line of nothing but white space. > > ?? > > Rick > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtlZeEfZZRxQVtlQRAic9AJ9JjKce9GGjQxAJSqT1n0EJo33j4QCgy/6V PMe+TOKeuOCh1exGv4rHzdQ= =U6re -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jv at vestings.dk Tue Mar 10 12:37:27 2009 From: jv at vestings.dk (Jakob Venning - Vestings) Date: Tue Mar 10 12:37:49 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= Message-ID: <49B65F07.3050508@vestings.dk> I have the same problem with Bitdefender for Unices v7.90123 as described by Jeroen in http://article.gmane.org/gmane.mail.virus.mailscanner/68900/match=bitdefender+uninfected Did anyone find a solution to this problem? My MailScanner version is 4.74-16 ? a fresh install from source Jakob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rick at duvals.ca Tue Mar 10 13:01:15 2009 From: rick at duvals.ca (Rick Duval) Date: Tue Mar 10 13:01:25 2009 Subject: Can't Disable Auto Whitelist??? In-Reply-To: <72cf361e0903100139m73dfad10td933eb21e56ef159@mail.gmail.com> References: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> <72cf361e0903100139m73dfad10td933eb21e56ef159@mail.gmail.com> Message-ID: <4baa40ce0903100601t77ce9c6v8d747f1cea0d449c@mail.gmail.com> > > Rick > > as another poster just said you need to disable this by commenting out > the plugin in you *.pre files that are in the same place as youre > mailscanner.cf and local.cf (normally /etc/mail/spamassassin) > > -- > Martin Hepworth > Oxford, UK Sorry. Should have mentioned I'd already done that in all the .pre files I can find. (BTW it might be helpful to include that in the comments in MailScanner.conf as well) Any other ideas? Rick From ecasarero at gmail.com Tue Mar 10 13:15:17 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 10 13:15:27 2009 Subject: OT: latinamerican spam Message-ID: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> If there is people from latin america (using MailScanner) interested in making regional antispam rules from SA or any other recipe please contact me at my personal email. The idea is to collaborate and improve spamassassin rules based on our regional spam traffic. I really need to improve detection rates ( i've all regular stuff ). Thanks! Eduardo. PD: if there is anyone from Buenos Aires/ Argentina we also can meet to drink a beer in honour to Julian and his great piece of software! From drew.marshall at trunknetworks.com Tue Mar 10 13:40:19 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Tue Mar 10 13:40:50 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090310120649.B988817066@out-b.mx.mail-launder.com> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> Message-ID: <200903101340.n2ADefDD025410@safir.blacknight.ie> On 10 Mar 2009, at 12:00, Julian Field wrote: >>>>> Jules >>>>> >>>> And if that doesn't work wouldn't this do the same thing? >>>> >>>> my @bodycheck = @{$body}; >>>> >>> This will involve making a copy of the entire message in >>> memory. *Very* >>> expensive thing to do, need to avoid this at all costs. >>>> for ($i=(@bodycheck-1);$i>= 0; $i--){ >>>> last if @bodycheck[$i] =~ /^\s*$/; >>>> >>> you don't really mean @bodycheck[$i] do you? Surely you mean >>> $bodycheck[$i]? >>>> print "Line is ****".@bodycheck[$i]."****\n"; >>>> pop @{$body}; >>>> } >>>> >>> So yes, it would do the same thing, but it will take a hell of a lot >>> longer to do, and will use a lot more memory too. >>>> Rick >>>> >>>> >> >> Well really I doubt the need to make the copy, just seems somehow >> wrong to >> use a for loop on something that we are shortening with each >> iteration but >> since the loop is bottom up and the pop is from the bottom you >> could just >> use $body because you are effectively just operating on the last >> item at a >> given moment. >> >> And, pardon my lack of ability to wrap my head around perl's >> handling of >> arrays (yes I don't care what perl thinks, a hash is an associative >> array so >> it should be able to be addressed directly by index or by key >> without all >> the machinations) I think I would then mean >> >> for ($i=(@{$body}-1);$i>= 0; $i--){ >> last if @{$body}[$i] =~ /^\s*$/; >> > You can't do @array[$index] to access the index'th element of array. > You mean $body->[$i] I *think*. I must admit I get a bit lost in all > the > redirections at times myself :-) > > for ($i=(@{$body}-1); $i>=0 $i--) { > last if $body->[$i] =~ /^\s*$/; > pop @{$body}; > } > > definitely looks possible. > >> print "Line $i is ****".@{$body}[$i]."****\n"; >> pop @{$body}; >> } >> >> If we are trying to do this by index->value not key->value. Again I >> am >> assuming the point is to pop off the body info from the end forward >> until >> reaching either a blank line or a line of nothing but white space. >> >> ?? >> >> Rick Ok, I'm lost but as and when you would like me to do something, don't hesitate to shout :-) Drew From MailScanner at ecs.soton.ac.uk Tue Mar 10 13:55:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 13:56:12 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903101340.n2ADefDD025410@safir.blacknight.ie> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> Message-ID: <49B67169.6070106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/3/09 13:40, Drew Marshall wrote: > > On 10 Mar 2009, at 12:00, Julian Field wrote: >>>>>> Jules >>>>>> >>>>> And if that doesn't work wouldn't this do the same thing? >>>>> >>>>> my @bodycheck = @{$body}; >>>>> >>>> This will involve making a copy of the entire message in >>>> memory. *Very* >>>> expensive thing to do, need to avoid this at all costs. >>>>> for ($i=(@bodycheck-1);$i>= 0; $i--){ >>>>> last if @bodycheck[$i] =~ /^\s*$/; >>>>> >>>> you don't really mean @bodycheck[$i] do you? Surely you mean >>>> $bodycheck[$i]? >>>>> print "Line is ****".@bodycheck[$i]."****\n"; >>>>> pop @{$body}; >>>>> } >>>>> >>>> So yes, it would do the same thing, but it will take a hell of a lot >>>> longer to do, and will use a lot more memory too. >>>>> Rick >>>>> >>>>> >>> >>> Well really I doubt the need to make the copy, just seems somehow >>> wrong to >>> use a for loop on something that we are shortening with each >>> iteration but >>> since the loop is bottom up and the pop is from the bottom you could >>> just >>> use $body because you are effectively just operating on the last >>> item at a >>> given moment. >>> >>> And, pardon my lack of ability to wrap my head around perl's >>> handling of >>> arrays (yes I don't care what perl thinks, a hash is an associative >>> array so >>> it should be able to be addressed directly by index or by key >>> without all >>> the machinations) I think I would then mean >>> >>> for ($i=(@{$body}-1);$i>= 0; $i--){ >>> last if @{$body}[$i] =~ /^\s*$/; >>> >> You can't do @array[$index] to access the index'th element of array. >> You mean $body->[$i] I *think*. I must admit I get a bit lost in all the >> redirections at times myself :-) >> >> for ($i=(@{$body}-1); $i>=0 $i--) { >> last if $body->[$i] =~ /^\s*$/; >> pop @{$body}; >> } >> >> definitely looks possible. >> >>> print "Line $i is ****".@{$body}[$i]."****\n"; >>> pop @{$body}; >>> } >>> >>> If we are trying to do this by index->value not key->value. Again I am >>> assuming the point is to pop off the body info from the end forward >>> until >>> reaching either a blank line or a line of nothing but white space. >>> >>> ?? >>> >>> Rick > > > Ok, I'm lost but as and when you would like me to do something, don't > hesitate to shout :-) > Yes, please try this version of the loop: for ($i=(@{$body}-1); $i>=0 $i--) { last if $body->[$i] =~ /^\s*$/; pop @{$body}; } Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtnFpEfZZRxQVtlQRAkWPAKDbRDi69uZHeJRthjCd/jXhulekAwCgw/JR m732Flderg2N/aFSNB6hWTE= =WlGp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jvoorhees1 at gmail.com Tue Mar 10 14:07:27 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Tue Mar 10 14:07:36 2009 Subject: OT: latinamerican spam In-Reply-To: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> References: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> Message-ID: hi: On Tue, Mar 10, 2009 at 8:15 AM, Eduardo Casarero wrote: > If there is people from latin america (using MailScanner) interested > in making regional antispam rules from SA or any other recipe please > contact me at my personal email. The idea is to collaborate and > improve spamassassin rules based on our regional spam traffic. > > I really need to improve detection rates ( i've all regular stuff ). > I'm from Peru. I'm using MailScanner with MCP and some plugins of SpamAssassin. These are my antispam techniques: - RBL checks by SpamAssassin (disabled by MailScanner with "Spam List" and "Spam List Domain") - razor - SpamAssassin auto whitelisting - SpamAssassin Bayes autolearning - SpamAssassin SPF checks - TextCat SpamAssassin plugin - A "Relayed by dialup" SpamAssassin plugin - SMTP delay greeting at MTA level with Postfix - Greylisting at MTA level with sqlgrey - Some restrict UCE checks at MTA level - Sanesecurity signatures for ClamAV - MCP rules with SpamAssassin Without using MCP rules I see that some spam messages aren't filtered. Those spams are in Spanish and almost always from my country or Latinoamerica containing "publicidad" word in the subject. I just use MCP rules to stop those messages containing "publicidad" like this: header REGLA_PUBLI1 Subject =~ /p?.{0,2}[vu].{0,2}b.{0,2}[1\|l].{0,2}.?.{0,2}[zsxc].{0,2}.?.{0,2}d.{0,2}a.{0,2}d/i describe REGLA_PUBLI1 Publicidad baneada score REGLA_PUBLI1 6 header REGLA_PUBLI12 Subject =~ /p[vu]b[\|l1][\|1i][zxsc][\|1i]d[4a]d/i describe REGLA_PUBLI12 Publicidad baneada score REGLA_PUBLI12 7 Now there are just a few spam messages (less than 50 maybe in a server that generates 20K emails daily) that are passing to the INBOX. Those can be moved to a Shared Spam folder where I get its contents via fetchmail and IMAP to run sa-learn everyday. This combination it's working almost perfect for several mailserver installations I've done. What kind of spam messages aren't you able to filter? > Thanks! > > Eduardo. > > PD: if there is anyone from Buenos Aires/ Argentina we also can meet > to drink a beer in honour to Julian and his great piece of software! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ecasarero at gmail.com Tue Mar 10 14:23:57 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 10 14:24:08 2009 Subject: OT: latinamerican spam In-Reply-To: References: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> Message-ID: <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> 2009/3/10 Jason Voorhees : > hi: > > On Tue, Mar 10, 2009 at 8:15 AM, Eduardo Casarero wrote: >> If there is people from latin america (using MailScanner) interested >> in making regional antispam rules from SA or any other recipe please >> contact me at my personal email. The idea is to collaborate and >> improve spamassassin rules based on our regional spam traffic. >> >> I really need to improve detection rates ( i've all regular stuff ). >> > I'm from Peru. I'm using MailScanner with MCP and some plugins of > SpamAssassin. These are my antispam techniques: > > - RBL checks by SpamAssassin (disabled by MailScanner with "Spam List" > and "Spam List Domain") > - razor > - SpamAssassin auto whitelisting > - SpamAssassin Bayes autolearning > - SpamAssassin SPF checks > - TextCat SpamAssassin plugin > - A "Relayed by dialup" SpamAssassin plugin > - SMTP delay greeting at MTA level with Postfix > - Greylisting at MTA level with sqlgrey > - Some restrict UCE checks at MTA level > - Sanesecurity signatures for ClamAV > - MCP rules with SpamAssassin > > Without using MCP rules I see that some spam messages aren't filtered. > Those spams are in Spanish and almost always from my country or > Latinoamerica containing "publicidad" word in the subject. > I just use MCP rules to stop those messages containing "publicidad" like this: > > header ? REGLA_PUBLI1 ? ?Subject =~ > /p?.{0,2}[vu].{0,2}b.{0,2}[1\|l].{0,2}.?.{0,2}[zsxc].{0,2}.?.{0,2}d.{0,2}a.{0,2}d/i > describe REGLA_PUBLI1 ? ?Publicidad baneada > score ? ?REGLA_PUBLI1 ? ?6 > > header ? REGLA_PUBLI12 ? ?Subject =~ /p[vu]b[\|l1][\|1i][zxsc][\|1i]d[4a]d/i > describe REGLA_PUBLI12 ? ?Publicidad baneada > score ? ?REGLA_PUBLI12 ? ?7 > > Now there are just a few spam messages (less than 50 maybe in a server > that generates 20K emails daily) that are passing to the INBOX. Those > can be moved to a Shared Spam folder where I get its contents via > fetchmail and IMAP to run sa-learn everyday. > > This combination it's working almost perfect for several mailserver > installations I've done. > What kind of spam messages aren't you able to filter? > I've a similar setup, but not mcp (i'm going to check that) i've servers on peru with the "publicidad" rule that matchs a lot of spam, but did you notice spam floods from .info domains (only in peru not in other latin country)? Now i'm seeing false negatives with turism advertisers (in spanish) that spamassasin cant catch, or e-learning. i've written some custom rules that seems to help but they are not wide enough. >> Thanks! >> >> Eduardo. >> >> PD: if there is anyone from Buenos Aires/ Argentina we also can meet >> to drink a beer in honour to Julian and his great piece of software! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jvoorhees1 at gmail.com Tue Mar 10 14:33:29 2009 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Tue Mar 10 14:33:38 2009 Subject: OT: latinamerican spam In-Reply-To: <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> References: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> Message-ID: On Tue, Mar 10, 2009 at 9:23 AM, Eduardo Casarero wrote: > 2009/3/10 Jason Voorhees : >> hi: >> >> On Tue, Mar 10, 2009 at 8:15 AM, Eduardo Casarero wrote: >>> If there is people from latin america (using MailScanner) interested >>> in making regional antispam rules from SA or any other recipe please >>> contact me at my personal email. The idea is to collaborate and >>> improve spamassassin rules based on our regional spam traffic. >>> >>> I really need to improve detection rates ( i've all regular stuff ). >>> >> I'm from Peru. I'm using MailScanner with MCP and some plugins of >> SpamAssassin. These are my antispam techniques: >> >> - RBL checks by SpamAssassin (disabled by MailScanner with "Spam List" >> and "Spam List Domain") >> - razor >> - SpamAssassin auto whitelisting >> - SpamAssassin Bayes autolearning >> - SpamAssassin SPF checks >> - TextCat SpamAssassin plugin >> - A "Relayed by dialup" SpamAssassin plugin >> - SMTP delay greeting at MTA level with Postfix >> - Greylisting at MTA level with sqlgrey >> - Some restrict UCE checks at MTA level >> - Sanesecurity signatures for ClamAV >> - MCP rules with SpamAssassin >> >> Without using MCP rules I see that some spam messages aren't filtered. >> Those spams are in Spanish and almost always from my country or >> Latinoamerica containing "publicidad" word in the subject. >> I just use MCP rules to stop those messages containing "publicidad" like this: >> >> header ? REGLA_PUBLI1 ? ?Subject =~ >> /p?.{0,2}[vu].{0,2}b.{0,2}[1\|l].{0,2}.?.{0,2}[zsxc].{0,2}.?.{0,2}d.{0,2}a.{0,2}d/i >> describe REGLA_PUBLI1 ? ?Publicidad baneada >> score ? ?REGLA_PUBLI1 ? ?6 >> >> header ? REGLA_PUBLI12 ? ?Subject =~ /p[vu]b[\|l1][\|1i][zxsc][\|1i]d[4a]d/i >> describe REGLA_PUBLI12 ? ?Publicidad baneada >> score ? ?REGLA_PUBLI12 ? ?7 >> >> Now there are just a few spam messages (less than 50 maybe in a server >> that generates 20K emails daily) that are passing to the INBOX. Those >> can be moved to a Shared Spam folder where I get its contents via >> fetchmail and IMAP to run sa-learn everyday. >> >> This combination it's working almost perfect for several mailserver >> installations I've done. >> What kind of spam messages aren't you able to filter? >> > > I've a similar setup, but not mcp (i'm going to check that) i've > servers on peru with the "publicidad" rule that matchs a lot of spam, > but did you notice spam floods from .info domains (only in peru not in > other latin country)? Yes, they come from .info domains almost 95% of times, but I don't blacklist them, I let MCP do the work with "publicidad" filter. Anyway, there's a lot of spam coming from Argentina (specially from Fibertel clients) that I can block at MTA level with UCE controls. > Now i'm seeing false negatives with turism advertisers (in spanish) > that spamassasin cant catch, or e-learning. i've written some custom > rules that seems to help but they are not wide enough. > What's the size of those messages? Do they contain only images with turism advertising? Where do they come from? Do the come from ADSL peers? It would be useful to share with us all information you can get from them, so maybe we can improve your antispam configuration because I know that english spam messages are easy to block but isn't so simple in Spanish. > > >>> Thanks! >>> >>> Eduardo. >>> >>> PD: if there is anyone from Buenos Aires/ Argentina we also can meet >>> to drink a beer in honour to Julian and his great piece of software! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Mar 10 15:00:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 15:00:58 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B67169.6070106@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> Message-ID: <49B68093.6050504@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/3/09 13:55, Julian Field wrote: > * PGP Signed: 03/10/09 at 13:55:53 > > > > On 10/3/09 13:40, Drew Marshall wrote: >> >> On 10 Mar 2009, at 12:00, Julian Field wrote: >>>>>>> Jules >>>>>>> >>>>>> And if that doesn't work wouldn't this do the same thing? >>>>>> >>>>>> my @bodycheck = @{$body}; >>>>>> >>>>> This will involve making a copy of the entire message in >>>>> memory. *Very* >>>>> expensive thing to do, need to avoid this at all costs. >>>>>> for ($i=(@bodycheck-1);$i>= 0; $i--){ >>>>>> last if @bodycheck[$i] =~ /^\s*$/; >>>>>> >>>>> you don't really mean @bodycheck[$i] do you? Surely you mean >>>>> $bodycheck[$i]? >>>>>> print "Line is ****".@bodycheck[$i]."****\n"; >>>>>> pop @{$body}; >>>>>> } >>>>>> >>>>> So yes, it would do the same thing, but it will take a hell of a lot >>>>> longer to do, and will use a lot more memory too. >>>>>> Rick >>>>>> >>>>>> >>>> >>>> Well really I doubt the need to make the copy, just seems somehow >>>> wrong to >>>> use a for loop on something that we are shortening with each >>>> iteration but >>>> since the loop is bottom up and the pop is from the bottom you >>>> could just >>>> use $body because you are effectively just operating on the last >>>> item at a >>>> given moment. >>>> >>>> And, pardon my lack of ability to wrap my head around perl's >>>> handling of >>>> arrays (yes I don't care what perl thinks, a hash is an associative >>>> array so >>>> it should be able to be addressed directly by index or by key >>>> without all >>>> the machinations) I think I would then mean >>>> >>>> for ($i=(@{$body}-1);$i>= 0; $i--){ >>>> last if @{$body}[$i] =~ /^\s*$/; >>>> >>> You can't do @array[$index] to access the index'th element of array. >>> You mean $body->[$i] I *think*. I must admit I get a bit lost in all >>> the >>> redirections at times myself :-) >>> >>> for ($i=(@{$body}-1); $i>=0 $i--) { >>> last if $body->[$i] =~ /^\s*$/; >>> pop @{$body}; >>> } >>> >>> definitely looks possible. >>> >>>> print "Line $i is ****".@{$body}[$i]."****\n"; >>>> pop @{$body}; >>>> } >>>> >>>> If we are trying to do this by index->value not key->value. Again I am >>>> assuming the point is to pop off the body info from the end forward >>>> until >>>> reaching either a blank line or a line of nothing but white space. >>>> >>>> ?? >>>> >>>> Rick >> >> >> Ok, I'm lost but as and when you would like me to do something, don't >> hesitate to shout :-) >> > Yes, please try this version of the loop: > for ($i=(@{$body}-1); $i>=0 $i--) { > last if $body->[$i] =~ /^\s*$/; > pop @{$body}; > } You'll probably need a quick my $i; before that code. So the final version looks like this: if ($configwords[1] =~ /tr[ua]/i) { my $i; for ($i=(@{$body}-1); $i>=0; $i++) { last if $body->[$i] =~ /^\s*$/i; pop @{$body}; } $b->Done(); return; } Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJtoCTEfZZRxQVtlQRAsQjAKCQ2RoMfBzL3C2A3xlsmluwOE+yWgCfWOou P1Vnpaqv6TJxsA8SCJOQLmA= =31q9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Tue Mar 10 15:10:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Mar 10 15:10:32 2009 Subject: OT: latinamerican spam In-Reply-To: <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> References: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> Message-ID: Eduardo Casarero wrote on Tue, 10 Mar 2009 12:23:57 -0200: > I've a similar setup, but not mcp (i'm going to check that) You don't need to use MCP for this, so you are doing it just the right way. The people that use MCP for this most often simply don't know that adding extra ruels to SA is so easy. (Before anyone barks, yes, I know that there are good uses for MCP, but in general, if all you want to do is add extra, better spam detection you don't have to use MCP and even should not use MCP as it adds an extra scan.) As an information, there's a German-specific ruleset that is also available over the SA update channels that Daryl makes available. So, if you come up with a good set of Spanish or Puertoguese rules and want to share it you should consider contacting Daryl (O'Shea, email address via SA users list) and ask for a channel. You should also ask for contributors on the SA users list directly. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From drew.marshall at trunknetworks.com Tue Mar 10 15:24:12 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Tue Mar 10 15:24:32 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090310150441.C276B17088@out-b.mx.mail-launder.com> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <20090310150441.C276B17088@out-b.mx.mail-launder.com> Message-ID: <200903101524.n2AFONQE028308@safir.blacknight.ie> On 10 Mar 2009, at 15:00, Julian Field wrote: > You'll probably need a quick > my $i; > before that code. So the final version looks like this: > > if ($configwords[1] =~ /tr[ua]/i) { > my $i; > for ($i=(@{$body}-1); $i>=0; $i++) { > last if $body->[$i] =~ /^\s*$/i; > pop @{$body}; > } > $b->Done(); > return; > } And that generates: MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 10 messages. max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' max message size is '250000 trackback' commit ineffective with AutoCommit enabled at /etc/MailScanner/ CustomFunctions/MailWatch.pm line 94, line 404. Stopping now as you are debugging me. Which is exactly what it should! :-) Excellent, well done. That code is now in production so I'll beta test the life out of it but I'm sure it will be fine. Thanks Jules, great job as ever. Drew From rcooper at dwford.com Tue Mar 10 16:10:08 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 10 16:10:24 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B68093.6050504@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> Message-ID: <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, March 10, 2009 11:01 AM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") as > an ARRAY ref while "strict refs" in use > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 10/3/09 13:55, Julian Field wrote: > > * PGP Signed: 03/10/09 at 13:55:53 > > > > > > > > On 10/3/09 13:40, Drew Marshall wrote: > >> > >> On 10 Mar 2009, at 12:00, Julian Field wrote: > >>>>>>> Jules > >>>>>>> > >>>>>> And if that doesn't work wouldn't this do the same thing? > >>>>>> > >>>>>> my @bodycheck = @{$body}; > >>>>>> > >>>>> This will involve making a copy of the entire message in > >>>>> memory. *Very* > >>>>> expensive thing to do, need to avoid this at all costs. > >>>>>> for ($i=(@bodycheck-1);$i>= 0; $i--){ > >>>>>> last if @bodycheck[$i] =~ /^\s*$/; > >>>>>> > >>>>> you don't really mean @bodycheck[$i] do you? Surely you mean > >>>>> $bodycheck[$i]? > >>>>>> print "Line is ****".@bodycheck[$i]."****\n"; > >>>>>> pop @{$body}; > >>>>>> } > >>>>>> > >>>>> So yes, it would do the same thing, but it will take a > hell of a lot > >>>>> longer to do, and will use a lot more memory too. > >>>>>> Rick > >>>>>> > >>>>>> > >>>> > >>>> Well really I doubt the need to make the copy, just > seems somehow > >>>> wrong to > >>>> use a for loop on something that we are shortening with each > >>>> iteration but > >>>> since the loop is bottom up and the pop is from the bottom you > >>>> could just > >>>> use $body because you are effectively just operating on the last > >>>> item at a > >>>> given moment. > >>>> > >>>> And, pardon my lack of ability to wrap my head around perl's > >>>> handling of > >>>> arrays (yes I don't care what perl thinks, a hash is an > associative > >>>> array so > >>>> it should be able to be addressed directly by index or by key > >>>> without all > >>>> the machinations) I think I would then mean > >>>> > >>>> for ($i=(@{$body}-1);$i>= 0; $i--){ > >>>> last if @{$body}[$i] =~ /^\s*$/; > >>>> > >>> You can't do @array[$index] to access the index'th > element of array. > >>> You mean $body->[$i] I *think*. I must admit I get a bit > lost in all > >>> the > >>> redirections at times myself :-) > >>> > >>> for ($i=(@{$body}-1); $i>=0 $i--) { > >>> last if $body->[$i] =~ /^\s*$/; > >>> pop @{$body}; > >>> } > >>> > >>> definitely looks possible. > >>> > >>>> print "Line $i is ****".@{$body}[$i]."****\n"; > >>>> pop @{$body}; > >>>> } > >>>> > >>>> If we are trying to do this by index->value not > key->value. Again I am > >>>> assuming the point is to pop off the body info from the > end forward > >>>> until > >>>> reaching either a blank line or a line of nothing but > white space. > >>>> > >>>> ?? > >>>> > >>>> Rick > >> > >> > >> Ok, I'm lost but as and when you would like me to do > something, don't > >> hesitate to shout :-) > >> > > Yes, please try this version of the loop: > > for ($i=(@{$body}-1); $i>=0 $i--) { > > last if $body->[$i] =~ /^\s*$/; > > pop @{$body}; > > } > You'll probably need a quick > my $i; > before that code. So the final version looks like this: > > if ($configwords[1] =~ /tr[ua]/i) { > my $i; > for ($i=(@{$body}-1); $i>=0; $i++) { > last if $body->[$i] =~ /^\s*$/i; > pop @{$body}; > } > $b->Done(); > return; > } > > Jules Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) { #decrement not increment Do you not?? Want to go from $body[length] to $body[0] bottom up right? Otherwise you are looking at array[0] and poping array[last_elememt] and it would suck if you meet in the middle. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Mar 10 16:13:50 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 10 16:14:05 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY refwhile "strict refs" in use In-Reply-To: <200903101524.n2AFONQE028308@safir.blacknight.ie> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk><20090310150441.C276B17088@out-b.mx.mail-launder.com> <200903101524.n2AFONQE028308@safir.blacknight.ie> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Drew Marshall > Sent: Tuesday, March 10, 2009 11:24 AM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") as > an ARRAY refwhile "strict refs" in use > > > On 10 Mar 2009, at 15:00, Julian Field wrote: > > > You'll probably need a quick > > my $i; > > before that code. So the final version looks like this: > > > > if ($configwords[1] =~ /tr[ua]/i) { > > my $i; > > for ($i=(@{$body}-1); $i>=0; $i++) { > > last if $body->[$i] =~ /^\s*$/i; > > pop @{$body}; > > } > > $b->Done(); > > return; > > } > > And that generates: > > MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 10 messages. > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > max message size is '250000 trackback' > commit ineffective with AutoCommit enabled at /etc/MailScanner/ > CustomFunctions/MailWatch.pm line 94, line 404. > Stopping now as you are debugging me. > > Which is exactly what it should! :-) > > Excellent, well done. That code is now in production so I'll > beta test > the life out of it but I'm sure it will be fine. > > Thanks Jules, great job as ever. > The $i++ is wrong, it should be $i-- Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 10 17:52:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 17:53:15 2009 Subject: OT: latinamerican spam In-Reply-To: References: <7d9b3cf20903100615t7aaa1a25q8747a2346884d58c@mail.gmail.com> <7d9b3cf20903100723u2af07d4dubed0a9b9fddf4ebc@mail.gmail.com> Message-ID: <49B6A8F5.5010904@ecs.soton.ac.uk> On 10/3/09 15:10, Kai Schaetzl wrote: > You don't need to use MCP for this, so you are doing it just the right > way. The people that use MCP for this most often simply don't know that > adding extra ruels to SA is so easy. (Before anyone barks, yes, I know > that there are good uses for MCP, but in general, if all you want to do is > add extra, better spam detection you don't have to use MCP and even should > not use MCP as it adds an extra scan.) > I second this, and agree with it entirely. MCP is almost always the wrong answer to your problem. The "actions" and in particular "SpamAssassin Rule Actions" had not occurred to me when I wrote MCP. Had they done so, I would never have written it. But if you do use MCP, don't worry: I am not going to do anything stupid like remove it. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 10 17:55:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 17:55:44 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> Message-ID: <49B6A98C.6020105@ecs.soton.ac.uk> On 10/3/09 16:10, Rick Cooper wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Tuesday, March 10, 2009 11:01 AM >> To: MailScanner discussion >> Subject: Re: Interesting Error - Can't use string ("1909") as >> an ARRAY ref while "strict refs" in use >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 10/3/09 13:55, Julian Field wrote: >> >>> * PGP Signed: 03/10/09 at 13:55:53 >>> >>> >>> >>> On 10/3/09 13:40, Drew Marshall wrote: >>> >>>> On 10 Mar 2009, at 12:00, Julian Field wrote: >>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>>> >>>>>>>> And if that doesn't work wouldn't this do the same thing? >>>>>>>> >>>>>>>> my @bodycheck = @{$body}; >>>>>>>> >>>>>>>> >>>>>>> This will involve making a copy of the entire message in >>>>>>> memory. *Very* >>>>>>> expensive thing to do, need to avoid this at all costs. >>>>>>> >>>>>>>> for ($i=(@bodycheck-1);$i>= 0; $i--){ >>>>>>>> last if @bodycheck[$i] =~ /^\s*$/; >>>>>>>> >>>>>>>> >>>>>>> you don't really mean @bodycheck[$i] do you? Surely you mean >>>>>>> $bodycheck[$i]? >>>>>>> >>>>>>>> print "Line is ****".@bodycheck[$i]."****\n"; >>>>>>>> pop @{$body}; >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>> So yes, it would do the same thing, but it will take a >>>>>>> >> hell of a lot >> >>>>>>> longer to do, and will use a lot more memory too. >>>>>>> >>>>>>>> Rick >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> Well really I doubt the need to make the copy, just >>>>>> >> seems somehow >> >>>>>> wrong to >>>>>> use a for loop on something that we are shortening with each >>>>>> iteration but >>>>>> since the loop is bottom up and the pop is from the bottom you >>>>>> could just >>>>>> use $body because you are effectively just operating on the last >>>>>> item at a >>>>>> given moment. >>>>>> >>>>>> And, pardon my lack of ability to wrap my head around perl's >>>>>> handling of >>>>>> arrays (yes I don't care what perl thinks, a hash is an >>>>>> >> associative >> >>>>>> array so >>>>>> it should be able to be addressed directly by index or by key >>>>>> without all >>>>>> the machinations) I think I would then mean >>>>>> >>>>>> for ($i=(@{$body}-1);$i>= 0; $i--){ >>>>>> last if @{$body}[$i] =~ /^\s*$/; >>>>>> >>>>>> >>>>> You can't do @array[$index] to access the index'th >>>>> >> element of array. >> >>>>> You mean $body->[$i] I *think*. I must admit I get a bit >>>>> >> lost in all >> >>>>> the >>>>> redirections at times myself :-) >>>>> >>>>> for ($i=(@{$body}-1); $i>=0 $i--) { >>>>> last if $body->[$i] =~ /^\s*$/; >>>>> pop @{$body}; >>>>> } >>>>> >>>>> definitely looks possible. >>>>> >>>>> >>>>>> print "Line $i is ****".@{$body}[$i]."****\n"; >>>>>> pop @{$body}; >>>>>> } >>>>>> >>>>>> If we are trying to do this by index->value not >>>>>> >> key->value. Again I am >> >>>>>> assuming the point is to pop off the body info from the >>>>>> >> end forward >> >>>>>> until >>>>>> reaching either a blank line or a line of nothing but >>>>>> >> white space. >> >>>>>> ?? >>>>>> >>>>>> Rick >>>>>> >>>> Ok, I'm lost but as and when you would like me to do >>>> >> something, don't >> >>>> hesitate to shout :-) >>>> >>>> >>> Yes, please try this version of the loop: >>> for ($i=(@{$body}-1); $i>=0 $i--) { >>> last if $body->[$i] =~ /^\s*$/; >>> pop @{$body}; >>> } >>> >> You'll probably need a quick >> my $i; >> before that code. So the final version looks like this: >> >> if ($configwords[1] =~ /tr[ua]/i) { >> my $i; >> for ($i=(@{$body}-1); $i>=0; $i++) { >> last if $body->[$i] =~ /^\s*$/i; >> pop @{$body}; >> } >> $b->Done(); >> return; >> } >> >> Jules >> > > Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) { #decrement > not increment > Of course I do, well done for spotting the intentional error, just making sure you guys are kept on your toes ;-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at trunknetworks.com Tue Mar 10 18:58:10 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Tue Mar 10 18:58:38 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090310180252.B4A26170B2@out-b.mx.mail-launder.com> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com> Message-ID: <200903101858.n2AIwU9V003222@safir.blacknight.ie> On 10 Mar 2009, at 17:55, Julian Field wrote: >> >> Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) >> { #decrement >> not increment >> > Of course I do, well done for spotting the intentional error, just > making sure you guys are kept on your toes ;-) Ok, so I now have (For the purposes of the record): if ($configwords[1] =~ /tr[ua]/i) { my $i; for ($i=(@{$body}-1); $i>=0; $i--) { last if $body->[$i] =~ /^\s*$/i; pop @{$body}; } $b->Done(); return; } Which still works: MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. max message size is '250000 trackback' commit ineffective with AutoCommit enabled at /etc/MailScanner/ CustomFunctions/MailWatch.pm line 94, line 61. Stopping now as you are debugging me. Still in production so tomorrow will give it a true test of a few '000 messages but I'm more than sure it will be fine (But then I said that last time ;-) ). Drew From itdept at fractalweb.com Tue Mar 10 19:27:31 2009 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Mar 10 19:27:51 2009 Subject: OT: problem with Outlook message size Message-ID: <49B6BF23.20903@fractalweb.com> My apologies for the off-topic message; I'm asking here hoping that someone may have run into this before and might have a solution. I have searched the net to no avail. Sadly, I'm not aware of a message-board or e-discussion list where this would be on-topic. If anyone knows of one, please let me know. I'm having a strange problem with Outlook on some machines but not others: the message size is incorrectly reported, usually by a factor of 4x. The problem is reproduce-able and on affected machines happens on each and every message. If I send a 1 MB attachment with a message, the message comes in and is reported by Outlook as 4 MB. A 2 MB attachment becomes 8 MB, and so on. There are other people with virtually identical configurations that are not affected. Affected email clients: MS Outlook 2003 (SP3) and MS Outlook 2007 (SP1). All affected machines are running WinXP Pro SP3. I have tried disabling all Outlook plug-ins, starting Outlook in safe mode, creating a new profile, even running Windows in "safe mode with networking" and the problem persists. I have tried disabling the client-level anti-virus software, as well as uninstalling it and rebooting. I have tried using POP3 and SSL-POP3, thinking the problem could be caused by the firewall. I've even tried re-imaging the machine, without improvement. Saving the attachment to the local machine results in the attachment being sized properly. If I set up Outlook Express to download the same email message, it comes in as its proper size. Forwarding the artificially larger message to an unaffected machine has the message come in at the appropriate size. Accessing the mail via a webmail client show the attachments at their proper sizes. Changing over to a different email client is not an option, as Outlook is the only allowed email client according to the company policy. Anyone have any suggestions? Thanks, Chris From glenn.steen at gmail.com Tue Mar 10 19:29:07 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 10 19:29:15 2009 Subject: Positive Score from Auto White LIst? In-Reply-To: <4baa40ce0903091250i79a996e9q61e6e3a572e5652d@mail.gmail.com> References: <4baa40ce0903091250i79a996e9q61e6e3a572e5652d@mail.gmail.com> Message-ID: <223f97700903101229n13e078ecofb7ee51cd62ee5b9@mail.gmail.com> 2009/3/9 Rick Duval : > Today I got a positive (spam) score based on an auto whitelist (which > I don't even use). Any idea where this is coming from? > > The message in MailWatch was: > > 24.37 ? AWL ? ? From: address is in the auto white-list > > Rick > aasts Since you have that score, you do indeed use the autowhitelist. Don't be fooled by the name, it isn't really what it seems... More like a "score averager" ... Matt Kettler (who has been a frequent SA guru on this list) is of the view that one shouldn't use it, since it doesn't have any "selfcleaning" feature (like bayes does), and in part because of that might get some really odd results. In this case, the sender has been a frequent sender of spam with really high scores, so ... the awl tries to "push" the score in that direction. If you don't want it, don't load it. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jv at vestings.dk Tue Mar 10 19:29:26 2009 From: jv at vestings.dk (Jakob Venning - Vestings) Date: Tue Mar 10 19:30:11 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= In-Reply-To: <49B65F07.3050508@vestings.dk> References: <49B65F07.3050508@vestings.dk> Message-ID: <49B6BF96.5000004@vestings.dk> The pattern I get from maillog is as: MailScanner[31295]: /var/spool/MailScanner/incoming/31295/n2AA1o6w031814/eicar.com:infected: EICAR-Test-File (not a virus) MailScanner[31295]: Virus Scanning: Bitdefender found 1 infections MailScanner[31295]: Virus Scanning: Found 1 viruses MailScanner[31295]: Virus Scanning completed at 665 bytes per second MailScanner[31295]: Uninfected: Delivered 1 messages The virus get delivered along with mail. The setup works when I switch to clamd. Any comments? NB. A version with a 30 days trial key can be downloaded from http://download.bitdefender.com/SMB/Workstation_Security_and_Management/BitDefender_Antivirus_Scanner_for_Unices/Unix/Current/EN_FR_BR_RO/Linux/ Jakob Jakob Venning - Vestings skrev: > I have the same problem with Bitdefender for Unices v7.90123 as > described by Jeroen in > http://article.gmane.org/gmane.mail.virus.mailscanner/68900/match=bitdefender+uninfected > > > Did anyone find a solution to this problem? > > My MailScanner version is 4.74-16 ? a fresh install from source > > Jakob > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 10 19:38:48 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 10 19:38:56 2009 Subject: Can't Disable Auto Whitelist??? In-Reply-To: <4baa40ce0903100601t77ce9c6v8d747f1cea0d449c@mail.gmail.com> References: <4baa40ce0903091750r7d17f66ew1b75db811ae56561@mail.gmail.com> <72cf361e0903100139m73dfad10td933eb21e56ef159@mail.gmail.com> <4baa40ce0903100601t77ce9c6v8d747f1cea0d449c@mail.gmail.com> Message-ID: <223f97700903101238t3abaf490j45623dea4c219265@mail.gmail.com> 2009/3/10 Rick Duval : >> >> Rick >> >> as another poster just said you need to disable this by commenting out >> the plugin in you *.pre files that are in the same place as youre >> mailscanner.cf and local.cf (normally /etc/mail/spamassassin) >> >> -- >> Martin Hepworth >> Oxford, UK > > > > Sorry. Should have mentioned I'd already done that in all the .pre > files I can find. > And the restart MailScanner so that it can load up a new SA without the AWL. Also comment the awl settings in the .cf files... IIRC, without the AWL plugin, there is nothing that understands them, so they might make SA error out. Check with a "spamassassin --lint -D 2>&1 | less -e" that you found all the myriad places the plugin could be loaded... Just search for "AWL"... If you find none, you are done. > (BTW it might be helpful to include that in the comments in > MailScanner.conf as well) > > Any other ideas? > > Rick Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Mar 10 19:58:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 10 19:59:16 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903101858.n2AIwU9V003222@safir.blacknight.ie> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com> <200903101858.n2AIwU9V003222@safir.blacknight.ie> Message-ID: <49B6C673.5030009@ecs.soton.ac.uk> On 10/3/09 18:58, Drew Marshall wrote: > > On 10 Mar 2009, at 17:55, Julian Field wrote: >>> >>> Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) { >>> #decrement >>> not increment >>> >> Of course I do, well done for spotting the intentional error, just >> making sure you guys are kept on your toes ;-) > > Ok, so I now have (For the purposes of the record): > > if ($configwords[1] =~ /tr[ua]/i) { > my $i; > for ($i=(@{$body}-1); $i>=0; $i--) { > last if $body->[$i] =~ /^\s*$/i; > pop @{$body}; > } > $b->Done(); > return; > } Correct. > > Which still works: > > MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > max message size is '250000 trackback' > commit ineffective with AutoCommit enabled at > /etc/MailScanner/CustomFunctions/MailWatch.pm line 94, line 61. > Stopping now as you are debugging me. > > Still in production so tomorrow will give it a true test of a few '000 > messages but I'm more than sure it will be fine (But then I said that > last time ;-) ). Oh, how I love working round bugs in Perl :-) Glad we got there in the end though, and the final code is a lot simpler to read than my first version too. I didn't do it this way initially as I don't like breaking out of "for" loops with "last", as that is what the termination condition is for. But it works, and that's the most important bit! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rick at duvals.ca Tue Mar 10 22:20:06 2009 From: rick at duvals.ca (Rick Duval) Date: Tue Mar 10 22:20:15 2009 Subject: Positive Score from Auto White LIst? In-Reply-To: <223f97700903101229n13e078ecofb7ee51cd62ee5b9@mail.gmail.com> References: <4baa40ce0903091250i79a996e9q61e6e3a572e5652d@mail.gmail.com> <223f97700903101229n13e078ecofb7ee51cd62ee5b9@mail.gmail.com> Message-ID: <4baa40ce0903101520l629a649an841487e6812bfeb6@mail.gmail.com> Fair enough, thanks ---------------------------------------------------- This message has been scanned for viruses and dangerous content by Accurate Anti-Spam Technologies. www.AccurateAntiSpam.com On Tue, Mar 10, 2009 at 3:29 PM, Glenn Steen wrote: > 2009/3/9 Rick Duval : >> Today I got a positive (spam) score based on an auto whitelist (which >> I don't even use). Any idea where this is coming from? >> >> The message in MailWatch was: >> >> 24.37 ? AWL ? ? From: address is in the auto white-list >> >> Rick >> aasts > Since you have that score, you do indeed use the autowhitelist. Don't > be fooled by the name, it isn't really what it seems... More like a > "score averager" ... Matt Kettler (who has been a frequent SA guru on > this list) is of the view that one shouldn't use it, since it doesn't > have any "selfcleaning" feature (like bayes does), and in part because > of that might get some really odd results. > In this case, the sender has been a frequent sender of spam with > really high scores, so ... the awl tries to "push" the score in that > direction. > > If you don't want it, don't load it. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > --------------------------------- > This message has been scanned for > viruses and dangerous content by > Accurate Anti-Spam Technologies. > www.AccurateAntiSpam.com > > From rcooper at dwford.com Tue Mar 10 23:08:43 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 10 23:09:03 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B6C673.5030009@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com><200903101858.n2AIwU9V003222@safir.blacknight.ie> <49B6C673.5030009@ecs.soton.ac.uk> Message-ID: <14426B89050645EABCF98C7CA10218D1@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, March 10, 2009 3:59 PM > To: MailScanner discussion > Subject: Re: Interesting Error - Can't use string ("1909") as > an ARRAY ref while "strict refs" in use > > > > On 10/3/09 18:58, Drew Marshall wrote: > > > > On 10 Mar 2009, at 17:55, Julian Field wrote: > >>> > >>> Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) { > >>> #decrement > >>> not increment > >>> > >> Of course I do, well done for spotting the intentional error, just > >> making sure you guys are kept on your toes ;-) > > > > Ok, so I now have (For the purposes of the record): > > > > if ($configwords[1] =~ /tr[ua]/i) { > > my $i; > > for ($i=(@{$body}-1); $i>=0; $i--) { > > last if $body->[$i] =~ /^\s*$/i; > > pop @{$body}; > > } > > $b->Done(); > > return; > > } > Correct. > > > > Which still works: > > > > MailScanner --debug > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 1 message. > > max message size is '250000 trackback' > > commit ineffective with AutoCommit enabled at > > /etc/MailScanner/CustomFunctions/MailWatch.pm line 94, > line 61. > > Stopping now as you are debugging me. > > > > Still in production so tomorrow will give it a true test of > a few '000 > > messages but I'm more than sure it will be fine (But then I > said that > > last time ;-) ). > Oh, how I love working round bugs in Perl :-) > Glad we got there in the end though, and the final code is a > lot simpler > to read than my first version too. I didn't do it this way > initially as > I don't like breaking out of "for" loops with "last", as that is what > the termination condition is for. > > But it works, and that's the most important bit! > > Jules > When/If that is a confirmed fix you might want to apply it to SMDiskStore.pm as well as it appears to share the same original trackback code Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Mar 10 23:26:10 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 10 23:26:36 2009 Subject: OT: problem with Outlook message size In-Reply-To: <49B6BF23.20903@fractalweb.com> References: <49B6BF23.20903@fractalweb.com> Message-ID: on 3-10-2009 12:27 PM Chris Yuzik spake the following: > My apologies for the off-topic message; I'm asking here hoping that > someone may have run into this before and might have a solution. I have > searched the net to no avail. Sadly, I'm not aware of a message-board or > e-discussion list where this would be on-topic. If anyone knows of one, > please let me know. > > I'm having a strange problem with Outlook on some machines but not > others: the message size is incorrectly reported, usually by a factor of > 4x. The problem is reproduce-able and on affected machines happens on > each and every message. If I send a 1 MB attachment with a message, the > message comes in and is reported by Outlook as 4 MB. A 2 MB attachment > becomes 8 MB, and so on. There are other people with virtually identical > configurations that are not affected. > > Affected email clients: MS Outlook 2003 (SP3) and MS Outlook 2007 (SP1). > All affected machines are running WinXP Pro SP3. > > I have tried disabling all Outlook plug-ins, starting Outlook in safe > mode, creating a new profile, even running Windows in "safe mode with > networking" and the problem persists. I have tried disabling the > client-level anti-virus software, as well as uninstalling it and > rebooting. I have tried using POP3 and SSL-POP3, thinking the problem > could be caused by the firewall. I've even tried re-imaging the machine, > without improvement. > > Saving the attachment to the local machine results in the attachment > being sized properly. > > If I set up Outlook Express to download the same email message, it comes > in as its proper size. > > Forwarding the artificially larger message to an unaffected machine has > the message come in at the appropriate size. > > Accessing the mail via a webmail client show the attachments at their > proper sizes. > > Changing over to a different email client is not an option, as Outlook > is the only allowed email client according to the company policy. > > Anyone have any suggestions? > > Thanks, > Chris Look at the following section in MailScanner.conf; # When the TNEF (winmail.dat) attachments are expanded, should the # attachments contained in there be added to the list of attachments in # the message? # If you set this to "add" or "replace" then recipients of messages sent # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments # if they are not using Microsoft Outlook. # # no => Leave winmail.dat TNEF attachments alone. # add => Add the contents of winmail.dat as extra attachments, but also # still include the winmail.dat file itself. This will result in # TNEF messages being doubled in size. # replace => Replace the winmail.dat TNEF attachment with the files it # contains, and delete the original winmail.dat file itself. # This means the message stays the same size, but is usable by # non-Outlook recipients. # # This can also be the filename of a ruleset. Use TNEF Contents = replace What do you have that set at? If you have it set at "add" it could make the messages 2x bigger. Add quoted printable encoding and it could add 25% to 30% more. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090310/7ca95612/signature.bin From itdept at fractalweb.com Tue Mar 10 23:38:27 2009 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Mar 10 23:38:43 2009 Subject: OT: problem with Outlook message size In-Reply-To: References: <49B6BF23.20903@fractalweb.com> Message-ID: <49B6F9F3.8090802@fractalweb.com> Scott Silva wrote: > Look at the following section in MailScanner.conf; > > > # When the TNEF (winmail.dat) attachments are expanded, should the > # attachments contained in there be added to the list of attachments in > # the message? > # If you set this to "add" or "replace" then recipients of messages sent > # in "Outlook Rich Text Format" (TNEF) will be able to read the attachments > # if they are not using Microsoft Outlook. > # > # no => Leave winmail.dat TNEF attachments alone. > # add => Add the contents of winmail.dat as extra attachments, but also > # still include the winmail.dat file itself. This will result in > # TNEF messages being doubled in size. > # replace => Replace the winmail.dat TNEF attachment with the files it > # contains, and delete the original winmail.dat file itself. > # This means the message stays the same size, but is usable by > # non-Outlook recipients. > # > # This can also be the filename of a ruleset. > Use TNEF Contents = replace > > > What do you have that set at? > If you have it set at "add" it could make the messages 2x bigger. Add quoted > printable encoding and it could add 25% to 30% more. > Scott, Thanks for the suggestion. I have it set to the following: Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 Any thoughts on these? Cheers, Chris From ssilva at sgvwater.com Tue Mar 10 23:45:39 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 10 23:46:04 2009 Subject: OT: problem with Outlook message size In-Reply-To: <49B6F9F3.8090802@fractalweb.com> References: <49B6BF23.20903@fractalweb.com> <49B6F9F3.8090802@fractalweb.com> Message-ID: on 3-10-2009 4:38 PM Chris Yuzik spake the following: > Scott Silva wrote: >> Look at the following section in MailScanner.conf; >> >> >> # When the TNEF (winmail.dat) attachments are expanded, should the >> # attachments contained in there be added to the list of attachments in >> # the message? >> # If you set this to "add" or "replace" then recipients of messages sent >> # in "Outlook Rich Text Format" (TNEF) will be able to read the >> attachments >> # if they are not using Microsoft Outlook. >> # >> # no => Leave winmail.dat TNEF attachments alone. >> # add => Add the contents of winmail.dat as extra attachments, but >> also >> # still include the winmail.dat file itself. This will >> result in >> # TNEF messages being doubled in size. >> # replace => Replace the winmail.dat TNEF attachment with the files it >> # contains, and delete the original winmail.dat file itself. >> # This means the message stays the same size, but is usable by >> # non-Outlook recipients. >> # >> # This can also be the filename of a ruleset. >> Use TNEF Contents = replace >> >> >> What do you have that set at? >> If you have it set at "add" it could make the messages 2x bigger. Add >> quoted >> printable encoding and it could add 25% to 30% more. >> > Scott, > > Thanks for the suggestion. I have it set to the following: > > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > > Any thoughts on these? > > Cheers, > Chris That is about what I have, but I am using the internal expander right now. Use what works for you. Did you have it set to "add"? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090310/14a7db92/signature.bin From correo at miguelangelnieto.net Tue Mar 10 23:52:47 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Tue Mar 10 23:53:32 2009 Subject: banned files inside a tar.gz Message-ID: <1236729167.3091.29.camel@estibaliz> Hi, If I send a .exe file inside a zip or rar, mailscanner detect it as a Banned Content (why not banned filename? lower priority?). But when I compress a exe file inside a tar.gz file, mailscanner dont look inside the file and the .exe didn't get banned. Do mailscanner support tar.gz checks? I have Debian Lenny and the latest version of mailscanner compiled from sources. Thank you and sorry for my english :) From itdept at fractalweb.com Wed Mar 11 01:50:27 2009 From: itdept at fractalweb.com (Chris Yuzik) Date: Wed Mar 11 01:50:36 2009 Subject: OT: problem with Outlook message size In-Reply-To: References: <49B6BF23.20903@fractalweb.com> <49B6F9F3.8090802@fractalweb.com> Message-ID: <49B718E3.80005@fractalweb.com> Scott Silva wrote: > That is about what I have, but I am using the internal expander right now. Use > what works for you. > > Did you have it set to "add"? > Scott, Nope, it was set to "replace" before. I am, however, testing the internal TNEF expander to see if that makes any difference. I'll let you know. Cheers, Chris From drew.marshall at trunknetworks.com Wed Mar 11 10:10:36 2009 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Wed Mar 11 10:10:57 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <20090310231202.6C032170AF@out-b.mx.mail-launder.com> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com><200903101858.n2AIwU9V003222@safir.blacknight.ie> <49B6C673.5030009@ecs.soton.ac.uk> <20090310231202.6C032170AF@out-b.mx.mail-launder.com> Message-ID: <200903111010.n2BAAmB1024673@safir.blacknight.ie> On 10 Mar 2009, at 23:08, Rick Cooper wrote: >>> Ok, so I now have (For the purposes of the record): >>> >>> if ($configwords[1] =~ /tr[ua]/i) { >>> my $i; >>> for ($i=(@{$body}-1); $i>=0; $i--) { >>> last if $body->[$i] =~ /^\s*$/i; >>> pop @{$body}; >>> } >>> $b->Done(); >>> return; >>> } >> Correct. >>> >>> Which still works: >>> >>> MailScanner --debug >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> Building a message batch to scan... >>> Have a batch of 1 message. >>> max message size is '250000 trackback' >>> commit ineffective with AutoCommit enabled at >>> /etc/MailScanner/CustomFunctions/MailWatch.pm line 94, >> line 61. >>> Stopping now as you are debugging me. >>> >>> Still in production so tomorrow will give it a true test of >> a few '000 >>> messages but I'm more than sure it will be fine (But then I >> said that >>> last time ;-) ). >> Oh, how I love working round bugs in Perl :-) >> Glad we got there in the end though, and the final code is a >> lot simpler >> to read than my first version too. I didn't do it this way >> initially as >> I don't like breaking out of "for" loops with "last", as that is what >> the termination condition is for. >> >> But it works, and that's the most important bit! >> >> Jules >> > > When/If that is a confirmed fix you might want to apply it to > SMDiskStore.pm > as well as it appears to share the same original trackback code > > Rick Probably worth lobbing it in a new beta release so more than just little ol' me gets to test it. Certainly from what I have seen in the last 12 hours or so, the code looks good with no problems showing up in any logs. Drew From MailScanner at ecs.soton.ac.uk Wed Mar 11 12:17:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 12:17:22 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <14426B89050645EABCF98C7CA10218D1@SAHOMELT> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com><200903101858.n2AIwU9V003222@safir.blacknight.ie> <49B6C673.5030009@ecs.soton.ac.uk> <14426B89050645EABCF98C7CA10218D1@SAHOMELT> Message-ID: <49B7ABC0.6080203@ecs.soton.ac.uk> On 10/3/09 23:08, Rick Cooper wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Tuesday, March 10, 2009 3:59 PM >> To: MailScanner discussion >> Subject: Re: Interesting Error - Can't use string ("1909") as >> an ARRAY ref while "strict refs" in use >> >> >> >> On 10/3/09 18:58, Drew Marshall wrote: >> >>> On 10 Mar 2009, at 17:55, Julian Field wrote: >>> >>>>> Julian, I believe you want for ($i=(@{$body}-1); $i>=0; $i--) { >>>>> #decrement >>>>> not increment >>>>> >>>>> >>>> Of course I do, well done for spotting the intentional error, just >>>> making sure you guys are kept on your toes ;-) >>>> >>> Ok, so I now have (For the purposes of the record): >>> >>> if ($configwords[1] =~ /tr[ua]/i) { >>> my $i; >>> for ($i=(@{$body}-1); $i>=0; $i--) { >>> last if $body->[$i] =~ /^\s*$/i; >>> pop @{$body}; >>> } >>> $b->Done(); >>> return; >>> } >>> >> Correct. >> >>> Which still works: >>> >>> MailScanner --debug >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> Building a message batch to scan... >>> Have a batch of 1 message. >>> max message size is '250000 trackback' >>> commit ineffective with AutoCommit enabled at >>> /etc/MailScanner/CustomFunctions/MailWatch.pm line 94, >>> >> line 61. >> >>> Stopping now as you are debugging me. >>> >>> Still in production so tomorrow will give it a true test of >>> >> a few '000 >> >>> messages but I'm more than sure it will be fine (But then I >>> >> said that >> >>> last time ;-) ). >>> >> Oh, how I love working round bugs in Perl :-) >> Glad we got there in the end though, and the final code is a >> lot simpler >> to read than my first version too. I didn't do it this way >> initially as >> I don't like breaking out of "for" loops with "last", as that is what >> the termination condition is for. >> >> But it works, and that's the most important bit! >> >> Jules >> >> > When/If that is a confirmed fix you might want to apply it to SMDiskStore.pm > as well as it appears to share the same original trackback code > Done. Thanks for reminding me! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 11 12:18:18 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 12:18:41 2009 Subject: banned files inside a tar.gz In-Reply-To: <1236729167.3091.29.camel@estibaliz> References: <1236729167.3091.29.camel@estibaliz> Message-ID: <49B7AC0A.9000609@ecs.soton.ac.uk> On 10/3/09 23:52, Miguel Angel Nieto wrote: > Hi, > > If I send a .exe file inside a zip or rar, mailscanner detect it as a > Banned Content (why not banned filename? lower priority?). > > But when I compress a exe file inside a tar.gz file, mailscanner dont > look inside the file and the .exe didn't get banned. Do mailscanner > support tar.gz checks? > It supports tar but not tar.gz, sorry. > I have Debian Lenny and the latest version of mailscanner compiled from > sources. > > Thank you and sorry for my english :) > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 11 12:18:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 12:19:06 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <200903111010.n2BAAmB1024673@safir.blacknight.ie> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk><409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie><49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <20090310180252.B4A26170B2@out-b.mx.mail-launder.com><200903101858.n2AIwU9V003222@safir.blacknight.ie> <49B6C673.5030009@ecs.soton.ac.uk> <20090310231202.6C032170AF@out-b.mx.mail-launder.com> <200903111010.n2BAAmB1024673@safir.blacknight.ie> Message-ID: <49B7AC27.20502@ecs.soton.ac.uk> On 11/3/09 10:10, Drew Marshall wrote: > > On 10 Mar 2009, at 23:08, Rick Cooper wrote: > >>>> Ok, so I now have (For the purposes of the record): >>>> >>>> if ($configwords[1] =~ /tr[ua]/i) { >>>> my $i; >>>> for ($i=(@{$body}-1); $i>=0; $i--) { >>>> last if $body->[$i] =~ /^\s*$/i; >>>> pop @{$body}; >>>> } >>>> $b->Done(); >>>> return; >>>> } >>> Correct. >>>> >>>> Which still works: >>>> >>>> MailScanner --debug >>>> In Debugging mode, not forking... >>>> Trying to setlogsock(unix) >>>> Building a message batch to scan... >>>> Have a batch of 1 message. >>>> max message size is '250000 trackback' >>>> commit ineffective with AutoCommit enabled at >>>> /etc/MailScanner/CustomFunctions/MailWatch.pm line 94, >>> line 61. >>>> Stopping now as you are debugging me. >>>> >>>> Still in production so tomorrow will give it a true test of >>> a few '000 >>>> messages but I'm more than sure it will be fine (But then I >>> said that >>>> last time ;-) ). >>> Oh, how I love working round bugs in Perl :-) >>> Glad we got there in the end though, and the final code is a >>> lot simpler >>> to read than my first version too. I didn't do it this way >>> initially as >>> I don't like breaking out of "for" loops with "last", as that is what >>> the termination condition is for. >>> >>> But it works, and that's the most important bit! >>> >>> Jules >>> >> >> When/If that is a confirmed fix you might want to apply it to >> SMDiskStore.pm >> as well as it appears to share the same original trackback code >> >> Rick > > Probably worth lobbing it in a new beta release so more than just > little ol' me gets to test it. Certainly from what I have seen in the > last 12 hours or so, the code looks good with no problems showing up > in any logs. Good idea. I have just published 4.75.8. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Wed Mar 11 13:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 11 13:31:32 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= In-Reply-To: <49B6BF96.5000004@vestings.dk> References: <49B65F07.3050508@vestings.dk> <49B6BF96.5000004@vestings.dk> Message-ID: Jakob Venning - Vestings wrote on Tue, 10 Mar 2009 20:29:26 +0100: > Any comments? Hm. I wonder why it says infected and not a virus at the same time. Is there a chance that bitdefender gives a special response if it recognizes the EICAR test virus? As, obviously, it is not a virus but a signature test. Have you tested with a *real* virus? (not a phishing or HTML one, you will probably need a "real" binary malware) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Mar 11 13:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 11 13:31:33 2009 Subject: banned files inside a tar.gz In-Reply-To: <49B7AC0A.9000609@ecs.soton.ac.uk> References: <1236729167.3091.29.camel@estibaliz> <49B7AC0A.9000609@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 11 Mar 2009 12:18:18 +0000: > It supports tar but not tar.gz, sorry. shouldn't that be easy to add? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From jv at vestings.dk Wed Mar 11 13:57:54 2009 From: jv at vestings.dk (Jakob Venning - Vestings) Date: Wed Mar 11 13:58:34 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= In-Reply-To: References: <49B65F07.3050508@vestings.dk> <49B6BF96.5000004@vestings.dk> Message-ID: <49B7C362.70108@vestings.dk> I just tried with worm - same thing the worm gets to my inbox MailScanner[26427]: Virus and Content Scanning: Starting MailScanner[26427]: /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/httpd:infected: Unix.Worm.Scalper.G MailScanner[26427]: /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq:infected: Generic.Slapper.F18A8CB9 MailScanner[26427]: /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq.c:infected: Linux.Worm.Slapper.A (SH) MailScanner[26427]: /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.uubugtraq=>.bugtraq.c:infected: Linux.Worm.Slapper.A (SH) MailScanner[26427]: Virus Scanning: Bitdefender found 4 infections MailScanner[26427]: Virus Scanning: Found 4 viruses MailScanner[26427]: Uninfected: Delivered 1 messages Jakob Kai Schaetzl skrev: > Jakob Venning - Vestings wrote on Tue, 10 Mar 2009 20:29:26 +0100: > > >> Any comments? >> > > Hm. I wonder why it says infected and not a virus at the same time. Is > there a chance that bitdefender gives a special response if it recognizes > the EICAR test virus? As, obviously, it is not a virus but a signature > test. Have you tested with a *real* virus? (not a phishing or HTML one, > you will probably need a "real" binary malware) > > Kai > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at vrt.dk Wed Mar 11 14:33:49 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Wed Mar 11 14:34:01 2009 Subject: Commercial Antivirus scanner capabilities Message-ID: <001801c9a256$64ed4bd0$2ec7e370$@dk> Hi all I recently had to renew one of our antivirus licenses for mailscanner. And I got to thinking, do anybody use a product which on top of simple virus protection also includes some sort of spam protection which can be used in combination with mailscanner? The reason I am asking is that a lot of the AV companies got anti spam products so I was just wondering if Any of them could be used in combination with mailscanner to help spamassassin kill all the spam. Atm. we use: F-secure (Which includes kaspersky?s engine) ClamAV (Obviously) ESET NOD32 (Because we got a great deal with them) Of those I only know about 3rd party sigs for ClamAV. So if anybody have any tips or suggestions let me know J Jonas A. Larsen, Support Mailscan.nu | Laplandsgade 4 | Postboks 4004 | 2300 K?benhavn S | www.mailscan.nu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090311/054df145/attachment.html From alex at rtpty.com Wed Mar 11 14:47:08 2009 From: alex at rtpty.com (Alex Neuman) Date: Wed Mar 11 14:47:20 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <001801c9a256$64ed4bd0$2ec7e370$@dk> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> Message-ID: <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> I've personally and subjectively found antispam products from people other than Julian lacking in almost every respect - from bad default settings to false positives in ranges too high to work comfortably. I've also found that ClamAV by itself is very good - and when combined with one (or more, if hardware allows) commercial engines you get a very thin additional layer of protection that's not bad, but the licensing has to be really cheap in order to get a reasonable ROI. On Wed, Mar 11, 2009 at 9:33 AM, Jonas Akrouh Larsen wrote: > Hi all > > > > I recently had to renew one of our antivirus licenses for mailscanner. > > > > And I got to thinking, do anybody use a product which on top of simple > virus protection also > > includes some sort of spam protection which can be used in combination with > mailscanner? > > > > The reason I am asking is that a lot of the AV companies got anti spam > products so I was just wondering if > > Any of them could be used in combination with mailscanner to help > spamassassin kill all the spam. > > > > Atm. we use: > > F-secure (Which includes kaspersky?s engine) > > ClamAV (Obviously) > > ESET NOD32 (Because we got a great deal with them) > > > > Of those I only know about 3rd party sigs for ClamAV. > > > > So if anybody have any tips or suggestions let me know J > > > > > > Jonas A. Larsen, Support > > > > Mailscan.nu | Laplandsgade 4 | Postboks 4004 | 2300 K?benhavn S | > www.mailscan.nu > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090311/fbc195c0/attachment.html From MailScanner at ecs.soton.ac.uk Wed Mar 11 15:36:01 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 15:36:27 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> Message-ID: <49B7DA61.8060309@ecs.soton.ac.uk> I would have to very strongly recommend BarricadeMX from Fort Systems. It's cheap, it will save you a lot in MailScanner hardware, and it *really* does work. Very well. Jules. On 11/3/09 14:47, Alex Neuman wrote: > I've personally and subjectively found antispam products from people > other than Julian lacking in almost every respect - from bad default > settings to false positives in ranges too high to work comfortably. > > I've also found that ClamAV by itself is very good - and when combined > with one (or more, if hardware allows) commercial engines you get a > very thin additional layer of protection that's not bad, but the > licensing has to be really cheap in order to get a reasonable ROI. > > On Wed, Mar 11, 2009 at 9:33 AM, Jonas Akrouh Larsen > wrote: > > Hi all > > I recently had to renew one of our antivirus licenses for mailscanner. > > And I got to thinking, do anybody use a product which on top of > simple virus protection also > > includes some sort of spam protection which can be used in > combination with mailscanner? > > The reason I am asking is that a lot of the AV companies got anti > spam products so I was just wondering if > > Any of them could be used in combination with mailscanner to help > spamassassin kill all the spam. > > Atm. we use: > > F-secure (Which includes kaspersky?s engine) > > ClamAV (Obviously) > > ESET NOD32 (Because we got a great deal with them) > > Of those I only know about 3^rd party sigs for ClamAV. > > So if anybody have any tips or suggestions let me know J > > Jonas A. Larsen, Support > > Mailscan.nu | Laplandsgade 4 | Postboks 4004 | 2300 K?benhavn S | > www.mailscan.nu > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Wed Mar 11 15:42:34 2009 From: alex at rtpty.com (Alex Neuman) Date: Wed Mar 11 15:42:47 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <49B7DA61.8060309@ecs.soton.ac.uk> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> <49B7DA61.8060309@ecs.soton.ac.uk> Message-ID: <24e3d2e40903110842o500c0795lb26775657c772dd9@mail.gmail.com> Which is why I recommend it as an alternative to rolling-your-own MailScanner setup if your budget allows. On Wed, Mar 11, 2009 at 10:36 AM, Julian Field wrote: > I would have to very strongly recommend BarricadeMX from Fort Systems. It's > cheap, it will save you a lot in MailScanner hardware, and it *really* does > work. Very well. > > Jules. > > On 11/3/09 14:47, Alex Neuman wrote: > >> I've personally and subjectively found antispam products from people other >> than Julian lacking in almost every respect - from bad default settings to >> false positives in ranges too high to work comfortably. >> >> I've also found that ClamAV by itself is very good - and when combined >> with one (or more, if hardware allows) commercial engines you get a very >> thin additional layer of protection that's not bad, but the licensing has to >> be really cheap in order to get a reasonable ROI. >> >> On Wed, Mar 11, 2009 at 9:33 AM, Jonas Akrouh Larsen > jonas@vrt.dk>> wrote: >> >> Hi all >> >> I recently had to renew one of our antivirus licenses for mailscanner. >> >> And I got to thinking, do anybody use a product which on top of >> simple virus protection also >> >> includes some sort of spam protection which can be used in >> combination with mailscanner? >> >> The reason I am asking is that a lot of the AV companies got anti >> spam products so I was just wondering if >> >> Any of them could be used in combination with mailscanner to help >> spamassassin kill all the spam. >> >> Atm. we use: >> >> F-secure (Which includes kaspersky?s engine) >> >> ClamAV (Obviously) >> >> ESET NOD32 (Because we got a great deal with them) >> >> Of those I only know about 3^rd party sigs for ClamAV. >> >> So if anybody have any tips or suggestions let me know J >> >> Jonas A. Larsen, Support >> >> Mailscan.nu | Laplandsgade 4 | Postboks 4004 | 2300 K?benhavn S | >> www.mailscan.nu >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> -- >> Alex Neuman van der Hans >> Reliant Technologies >> +507 6781-9505 >> +507 202-1525 >> alex@rtpty.com >> Skype: alexneuman >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090311/1b167ac6/attachment.html From jonas at vrt.dk Wed Mar 11 15:53:09 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Wed Mar 11 15:53:19 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <49B7DA61.8060309@ecs.soton.ac.uk> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> <49B7DA61.8060309@ecs.soton.ac.uk> Message-ID: <002401c9a261$799f72f0$6cde58d0$@dk> If we had a higher volume of mail traffic (much much higher) i would definately look into BarricadeMX. However compared to a normal commercial AV license its quite expensive + it becomes more expensive when scaling ( ie. the max domains allowed system) My point was that, since you need normal AV scanning in any case, maybe some vendors supplied Antispam scanning as well as anti virus scanning for the same price. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 11. marts 2009 16:36 To: MailScanner discussion Subject: Re: Commercial Antivirus scanner capabilities I would have to very strongly recommend BarricadeMX from Fort Systems. It's cheap, it will save you a lot in MailScanner hardware, and it *really* does work. Very well. Jules. he website! From ms-list at alexb.ch Wed Mar 11 16:05:45 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 11 16:05:54 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <001801c9a256$64ed4bd0$2ec7e370$@dk> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> Message-ID: <49B7E159.80903@alexb.ch> On 3/11/2009 3:33 PM, Jonas Akrouh Larsen wrote: > Hi all > > > > I recently had to renew one of our antivirus licenses for mailscanner. > > > > And I got to thinking, do anybody use a product which on top of simple virus > protection also > > includes some sort of spam protection which can be used in combination with > mailscanner? > > > > The reason I am asking is that a lot of the AV companies got anti spam > products so I was just wondering if > > Any of them could be used in combination with mailscanner to help > spamassassin kill all the spam. > > > > Atm. we use: > > F-secure (Which includes kaspersky?s engine) > > ClamAV (Obviously) > > ESET NOD32 (Because we got a great deal with them) > > Of those I only know about 3rd party sigs for ClamAV. > > > > So if anybody have any tips or suggestions let me know J Cloudmark has a very nice SA plugin, good service, great support, if you can afford the costs. Does lots of nice magic. Commtouch is a weird company to deal with, their stuff is FP prone. I never got to test their SA plugin as after getting 4 mails fullof marketing PDF fluff, they weren't willing to deliver a trial, after filling a trial form, go figure.. McAfee's Artemis is doing good stuff as AV. pointers may be of some use. Alex From glenn.steen at gmail.com Wed Mar 11 16:31:09 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 11 16:31:17 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <49B7E159.80903@alexb.ch> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> <49B7E159.80903@alexb.ch> Message-ID: <223f97700903110931l2cb1f63k7bdcef99cfb3bb84@mail.gmail.com> 2009/3/11 Alex Broens : > On 3/11/2009 3:33 PM, Jonas Akrouh Larsen wrote: >> >> Hi all >> >> >> I recently had to renew one of our antivirus licenses for mailscanner. >> >> >> And I got to thinking, do anybody use a product which on top of simple >> virus >> protection also >> >> includes some sort of spam protection which can be used in combination >> with >> mailscanner? >> >> >> The reason I am asking is that a lot of the AV companies got anti spam >> products so I was just wondering if >> >> Any of them could be used in combination with mailscanner to help >> spamassassin kill all the spam. >> >> >> Atm. we use: >> >> F-secure (Which includes kaspersky?s engine) >> >> ClamAV (Obviously) >> >> ESET NOD32 (Because we got a great deal with them) > >> >> Of those I only know about 3rd party sigs for ClamAV. >> >> >> So if anybody have any tips or suggestions let me know J > > Cloudmark has a very nice SA plugin, good service, great support, if you can > afford the costs. Does lots of nice magic. > > Commtouch is a weird company to deal with, their stuff is FP prone. > I never got to test their SA plugin as after getting 4 mails fullof > marketing PDF fluff, they weren't willing to deliver a trial, after filling > a trial form, go figure.. WatchGuard uses Commtouch for antispam... So far the vote in the user community has been that it is cr*p... I did try to use it during a very brief test period, but ... couldn't stand the FPs. The though there was that we could use that service as a fallback if things went south with our MS boxes. The solution to that was to have another spare MS box that doubles as a testbed instead:). > McAfee's Artemis is doing good stuff as AV. > > pointers may be of some use. > > Alex > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Mar 11 17:48:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 17:48:59 2009 Subject: Commercial Antivirus scanner capabilities In-Reply-To: <002401c9a261$799f72f0$6cde58d0$@dk> References: <001801c9a256$64ed4bd0$2ec7e370$@dk> <24e3d2e40903110747v1557d38al90ef2416bc03bdef@mail.gmail.com> <49B7DA61.8060309@ecs.soton.ac.uk> <002401c9a261$799f72f0$6cde58d0$@dk> Message-ID: <49B7F977.4000606@ecs.soton.ac.uk> On 11/3/09 15:53, Jonas Akrouh Larsen wrote: > If we had a higher volume of mail traffic (much much higher) i would > definately look into BarricadeMX. > > However compared to a normal commercial AV license its quite expensive + it > becomes more expensive when scaling ( ie. the max domains allowed system) > > My point was that, since you need normal AV scanning in any case, maybe some > vendors supplied Antispam scanning as well as anti virus scanning for the > same price. > BarricadeMX will happily talk to ClamAV for AV scanning, and it will save you considerable expense on hardware as one server running BarricadeMX can handle many millions of messages per day. In your price comparisons, do include the TCO including the repeated cost of the hardware to run it on! > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: 11. marts 2009 16:36 > To: MailScanner discussion > Subject: Re: Commercial Antivirus scanner capabilities > > I would have to very strongly recommend BarricadeMX from Fort Systems. > It's cheap, it will save you a lot in MailScanner hardware, and it > *really* does work. Very well. > > Jules. > > he website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Wed Mar 11 18:48:23 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 11 18:48:32 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B7AC27.20502@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <49B7AC27.20502@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 11 Mar 2009 12:18:47 +0000: > I have just published 4.75.8. updatems1.sh 4.75.8 Install MailScanner 4.75.8 Error: Version is wrong! It's actually 4.75.8-1 ;-) updatems1.sh 4.75.8-1 gives me these errors after restart: MailScanner: Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1942 Unrecognised keyword "placenewheadersattopofmessage" at line 1389 at /usr/lib/MailScanner/MailScanner/Config.pm line 1945 Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm line 1950 seems not all new code is in? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Mar 11 19:05:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 19:06:08 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <49B7AC27.20502@ecs.soton.ac.uk> Message-ID: <49B80B8E.7090007@ecs.soton.ac.uk> On 11/3/09 18:48, Kai Schaetzl wrote: > Julian Field wrote on Wed, 11 Mar 2009 12:18:47 +0000: > > >> I have just published 4.75.8. >> > updatems1.sh 4.75.8 > Install MailScanner 4.75.8 > > Error: Version is wrong! > > It's actually 4.75.8-1 ;-) > > updatems1.sh 4.75.8-1 gives me these errors after restart: > > MailScanner: Syntax error(s) in configuration file: at > /usr/lib/MailScanner/MailScanner/Config.pm line 1942 > Unrecognised keyword "placenewheadersattopofmessage" at line 1389 at > /usr/lib/MailScanner/MailScanner/Config.pm line 1945 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at > /usr/lib/MailScanner/MailScanner/Config.pm line 1950 > > seems not all new code is in? > 4.75.8-2 is on its way right now. Should be there by the time you receive this. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 11 19:16:54 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 19:17:14 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= In-Reply-To: <49B7C362.70108@vestings.dk> References: <49B65F07.3050508@vestings.dk> <49B6BF96.5000004@vestings.dk> <49B7C362.70108@vestings.dk> Message-ID: <49B80E26.7030802@ecs.soton.ac.uk> Please try 4.75.8-3 and let me know if it works any better. They changed the output format slightly, by swapping the requested scanned subdirectory with the full path to the files instead. The new code should work with old and new Bitdefender versions. On 11/3/09 13:57, Jakob Venning - Vestings wrote: > I just tried with worm - same thing the worm gets to my inbox > > MailScanner[26427]: Virus and Content Scanning: Starting > MailScanner[26427]: > /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/httpd:infected: > Unix.Worm.Scalper.G > MailScanner[26427]: > /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq:infected: > Generic.Slapper.F18A8CB9 > MailScanner[26427]: > /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq.c:infected: > Linux.Worm.Slapper.A (SH) > MailScanner[26427]: > /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.uubugtraq=>.bugtraq.c:infected: > Linux.Worm.Slapper.A (SH) > MailScanner[26427]: Virus Scanning: Bitdefender found 4 infections > MailScanner[26427]: Virus Scanning: Found 4 viruses > MailScanner[26427]: Uninfected: Delivered 1 messages > > Jakob > > Kai Schaetzl skrev: >> Jakob Venning - Vestings wrote on Tue, 10 Mar 2009 20:29:26 +0100: >> >>> Any comments? >> >> Hm. I wonder why it says infected and not a virus at the same time. >> Is there a chance that bitdefender gives a special response if it >> recognizes the EICAR test virus? As, obviously, it is not a virus but >> a signature test. Have you tested with a *real* virus? (not a >> phishing or HTML one, you will probably need a "real" binary malware) >> >> Kai >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed Mar 11 19:55:23 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 11 19:55:42 2009 Subject: Ruleset not accepted Message-ID: <49B8172B.6010405@USherbrooke.ca> Hello Julian, I am trying to use a ruleset for Max Spam Check Size and it gives this error when I lint: Value of maxspamchecksize cannot be a ruleset, only a simple value at /usr/lib/MailScanner/MailScanner/Config.pm line 2889 but MailScanner.conf says: # Spammers do not have the power to send out huge messages to everyone as # it costs them too much (more smaller messages makes more profit than less # very large messages). So if a message is bigger than a certain size, it # is highly unlikely to be spam. Limiting this saves a lot of time checking # huge messages. # Disable this option by setting it to a huge value. # This is measured in bytes. # This can also be the filename of a ruleset. Max Spam Check Size = %rules-dir%/max.spam.check.size.rules If it cannot use a ruleset, please correct the comments in MS.conf... OTOH, I would really like to use a ruleset there... Any chance you could provide me with a diff for MS 4.74.16 to correct the situation? Thanks again! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090311/316a11a4/smime.bin From maillists at conactive.com Wed Mar 11 20:11:05 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 11 20:11:18 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B80B8E.7090007@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <49B7AC27.20502@ecs.soton.ac.uk> Message-ID: <49B80B8E.7090007@ecs.soton.ac.uk> Reply-To: mailscanner@lists.mailscanner.info Julian Field wrote on Wed, 11 Mar 2009 19:05:50 +0000: > 4.75.8-2 is on its way right now. Should be there by the time you > receive this. yep, no error anymore! But you solved it by removing that option, is that code meant to be provided later? Have a nice evening, btw. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Mar 11 20:16:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 20:16:51 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <49B7AC27.20502@ecs.soton.ac.uk> Message-ID: <49B81C16.3060408@ecs.soton.ac.uk> On 11/3/09 20:11, Kai Schaetzl wrote: > <49B80B8E.7090007@ecs.soton.ac.uk> > Reply-To: mailscanner@lists.mailscanner.info > > Julian Field wrote on Wed, 11 Mar 2009 19:05:50 +0000: > > >> 4.75.8-2 is on its way right now. Should be there by the time you >> receive this. >> > yep, no error anymore! But you solved it by removing that option, is that > code meant to be provided later? > No, it's there as is the supporting code. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 11 20:22:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 20:22:41 2009 Subject: Ruleset not accepted In-Reply-To: <49B8172B.6010405@USherbrooke.ca> References: <49B8172B.6010405@USherbrooke.ca> Message-ID: <49B81D7B.7010708@ecs.soton.ac.uk> On 11/3/09 19:55, Denis Beauchemin wrote: > Hello Julian, > > I am trying to use a ruleset for Max Spam Check Size and it gives this > error when I lint: > Value of maxspamchecksize cannot be a ruleset, only a simple value at > /usr/lib/MailScanner/MailScanner/Config.pm line 2889 > > but MailScanner.conf says: > # Spammers do not have the power to send out huge messages to everyone as > # it costs them too much (more smaller messages makes more profit than > less > # very large messages). So if a message is bigger than a certain size, it > # is highly unlikely to be spam. Limiting this saves a lot of time > checking > # huge messages. > # Disable this option by setting it to a huge value. > # This is measured in bytes. > # This can also be the filename of a ruleset. > Max Spam Check Size = %rules-dir%/max.spam.check.size.rules > > If it cannot use a ruleset, please correct the comments in MS.conf... > OTOH, I would really like to use a ruleset there... Any chance you > could provide me with a diff for MS 4.74.16 to correct the situation? I have changed the ConfigDefs.pl to reflect the correct situation. You can fix this by moving the definition of MaxSpamCheckSize from [Simple,Number] to [First,Number] in ConfigDefs.pl. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 11 20:24:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 11 20:24:41 2009 Subject: Ruleset not accepted In-Reply-To: <49B8172B.6010405@USherbrooke.ca> References: <49B8172B.6010405@USherbrooke.ca> Message-ID: <49B81DF5.4060308@ecs.soton.ac.uk> I have just released 4.75.8-4 to account for this fix. On 11/3/09 19:55, Denis Beauchemin wrote: > Hello Julian, > > I am trying to use a ruleset for Max Spam Check Size and it gives this > error when I lint: > Value of maxspamchecksize cannot be a ruleset, only a simple value at > /usr/lib/MailScanner/MailScanner/Config.pm line 2889 > > but MailScanner.conf says: > # Spammers do not have the power to send out huge messages to everyone as > # it costs them too much (more smaller messages makes more profit than > less > # very large messages). So if a message is bigger than a certain size, it > # is highly unlikely to be spam. Limiting this saves a lot of time > checking > # huge messages. > # Disable this option by setting it to a huge value. > # This is measured in bytes. > # This can also be the filename of a ruleset. > Max Spam Check Size = %rules-dir%/max.spam.check.size.rules > > If it cannot use a ruleset, please correct the comments in MS.conf... > OTOH, I would really like to use a ruleset there... Any chance you > could provide me with a diff for MS 4.74.16 to correct the situation? > > Thanks again! > > Denis > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Wed Mar 11 20:27:45 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 11 20:27:58 2009 Subject: Ruleset not accepted In-Reply-To: <49B81D7B.7010708@ecs.soton.ac.uk> References: <49B8172B.6010405@USherbrooke.ca> <49B81D7B.7010708@ecs.soton.ac.uk> Message-ID: <49B81EC1.4050609@USherbrooke.ca> Thanks again, Julian! :) Denis Julian Field a ?crit : > > > On 11/3/09 19:55, Denis Beauchemin wrote: >> Hello Julian, >> >> I am trying to use a ruleset for Max Spam Check Size and it gives >> this error when I lint: >> Value of maxspamchecksize cannot be a ruleset, only a simple value at >> /usr/lib/MailScanner/MailScanner/Config.pm line 2889 >> >> but MailScanner.conf says: >> # Spammers do not have the power to send out huge messages to >> everyone as >> # it costs them too much (more smaller messages makes more profit >> than less >> # very large messages). So if a message is bigger than a certain >> size, it >> # is highly unlikely to be spam. Limiting this saves a lot of time >> checking >> # huge messages. >> # Disable this option by setting it to a huge value. >> # This is measured in bytes. >> # This can also be the filename of a ruleset. >> Max Spam Check Size = %rules-dir%/max.spam.check.size.rules >> >> If it cannot use a ruleset, please correct the comments in MS.conf... >> OTOH, I would really like to use a ruleset there... Any chance you >> could provide me with a diff for MS 4.74.16 to correct the situation? > I have changed the ConfigDefs.pl to reflect the correct situation. > You can fix this by moving the definition of MaxSpamCheckSize from > [Simple,Number] to [First,Number] in ConfigDefs.pl. > > Jules > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From glenn at mail.txwes.edu Wed Mar 11 21:50:20 2009 From: glenn at mail.txwes.edu (Glenn) Date: Wed Mar 11 21:50:46 2009 Subject: How to Remove X-headers Message-ID: <20090311214836.M92789@mail.txwes.edu> We use MailScanner and Postfix on a mail gateway server and forward mail to an internal Microsoft Exchange 2003 server. Evidently, enough X-headers have accumulated in an Exchange database to cause a problem, so we need to remove X-headers before they are forwarded to the Exchange server. There is a line in MailScanner.conf that allows us to name whatever headers we want to remove ("Remove These Headers"), but this raises some questions. If we just blanket remove all X-headers, won't this defeat features of MailScanner that depend on MailScanner adding headers? According to hints in the MailScanner rules directory, we should be able to use regular Perl expresssions to create a ruleset to exclude certain headers from the delete list. My problem is that I don't have a clue how to write regular Perl expressions. From what I've read online, for example, the lines below should be equivalent, but when I use the Perl expression in the ruleset it doesn't work. From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header From: [ipaddress] /^XMime.*\:/ ##this doesn't I know this isn't a Perl forum, but I'm hoping that someone who has tried this can enlighten me. If I could just get a simple expression to work, I might be able to build what I need. Thanks. -Glenn. From jv at vestings.dk Wed Mar 11 22:20:16 2009 From: jv at vestings.dk (Jakob Venning - Vestings) Date: Wed Mar 11 22:20:27 2009 Subject: Bitdefender infected =?windows-1252?q?=96_but_delivered?= In-Reply-To: <49B80E26.7030802@ecs.soton.ac.uk> References: <49B65F07.3050508@vestings.dk> <49B6BF96.5000004@vestings.dk> <49B7C362.70108@vestings.dk> <49B80E26.7030802@ecs.soton.ac.uk> Message-ID: <49B83920.3070508@vestings.dk> I can verify that the problem is solved with 4.75.8-4 - Thank you. Julian Field skrev: > Please try 4.75.8-3 and let me know if it works any better. They > changed the output format slightly, by swapping the requested scanned > subdirectory with the full path to the files instead. > The new code should work with old and new Bitdefender versions. > > On 11/3/09 13:57, Jakob Venning - Vestings wrote: >> I just tried with worm - same thing the worm gets to my inbox >> >> MailScanner[26427]: Virus and Content Scanning: Starting >> MailScanner[26427]: >> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/httpd:infected: >> Unix.Worm.Scalper.G >> MailScanner[26427]: >> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq:infected: >> Generic.Slapper.F18A8CB9 >> MailScanner[26427]: >> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq.c:infected: >> Linux.Worm.Slapper.A (SH) >> MailScanner[26427]: >> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.uubugtraq=>.bugtraq.c:infected: >> Linux.Worm.Slapper.A (SH) >> MailScanner[26427]: Virus Scanning: Bitdefender found 4 infections >> MailScanner[26427]: Virus Scanning: Found 4 viruses >> MailScanner[26427]: Uninfected: Delivered 1 messages >> >> Jakob >> >> Kai Schaetzl skrev: >>> Jakob Venning - Vestings wrote on Tue, 10 Mar 2009 20:29:26 +0100: >>> >>>> Any comments? >>> >>> Hm. I wonder why it says infected and not a virus at the same time. >>> Is there a chance that bitdefender gives a special response if it >>> recognizes the EICAR test virus? As, obviously, it is not a virus >>> but a signature test. Have you tested with a *real* virus? (not a >>> phishing or HTML one, you will probably need a "real" binary malware) >>> >>> Kai >>> >> > > Jules > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Wed Mar 11 22:53:58 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 11 22:54:07 2009 Subject: How to Remove X-headers In-Reply-To: <20090311214836.M92789@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> Message-ID: <49B84106.6070201@alexb.ch> On 3/11/2009 10:50 PM, Glenn wrote: > We use MailScanner and Postfix on a mail gateway server and forward mail to > an internal Microsoft Exchange 2003 server. Evidently, enough X-headers have > accumulated in an Exchange database to cause a problem, so we need to remove > X-headers before they are forwarded to the Exchange server. > > There is a line in MailScanner.conf that allows us to name whatever headers > we want to remove ("Remove These Headers"), but this raises some questions. > If we just blanket remove all X-headers, won't this defeat features of > MailScanner that depend on MailScanner adding headers? > > According to hints in the MailScanner rules directory, we should be able to > use regular Perl expresssions to create a ruleset to exclude certain headers > from the delete list. My problem is that I don't have a clue how to write > regular Perl expressions. From what I've read online, for example, the lines > below should be equivalent, but when I use the Perl expression in the ruleset > it doesn't work. > > From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > > From: [ipaddress] /^XMime.*\:/ ##this doesn't > > I know this isn't a Perl forum, but I'm hoping that someone who has tried > this can enlighten me. If I could just get a simple expression to work, I > might be able to build what I need. Thanks. -Glenn. Before you start breaking MIME headers, who told you this or what MS KB article covers this? From glenn.steen at gmail.com Thu Mar 12 08:35:10 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 12 08:35:19 2009 Subject: How to Remove X-headers In-Reply-To: <49B84106.6070201@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> Message-ID: <223f97700903120135x10b52513uef20f8be85adc276@mail.gmail.com> 2009/3/11 Alex Broens : > On 3/11/2009 10:50 PM, Glenn wrote: >> >> We use MailScanner and Postfix on a mail gateway server and forward mail >> to an internal Microsoft Exchange 2003 server. ?Evidently, enough X-headers >> have accumulated in an Exchange database to cause a problem, so we need to >> remove X-headers before they are forwarded to the Exchange server. >> >> There is a line in MailScanner.conf that allows us to name whatever >> headers we want to remove ("Remove These Headers"), but this raises some >> questions. ?If we just blanket remove all X-headers, won't this defeat >> features of MailScanner that depend on MailScanner adding headers? >> >> According to hints in the MailScanner rules directory, we should be able >> to use regular Perl expresssions to create a ruleset to exclude certain >> headers from the delete list. ?My problem is that I don't have a clue how to >> write regular Perl expressions. ?From what I've read online, for example, >> the lines below should be equivalent, but when I use the Perl expression in >> the ruleset it doesn't work. >> >> From: ?[ipaddress] ?X-MimeOLE: ? ?##this removes the X-MimeOLE header >> >> From: ?[ipaddress] ?/^XMime.*\:/ ?##this doesn't >> >> I know this isn't a Perl forum, but I'm hoping that someone who has tried >> this can enlighten me. ?If I could just get a simple expression to work, I >> might be able to build what I need. ?Thanks. ? -Glenn. > > Before you start breaking MIME headers, who told you this or what MS KB > article covers this? > Apart from that... this would be the job of PF, IMO... Just a header check with an IGNORE... Something like: /^X-MimeOLE:/ IGNORE # This drops the MIME type header ... would work nicely. But do as Kai tells you, think carefully on what the ramifications of any such exclusion would be before implementing! There are quite a few examples of headers to remove on various postfix-related sites... Google and take your pick:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From joost at waversveld.nl Thu Mar 12 08:38:58 2009 From: joost at waversveld.nl (Joost Waversveld) Date: Thu Mar 12 08:39:40 2009 Subject: How to Remove X-headers In-Reply-To: <49B84106.6070201@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> Message-ID: <49B8CA22.3080202@waversveld.nl> /^XMime.*\:/ would match XMime (and not X-Mime) The regular expression should be /^X-Mime.*\:/ Best regards, Joost Waversveld Alex Broens wrote: > On 3/11/2009 10:50 PM, Glenn wrote: >> We use MailScanner and Postfix on a mail gateway server and forward >> mail to an internal Microsoft Exchange 2003 server. Evidently, >> enough X-headers have accumulated in an Exchange database to cause a >> problem, so we need to remove X-headers before they are forwarded to >> the Exchange server. >> >> There is a line in MailScanner.conf that allows us to name whatever >> headers we want to remove ("Remove These Headers"), but this raises >> some questions. If we just blanket remove all X-headers, won't this >> defeat features of MailScanner that depend on MailScanner adding >> headers? >> >> According to hints in the MailScanner rules directory, we should be >> able to use regular Perl expresssions to create a ruleset to exclude >> certain headers from the delete list. My problem is that I don't >> have a clue how to write regular Perl expressions. From what I've >> read online, for example, the lines below should be equivalent, but >> when I use the Perl expression in the ruleset it doesn't work. >> >> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header >> >> From: [ipaddress] /^XMime.*\:/ ##this doesn't >> >> I know this isn't a Perl forum, but I'm hoping that someone who has >> tried this can enlighten me. If I could just get a simple expression >> to work, I might be able to build what I need. Thanks. -Glenn. > > Before you start breaking MIME headers, who told you this or what MS > KB article covers this? > -- Joost Waversveld From ms-list at alexb.ch Thu Mar 12 08:47:28 2009 From: ms-list at alexb.ch (Alex Broens) Date: Thu Mar 12 08:47:38 2009 Subject: How to Remove X-headers In-Reply-To: <223f97700903120135x10b52513uef20f8be85adc276@mail.gmail.com> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <223f97700903120135x10b52513uef20f8be85adc276@mail.gmail.com> Message-ID: <49B8CC20.30400@alexb.ch> On 3/12/2009 9:35 AM, Glenn Steen wrote: > 2009/3/11 Alex Broens : >> On 3/11/2009 10:50 PM, Glenn wrote: >>> We use MailScanner and Postfix on a mail gateway server and forward mail >>> to an internal Microsoft Exchange 2003 server. Evidently, enough X-headers >>> have accumulated in an Exchange database to cause a problem, so we need to >>> remove X-headers before they are forwarded to the Exchange server. >>> >>> There is a line in MailScanner.conf that allows us to name whatever >>> headers we want to remove ("Remove These Headers"), but this raises some >>> questions. If we just blanket remove all X-headers, won't this defeat >>> features of MailScanner that depend on MailScanner adding headers? >>> >>> According to hints in the MailScanner rules directory, we should be able >>> to use regular Perl expresssions to create a ruleset to exclude certain >>> headers from the delete list. My problem is that I don't have a clue how to >>> write regular Perl expressions. From what I've read online, for example, >>> the lines below should be equivalent, but when I use the Perl expression in >>> the ruleset it doesn't work. >>> >>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header >>> >>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>> >>> I know this isn't a Perl forum, but I'm hoping that someone who has tried >>> this can enlighten me. If I could just get a simple expression to work, I >>> might be able to build what I need. Thanks. -Glenn. >> Before you start breaking MIME headers, who told you this or what MS KB >> article covers this? >> > Apart from that... this would be the job of PF, IMO... Just a header > check with an IGNORE... Something like: > /^X-MimeOLE:/ IGNORE # This drops > the MIME type header > .... would work nicely. *normally* PF header checks happen before MS/SA see the msgs removing some of these headers would do fun stuff with SA's rules. OL would become the worst ratware :-) (rants left out on purpose :-) Whatever, the reason you were given to do this feels like very bad advice. > But do as Kai tells you, think carefully on what the ramifications of > any such exclusion would be before implementing! > There are quite a few examples of headers to remove on various > postfix-related sites... Google and take your pick:-) > > Cheers From prandal at herefordshire.gov.uk Thu Mar 12 10:07:07 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 12 10:07:28 2009 Subject: How to Remove X-headers In-Reply-To: <49B84106.6070201@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> We've hit the same issue this week. The relevant Microsoft documentation is here: Understanding the Impact of Named Property and Replica Identifier Limits on Exchange Databases http://technet.microsoft.com/en-us/library/bb851492.aspx Events 9666, 9667, 9668, and 9669 Received When Named Properties or Replica Identifiers Are Depleted for An Exchange Database http://technet.microsoft.com/en-us/library/bb851495.aspx Note how Microsoft has completely lost the plot on this one, and fails to understand that there could be any number of unique X- header lines, not just their arbitrary limit of at most 327766 "Named properties". Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: 11 March 2009 22:54 To: MailScanner discussion Subject: Re: How to Remove X-headers On 3/11/2009 10:50 PM, Glenn wrote: > We use MailScanner and Postfix on a mail gateway server and forward > mail to an internal Microsoft Exchange 2003 server. Evidently, enough > X-headers have accumulated in an Exchange database to cause a problem, > so we need to remove X-headers before they are forwarded to the Exchange server. > > There is a line in MailScanner.conf that allows us to name whatever > headers we want to remove ("Remove These Headers"), but this raises some questions. > If we just blanket remove all X-headers, won't this defeat features of > MailScanner that depend on MailScanner adding headers? > > According to hints in the MailScanner rules directory, we should be > able to use regular Perl expresssions to create a ruleset to exclude > certain headers from the delete list. My problem is that I don't have > a clue how to write regular Perl expressions. From what I've read > online, for example, the lines below should be equivalent, but when I > use the Perl expression in the ruleset it doesn't work. > > From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > > From: [ipaddress] /^XMime.*\:/ ##this doesn't > > I know this isn't a Perl forum, but I'm hoping that someone who has > tried this can enlighten me. If I could just get a simple expression to work, I > might be able to build what I need. Thanks. -Glenn. Before you start breaking MIME headers, who told you this or what MS KB article covers this? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From prandal at herefordshire.gov.uk Thu Mar 12 10:18:49 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 12 10:19:09 2009 Subject: How to Remove X-headers In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA062285C8@HC-MBX02.herefordshire.gov.uk> Oops, a bit of a stutter there - 32766, not 327766. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 12 March 2009 10:07 To: MailScanner discussion Subject: RE: How to Remove X-headers We've hit the same issue this week. The relevant Microsoft documentation is here: Understanding the Impact of Named Property and Replica Identifier Limits on Exchange Databases http://technet.microsoft.com/en-us/library/bb851492.aspx Events 9666, 9667, 9668, and 9669 Received When Named Properties or Replica Identifiers Are Depleted for An Exchange Database http://technet.microsoft.com/en-us/library/bb851495.aspx Note how Microsoft has completely lost the plot on this one, and fails to understand that there could be any number of unique X- header lines, not just their arbitrary limit of at most 327766 "Named properties". Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: 11 March 2009 22:54 To: MailScanner discussion Subject: Re: How to Remove X-headers On 3/11/2009 10:50 PM, Glenn wrote: > We use MailScanner and Postfix on a mail gateway server and forward > mail to an internal Microsoft Exchange 2003 server. Evidently, enough > X-headers have accumulated in an Exchange database to cause a problem, > so we need to remove X-headers before they are forwarded to the Exchange server. > > There is a line in MailScanner.conf that allows us to name whatever > headers we want to remove ("Remove These Headers"), but this raises some questions. > If we just blanket remove all X-headers, won't this defeat features of > MailScanner that depend on MailScanner adding headers? > > According to hints in the MailScanner rules directory, we should be > able to use regular Perl expresssions to create a ruleset to exclude > certain headers from the delete list. My problem is that I don't have > a clue how to write regular Perl expressions. From what I've read > online, for example, the lines below should be equivalent, but when I > use the Perl expression in the ruleset it doesn't work. > > From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > > From: [ipaddress] /^XMime.*\:/ ##this doesn't > > I know this isn't a Perl forum, but I'm hoping that someone who has > tried this can enlighten me. If I could just get a simple expression to work, I > might be able to build what I need. Thanks. -Glenn. Before you start breaking MIME headers, who told you this or what MS KB article covers this? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Thu Mar 12 10:21:37 2009 From: ms-list at alexb.ch (Alex Broens) Date: Thu Mar 12 10:21:46 2009 Subject: How to Remove X-headers In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> Message-ID: <49B8E231.2050907@alexb.ch> On 3/12/2009 11:07 AM, Randal, Phil wrote: > We've hit the same issue this week. > > The relevant Microsoft documentation is here: > > Understanding the Impact of Named Property and Replica Identifier Limits > on Exchange Databases > > http://technet.microsoft.com/en-us/library/bb851492.aspx > > Events 9666, 9667, 9668, and 9669 Received When Named Properties or > Replica Identifiers Are Depleted for An Exchange Database > > http://technet.microsoft.com/en-us/library/bb851495.aspx > > Note how Microsoft has completely lost the plot on this one, and fails > to understand that there could be any number of unique X- header lines, > not just their arbitrary limit of at most 327766 "Named properties". BIG LAUGH! whoever came up with this scheme should be sued.. na.. better: shot! whatever... I wouldn't play with mime headers but start eliminating unnecesssary MailScanner Organisation etc headers, bulker's X- tracking headers, List mail bloat, yahoo groups bloat, etc etc. playing with MUA Mime headers and OLE/etc is definitely the VERY wrong way to go. Alex PS: Long live real *mail* storage platforms. From glenn.steen at gmail.com Thu Mar 12 11:31:14 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 12 11:31:22 2009 Subject: How to Remove X-headers In-Reply-To: <49B8CC20.30400@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <223f97700903120135x10b52513uef20f8be85adc276@mail.gmail.com> <49B8CC20.30400@alexb.ch> Message-ID: <223f97700903120431v7a50c790hf40f4f7d387072fe@mail.gmail.com> 2009/3/12 Alex Broens : > On 3/12/2009 9:35 AM, Glenn Steen wrote: >> >> 2009/3/11 Alex Broens : >>> >>> On 3/11/2009 10:50 PM, Glenn wrote: >>>> >>>> We use MailScanner and Postfix on a mail gateway server and forward mail >>>> to an internal Microsoft Exchange 2003 server. ?Evidently, enough >>>> X-headers >>>> have accumulated in an Exchange database to cause a problem, so we need >>>> to >>>> remove X-headers before they are forwarded to the Exchange server. >>>> >>>> There is a line in MailScanner.conf that allows us to name whatever >>>> headers we want to remove ("Remove These Headers"), but this raises some >>>> questions. ?If we just blanket remove all X-headers, won't this defeat >>>> features of MailScanner that depend on MailScanner adding headers? >>>> >>>> According to hints in the MailScanner rules directory, we should be able >>>> to use regular Perl expresssions to create a ruleset to exclude certain >>>> headers from the delete list. ?My problem is that I don't have a clue >>>> how to >>>> write regular Perl expressions. ?From what I've read online, for >>>> example, >>>> the lines below should be equivalent, but when I use the Perl expression >>>> in >>>> the ruleset it doesn't work. >>>> >>>> From: ?[ipaddress] ?X-MimeOLE: ? ?##this removes the X-MimeOLE header >>>> >>>> From: ?[ipaddress] ?/^XMime.*\:/ ?##this doesn't >>>> >>>> I know this isn't a Perl forum, but I'm hoping that someone who has >>>> tried >>>> this can enlighten me. ?If I could just get a simple expression to work, >>>> I >>>> might be able to build what I need. ?Thanks. ? -Glenn. >>> >>> Before you start breaking MIME headers, who told you this or what MS KB >>> article covers this? >>> >> Apart from that... this would be the job of PF, IMO... Just a header >> check with an IGNORE... Something like: >> /^X-MimeOLE:/ ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?IGNORE ?# This drops >> the MIME type header >> .... would work nicely. > > *normally* PF header checks happen before MS/SA see the msgs > removing some of these headers would do fun stuff with SA's rules. > OL would become the worst ratware ?:-) > (rants left out on purpose :-) :-) > Whatever, the reason you were given to do this feels like very bad advice. CC >> But do as Kai tells you, think carefully on what the ramifications of Unintenional mixup there... Didn't mean Kai, meant you Alex, all along:-). >> any such exclusion would be before implementing! >> There are quite a few examples of headers to remove on various >> postfix-related sites... Google and take your pick:-) >> >> Cheers > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 12 11:34:31 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 12 11:34:39 2009 Subject: How to Remove X-headers In-Reply-To: <49B8E231.2050907@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49B8E231.2050907@alexb.ch> Message-ID: <223f97700903120434q5c2b2018n16ea8ed3c2b526dc@mail.gmail.com> 2009/3/12 Alex Broens : > > On 3/12/2009 11:07 AM, Randal, Phil wrote: >> >> We've hit the same issue this week. >> >> The relevant Microsoft documentation is here: >> >> Understanding the Impact of Named Property and Replica Identifier Limits >> on Exchange Databases >> >> http://technet.microsoft.com/en-us/library/bb851492.aspx >> >> Events 9666, 9667, 9668, and 9669 Received When Named Properties or >> Replica Identifiers Are Depleted for An Exchange Database >> >> http://technet.microsoft.com/en-us/library/bb851495.aspx >> Note how Microsoft has completely lost the plot on this one, and fails >> to understand that there could be any number of unique X- header lines, >> not just their arbitrary limit of at most 327766 "Named properties". > > BIG LAUGH! whoever came up with this scheme should be sued.. na.. better: > shot! > > whatever... I wouldn't play with mime headers but start eliminating > unnecesssary MailScanner Organisation etc headers, bulker's X- tracking > headers, List mail bloat, yahoo groups bloat, etc etc. > > playing with MUA Mime headers and OLE/etc is definitely the VERY wrong way > to go. > > Alex > PS: Long live real *mail* storage platforms. > Unbeleivable. Sigh. But then ... M$ never had the plot to lose, now did they?:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Thu Mar 12 12:51:28 2009 From: ms-list at alexb.ch (Alex Broens) Date: Thu Mar 12 12:51:37 2009 Subject: How to Remove X-headers In-Reply-To: <223f97700903120434q5c2b2018n16ea8ed3c2b526dc@mail.gmail.com> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49B8E231.2050907@alexb.ch> <223f97700903120434q5c2b2018n16ea8ed3c2b526dc@mail.gmail.com> Message-ID: <49B90550.5090205@alexb.ch> On 3/12/2009 12:34 PM, Glenn Steen wrote: > 2009/3/12 Alex Broens : >> On 3/12/2009 11:07 AM, Randal, Phil wrote: >>> We've hit the same issue this week. >>> >>> The relevant Microsoft documentation is here: >>> >>> Understanding the Impact of Named Property and Replica Identifier Limits >>> on Exchange Databases >>> >>> http://technet.microsoft.com/en-us/library/bb851492.aspx >>> >>> Events 9666, 9667, 9668, and 9669 Received When Named Properties or >>> Replica Identifiers Are Depleted for An Exchange Database >>> >>> http://technet.microsoft.com/en-us/library/bb851495.aspx >>> Note how Microsoft has completely lost the plot on this one, and fails >>> to understand that there could be any number of unique X- header lines, >>> not just their arbitrary limit of at most 327766 "Named properties". >> BIG LAUGH! whoever came up with this scheme should be sued.. na.. better: >> shot! >> >> whatever... I wouldn't play with mime headers but start eliminating >> unnecesssary MailScanner Organisation etc headers, bulker's X- tracking >> headers, List mail bloat, yahoo groups bloat, etc etc. >> >> playing with MUA Mime headers and OLE/etc is definitely the VERY wrong way >> to go. >> >> Alex >> PS: Long live real *mail* storage platforms. >> > Unbeleivable. Sigh. But then ... M$ never had the plot to lose, now did they?:-) 655360 bytes total conventional memory 655360 bytes available to MS-DOS 627552 largest executable program size 1048576 bytes total contiguous extended memory 0 bytes available contiguous extended memory 941056 bytes available XMS memory MS-DOS resident in High Memory Area does this ring any bell? :-) From glenn.steen at gmail.com Thu Mar 12 13:24:42 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 12 13:24:52 2009 Subject: How to Remove X-headers In-Reply-To: <49B90550.5090205@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49B8E231.2050907@alexb.ch> <223f97700903120434q5c2b2018n16ea8ed3c2b526dc@mail.gmail.com> <49B90550.5090205@alexb.ch> Message-ID: <223f97700903120624j3c1903ddm42fd48216408779e@mail.gmail.com> 2009/3/12 Alex Broens : > On 3/12/2009 12:34 PM, Glenn Steen wrote: >> >> 2009/3/12 Alex Broens : >>> >>> On 3/12/2009 11:07 AM, Randal, Phil wrote: >>>> >>>> We've hit the same issue this week. >>>> >>>> The relevant Microsoft documentation is here: >>>> >>>> Understanding the Impact of Named Property and Replica Identifier Limits >>>> on Exchange Databases >>>> >>>> http://technet.microsoft.com/en-us/library/bb851492.aspx >>>> >>>> Events 9666, 9667, 9668, and 9669 Received When Named Properties or >>>> Replica Identifiers Are Depleted for An Exchange Database >>>> >>>> http://technet.microsoft.com/en-us/library/bb851495.aspx >>>> Note how Microsoft has completely lost the plot on this one, and fails >>>> to understand that there could be any number of unique X- header lines, >>>> not just their arbitrary limit of at most 327766 "Named properties". >>> >>> BIG LAUGH! whoever came up with this scheme should be sued.. na.. better: >>> shot! >>> >>> whatever... I wouldn't play with mime headers but start eliminating >>> unnecesssary MailScanner Organisation etc headers, bulker's X- tracking >>> headers, List mail bloat, yahoo groups bloat, etc etc. >>> >>> playing with MUA Mime headers and OLE/etc is definitely the VERY wrong >>> way >>> to go. >>> >>> Alex >>> PS: Long live real *mail* storage platforms. >>> >> Unbeleivable. Sigh. But then ... M$ never had the plot to lose, now did >> they?:-) > > ? ?655360 bytes total conventional memory > ? ?655360 bytes available to MS-DOS > ? ?627552 largest executable program size > > ? 1048576 bytes total contiguous extended memory > ? ? ? ? 0 bytes available contiguous extended memory > ? ?941056 bytes available XMS memory > ? ? ? ? ? MS-DOS resident in High Memory Area > > > does this ring any bell? > > :-) LOL .... or the "1.44 megabyte" diskette.... 1440 KiB != 1.44 MiB ... 1440 KiB != 1.44 MB ... Uuuh:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn at mail.txwes.edu Thu Mar 12 14:02:37 2009 From: glenn at mail.txwes.edu (Glenn) Date: Thu Mar 12 14:03:03 2009 Subject: How to Remove X-headers In-Reply-To: <49B8CA22.3080202@waversveld.nl> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> Message-ID: <20090312135558.M65770@mail.txwes.edu> Thanks for all the attention, but I'm afraid I still have the same problem. Regardless of the propriety of doing so, I would like to be able to filter headers using the "Remove These Headers" ruleset, and I can't get it to work with Perl regular expressions. Joost's post seems to confirm that I am using an expression that should remove the X-MimeOLE: header, but it doesn't. Can anyone shed light on this? Thanks. -Glenn. ---------- Original Message ----------- From: Joost Waversveld To: MailScanner discussion Sent: Thu, 12 Mar 2009 09:38:58 +0100 Subject: Re: How to Remove X-headers > /^XMime.*\:/ would match XMime (and not X- > Mime) > > The regular expression should be /^X-Mime.*\:/ > > Best regards, > > Joost Waversveld > > Alex Broens wrote: > > On 3/11/2009 10:50 PM, Glenn wrote: > >> We use MailScanner and Postfix on a mail gateway server and forward > >> mail to an internal Microsoft Exchange 2003 server. Evidently, > >> enough X-headers have accumulated in an Exchange database to cause a > >> problem, so we need to remove X-headers before they are forwarded to > >> the Exchange server. > >> > >> There is a line in MailScanner.conf that allows us to name whatever > >> headers we want to remove ("Remove These Headers"), but this raises > >> some questions. If we just blanket remove all X-headers, won't this > >> defeat features of MailScanner that depend on MailScanner adding > >> headers? > >> > >> According to hints in the MailScanner rules directory, we should be > >> able to use regular Perl expresssions to create a ruleset to exclude > >> certain headers from the delete list. My problem is that I don't > >> have a clue how to write regular Perl expressions. From what I've > >> read online, for example, the lines below should be equivalent, but > >> when I use the Perl expression in the ruleset it doesn't work. > >> > >> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > >> > >> From: [ipaddress] /^XMime.*\:/ ##this doesn't > >> > >> I know this isn't a Perl forum, but I'm hoping that someone who has > >> tried this can enlighten me. If I could just get a simple expression > >> to work, I might be able to build what I need. Thanks. -Glenn. > > > > Before you start breaking MIME headers, who told you this or what MS > > KB article covers this? > > > > -- > Joost Waversveld > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From glenn at mail.txwes.edu Thu Mar 12 14:14:22 2009 From: glenn at mail.txwes.edu (Glenn) Date: Thu Mar 12 14:14:43 2009 Subject: How to Remove X-headers In-Reply-To: <20090312135558.M65770@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> Message-ID: <20090312141015.M36577@mail.txwes.edu> Oh, sorry, I did not read Joost's post carefully enough to see the difference between his expression and mine. However, I just tested his expression, /^X- Mime.*\:/ , and it doesn't work either. I am wondering if MailScanner can use Perl expressions in this ruleset? Thanks again. -Glenn. ---------- Original Message ----------- From: "Glenn" To: MailScanner discussion Sent: Thu, 12 Mar 2009 09:02:37 -0500 Subject: Re: How to Remove X-headers > Thanks for all the attention, but I'm afraid I still have the same > problem. Regardless of the propriety of doing so, I would like to > be able to filter headers using the "Remove These Headers" ruleset, > and I can't get it to work with Perl regular expressions. Joost's > post seems to confirm that I am using an expression that should > remove the X-MimeOLE: header, but it doesn't. Can anyone shed light > on this? Thanks. -Glenn. > > ---------- Original Message ----------- > From: Joost Waversveld > To: MailScanner discussion > Sent: Thu, 12 Mar 2009 09:38:58 +0100 > Subject: Re: How to Remove X-headers > > > /^XMime.*\:/ would match XMime (and not X- > > Mime) > > > > The regular expression should be /^X-Mime.*\:/ > > > > Best regards, > > > > Joost Waversveld > > > > Alex Broens wrote: > > > On 3/11/2009 10:50 PM, Glenn wrote: > > >> We use MailScanner and Postfix on a mail gateway server and forward > > >> mail to an internal Microsoft Exchange 2003 server. Evidently, > > >> enough X-headers have accumulated in an Exchange database to cause a > > >> problem, so we need to remove X-headers before they are forwarded to > > >> the Exchange server. > > >> > > >> There is a line in MailScanner.conf that allows us to name whatever > > >> headers we want to remove ("Remove These Headers"), but this raises > > >> some questions. If we just blanket remove all X-headers, won't this > > >> defeat features of MailScanner that depend on MailScanner adding > > >> headers? > > >> > > >> According to hints in the MailScanner rules directory, we should be > > >> able to use regular Perl expresssions to create a ruleset to exclude > > >> certain headers from the delete list. My problem is that I don't > > >> have a clue how to write regular Perl expressions. From what I've > > >> read online, for example, the lines below should be equivalent, but > > >> when I use the Perl expression in the ruleset it doesn't work. > > >> > > >> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > > >> > > >> From: [ipaddress] /^XMime.*\:/ ##this doesn't > > >> > > >> I know this isn't a Perl forum, but I'm hoping that someone who has > > >> tried this can enlighten me. If I could just get a simple expression > > >> to work, I might be able to build what I need. Thanks. -Glenn. > > > > > > Before you start breaking MIME headers, who told you this or what MS > > > KB article covers this? > > > > > > > -- > > Joost Waversveld > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > ------- End of Original Message ------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From MailScanner at ecs.soton.ac.uk Thu Mar 12 14:22:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 12 14:22:31 2009 Subject: How to Remove X-headers In-Reply-To: <20090312141015.M36577@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> Message-ID: <49B91A8C.2030409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, you can't use a regular expression to define which headers you want to remove, just a list of header names. I'm fairly sure the documentation does not imply that you *can* use regexps here. On 12/3/09 14:14, Glenn wrote: > Oh, sorry, I did not read Joost's post carefully enough to see the difference > between his expression and mine. However, I just tested his expression, /^X- > Mime.*\:/ , and it doesn't work either. I am wondering if MailScanner can > use Perl expressions in this ruleset? Thanks again. -Glenn. > > ---------- Original Message ----------- > From: "Glenn" > To: MailScanner discussion > Sent: Thu, 12 Mar 2009 09:02:37 -0500 > Subject: Re: How to Remove X-headers > > >> Thanks for all the attention, but I'm afraid I still have the same >> problem. Regardless of the propriety of doing so, I would like to >> be able to filter headers using the "Remove These Headers" ruleset, >> and I can't get it to work with Perl regular expressions. Joost's >> post seems to confirm that I am using an expression that should >> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >> on this? Thanks. -Glenn. >> >> ---------- Original Message ----------- >> From: Joost Waversveld >> To: MailScanner discussion >> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >> Subject: Re: How to Remove X-headers >> >> >>> /^XMime.*\:/ would match XMime (and not X- >>> Mime) >>> >>> The regular expression should be /^X-Mime.*\:/ >>> >>> Best regards, >>> >>> Joost Waversveld >>> >>> Alex Broens wrote: >>> >>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>> >>>>> We use MailScanner and Postfix on a mail gateway server and forward >>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, >>>>> enough X-headers have accumulated in an Exchange database to cause a >>>>> problem, so we need to remove X-headers before they are forwarded to >>>>> the Exchange server. >>>>> >>>>> There is a line in MailScanner.conf that allows us to name whatever >>>>> headers we want to remove ("Remove These Headers"), but this raises >>>>> some questions. If we just blanket remove all X-headers, won't this >>>>> defeat features of MailScanner that depend on MailScanner adding >>>>> headers? >>>>> >>>>> According to hints in the MailScanner rules directory, we should be >>>>> able to use regular Perl expresssions to create a ruleset to exclude >>>>> certain headers from the delete list. My problem is that I don't >>>>> have a clue how to write regular Perl expressions. From what I've >>>>> read online, for example, the lines below should be equivalent, but >>>>> when I use the Perl expression in the ruleset it doesn't work. >>>>> >>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header >>>>> >>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>> >>>>> I know this isn't a Perl forum, but I'm hoping that someone who has >>>>> tried this can enlighten me. If I could just get a simple expression >>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>> >>>> Before you start breaking MIME headers, who told you this or what MS >>>> KB article covers this? >>>> >>>> >>> -- >>> Joost Waversveld >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> ------- End of Original Message ------- >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ------- End of Original Message ------- > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJuRqMEfZZRxQVtlQRAp1TAKCrSEREXCfFVjsC63fLHfdpRGo9tgCfTj5w ibl3FL6uiJr1P9lK96ALWRI= =r+cL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 12 14:40:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 12 14:41:10 2009 Subject: How to Remove X-headers In-Reply-To: <49B91A8C.2030409@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> Message-ID: <49B91EF3.4070709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have just taken a look at the code. Have you tried something like this in your ruleset From: 10.11.12.13 X-Mime.* as I think that may well indeed work. It won't work in Exim, but may well work in the others. If people want this functionality put in properly so you could do something like From: 10.11.12.13 ^X-Mime.* to anchor it properly, then I could add this. Jules. On 12/3/09 14:22, Julian Field wrote: > * PGP Signed: 03/12/09 at 14:22:04 > > No, you can't use a regular expression to define which headers you > want to remove, just a list of header names. I'm fairly sure the > documentation does not imply that you *can* use regexps here. > > On 12/3/09 14:14, Glenn wrote: >> Oh, sorry, I did not read Joost's post carefully enough to see the >> difference >> between his expression and mine. However, I just tested his >> expression, /^X- >> Mime.*\:/ , and it doesn't work either. I am wondering if >> MailScanner can >> use Perl expressions in this ruleset? Thanks again. -Glenn. >> >> ---------- Original Message ----------- >> From: "Glenn" >> To: MailScanner discussion >> Sent: Thu, 12 Mar 2009 09:02:37 -0500 >> Subject: Re: How to Remove X-headers >> >>> Thanks for all the attention, but I'm afraid I still have the same >>> problem. Regardless of the propriety of doing so, I would like to >>> be able to filter headers using the "Remove These Headers" ruleset, >>> and I can't get it to work with Perl regular expressions. Joost's >>> post seems to confirm that I am using an expression that should >>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >>> on this? Thanks. -Glenn. >>> >>> ---------- Original Message ----------- >>> From: Joost Waversveld >>> To: MailScanner discussion >>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >>> Subject: Re: How to Remove X-headers >>> >>>> /^XMime.*\:/ would match XMime (and not X- >>>> Mime) >>>> >>>> The regular expression should be /^X-Mime.*\:/ >>>> >>>> Best regards, >>>> >>>> Joost Waversveld >>>> >>>> Alex Broens wrote: >>>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>>>> We use MailScanner and Postfix on a mail gateway server and forward >>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, >>>>>> enough X-headers have accumulated in an Exchange database to cause a >>>>>> problem, so we need to remove X-headers before they are forwarded to >>>>>> the Exchange server. >>>>>> >>>>>> There is a line in MailScanner.conf that allows us to name whatever >>>>>> headers we want to remove ("Remove These Headers"), but this raises >>>>>> some questions. If we just blanket remove all X-headers, won't this >>>>>> defeat features of MailScanner that depend on MailScanner adding >>>>>> headers? >>>>>> >>>>>> According to hints in the MailScanner rules directory, we should be >>>>>> able to use regular Perl expresssions to create a ruleset to exclude >>>>>> certain headers from the delete list. My problem is that I don't >>>>>> have a clue how to write regular Perl expressions. From what I've >>>>>> read online, for example, the lines below should be equivalent, but >>>>>> when I use the Perl expression in the ruleset it doesn't work. >>>>>> >>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE >>>>>> header >>>>>> >>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>>> >>>>>> I know this isn't a Perl forum, but I'm hoping that someone who has >>>>>> tried this can enlighten me. If I could just get a simple >>>>>> expression >>>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>> Before you start breaking MIME headers, who told you this or what MS >>>>> KB article covers this? >>>>> >>>> -- >>>> Joost Waversveld >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> ------- End of Original Message ------- >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> ------- End of Original Message ------- >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt pgTRow7Fqx83C5gTW0Kilco= =Iqy2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Mar 12 14:43:12 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 12 14:43:31 2009 Subject: How to Remove X-headers In-Reply-To: <49B91A8C.2030409@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu><49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu><20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA062286FE@HC-MBX02.herefordshire.gov.uk> It would nice to be able to remove headers based on a Perl RE against the WHOLE header line, and not just the bit before the colon. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 12 March 2009 14:22 To: MailScanner discussion Subject: Re: How to Remove X-headers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, you can't use a regular expression to define which headers you want to remove, just a list of header names. I'm fairly sure the documentation does not imply that you *can* use regexps here. On 12/3/09 14:14, Glenn wrote: > Oh, sorry, I did not read Joost's post carefully enough to see the > difference between his expression and mine. However, I just tested > his expression, /^X- Mime.*\:/ , and it doesn't work either. I am wondering if MailScanner can > use Perl expressions in this ruleset? Thanks again. -Glenn. > > ---------- Original Message ----------- > From: "Glenn" > To: MailScanner discussion > Sent: Thu, 12 Mar 2009 09:02:37 -0500 > Subject: Re: How to Remove X-headers > > >> Thanks for all the attention, but I'm afraid I still have the same >> problem. Regardless of the propriety of doing so, I would like to be >> able to filter headers using the "Remove These Headers" ruleset, >> and I can't get it to work with Perl regular expressions. Joost's >> post seems to confirm that I am using an expression that should >> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >> on this? Thanks. -Glenn. >> >> ---------- Original Message ----------- >> From: Joost Waversveld >> To: MailScanner discussion >> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >> Subject: Re: How to Remove X-headers >> >> >>> /^XMime.*\:/ would match XMime (and not X- >>> Mime) >>> >>> The regular expression should be /^X-Mime.*\:/ >>> >>> Best regards, >>> >>> Joost Waversveld >>> >>> Alex Broens wrote: >>> >>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>> >>>>> We use MailScanner and Postfix on a mail gateway server and >>>>> forward mail to an internal Microsoft Exchange 2003 server. >>>>> Evidently, enough X-headers have accumulated in an Exchange >>>>> database to cause a problem, so we need to remove X-headers before >>>>> they are forwarded to the Exchange server. >>>>> >>>>> There is a line in MailScanner.conf that allows us to name >>>>> whatever headers we want to remove ("Remove These Headers"), but >>>>> this raises some questions. If we just blanket remove all >>>>> X-headers, won't this defeat features of MailScanner that depend >>>>> on MailScanner adding headers? >>>>> >>>>> According to hints in the MailScanner rules directory, we should >>>>> be able to use regular Perl expresssions to create a ruleset to >>>>> exclude certain headers from the delete list. My problem is that >>>>> I don't have a clue how to write regular Perl expressions. From >>>>> what I've read online, for example, the lines below should be >>>>> equivalent, but when I use the Perl expression in the ruleset it doesn't work. >>>>> >>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header >>>>> >>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>> >>>>> I know this isn't a Perl forum, but I'm hoping that someone who >>>>> has tried this can enlighten me. If I could just get a simple expression >>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>> >>>> Before you start breaking MIME headers, who told you this or what >>>> MS KB article covers this? >>>> >>>> >>> -- >>> Joost Waversveld >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> ------- End of Original Message ------- >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ------- End of Original Message ------- > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJuRqMEfZZRxQVtlQRAp1TAKCrSEREXCfFVjsC63fLHfdpRGo9tgCfTj5w ibl3FL6uiJr1P9lK96ALWRI= =r+cL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn at mail.txwes.edu Thu Mar 12 14:43:54 2009 From: glenn at mail.txwes.edu (Glenn) Date: Thu Mar 12 14:44:12 2009 Subject: How to Remove X-headers In-Reply-To: <49B91A8C.2030409@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> Message-ID: <20090312144032.M76384@mail.txwes.edu> Yes, on rereading the README in the rules directory, I see that Perl expressions are allowed in the second (pattern-matching) field, not in the result field. Drat. Thanks for the clarification. -Glenn. ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Thu, 12 Mar 2009 14:22:04 +0000 Subject: Re: How to Remove X-headers > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > No, you can't use a regular expression to define which headers you > want to remove, just a list of header names. I'm fairly sure the > documentation does not imply that you *can* use regexps here. > > On 12/3/09 14:14, Glenn wrote: > > Oh, sorry, I did not read Joost's post carefully enough to see the difference > > between his expression and mine. However, I just tested his expression, /^X- > > Mime.*\:/ , and it doesn't work either. I am wondering if MailScanner can > > use Perl expressions in this ruleset? Thanks again. -Glenn. > > > > ---------- Original Message ----------- > > From: "Glenn" > > To: MailScanner discussion > > Sent: Thu, 12 Mar 2009 09:02:37 -0500 > > Subject: Re: How to Remove X-headers > > > > > >> Thanks for all the attention, but I'm afraid I still have the same > >> problem. Regardless of the propriety of doing so, I would like to > >> be able to filter headers using the "Remove These Headers" ruleset, > >> and I can't get it to work with Perl regular expressions. Joost's > >> post seems to confirm that I am using an expression that should > >> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light > >> on this? Thanks. -Glenn. > >> > >> ---------- Original Message ----------- > >> From: Joost Waversveld > >> To: MailScanner discussion > >> Sent: Thu, 12 Mar 2009 09:38:58 +0100 > >> Subject: Re: How to Remove X-headers > >> > >> > >>> /^XMime.*\:/ would match XMime (and not X- > >>> Mime) > >>> > >>> The regular expression should be /^X-Mime.*\:/ > >>> > >>> Best regards, > >>> > >>> Joost Waversveld > >>> > >>> Alex Broens wrote: > >>> > >>>> On 3/11/2009 10:50 PM, Glenn wrote: > >>>> > >>>>> We use MailScanner and Postfix on a mail gateway server and forward > >>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, > >>>>> enough X-headers have accumulated in an Exchange database to cause a > >>>>> problem, so we need to remove X-headers before they are forwarded to > >>>>> the Exchange server. > >>>>> > >>>>> There is a line in MailScanner.conf that allows us to name whatever > >>>>> headers we want to remove ("Remove These Headers"), but this raises > >>>>> some questions. If we just blanket remove all X-headers, won't this > >>>>> defeat features of MailScanner that depend on MailScanner adding > >>>>> headers? > >>>>> > >>>>> According to hints in the MailScanner rules directory, we should be > >>>>> able to use regular Perl expresssions to create a ruleset to exclude > >>>>> certain headers from the delete list. My problem is that I don't > >>>>> have a clue how to write regular Perl expressions. From what I've > >>>>> read online, for example, the lines below should be equivalent, but > >>>>> when I use the Perl expression in the ruleset it doesn't work. > >>>>> > >>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE header > >>>>> > >>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't > >>>>> > >>>>> I know this isn't a Perl forum, but I'm hoping that someone who has > >>>>> tried this can enlighten me. If I could just get a simple expression > >>>>> to work, I might be able to build what I need. Thanks. -Glenn. > >>>>> > >>>> Before you start breaking MIME headers, who told you this or what MS > >>>> KB article covers this? > >>>> > >>>> > >>> -- > >>> Joost Waversveld > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> ------- End of Original Message ------- > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > ------- End of Original Message ------- > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFJuRqMEfZZRxQVtlQRAp1TAKCrSEREXCfFVjsC63fLHfdpRGo9tgCfTj5w > ibl3FL6uiJr1P9lK96ALWRI= > =r+cL > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From glenn at mail.txwes.edu Thu Mar 12 14:58:14 2009 From: glenn at mail.txwes.edu (Glenn) Date: Thu Mar 12 14:58:39 2009 Subject: How to Remove X-headers In-Reply-To: <49B91EF3.4070709@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> Message-ID: <20090312144756.M75784@mail.txwes.edu> Julian - Yes, I tried X-Mime.* and it does not work. It seems the X-header limit in Microsoft Exchange is just now beginning to cause problems. There is already a commercial fix for Exchange 2007 (http://www.codeplex.com/HeaderFilterAgent), but of course we are using Exchange 2003. So you have at least one "people" who could put this functionality to use, and probably others will be looking for it soon. Thanks. -Glenn. ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Thu, 12 Mar 2009 14:40:51 +0000 Subject: Re: How to Remove X-headers > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have just taken a look at the code. > Have you tried something like this in your ruleset > > From: 10.11.12.13 X-Mime.* > > as I think that may well indeed work. It won't work in Exim, but may > well work in the others. > If people want this functionality put in properly so you could do > something like > From: 10.11.12.13 ^X-Mime.* > to anchor it properly, then I could add this. > > Jules. > > On 12/3/09 14:22, Julian Field wrote: > > * PGP Signed: 03/12/09 at 14:22:04 > > > > No, you can't use a regular expression to define which headers you > > want to remove, just a list of header names. I'm fairly sure the > > documentation does not imply that you *can* use regexps here. > > > > On 12/3/09 14:14, Glenn wrote: > >> Oh, sorry, I did not read Joost's post carefully enough to see the > >> difference > >> between his expression and mine. However, I just tested his > >> expression, /^X- > >> Mime.*\:/ , and it doesn't work either. I am wondering if > >> MailScanner can > >> use Perl expressions in this ruleset? Thanks again. -Glenn. > >> > >> ---------- Original Message ----------- > >> From: "Glenn" > >> To: MailScanner discussion > >> Sent: Thu, 12 Mar 2009 09:02:37 -0500 > >> Subject: Re: How to Remove X-headers > >> > >>> Thanks for all the attention, but I'm afraid I still have the same > >>> problem. Regardless of the propriety of doing so, I would like to > >>> be able to filter headers using the "Remove These Headers" ruleset, > >>> and I can't get it to work with Perl regular expressions. Joost's > >>> post seems to confirm that I am using an expression that should > >>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light > >>> on this? Thanks. -Glenn. > >>> > >>> ---------- Original Message ----------- > >>> From: Joost Waversveld > >>> To: MailScanner discussion > >>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 > >>> Subject: Re: How to Remove X-headers > >>> > >>>> /^XMime.*\:/ would match XMime (and not X- > >>>> Mime) > >>>> > >>>> The regular expression should be /^X-Mime.*\:/ > >>>> > >>>> Best regards, > >>>> > >>>> Joost Waversveld > >>>> > >>>> Alex Broens wrote: > >>>>> On 3/11/2009 10:50 PM, Glenn wrote: > >>>>>> We use MailScanner and Postfix on a mail gateway server and forward > >>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, > >>>>>> enough X-headers have accumulated in an Exchange database to cause a > >>>>>> problem, so we need to remove X-headers before they are forwarded to > >>>>>> the Exchange server. > >>>>>> > >>>>>> There is a line in MailScanner.conf that allows us to name whatever > >>>>>> headers we want to remove ("Remove These Headers"), but this raises > >>>>>> some questions. If we just blanket remove all X-headers, won't this > >>>>>> defeat features of MailScanner that depend on MailScanner adding > >>>>>> headers? > >>>>>> > >>>>>> According to hints in the MailScanner rules directory, we should be > >>>>>> able to use regular Perl expresssions to create a ruleset to exclude > >>>>>> certain headers from the delete list. My problem is that I don't > >>>>>> have a clue how to write regular Perl expressions. From what I've > >>>>>> read online, for example, the lines below should be equivalent, but > >>>>>> when I use the Perl expression in the ruleset it doesn't work. > >>>>>> > >>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE > >>>>>> header > >>>>>> > >>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't > >>>>>> > >>>>>> I know this isn't a Perl forum, but I'm hoping that someone who has > >>>>>> tried this can enlighten me. If I could just get a simple > >>>>>> expression > >>>>>> to work, I might be able to build what I need. Thanks. -Glenn. > >>>>> Before you start breaking MIME headers, who told you this or what MS > >>>>> KB article covers this? > >>>>> > >>>> -- > >>>> Joost Waversveld > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> ------- End of Original Message ------- > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> ------- End of Original Message ------- > >> > > > > Jules > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt > pgTRow7Fqx83C5gTW0Kilco= > =Iqy2 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From MailScanner at ecs.soton.ac.uk Thu Mar 12 15:17:59 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 12 15:18:23 2009 Subject: How to Remove X-headers In-Reply-To: <20090312144756.M75784@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> Message-ID: <49B927A7.3030105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay, no problem. The new functionality will still take a list of header names or regexps. The regexps mustn't contain spaces or I can't parse them, so use \s when you mean a space. Header names can optionally end in a ':', it will be added if not supplied. Header names can optionally be of the form /regular-expression/ in which case this will be applied to the whole header line (including the name and value of the header of course). The test will be appled in a case-insensitive manner. Is that what people want? Jules. On 12/3/09 14:58, Glenn wrote: > Julian - Yes, I tried X-Mime.* and it does not work. > > It seems the X-header limit in Microsoft Exchange is just now beginning to > cause problems. There is already a commercial fix for Exchange 2007 > (http://www.codeplex.com/HeaderFilterAgent), but of course we are using > Exchange 2003. So you have at least one "people" who could put this > functionality to use, and probably others will be looking for it soon. > Thanks. -Glenn. > > > ---------- Original Message ----------- > From: Julian Field > To: MailScanner discussion > Sent: Thu, 12 Mar 2009 14:40:51 +0000 > Subject: Re: How to Remove X-headers > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Have just taken a look at the code. >> Have you tried something like this in your ruleset >> >> From: 10.11.12.13 X-Mime.* >> >> as I think that may well indeed work. It won't work in Exim, but may >> well work in the others. >> If people want this functionality put in properly so you could do >> something like >> From: 10.11.12.13 ^X-Mime.* >> to anchor it properly, then I could add this. >> >> Jules. >> >> On 12/3/09 14:22, Julian Field wrote: >> >>> * PGP Signed: 03/12/09 at 14:22:04 >>> >>> No, you can't use a regular expression to define which headers you >>> want to remove, just a list of header names. I'm fairly sure the >>> documentation does not imply that you *can* use regexps here. >>> >>> On 12/3/09 14:14, Glenn wrote: >>> >>>> Oh, sorry, I did not read Joost's post carefully enough to see the >>>> difference >>>> between his expression and mine. However, I just tested his >>>> expression, /^X- >>>> Mime.*\:/ , and it doesn't work either. I am wondering if >>>> MailScanner can >>>> use Perl expressions in this ruleset? Thanks again. -Glenn. >>>> >>>> ---------- Original Message ----------- >>>> From: "Glenn" >>>> To: MailScanner discussion >>>> Sent: Thu, 12 Mar 2009 09:02:37 -0500 >>>> Subject: Re: How to Remove X-headers >>>> >>>> >>>>> Thanks for all the attention, but I'm afraid I still have the same >>>>> problem. Regardless of the propriety of doing so, I would like to >>>>> be able to filter headers using the "Remove These Headers" ruleset, >>>>> and I can't get it to work with Perl regular expressions. Joost's >>>>> post seems to confirm that I am using an expression that should >>>>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >>>>> on this? Thanks. -Glenn. >>>>> >>>>> ---------- Original Message ----------- >>>>> From: Joost Waversveld >>>>> To: MailScanner discussion >>>>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >>>>> Subject: Re: How to Remove X-headers >>>>> >>>>> >>>>>> /^XMime.*\:/ would match XMime (and not X- >>>>>> Mime) >>>>>> >>>>>> The regular expression should be /^X-Mime.*\:/ >>>>>> >>>>>> Best regards, >>>>>> >>>>>> Joost Waversveld >>>>>> >>>>>> Alex Broens wrote: >>>>>> >>>>>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>>>>> >>>>>>>> We use MailScanner and Postfix on a mail gateway server and forward >>>>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, >>>>>>>> enough X-headers have accumulated in an Exchange database to cause a >>>>>>>> problem, so we need to remove X-headers before they are forwarded to >>>>>>>> the Exchange server. >>>>>>>> >>>>>>>> There is a line in MailScanner.conf that allows us to name whatever >>>>>>>> headers we want to remove ("Remove These Headers"), but this raises >>>>>>>> some questions. If we just blanket remove all X-headers, won't this >>>>>>>> defeat features of MailScanner that depend on MailScanner adding >>>>>>>> headers? >>>>>>>> >>>>>>>> According to hints in the MailScanner rules directory, we should be >>>>>>>> able to use regular Perl expresssions to create a ruleset to exclude >>>>>>>> certain headers from the delete list. My problem is that I don't >>>>>>>> have a clue how to write regular Perl expressions. From what I've >>>>>>>> read online, for example, the lines below should be equivalent, but >>>>>>>> when I use the Perl expression in the ruleset it doesn't work. >>>>>>>> >>>>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE >>>>>>>> header >>>>>>>> >>>>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>>>>> >>>>>>>> I know this isn't a Perl forum, but I'm hoping that someone who has >>>>>>>> tried this can enlighten me. If I could just get a simple >>>>>>>> expression >>>>>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>>>>> >>>>>>> Before you start breaking MIME headers, who told you this or what MS >>>>>>> KB article covers this? >>>>>>> >>>>>>> >>>>>> -- >>>>>> Joost Waversveld >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>> ------- End of Original Message ------- >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> ------- End of Original Message ------- >>>> >>>> >>> Jules >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.9.1 (Build 287) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-1 >> >> wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt >> pgTRow7Fqx83C5gTW0Kilco= >> =Iqy2 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ------- End of Original Message ------- > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJuSeoEfZZRxQVtlQRAiLRAKC4PDvu5lynsZ2yd8U6CPDbC9vHBwCeIAhN EJ8fyLp7NgqFLfrZ5XehGw8= =OEIp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Mar 12 15:31:40 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 12 15:31:48 2009 Subject: How to Remove X-headers In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> Message-ID: Phil Randal wrote on Thu, 12 Mar 2009 10:07:07 -0000: > Note how Microsoft has completely lost the plot on this one, and fails > to understand that there could be any number of unique X- header lines, > not just their arbitrary limit of at most 327766 "Named properties". I understand that http://technet.microsoft.com/en-us/library/bb851492.aspx article in a way that it uses only *specific* X-header lines for this, not all of them. However, even for this subset it is ridiculous to set a limit that is so small (8000 for unauthenticated users!) and needs those extensive procedures to be changed. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Mar 12 15:31:40 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 12 15:31:48 2009 Subject: Interesting Error - Can't use string ("1909") as an ARRAY ref while "strict refs" in use In-Reply-To: <49B81C16.3060408@ecs.soton.ac.uk> References: <200903081521.n28FLoG3025776@safir.blacknight.ie> <49B3E591.40001@ecs.soton.ac.uk> <409F1584E5E745C891EF8F2B97CC7F81@SAHOMELT> <49B56A46.3020209@ecs.soton.ac.uk> <7296FC34423C4DA99D71ABDEE170B0E1@SAHOMELT> <20090310120649.B988817066@out-b.mx.mail-launder.com> <200903101340.n2ADefDD025410@safir.blacknight.ie> <49B67169.6070106@ecs.soton.ac.uk> <49B68093.6050504@ecs.soton.ac.uk> <01C73A5E39464F0F9274EF58B2D52F2B@SAHOMELT> <49B7AC27.20502@ecs.soton.ac.uk> Message-ID: <49B81C16.3060408@ecs.soton.ac.uk> Reply-To: mailscanner@lists.mailscanner.info Julian Field wrote on Wed, 11 Mar 2009 20:16:22 +0000: > No, it's there as is the supporting code. My remark was deduced from the fact that the Place New Headers At Top Of Message = no was missing from the lines that got added. However, these two are getting added each time Added new: Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif Added new: Lockfile Dir = /var/spool/MailScanner/incoming/Locks although they are not new. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Mar 12 15:39:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 12 15:40:54 2009 Subject: How to Remove X-headers In-Reply-To: <49B927A7.3030105@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <49B927A7.3030105@ecs.soton.ac.uk> Message-ID: <49B92CBC.1000905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On the basis that sounds fairly sensible and appears to provide the flexibility people are after, I have written and released it as 4.75.9. There is new text near the start of the description of "Remove These Headers" which says this: # This is a space-separated list of a mixture of any combination of # 1. Names of headers, optionally ending with a ':' # (the ':' will be added if not supplied) # 2. Regular expressions starting and ending with a '/'. # These regular expressions are matched against the entire header line, # not just the name of the header. # **NOTE** The regular expressions must *not* contain spaces, # so use '\s' instead of ' '. It appears to work fine in sendmail, I would be grateful if people using other mailers could also test it for me. Thanks guys, Jules. On 12/3/09 15:17, Julian Field wrote: > * PGP Signed: 03/12/09 at 15:18:00 > > Okay, no problem. > The new functionality will still take a list of header names or > regexps. The regexps mustn't contain spaces or I can't parse them, so > use \s when you mean a space. > Header names can optionally end in a ':', it will be added if not > supplied. > Header names can optionally be of the form /regular-expression/ in > which case this will be applied to the whole header line (including > the name and value of the header of course). The test will be appled > in a case-insensitive manner. > > Is that what people want? > > Jules. > > On 12/3/09 14:58, Glenn wrote: >> Julian - Yes, I tried X-Mime.* and it does not work. >> >> It seems the X-header limit in Microsoft Exchange is just now >> beginning to >> cause problems. There is already a commercial fix for Exchange 2007 >> (http://www.codeplex.com/HeaderFilterAgent), but of course we are using >> Exchange 2003. So you have at least one "people" who could put this >> functionality to use, and probably others will be looking for it soon. >> Thanks. -Glenn. >> >> >> ---------- Original Message ----------- >> From: Julian Field >> To: MailScanner discussion >> Sent: Thu, 12 Mar 2009 14:40:51 +0000 >> Subject: Re: How to Remove X-headers >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Have just taken a look at the code. >>> Have you tried something like this in your ruleset >>> >>> From: 10.11.12.13 X-Mime.* >>> >>> as I think that may well indeed work. It won't work in Exim, but may >>> well work in the others. >>> If people want this functionality put in properly so you could do >>> something like >>> From: 10.11.12.13 ^X-Mime.* >>> to anchor it properly, then I could add this. >>> >>> Jules. >>> >>> On 12/3/09 14:22, Julian Field wrote: >>>> > Old Signed: 03/12/09 at 14:22:04 >>>> >>>> No, you can't use a regular expression to define which headers you >>>> want to remove, just a list of header names. I'm fairly sure the >>>> documentation does not imply that you *can* use regexps here. >>>> >>>> On 12/3/09 14:14, Glenn wrote: >>>>> Oh, sorry, I did not read Joost's post carefully enough to see the >>>>> difference >>>>> between his expression and mine. However, I just tested his >>>>> expression, /^X- >>>>> Mime.*\:/ , and it doesn't work either. I am wondering if >>>>> MailScanner can >>>>> use Perl expressions in this ruleset? Thanks again. -Glenn. >>>>> >>>>> ---------- Original Message ----------- >>>>> From: "Glenn" >>>>> To: MailScanner discussion >>>>> Sent: Thu, 12 Mar 2009 09:02:37 -0500 >>>>> Subject: Re: How to Remove X-headers >>>>> >>>>>> Thanks for all the attention, but I'm afraid I still have the same >>>>>> problem. Regardless of the propriety of doing so, I would like to >>>>>> be able to filter headers using the "Remove These Headers" ruleset, >>>>>> and I can't get it to work with Perl regular expressions. >>>>>> Joost's >>>>>> post seems to confirm that I am using an expression that should >>>>>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >>>>>> on this? Thanks. -Glenn. >>>>>> >>>>>> ---------- Original Message ----------- >>>>>> From: Joost Waversveld >>>>>> To: MailScanner discussion >>>>>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >>>>>> Subject: Re: How to Remove X-headers >>>>>> >>>>>>> /^XMime.*\:/ would match XMime (and not X- >>>>>>> Mime) >>>>>>> >>>>>>> The regular expression should be /^X-Mime.*\:/ >>>>>>> >>>>>>> Best regards, >>>>>>> >>>>>>> Joost Waversveld >>>>>>> >>>>>>> Alex Broens wrote: >>>>>>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>>>>>>> We use MailScanner and Postfix on a mail gateway server and >>>>>>>>> forward >>>>>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, >>>>>>>>> enough X-headers have accumulated in an Exchange database to >>>>>>>>> cause a >>>>>>>>> problem, so we need to remove X-headers before they are >>>>>>>>> forwarded to >>>>>>>>> the Exchange server. >>>>>>>>> >>>>>>>>> There is a line in MailScanner.conf that allows us to name >>>>>>>>> whatever >>>>>>>>> headers we want to remove ("Remove These Headers"), but this >>>>>>>>> raises >>>>>>>>> some questions. If we just blanket remove all X-headers, >>>>>>>>> won't this >>>>>>>>> defeat features of MailScanner that depend on MailScanner adding >>>>>>>>> headers? >>>>>>>>> >>>>>>>>> According to hints in the MailScanner rules directory, we >>>>>>>>> should be >>>>>>>>> able to use regular Perl expresssions to create a ruleset to >>>>>>>>> exclude >>>>>>>>> certain headers from the delete list. My problem is that I don't >>>>>>>>> have a clue how to write regular Perl expressions. From what >>>>>>>>> I've >>>>>>>>> read online, for example, the lines below should be >>>>>>>>> equivalent, but >>>>>>>>> when I use the Perl expression in the ruleset it doesn't work. >>>>>>>>> >>>>>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE >>>>>>>>> header >>>>>>>>> >>>>>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>>>>>> >>>>>>>>> I know this isn't a Perl forum, but I'm hoping that someone >>>>>>>>> who has >>>>>>>>> tried this can enlighten me. If I could just get a simple >>>>>>>>> expression >>>>>>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>>>>> Before you start breaking MIME headers, who told you this or >>>>>>>> what MS >>>>>>>> KB article covers this? >>>>>>>> >>>>>>> -- >>>>>>> Joost Waversveld >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>> ------- End of Original Message ------- >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> ------- End of Original Message ------- >>>>> >>>> Jules >>>> >>> Jules >>> >>> - -- Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> boss? Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.9.1 (Build 287) >>> Comment: Use Enigmail to decrypt or check this message is legitimate >>> Charset: ISO-8859-1 >>> >>> wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt >>> pgTRow7Fqx83C5gTW0Kilco= >>> =Iqy2 >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> ------- End of Original Message ------- >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFJuSy8EfZZRxQVtlQRArdmAKC05+diwhk2XuJoQ31gJASOjlX57QCcDcum B2jdj/D1uqVV8JA87+T0kHM= =p4ZI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn at mail.txwes.edu Thu Mar 12 15:47:01 2009 From: glenn at mail.txwes.edu (Glenn) Date: Thu Mar 12 15:47:21 2009 Subject: How to Remove X-headers In-Reply-To: <49B927A7.3030105@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <49B927A7.3030105@ecs.soton.ac.uk> Message-ID: <20090312154544.M84660@mail.txwes.edu> Sounds good to me. -G. ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Thu, 12 Mar 2009 15:17:59 +0000 Subject: Re: How to Remove X-headers > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Okay, no problem. > The new functionality will still take a list of header names or > regexps. The regexps mustn't contain spaces or I can't parse them, > so use \s when you mean a space. Header names can optionally end in > a ':', it will be added if not supplied. Header names can optionally > be of the form /regular-expression/ in which case this will be > applied to the whole header line (including the name and value of > the header of course). The test will be appled in a case-insensitive > manner. > > Is that what people want? > > Jules. > > On 12/3/09 14:58, Glenn wrote: > > Julian - Yes, I tried X-Mime.* and it does not work. > > > > It seems the X-header limit in Microsoft Exchange is just now beginning to > > cause problems. There is already a commercial fix for Exchange 2007 > > (http://www.codeplex.com/HeaderFilterAgent), but of course we are using > > Exchange 2003. So you have at least one "people" who could put this > > functionality to use, and probably others will be looking for it soon. > > Thanks. -Glenn. > > > > From prandal at herefordshire.gov.uk Thu Mar 12 16:11:17 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 12 16:11:50 2009 Subject: How to Remove X-headers In-Reply-To: References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch><7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA063589DC@HC-MBX02.herefordshire.gov.uk> Kai Schaetzl wrote: > Phil Randal wrote on Thu, 12 Mar 2009 10:07:07 -0000: > >> Note how Microsoft has completely lost the plot on this one, and >> fails >> to understand that there could be any number of unique X- header >> lines, not just their arbitrary limit of at most 327766 "Named >> properties". > > I understand that > http://technet.microsoft.com/en-us/library/bb851492.aspx > article in a way that it uses only *specific* X-header lines for > this, not all of them. However, even for this subset it is ridiculous > to set a limit that is so small (8000 for unauthenticated users!) and > needs those extensive procedures to be changed. > > Kai That's not how I read it. Ironically, our MS Exchange moaned about an X-.....-Mailscanner..... header. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From Kevin_Miller at ci.juneau.ak.us Thu Mar 12 17:22:24 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 12 17:22:36 2009 Subject: How to Remove X-headers In-Reply-To: <20090312144756.M75784@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> Message-ID: <4A09477D575C2C4B86497161427DD94C0D0E80D59D@CITY-EXCHANGE07.cbj.local> Glenn wrote: > Julian - Yes, I tried X-Mime.* and it does not work. > > It seems the X-header limit in Microsoft Exchange is just now > beginning to cause problems. There is already a commercial fix for > Exchange 2007 (http://www.codeplex.com/HeaderFilterAgent), but of > course we are using Exchange 2003. So you have at least one "people" > who could put this functionality to use, and probably others will be > looking for it soon. Thanks. -Glenn. Hmmm. Maybe it's a subtle way to force you to upgrade? Jeepers, this looks like a wide open vector for a targeted DDoS attack if one wanted to take out someone's exchange server. Scary... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Thu Mar 12 17:30:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 12 17:30:55 2009 Subject: How to Remove X-headers In-Reply-To: <4A09477D575C2C4B86497161427DD94C0D0E80D59D@CITY-EXCHANGE07.cbj.local> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <4A09477D575C2C4B86497161427DD94C0D0E80D59D@CITY-EXCHANGE07.cbj.local> Message-ID: <49B946B8.40308@ecs.soton.ac.uk> On 12/3/09 17:22, Kevin Miller wrote: > Glenn wrote: > >> Julian - Yes, I tried X-Mime.* and it does not work. >> >> It seems the X-header limit in Microsoft Exchange is just now >> beginning to cause problems. There is already a commercial fix for >> Exchange 2007 (http://www.codeplex.com/HeaderFilterAgent), but of >> course we are using Exchange 2003. So you have at least one "people" >> who could put this functionality to use, and probably others will be >> looking for it soon. Thanks. -Glenn. >> > Hmmm. Maybe it's a subtle way to force you to upgrade? > Jeepers, this looks like a wide open vector for a targeted DDoS attack if one wanted to take out someone's exchange server. Scary... > Maybe I should add a random-number generate into the "header" action so you can generate randomly-numbered headers? That would take out an Exchange server pretty quickly :-( Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Thu Mar 12 17:43:45 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 12 17:43:57 2009 Subject: How to Remove X-headers In-Reply-To: <49B946B8.40308@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <4A09477D575C2C4B86497161427DD94C0D0E80D59D@CITY-EXCHANGE07.cbj.local> <49B946B8.40308@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C0D0E80D59F@CITY-EXCHANGE07.cbj.local> Julian Field wrote: > On 12/3/09 17:22, Kevin Miller wrote: >> Glenn wrote: >> >>> Julian - Yes, I tried X-Mime.* and it does not work. >>> >>> It seems the X-header limit in Microsoft Exchange is just now >>> beginning to cause problems. There is already a commercial fix for >>> Exchange 2007 (http://www.codeplex.com/HeaderFilterAgent), but of >>> course we are using Exchange 2003. So you have at least one >>> "people" who could put this functionality to use, and probably >>> others will be looking for it soon. Thanks. -Glenn. >>> >> Hmmm. Maybe it's a subtle way to force you to upgrade? Jeepers, >> this looks like a wide open vector for a targeted DDoS attack if one >> wanted to take out someone's exchange server. Scary... >> > Maybe I should add a random-number generate into the "header" action > so you can generate randomly-numbered headers? That would take out an > Exchange server pretty quickly :-( Excatly. Microsoft really needs to come up w/a better solution than 'migrate your users to a new database'. Someone is going to do exactly that - you can almost bank on it. Since they're storing the x-headers, you'd think it would be an easy thing to add a date field, and update it when a specific header is seen, then auto clean anything older than say six months. Not that they'll do such a thing. Sigh. Zimbra anyone? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lists at hbcs.org Thu Mar 12 17:51:50 2009 From: lists at hbcs.org (Dave C) Date: Thu Mar 12 17:52:05 2009 Subject: How to Remove X-headers In-Reply-To: <4A09477D575C2C4B86497161427DD94C0D0E80D59F@CITY-EXCHANGE07.cbj.local> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <4A09477D575C2C4B86497161427DD94C0D0E80D59D@CITY-EXCHANGE07.cbj.local> <49B946B8.40308@ecs.soton.ac.uk> <4A09477D575C2C4B86497161427DD94C0D0E80D59F@CITY-EXCHANGE07.cbj.local> Message-ID: <49B94BB6.8000303@hbcs.org> Kevin Miller wrote: > Julian Field wrote: >> On 12/3/09 17:22, Kevin Miller wrote: >>> Glenn wrote: >>> >>>> Julian - Yes, I tried X-Mime.* and it does not work. >>>> >>>> It seems the X-header limit in Microsoft Exchange is just now >>>> beginning to cause problems. There is already a commercial fix for >>>> Exchange 2007 (http://www.codeplex.com/HeaderFilterAgent), but of >>>> course we are using Exchange 2003. So you have at least one >>>> "people" who could put this functionality to use, and probably >>>> others will be looking for it soon. Thanks. -Glenn. >>>> >>> Hmmm. Maybe it's a subtle way to force you to upgrade? Jeepers, >>> this looks like a wide open vector for a targeted DDoS attack if one >>> wanted to take out someone's exchange server. Scary... >>> >> Maybe I should add a random-number generate into the "header" action >> so you can generate randomly-numbered headers? That would take out an >> Exchange server pretty quickly :-( > > Excatly. Microsoft really needs to come up w/a better solution than 'migrate your users to a new database'. Someone is going to do exactly that - you can almost bank on it. Since they're storing the x-headers, you'd think it would be an easy thing to add a date field, and update it when a specific header is seen, then auto clean anything older than say six months. Not that they'll do such a thing. Sigh. Zimbra anyone? > > ...Kevin We prefer Scalix here... ;) ------------------ CONFIDENTIALITY NOTICE --------------- This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- -------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn at mail.txwes.edu Fri Mar 13 13:05:34 2009 From: glenn at mail.txwes.edu (Glenn) Date: Fri Mar 13 13:05:54 2009 Subject: How to Remove X-headers In-Reply-To: <49B92CBC.1000905@ecs.soton.ac.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <49B927A7.3030105@ecs.soton.ac.uk> <49B92CBC.1000905@ecs.soton.ac.uk> Message-ID: <20090313125948.M75170@mail.txwes.edu> Julian - Thanks very much for adding this functionality. I tried upgrading our Red Hat EL4/Postfix machines, and the new version stopped mail flow altogether. I have gone back to the older version (4.73.4-2) until I can figure out what went wrong. -Glenn. ---------- Original Message ----------- From: Julian Field To: MailScanner discussion Sent: Thu, 12 Mar 2009 15:39:40 +0000 Subject: Re: How to Remove X-headers > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On the basis that sounds fairly sensible and appears to provide the > flexibility people are after, I have written and released it as 4.75.9. > > There is new text near the start of the description of "Remove These > Headers" which says this: > > # This is a space-separated list of a mixture of any combination of > # 1. Names of headers, optionally ending with a ':' > # (the ':' will be added if not supplied) > # 2. Regular expressions starting and ending with a '/'. > # These regular expressions are matched against the entire header line, > # not just the name of the header. > # **NOTE** The regular expressions must *not* contain spaces, > # so use '\s' instead of ' '. > > It appears to work fine in sendmail, I would be grateful if people > using other mailers could also test it for me. > > Thanks guys, > Jules. > > On 12/3/09 15:17, Julian Field wrote: > > * PGP Signed: 03/12/09 at 15:18:00 > > > > Okay, no problem. > > The new functionality will still take a list of header names or > > regexps. The regexps mustn't contain spaces or I can't parse them, so > > use \s when you mean a space. > > Header names can optionally end in a ':', it will be added if not > > supplied. > > Header names can optionally be of the form /regular-expression/ in > > which case this will be applied to the whole header line (including > > the name and value of the header of course). The test will be appled > > in a case-insensitive manner. > > > > Is that what people want? > > > > Jules. > > > > On 12/3/09 14:58, Glenn wrote: > >> Julian - Yes, I tried X-Mime.* and it does not work. > >> > >> It seems the X-header limit in Microsoft Exchange is just now > >> beginning to > >> cause problems. There is already a commercial fix for Exchange 2007 > >> (http://www.codeplex.com/HeaderFilterAgent), but of course we are using > >> Exchange 2003. So you have at least one "people" who could put this > >> functionality to use, and probably others will be looking for it soon. > >> Thanks. -Glenn. > >> > >> > >> ---------- Original Message ----------- > >> From: Julian Field > >> To: MailScanner discussion > >> Sent: Thu, 12 Mar 2009 14:40:51 +0000 > >> Subject: Re: How to Remove X-headers > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> Have just taken a look at the code. > >>> Have you tried something like this in your ruleset > >>> > >>> From: 10.11.12.13 X-Mime.* > >>> > >>> as I think that may well indeed work. It won't work in Exim, but may > >>> well work in the others. > >>> If people want this functionality put in properly so you could do > >>> something like > >>> From: 10.11.12.13 ^X-Mime.* > >>> to anchor it properly, then I could add this. > >>> > >>> Jules. > >>> > >>> On 12/3/09 14:22, Julian Field wrote: > >>>> > Old Signed: 03/12/09 at 14:22:04 > >>>> > >>>> No, you can't use a regular expression to define which headers you > >>>> want to remove, just a list of header names. I'm fairly sure the > >>>> documentation does not imply that you *can* use regexps here. > >>>> > >>>> On 12/3/09 14:14, Glenn wrote: > >>>>> Oh, sorry, I did not read Joost's post carefully enough to see the > >>>>> difference > >>>>> between his expression and mine. However, I just tested his > >>>>> expression, /^X- > >>>>> Mime.*\:/ , and it doesn't work either. I am wondering if > >>>>> MailScanner can > >>>>> use Perl expressions in this ruleset? Thanks again. -Glenn. > >>>>> > >>>>> ---------- Original Message ----------- > >>>>> From: "Glenn" > >>>>> To: MailScanner discussion > >>>>> Sent: Thu, 12 Mar 2009 09:02:37 -0500 > >>>>> Subject: Re: How to Remove X-headers > >>>>> > >>>>>> Thanks for all the attention, but I'm afraid I still have the same > >>>>>> problem. Regardless of the propriety of doing so, I would like to > >>>>>> be able to filter headers using the "Remove These Headers" ruleset, > >>>>>> and I can't get it to work with Perl regular expressions. > >>>>>> Joost's > >>>>>> post seems to confirm that I am using an expression that should > >>>>>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light > >>>>>> on this? Thanks. -Glenn. > >>>>>> > >>>>>> ---------- Original Message ----------- > >>>>>> From: Joost Waversveld > >>>>>> To: MailScanner discussion > >>>>>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 > >>>>>> Subject: Re: How to Remove X-headers > >>>>>> > >>>>>>> /^XMime.*\:/ would match XMime (and not X- > >>>>>>> Mime) > >>>>>>> > >>>>>>> The regular expression should be /^X-Mime.*\:/ > >>>>>>> > >>>>>>> Best regards, > >>>>>>> > >>>>>>> Joost Waversveld > >>>>>>> > >>>>>>> Alex Broens wrote: > >>>>>>>> On 3/11/2009 10:50 PM, Glenn wrote: > >>>>>>>>> We use MailScanner and Postfix on a mail gateway server and > >>>>>>>>> forward > >>>>>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, > >>>>>>>>> enough X-headers have accumulated in an Exchange database to > >>>>>>>>> cause a > >>>>>>>>> problem, so we need to remove X-headers before they are > >>>>>>>>> forwarded to > >>>>>>>>> the Exchange server. > >>>>>>>>> > >>>>>>>>> There is a line in MailScanner.conf that allows us to name > >>>>>>>>> whatever > >>>>>>>>> headers we want to remove ("Remove These Headers"), but this > >>>>>>>>> raises > >>>>>>>>> some questions. If we just blanket remove all X-headers, > >>>>>>>>> won't this > >>>>>>>>> defeat features of MailScanner that depend on MailScanner adding > >>>>>>>>> headers? > >>>>>>>>> > >>>>>>>>> According to hints in the MailScanner rules directory, we > >>>>>>>>> should be > >>>>>>>>> able to use regular Perl expresssions to create a ruleset to > >>>>>>>>> exclude > >>>>>>>>> certain headers from the delete list. My problem is that I don't > >>>>>>>>> have a clue how to write regular Perl expressions. From what > >>>>>>>>> I've > >>>>>>>>> read online, for example, the lines below should be > >>>>>>>>> equivalent, but > >>>>>>>>> when I use the Perl expression in the ruleset it doesn't work. > >>>>>>>>> > >>>>>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE > >>>>>>>>> header > >>>>>>>>> > >>>>>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't > >>>>>>>>> > >>>>>>>>> I know this isn't a Perl forum, but I'm hoping that someone > >>>>>>>>> who has > >>>>>>>>> tried this can enlighten me. If I could just get a simple > >>>>>>>>> expression > >>>>>>>>> to work, I might be able to build what I need. Thanks. -Glenn. > >>>>>>>> Before you start breaking MIME headers, who told you this or > >>>>>>>> what MS > >>>>>>>> KB article covers this? > >>>>>>>> > >>>>>>> -- > >>>>>>> Joost Waversveld > >>>>>>> > >>>>>>> -- > >>>>>>> MailScanner mailing list > >>>>>>> mailscanner@lists.mailscanner.info > >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>>> > >>>>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>>>> > >>>>>>> Support MailScanner development - buy the book off the website! > >>>>>> ------- End of Original Message ------- > >>>>>> > >>>>>> -- > >>>>>> MailScanner mailing list > >>>>>> mailscanner@lists.mailscanner.info > >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>>> > >>>>>> Before posting, read http://wiki.mailscanner.info/posting > >>>>>> > >>>>>> Support MailScanner development - buy the book off the website! > >>>>> ------- End of Original Message ------- > >>>>> > >>>> Jules > >>>> > >>> Jules > >>> > >>> - -- Julian Field MEng CITP CEng > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> > >>> Need help customising MailScanner? > >>> Contact me! > >>> Need help fixing or optimising your systems? > >>> Contact me! > >>> Need help getting you started solving new requirements from your > >>> boss? Contact me! > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: PGP Desktop 9.9.1 (Build 287) > >>> Comment: Use Enigmail to decrypt or check this message is legitimate > >>> Charset: ISO-8859-1 > >>> > >>> wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt > >>> pgTRow7Fqx83C5gTW0Kilco= > >>> =Iqy2 > >>> -----END PGP SIGNATURE----- > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >> ------- End of Original Message ------- > >> > > > > Jules > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFJuSy8EfZZRxQVtlQRArdmAKC05+diwhk2XuJoQ31gJASOjlX57QCcDcum > B2jdj/D1uqVV8JA87+T0kHM= > =p4ZI > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ------- End of Original Message ------- From paul.welsh.3 at googlemail.com Fri Mar 13 20:21:34 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Fri Mar 13 20:21:49 2009 Subject: OT: Mail list cleaning In-Reply-To: <200901171201.n0HC0YsL012772@safir.blacknight.ie> Message-ID: <49bac053.0eff300a.6376.3836@mx.google.com> Hi Apologies this is off-topic, but can anyone recommend an application for cleaning email lists, ie, checking whether the address is still valid but not sending a message? From mrm at quantumcc.com Fri Mar 13 21:09:15 2009 From: mrm at quantumcc.com (Mike Masse) Date: Fri Mar 13 21:09:36 2009 Subject: OT: Mail list cleaning In-Reply-To: <49bac053.0eff300a.6376.3836@mx.google.com> References: <200901171201.n0HC0YsL012772@safir.blacknight.ie> <49bac053.0eff300a.6376.3836@mx.google.com> Message-ID: I would think if such an application existed, that most spammers would have their dreams answered. Most email list manager software will tell you if email is bouncing back due to bad address. Paul Welsh wrote: > Hi > > Apologies this is off-topic, but can anyone recommend an application for > cleaning email lists, ie, checking whether the address is still valid but > not sending a message? > From mhw at WittsEnd.com Fri Mar 13 21:09:24 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Fri Mar 13 21:09:44 2009 Subject: OT: Mail list cleaning In-Reply-To: <49bac053.0eff300a.6376.3836@mx.google.com> References: <49bac053.0eff300a.6376.3836@mx.google.com> Message-ID: <1236978565.6508.131.camel@canyon.wittsend.com> On Fri, 2009-03-13 at 20:21 +0000, Paul Welsh wrote: > Hi > Apologies this is off-topic, but can anyone recommend an application for > cleaning email lists, ie, checking whether the address is still valid but > not sending a message? It's the "but not sending a message" that's going to get you. Most listserver packages I've used have some method of catching most bounces and automatically unsubscribing most of them. Unfortunately, there's always some dain bramaged MTA which just absolutely refused to give you enough information back (Exchange use to be the WORST), and it gets even worse when someone has subscribed another mail exploder compounding the problem. I use to run some majordomo lists years ago and that one didn't do a very good job of autocleaning. One of our larger lists (several thousand subscribers) was slowing down so bad the latency was getting out of hand. I came up with a janitor program that would run monthly and took advantage of the "+" extensions and then sent everyone an individualized message from the list name "+" an md5 hash extension I could intercept for any bounces. The hash was in the subject, in the body, in the message id, in the from, in the reply-to, in the errors-to, and in the envelope From_. If I got anything back (and that included people who wanted to unsubscribe and were too clueless to read the instructions) they were dump from the list. After that, I was seeing some of my high subscriber / high turnover lists clean out as much as 10% a month in churn and the performance shot right back up. Never got a single complaint. Even got a few compliments. I explained in great detail why they were getting the reminder and even that they could unsubscribe, if they wished, by replying. Caught a few people with misconfigured autoresponders (I had Precedent: bulk) so I was even performing a public service and the frequency of autoresponder complaints on my lists also dropped off as the subscribers wised up. But you have to send a message. Many many sites disable EXPN and VRFY on the MTA so you can't tell that way (spammers and hackers were abusing them to identify targets). Even then, it wouldn't help with aliases, relays, other mail exploders, and subsidiary lists. You have to send a message. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090313/89b7ec4e/attachment.bin From ka at pacific.net Fri Mar 13 21:11:05 2009 From: ka at pacific.net (Ken A) Date: Fri Mar 13 21:11:51 2009 Subject: OT: Mail list cleaning In-Reply-To: <49bac053.0eff300a.6376.3836@mx.google.com> References: <49bac053.0eff300a.6376.3836@mx.google.com> Message-ID: <49BACBE9.2020305@pacific.net> Paul Welsh wrote: > Hi > > Apologies this is off-topic, but can anyone recommend an application for > cleaning email lists, ie, checking whether the address is still valid but > not sending a message? > uhhh.. no. Allowing that would not be a good design choice. ;-) So... What do we do when we have a new clueless customer who comes to us with their LIST of 'subscribers' that they obtained from who knows where? We take them to a dark room, and shine a 200 watt bulb into their face. We tell them that we only allow confirmed opt-in email, but if at our discretion, their list appears mostly valid, we will allow them to send a single brief email, compliant with all current laws of course. ugh. The email must contain a link back to verify that the recipient wishes to continue on the mailing list. If the recipient does not respond within a week, then they must be removed automatically. The only other option is to toss out the list completely, or connect the electrodes... Also, we sometimes recommend reputable email marketing companies for larger enterprises that wish to have all the bells and whistles of customer contact, marketing, and tracking and whatever. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From hvdkooij at vanderkooij.org Fri Mar 13 21:12:46 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 13 21:12:56 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> <49B3949D.90606@vanderkooij.org> Message-ID: <49BACC4E.5050705@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 3-8-2009 1:49 AM Hugo van der Kooij spake the following: >> Scott Silva wrote: >>> I just found that, and saw your message just before I hit send. >>> Sorry, but no IP6 here yet to play with. At least not externally. >> IT takes about 5 minutes to get IPv6 to your network with a tunnelbroker. >> >> Hugo. >> > Since the check signers have no interest, it will have to remain on the back > burner unless there is an option that is free as in the beer I will want to be > drinking while I learn something new! ;-P www.tunnelbroker.net Most definitly worth more then you pay for it. Since you pay nothing that isn' t hard ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm6zEwACgkQBvzDRVjxmYFdEACfcCAsSQlNwb1BTmAm5cTBrJJ7 LN0AnRmtuJcU/Wk4QEk3oqlshn3N8K70 =maST -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Fri Mar 13 21:29:29 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 13 21:29:39 2009 Subject: How to Remove X-headers In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> Message-ID: <49BAD039.2010003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > We've hit the same issue this week. > > The relevant Microsoft documentation is here: > > Understanding the Impact of Named Property and Replica Identifier Limits > on Exchange Databases > > http://technet.microsoft.com/en-us/library/bb851492.aspx > > Events 9666, 9667, 9668, and 9669 Received When Named Properties or > Replica Identifiers Are Depleted for An Exchange Database > > http://technet.microsoft.com/en-us/library/bb851495.aspx > > Note how Microsoft has completely lost the plot on this one, and fails > to understand that there could be any number of unique X- header lines, > not just their arbitrary limit of at most 327766 "Named properties". So if I start adding randomness to my headers and send out enough email to an exchange server I will get the Exchange admin into a tight spot? I must say I almost feel tempted to install just such a scheme to hit on Microsoft admins worldwide ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm60DcACgkQBvzDRVjxmYH/IwCcD9udEwYwxdB6EHmyOlrxobc4 puAAniHGck+57I0fuyRGnU6ruVeAQcCK =ixmU -----END PGP SIGNATURE----- From Kevin_Miller at ci.juneau.ak.us Fri Mar 13 21:48:42 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 13 21:49:04 2009 Subject: How to Remove X-headers In-Reply-To: <49BAD039.2010003@vanderkooij.org> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49BAD039.2010003@vanderkooij.org> Message-ID: <4A09477D575C2C4B86497161427DD94C0D0E80D5C1@CITY-EXCHANGE07.cbj.local> Hugo van der Kooij wrote: > I must say I almost feel tempted to install just such a scheme to hit > on Microsoft admins worldwide ;-) No, don't do that. Some of use run Exchange under duress... ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ms-list at alexb.ch Fri Mar 13 21:51:18 2009 From: ms-list at alexb.ch (Alex Broens) Date: Fri Mar 13 21:51:27 2009 Subject: How to Remove X-headers In-Reply-To: <49BAD039.2010003@vanderkooij.org> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49BAD039.2010003@vanderkooij.org> Message-ID: <49BAD556.9090907@alexb.ch> On 3/13/2009 10:29 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: >> We've hit the same issue this week. >> >> The relevant Microsoft documentation is here: >> >> Understanding the Impact of Named Property and Replica Identifier Limits >> on Exchange Databases >> >> http://technet.microsoft.com/en-us/library/bb851492.aspx >> >> Events 9666, 9667, 9668, and 9669 Received When Named Properties or >> Replica Identifiers Are Depleted for An Exchange Database >> >> http://technet.microsoft.com/en-us/library/bb851495.aspx >> >> Note how Microsoft has completely lost the plot on this one, and fails >> to understand that there could be any number of unique X- header lines, >> not just their arbitrary limit of at most 327766 "Named properties". > > So if I start adding randomness to my headers and send out enough email > to an exchange server I will get the Exchange admin into a tight spot? > > I must say I almost feel tempted to install just such a scheme to hit on > Microsoft admins worldwide ;-) hey, no need to go thru such trouble.... consider how many of these are silently doing it for you, nice and slowly. till at one point, 10 mails will DOS a box. Botnets attacks are peanuts compared to this. lets start counting: ESP's tracking & X-Mail headers. Antispam devices adding huge header sets MUA headers MailScanner Organisation/etc unique headers Devices using Spamassassin with modified header sets BATV type implementations there sooooooo many out there at some point there'll be global panic hitting Microsoft related forums/lists. Honestly, dunno if one should start sending out advisories to clients to prepare for the big bang, or does M$ ack and promise to provide a fix? Alex From ssilva at sgvwater.com Fri Mar 13 22:06:07 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 13 22:10:14 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <49BACC4E.5050705@vanderkooij.org> References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> <49B3949D.90606@vanderkooij.org> <49BACC4E.5050705@vanderkooij.org> Message-ID: on 3-13-2009 2:12 PM Hugo van der Kooij spake the following: > Scott Silva wrote: >> on 3-8-2009 1:49 AM Hugo van der Kooij spake the following: >>> Scott Silva wrote: >>>> I just found that, and saw your message just before I hit send. >>>> Sorry, but no IP6 here yet to play with. At least not externally. >>> IT takes about 5 minutes to get IPv6 to your network with a tunnelbroker. >>> >>> Hugo. >>> >> Since the check signers have no interest, it will have to remain on the back >> burner unless there is an option that is free as in the beer I will want to be >> drinking while I learn something new! ;-P > > www.tunnelbroker.net > > Most definitly worth more then you pay for it. Since you pay nothing > that isn' t hard ;-) > > Hugo. > Thanks Hugo! I'll have a look. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090313/c5e829ab/signature.bin From ssilva at sgvwater.com Fri Mar 13 22:11:33 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 13 22:15:10 2009 Subject: How to Remove X-headers In-Reply-To: <49BAD556.9090907@alexb.ch> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49BAD039.2010003@vanderkooij.org> <49BAD556.9090907@alexb.ch> Message-ID: on 3-13-2009 2:51 PM Alex Broens spake the following: > On 3/13/2009 10:29 PM, Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Randal, Phil wrote: >>> We've hit the same issue this week. >>> >>> The relevant Microsoft documentation is here: >>> >>> Understanding the Impact of Named Property and Replica Identifier Limits >>> on Exchange Databases >>> >>> http://technet.microsoft.com/en-us/library/bb851492.aspx >>> >>> Events 9666, 9667, 9668, and 9669 Received When Named Properties or >>> Replica Identifiers Are Depleted for An Exchange Database >>> >>> http://technet.microsoft.com/en-us/library/bb851495.aspx >>> Note how Microsoft has completely lost the plot on this one, and fails >>> to understand that there could be any number of unique X- header lines, >>> not just their arbitrary limit of at most 327766 "Named properties". >> >> So if I start adding randomness to my headers and send out enough email >> to an exchange server I will get the Exchange admin into a tight spot? >> >> I must say I almost feel tempted to install just such a scheme to hit on >> Microsoft admins worldwide ;-) > > hey, no need to go thru such trouble.... > > consider how many of these are silently doing it for you, nice and > slowly. till at one point, 10 mails will DOS a box. > Botnets attacks are peanuts compared to this. > > lets start counting: > > ESP's tracking & X-Mail headers. > Antispam devices adding huge header sets > MUA headers > MailScanner Organisation/etc unique headers > Devices using Spamassassin with modified header sets > BATV type implementations > > there sooooooo many out there at some point there'll be global panic > hitting Microsoft related forums/lists. > > Honestly, dunno if one should start sending out advisories to clients to > prepare for the big bang, or does M$ ack and promise to provide a fix? > > Alex Microsoft will probably SELL a fix as an upgraded Exchange version. Or they will sue everybody when they suddenly find that they own the patent for mail headers! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090313/b47a5e93/signature.bin From mhw at WittsEnd.com Fri Mar 13 22:42:19 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Fri Mar 13 22:42:44 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <49BACC4E.5050705@vanderkooij.org> References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> <49B3949D.90606@vanderkooij.org> <49BACC4E.5050705@vanderkooij.org> Message-ID: <1236984139.6508.162.camel@canyon.wittsend.com> On Fri, 2009-03-13 at 22:12 +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Scott Silva wrote: > > on 3-8-2009 1:49 AM Hugo van der Kooij spake the following: > >> Scott Silva wrote: > >>> I just found that, and saw your message just before I hit send. > >>> Sorry, but no IP6 here yet to play with. At least not externally. > >> IT takes about 5 minutes to get IPv6 to your network with a tunnelbroker. > >> > >> Hugo. > >> > > Since the check signers have no interest, it will have to remain on the back > > burner unless there is an option that is free as in the beer I will want to be > > drinking while I learn something new! ;-P > www.tunnelbroker.net ^^^^^^^^^^^^^^^^^^^^ Hurricane Electric. Good people there. Also: FreeNet6: freenet6.net / go6.net / hexago.net (Canada) SixXS: sixxs.net (Europe) And my favorite OCCAID: www.occaid.org (US) (SixXS actually handles their end user management now.) All free. You can get /64's, /56's, and even /48's (you may have to ask separately for a whole /48). Hurricane Electric (Tunnelbroker.net) and OCCAID also offer BGP over IPv6. You can also use 6to4 where each and every IPv4 address has an entire IPv6 /48 network assigned to it: 2002:{IPv4}::/48. That works very well and anywhere you can get to Hurricane Electric or OCCAID (both of which require IP protocol 41). FreeNet6 also offers TSP (UDP based) which will work over NAT devices better than protocol 41. Then there's also Teredo (IPv6 over UDP) which works if you are only looking to route a single leaf host. > Most definitly worth more then you pay for it. Since you pay nothing > that isn' t hard ;-) I have accounts with all of the above in the US (plus SixXs in Europe). All of them are very reliable. There are times when I have measured better performance over IPv6 between the US and Europe than over IPv4. OCCAID probably has the most number of POPs (Points of Presence) around the US right now and that's my preferred tunnel broker. I've found there is no place on the Internet I can not get to IPv6 when I want to. I've even routed IPv6 out 3 cruise ships at sea over the years. > Hugo. > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090313/6b03911c/attachment.bin From rcooper at dwford.com Fri Mar 13 23:37:52 2009 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 13 23:38:06 2009 Subject: How to Remove X-headers In-Reply-To: <49BAD039.2010003@vanderkooij.org> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch><7EF0EE5CB3B263488C8C18823239BEBA062285B2@HC-MBX02.herefordshire.gov.uk> <49BAD039.2010003@vanderkooij.org> Message-ID: <4E252095143840BD9DD1A831F24D3A3E@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Hugo van der Kooij > Sent: Friday, March 13, 2009 5:29 PM > To: MailScanner discussion > Subject: Re: How to Remove X-headers > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Randal, Phil wrote: > > We've hit the same issue this week. > > > > The relevant Microsoft documentation is here: > > > > Understanding the Impact of Named Property and Replica > Identifier Limits > > on Exchange Databases > > > > http://technet.microsoft.com/en-us/library/bb851492.aspx > > > > Events 9666, 9667, 9668, and 9669 Received When Named Properties or > > Replica Identifiers Are Depleted for An Exchange Database > > > > http://technet.microsoft.com/en-us/library/bb851495.aspx > > > > Note how Microsoft has completely lost the plot on this > one, and fails > > to understand that there could be any number of unique X- > header lines, > > not just their arbitrary limit of at most 327766 "Named properties". I doubt its arbitrary, they are obviously tracking the count as a short (16 bit) datatype integer and should be able to fix it by recasting whatever they are tracking. It is an interesting choice in data types, in today's world one would think an integer would be the absolute min and it kind of points to the 16 bit framework that is buried in everything Microsoft. Rick > > So if I start adding randomness to my headers and send out > enough email > to an exchange server I will get the Exchange admin into a tight spot? > > I must say I almost feel tempted to install just such a > scheme to hit on > Microsoft admins worldwide ;-) > > Hugo. > > - -- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.welsh.3 at googlemail.com Sat Mar 14 15:10:21 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Sat Mar 14 15:10:29 2009 Subject: OT: Mail list cleaning Message-ID: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> Thanks for the responses, everyone. To give some background, the company I work for has about 50,000 customer email addresses collected over years but not used yet. The idea is to start using them. The customers were told we'd be sending marketing material by email but it was on the basis of "we will email you unless you write to us" basis - this was part of their finance agreement with us. The Marketing dept said wanted to "clean" the list before emailing all the customers to tell them about our soon-to-be-launched new web site, hence the idea of checking the addresses. My initial response was to send the message and clean the list on the basis of the bounce backs and unsubscribe requests. I did find a few $30 type apps on the web such as email verifier here - www.maxprog.com. You can import a file of addresses and the app then does an MX lookup and then an SMTP helo, mail from and rcpt to on each address. The results can be exported to a tab delimited file. All well and good I thought, but then I saw the excludes list and noted that nearly all the popular providers like Yahoo, BTOpenWorld, AOL, etc, were excluded. It dawned on me that these providers don't do any address checking prior to accepting a message for delivery - presumably to circumvent spammers using dictionary attacks to figure out which addresses are valid. It strikes me that we need a "proper" mailing list application to process the bounce backs and unsubscribes. Any suggestions? Is unsubscribing via a web link the way to go these days? From ms-list at alexb.ch Sat Mar 14 15:28:39 2009 From: ms-list at alexb.ch (Alex Broens) Date: Sat Mar 14 15:28:47 2009 Subject: OT: Mail list cleaning In-Reply-To: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> References: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> Message-ID: <49BBCD27.7050404@alexb.ch> On 3/14/2009 4:10 PM, Paul Welsh wrote: > Thanks for the responses, everyone. > > To give some background, the company I work for has about 50,000 > customer email addresses collected over years but not used yet. The > idea is to start using them. The customers were told we'd be sending > marketing material by email but it was on the basis of "we will email > you unless you write to us" basis - this was part of their finance > agreement with us. > > The Marketing dept said wanted to "clean" the list before emailing all > the customers to tell them about our soon-to-be-launched new web site, > hence the idea of checking the addresses. > > My initial response was to send the message and clean the list on the > basis of the bounce backs and unsubscribe requests. > > I did find a few $30 type apps on the web such as email verifier here > - www.maxprog.com. You can import a file of addresses and the app > then does an MX lookup and then an SMTP helo, mail from and rcpt to on > each address. The results can be exported to a tab delimited file. > > All well and good I thought, but then I saw the excludes list and > noted that nearly all the popular providers like Yahoo, BTOpenWorld, > AOL, etc, were excluded. It dawned on me that these providers don't > do any address checking prior to accepting a message for delivery - > presumably to circumvent spammers using dictionary attacks to figure > out which addresses are valid. > > It strikes me that we need a "proper" mailing list application to > process the bounce backs and unsubscribes. Any suggestions? Is > unsubscribing via a web link the way to go these days? get a decent ESP to manage this for you. Just remember that many are blacklisted in some way or or another, on many sites so if you go cheap, you get what you pay for. Alex From J.Ede at birchenallhowden.co.uk Sat Mar 14 17:46:27 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Mar 14 17:46:58 2009 Subject: OT: Mail list cleaning In-Reply-To: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> References: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> Message-ID: <1213490F1F316842A544A850422BFA961C09CF74@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: 14 March 2009 15:10 > To: mailscanner@lists.mailscanner.info > Subject: Re: OT: Mail list cleaning > > Thanks for the responses, everyone. > > To give some background, the company I work for has about 50,000 > customer email addresses collected over years but not used yet. The > idea is to start using them. The customers were told we'd be sending > marketing material by email but it was on the basis of "we will email > you unless you write to us" basis - this was part of their finance > agreement with us. > > The Marketing dept said wanted to "clean" the list before emailing all > the customers to tell them about our soon-to-be-launched new web site, > hence the idea of checking the addresses. > > My initial response was to send the message and clean the list on the > basis of the bounce backs and unsubscribe requests. > > I did find a few $30 type apps on the web such as email verifier here > - www.maxprog.com. You can import a file of addresses and the app > then does an MX lookup and then an SMTP helo, mail from and rcpt to on > each address. The results can be exported to a tab delimited file. > > All well and good I thought, but then I saw the excludes list and > noted that nearly all the popular providers like Yahoo, BTOpenWorld, > AOL, etc, were excluded. It dawned on me that these providers don't > do any address checking prior to accepting a message for delivery - > presumably to circumvent spammers using dictionary attacks to figure > out which addresses are valid. > > It strikes me that we need a "proper" mailing list application to > process the bounce backs and unsubscribes. Any suggestions? Is > unsubscribing via a web link the way to go these days? For mailing list applications we used to use mailman, which is ok, but the bounce handling in it isn't great (or didn't use to be!). Now we use sympa, which takes a fair bit more configuring, but seems to do the job nicely and you can have multiple outgoing smtp gateways linked in with it. Both of these you can just cut and paste a list into them. Just make sure you have an unsubscribe link that works and an abuse@ mailbox in case anybody gets irate. Jason From MailScanner at ecs.soton.ac.uk Sun Mar 15 13:36:13 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 15 13:36:38 2009 Subject: How to Remove X-headers In-Reply-To: <20090313125948.M75170@mail.txwes.edu> References: <20090311214836.M92789@mail.txwes.edu> <49B84106.6070201@alexb.ch> <49B8CA22.3080202@waversveld.nl> <20090312135558.M65770@mail.txwes.edu> <20090312141015.M36577@mail.txwes.edu> <49B91A8C.2030409@ecs.soton.ac.uk> <49B91EF3.4070709@ecs.soton.ac.uk> <20090312144756.M75784@mail.txwes.edu> <49B927A7.3030105@ecs.soton.ac.uk> <49B92CBC.1000905@ecs.soton.ac.uk> <20090313125948.M75170@mail.txwes.edu> Message-ID: <49BD044D.9090707@ecs.soton.ac.uk> I have found and fixed that bug. Missed out a $pos++ in a loop exit condition. Please try 4.75.9-2. Cheers, Jules. On 13/3/09 13:05, Glenn wrote: > Julian - Thanks very much for adding this functionality. I tried upgrading > our Red Hat EL4/Postfix machines, and the new version stopped mail flow > altogether. I have gone back to the older version (4.73.4-2) until I can > figure out what went wrong. -Glenn. > > > ---------- Original Message ----------- > From: Julian Field > To: MailScanner discussion > Sent: Thu, 12 Mar 2009 15:39:40 +0000 > Subject: Re: How to Remove X-headers > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On the basis that sounds fairly sensible and appears to provide the >> flexibility people are after, I have written and released it as 4.75.9. >> >> There is new text near the start of the description of "Remove These >> Headers" which says this: >> >> # This is a space-separated list of a mixture of any combination of >> # 1. Names of headers, optionally ending with a ':' >> # (the ':' will be added if not supplied) >> # 2. Regular expressions starting and ending with a '/'. >> # These regular expressions are matched against the entire header line, >> # not just the name of the header. >> # **NOTE** The regular expressions must *not* contain spaces, >> # so use '\s' instead of ' '. >> >> It appears to work fine in sendmail, I would be grateful if people >> using other mailers could also test it for me. >> >> Thanks guys, >> Jules. >> >> On 12/3/09 15:17, Julian Field wrote: >> >>> * PGP Signed: 03/12/09 at 15:18:00 >>> >>> Okay, no problem. >>> The new functionality will still take a list of header names or >>> regexps. The regexps mustn't contain spaces or I can't parse them, so >>> use \s when you mean a space. >>> Header names can optionally end in a ':', it will be added if not >>> supplied. >>> Header names can optionally be of the form /regular-expression/ in >>> which case this will be applied to the whole header line (including >>> the name and value of the header of course). The test will be appled >>> in a case-insensitive manner. >>> >>> Is that what people want? >>> >>> Jules. >>> >>> On 12/3/09 14:58, Glenn wrote: >>> >>>> Julian - Yes, I tried X-Mime.* and it does not work. >>>> >>>> It seems the X-header limit in Microsoft Exchange is just now >>>> beginning to >>>> cause problems. There is already a commercial fix for Exchange 2007 >>>> (http://www.codeplex.com/HeaderFilterAgent), but of course we are using >>>> Exchange 2003. So you have at least one "people" who could put this >>>> functionality to use, and probably others will be looking for it soon. >>>> Thanks. -Glenn. >>>> >>>> >>>> ---------- Original Message ----------- >>>> From: Julian Field >>>> To: MailScanner discussion >>>> Sent: Thu, 12 Mar 2009 14:40:51 +0000 >>>> Subject: Re: How to Remove X-headers >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Have just taken a look at the code. >>>>> Have you tried something like this in your ruleset >>>>> >>>>> From: 10.11.12.13 X-Mime.* >>>>> >>>>> as I think that may well indeed work. It won't work in Exim, but may >>>>> well work in the others. >>>>> If people want this functionality put in properly so you could do >>>>> something like >>>>> From: 10.11.12.13 ^X-Mime.* >>>>> to anchor it properly, then I could add this. >>>>> >>>>> Jules. >>>>> >>>>> On 12/3/09 14:22, Julian Field wrote: >>>>> >>>>>>> Old Signed: 03/12/09 at 14:22:04 >>>>>>> >>>>>> No, you can't use a regular expression to define which headers you >>>>>> want to remove, just a list of header names. I'm fairly sure the >>>>>> documentation does not imply that you *can* use regexps here. >>>>>> >>>>>> On 12/3/09 14:14, Glenn wrote: >>>>>> >>>>>>> Oh, sorry, I did not read Joost's post carefully enough to see the >>>>>>> difference >>>>>>> between his expression and mine. However, I just tested his >>>>>>> expression, /^X- >>>>>>> Mime.*\:/ , and it doesn't work either. I am wondering if >>>>>>> MailScanner can >>>>>>> use Perl expressions in this ruleset? Thanks again. -Glenn. >>>>>>> >>>>>>> ---------- Original Message ----------- >>>>>>> From: "Glenn" >>>>>>> To: MailScanner discussion >>>>>>> Sent: Thu, 12 Mar 2009 09:02:37 -0500 >>>>>>> Subject: Re: How to Remove X-headers >>>>>>> >>>>>>> >>>>>>>> Thanks for all the attention, but I'm afraid I still have the same >>>>>>>> problem. Regardless of the propriety of doing so, I would like to >>>>>>>> be able to filter headers using the "Remove These Headers" ruleset, >>>>>>>> and I can't get it to work with Perl regular expressions. >>>>>>>> Joost's >>>>>>>> post seems to confirm that I am using an expression that should >>>>>>>> remove the X-MimeOLE: header, but it doesn't. Can anyone shed light >>>>>>>> on this? Thanks. -Glenn. >>>>>>>> >>>>>>>> ---------- Original Message ----------- >>>>>>>> From: Joost Waversveld >>>>>>>> To: MailScanner discussion >>>>>>>> Sent: Thu, 12 Mar 2009 09:38:58 +0100 >>>>>>>> Subject: Re: How to Remove X-headers >>>>>>>> >>>>>>>> >>>>>>>>> /^XMime.*\:/ would match XMime (and not X- >>>>>>>>> Mime) >>>>>>>>> >>>>>>>>> The regular expression should be /^X-Mime.*\:/ >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> >>>>>>>>> Joost Waversveld >>>>>>>>> >>>>>>>>> Alex Broens wrote: >>>>>>>>> >>>>>>>>>> On 3/11/2009 10:50 PM, Glenn wrote: >>>>>>>>>> >>>>>>>>>>> We use MailScanner and Postfix on a mail gateway server and >>>>>>>>>>> forward >>>>>>>>>>> mail to an internal Microsoft Exchange 2003 server. Evidently, >>>>>>>>>>> enough X-headers have accumulated in an Exchange database to >>>>>>>>>>> cause a >>>>>>>>>>> problem, so we need to remove X-headers before they are >>>>>>>>>>> forwarded to >>>>>>>>>>> the Exchange server. >>>>>>>>>>> >>>>>>>>>>> There is a line in MailScanner.conf that allows us to name >>>>>>>>>>> whatever >>>>>>>>>>> headers we want to remove ("Remove These Headers"), but this >>>>>>>>>>> raises >>>>>>>>>>> some questions. If we just blanket remove all X-headers, >>>>>>>>>>> won't this >>>>>>>>>>> defeat features of MailScanner that depend on MailScanner adding >>>>>>>>>>> headers? >>>>>>>>>>> >>>>>>>>>>> According to hints in the MailScanner rules directory, we >>>>>>>>>>> should be >>>>>>>>>>> able to use regular Perl expresssions to create a ruleset to >>>>>>>>>>> exclude >>>>>>>>>>> certain headers from the delete list. My problem is that I don't >>>>>>>>>>> have a clue how to write regular Perl expressions. From what >>>>>>>>>>> I've >>>>>>>>>>> read online, for example, the lines below should be >>>>>>>>>>> equivalent, but >>>>>>>>>>> when I use the Perl expression in the ruleset it doesn't work. >>>>>>>>>>> >>>>>>>>>>> From: [ipaddress] X-MimeOLE: ##this removes the X-MimeOLE >>>>>>>>>>> header >>>>>>>>>>> >>>>>>>>>>> From: [ipaddress] /^XMime.*\:/ ##this doesn't >>>>>>>>>>> >>>>>>>>>>> I know this isn't a Perl forum, but I'm hoping that someone >>>>>>>>>>> who has >>>>>>>>>>> tried this can enlighten me. If I could just get a simple >>>>>>>>>>> expression >>>>>>>>>>> to work, I might be able to build what I need. Thanks. -Glenn. >>>>>>>>>>> >>>>>>>>>> Before you start breaking MIME headers, who told you this or >>>>>>>>>> what MS >>>>>>>>>> KB article covers this? >>>>>>>>>> >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> Joost Waversveld >>>>>>>>> >>>>>>>>> -- >>>>>>>>> MailScanner mailing list >>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>> >>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>> >>>>>>>> ------- End of Original Message ------- >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>> ------- End of Original Message ------- >>>>>>> >>>>>>> >>>>>> Jules >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> - -- Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: PGP Desktop 9.9.1 (Build 287) >>>>> Comment: Use Enigmail to decrypt or check this message is legitimate >>>>> Charset: ISO-8859-1 >>>>> >>>>> wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt >>>>> pgTRow7Fqx83C5gTW0Kilco= >>>>> =Iqy2 >>>>> -----END PGP SIGNATURE----- >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>> ------- End of Original Message ------- >>>> >>>> >>> Jules >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.9.1 (Build 287) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-1 >> >> wj8DBQFJuSy8EfZZRxQVtlQRArdmAKC05+diwhk2XuJoQ31gJASOjlX57QCcDcum >> B2jdj/D1uqVV8JA87+T0kHM= >> =p4ZI >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > ------- End of Original Message ------- > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Mar 16 15:09:26 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 16 15:09:37 2009 Subject: OT: set sendmail client IPv6 address In-Reply-To: <1236984139.6508.162.camel@canyon.wittsend.com> References: <49B03A5E.5030203@ecs.soton.ac.uk> <49B0466B.5010206@ecs.soton.ac.uk> <49B3949D.90606@vanderkooij.org> <49BACC4E.5050705@vanderkooij.org> <1236984139.6508.162.camel@canyon.wittsend.com> Message-ID: <49BE6BA6.4030201@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael H. Warfield wrote: > SixXS: sixxs.net > (Europe) There are 2 reasons I move away from SixXS. 1. Their people skills are far worse then mine. 2. They do not control the POPs and some POPs have been offline for weeks in the past. Those $0.02 made me move to HE as the sole IPv6 connectivity provider. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm+a6UACgkQBvzDRVjxmYH53gCgpCFdD3gjkPjNmoVbnfA6WA4v WbsAoLjNajZFV73qYGxOxDNVgcfKsIkr =KT9u -----END PGP SIGNATURE----- From danc at bluestarshows.com Mon Mar 16 15:53:24 2009 From: danc at bluestarshows.com (Dan Carl) Date: Mon Mar 16 15:54:10 2009 Subject: OT: Mail list cleaning In-Reply-To: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> References: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> Message-ID: <49BE75F4.5080406@bluestarshows.com> Paul Welsh wrote: > Thanks for the responses, everyone. > > To give some background, the company I work for has about 50,000 > customer email addresses collected over years but not used yet. The > idea is to start using them. The customers were told we'd be sending > marketing material by email but it was on the basis of "we will email > you unless you write to us" basis - this was part of their finance > agreement with us. > > The Marketing dept said wanted to "clean" the list before emailing all > the customers to tell them about our soon-to-be-launched new web site, > hence the idea of checking the addresses. > > My initial response was to send the message and clean the list on the > basis of the bounce backs and unsubscribe requests. > > I did find a few $30 type apps on the web such as email verifier here > - www.maxprog.com. You can import a file of addresses and the app > then does an MX lookup and then an SMTP helo, mail from and rcpt to on > each address. The results can be exported to a tab delimited file. > > All well and good I thought, but then I saw the excludes list and > noted that nearly all the popular providers like Yahoo, BTOpenWorld, > AOL, etc, were excluded. It dawned on me that these providers don't > do any address checking prior to accepting a message for delivery - > presumably to circumvent spammers using dictionary attacks to figure > out which addresses are valid. > > It strikes me that we need a "proper" mailing list application to > process the bounce backs and unsubscribes. Any suggestions? Is > unsubscribing via a web link the way to go these days? > I use bulkmail-perl, it's not fancy but if you don't mind working from terminal. It does the job. You can send both text and html messages with it. Then just put a link to a web page for people of unsubscribe. If you have 50,000 email list thats old. I'd be really surprised if half of them are still valid. A majority of people change their email addresses quite often for whatever reason. You may want to try sending an email out to all of them with some kind of an incentive for them to reply back. Then you'll have a "clean" list. From ms-list at alexb.ch Mon Mar 16 17:24:47 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 16 17:24:57 2009 Subject: OT: Mail list cleaning In-Reply-To: <49BE75F4.5080406@bluestarshows.com> References: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> <49BE75F4.5080406@bluestarshows.com> Message-ID: <49BE8B5F.7030606@alexb.ch> On 3/16/2009 4:53 PM, Dan Carl wrote: > Paul Welsh wrote: >> Thanks for the responses, everyone. >> >> To give some background, the company I work for has about 50,000 >> customer email addresses collected over years but not used yet. The >> idea is to start using them. The customers were told we'd be sending >> marketing material by email but it was on the basis of "we will email >> you unless you write to us" basis - this was part of their finance >> agreement with us. >> >> The Marketing dept said wanted to "clean" the list before emailing all >> the customers to tell them about our soon-to-be-launched new web site, >> hence the idea of checking the addresses. >> >> My initial response was to send the message and clean the list on the >> basis of the bounce backs and unsubscribe requests. >> >> I did find a few $30 type apps on the web such as email verifier here >> - www.maxprog.com. You can import a file of addresses and the app >> then does an MX lookup and then an SMTP helo, mail from and rcpt to on >> each address. The results can be exported to a tab delimited file. >> >> All well and good I thought, but then I saw the excludes list and >> noted that nearly all the popular providers like Yahoo, BTOpenWorld, >> AOL, etc, were excluded. It dawned on me that these providers don't >> do any address checking prior to accepting a message for delivery - >> presumably to circumvent spammers using dictionary attacks to figure >> out which addresses are valid. >> >> It strikes me that we need a "proper" mailing list application to >> process the bounce backs and unsubscribes. Any suggestions? Is >> unsubscribing via a web link the way to go these days? >> > I use bulkmail-perl, it's not fancy but if you don't mind working from > terminal. It does the job. > You can send both text and html messages with it. Then just put a link > to a web page for people of unsubscribe. > If you have 50,000 email list thats old. I'd be really surprised if half > of them are still valid. > A majority of people change their email addresses quite often for > whatever reason. > You may want to try sending an email out to all of them with some kind > of an incentive for them to reply back. > Then you'll have a "clean" list. and possibly be blacklisted if you hit traps - what you want to do is technically simple - but the methods and possible outcome are not trivial. Get advice from a decent ESP before you ruin your reputation. (sadly ESPs standards are falling and they're all letting their pants down for a buck) have fun. Alex From alex at rtpty.com Mon Mar 16 19:01:08 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 16 19:08:52 2009 Subject: OT: Mail list cleaning In-Reply-To: <49BE8B5F.7030606@alexb.ch> References: <49df20710903140810p45cb53d8yda4aaf8b8a1f7b5f@mail.gmail.com> <49BE75F4.5080406@bluestarshows.com> <49BE8B5F.7030606@alexb.ch> Message-ID: <24e3d2e40903161201m421e22b1q6f3a38f693561763@mail.gmail.com> My ESP advisor reads peoples minds ;-) On Mon, Mar 16, 2009 at 12:24 PM, Alex Broens wrote: > On 3/16/2009 4:53 PM, Dan Carl wrote: > >> Paul Welsh wrote: >> >>> Thanks for the responses, everyone. >>> >>> To give some background, the company I work for has about 50,000 >>> customer email addresses collected over years but not used yet. The >>> idea is to start using them. The customers were told we'd be sending >>> marketing material by email but it was on the basis of "we will email >>> you unless you write to us" basis - this was part of their finance >>> agreement with us. >>> >>> The Marketing dept said wanted to "clean" the list before emailing all >>> the customers to tell them about our soon-to-be-launched new web site, >>> hence the idea of checking the addresses. >>> >>> My initial response was to send the message and clean the list on the >>> basis of the bounce backs and unsubscribe requests. >>> >>> I did find a few $30 type apps on the web such as email verifier here >>> - www.maxprog.com. You can import a file of addresses and the app >>> then does an MX lookup and then an SMTP helo, mail from and rcpt to on >>> each address. The results can be exported to a tab delimited file. >>> >>> All well and good I thought, but then I saw the excludes list and >>> noted that nearly all the popular providers like Yahoo, BTOpenWorld, >>> AOL, etc, were excluded. It dawned on me that these providers don't >>> do any address checking prior to accepting a message for delivery - >>> presumably to circumvent spammers using dictionary attacks to figure >>> out which addresses are valid. >>> >>> It strikes me that we need a "proper" mailing list application to >>> process the bounce backs and unsubscribes. Any suggestions? Is >>> unsubscribing via a web link the way to go these days? >>> >>> >> I use bulkmail-perl, it's not fancy but if you don't mind working from >> terminal. It does the job. >> You can send both text and html messages with it. Then just put a link to >> a web page for people of unsubscribe. >> If you have 50,000 email list thats old. I'd be really surprised if half >> of them are still valid. >> A majority of people change their email addresses quite often for whatever >> reason. >> You may want to try sending an email out to all of them with some kind of >> an incentive for them to reply back. >> Then you'll have a "clean" list. >> > > > and possibly be blacklisted if you hit traps - what you want to do is > technically simple - but the methods and possible outcome are not trivial. > > Get advice from a decent ESP before you ruin your reputation. > (sadly ESPs standards are falling and they're all letting their pants down > for a buck) > > have fun. > > Alex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090316/9f7b1fce/attachment.html From root at doctor.nl2k.ab.ca Mon Mar 16 22:13:22 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon Mar 16 22:15:13 2009 Subject: [luca@clamav.net: [Clamav-announce] announcing ClamAV 0.95rc2] Message-ID: <20090316221321.GA20992@doctor.nl2k.ab.ca> HEads up !! Morechanges. ----- Forwarded message from Luca Gibelli ----- Return-Path: clamav-announce-bounces@lists.clamav.net Received: from tad.clamav.net by doctor.nl2k.ab.ca (8.14.3/8.14.3) with ESMTP id n2GLE27p007077 for ; Mon, 16 Mar 2009 14:14:10 -0700 (MST) X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47FetRlPnn+D; Mon, 16 Mar 2009 22:13:56 +0100 (CET) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 16F6616C0B1; Mon, 16 Mar 2009 22:13:56 +0100 (CET) X-Original-To: clamav-announce@tad.clamav.net Delivered-To: clamav-announce@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8paeyBJTbnV for ; Mon, 16 Mar 2009 22:12:22 +0100 (CET) Received: from mosquito.nervous.bbs (localhost.localdomain [127.0.0.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by tad.clamav.net (Postfix) with ESMTP id 1748916C0B1 for ; Mon, 16 Mar 2009 22:12:22 +0100 (CET) Received: from nervous by mosquito.nervous.bbs with local (Exim 4.69) (envelope-from ) id 1LjK6g-0005be-Dp for clamav-announce@lists.clamav.net; Mon, 16 Mar 2009 22:12:22 +0100 Date: Mon, 16 Mar 2009 22:12:22 +0100 From: Luca Gibelli To: ClamAV Announce Message-ID: <20090316211222.GA21508@adsl.nervous.it> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-Mailman-Approved-At: Mon, 16 Mar 2009 22:13:52 +0100 Subject: [Clamav-announce] announcing ClamAV 0.95rc2 X-BeenThere: clamav-announce@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: noreply@clamav.net List-Id: ClamAV events are announced here List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: clamav-announce-bounces@lists.clamav.net Errors-To: clamav-announce-bounces@lists.clamav.net X-Null-Tag: 808ccafdc96da03d3a68fd62c057c9c8 X-NetKnow-InComing-4-75-9-1-MailScanner-Information: Please contact the ISP for more information X-NetKnow-InComing-4-75-9-1-MailScanner-ID: n2GLE27p007077 X-NetKnow-InComing-4-75-9-1-MailScanner: Found to be clean X-NetKnow-InComing-4-75-9-1-MailScanner-IP-Protocol: IPv4 X-NetKnow-InComing-4-75-9-1-MailScanner-From: clamav-announce-bounces@lists.clamav.net X-NetKnow-InComing-4-75-9-1-MailScanner-Watermark: 1237670071.04908@dWU4TTGYBlZJEVvgNj4cTw X-Spam-Status: No Dear ClamAV users, This is a second release candidate for ClamAV 0.95. It fixes a number of problems that were found in 0.95rc1 and provides support for Google Safe Browsing, which can be enabled by turning on the SafeBrowsing option in freshclam.conf. Please see 'man 5 freshclam.conf' and http://safebrowsing.clamav.net for more information. -- The ClamAV team (http://www.clamav.net/team) -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----- End forwarded message ----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Mon Mar 16 22:30:07 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 16 22:30:15 2009 Subject: SA SafeBrowsing plugin Message-ID: <49BED2EF.2060706@alexb.ch> Its been around for a while - easy to setup. http://search.cpan.org/~danborn/ It may be of use Seems to me that having this in a Clam sig could be more efficient. From ssilva at sgvwater.com Mon Mar 16 23:32:27 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 16 23:32:47 2009 Subject: McAfee autoupdater debugging Message-ID: I need some clues on where to look for a McAfee updater problem on my systems. One system updates fine but doesn't delete the old dats(CentOS 5.2). Another system doesn't update at all, but manually running the mcafee-autoupdate script does update, so it must be in the update_virus_scanner code or paths(CentOS 4.7). I don't see any logging done by the update_virus_scanner script. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090316/274719cd/signature.bin From ssilva at sgvwater.com Mon Mar 16 23:53:34 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 16 23:53:57 2009 Subject: McAfee autoupdater debugging In-Reply-To: References: Message-ID: on 3-16-2009 4:32 PM Scott Silva spake the following: > I need some clues on where to look for a McAfee updater problem on my systems. > One system updates fine but doesn't delete the old dats(CentOS 5.2). Another > system doesn't update at all, but manually running the mcafee-autoupdate > script does update, so it must be in the update_virus_scanner code or > paths(CentOS 4.7). > > I don't see any logging done by the update_virus_scanner script. > > > > Never mind on the updating, it was a corrupted virus.scanners.conf, but I still need a clue stick on the auto deletion of the old dat files, I will read the code some more in the AM. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090316/5302fb7b/signature.bin From mailscanner at barendse.to Tue Mar 17 08:31:32 2009 From: mailscanner at barendse.to (mailscanner) Date: Tue Mar 17 07:11:29 2009 Subject: 5115721 C-A-N-A-D-l-A-N P-H-A-R-M-A-C-Y Message-ID: <07af01c9a6e0$5d867db0$8271e358@bilgi> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090317/9418ff2b/attachment.html -------------- next part -------------- About this mailing: You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice. ?2009 Microsoft | Unsubscribe at http://vafqoyal.cn | More news at http://vafqoyal.cn | Prvacy at http://vafqoyal.cn Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 From glenn.steen at gmail.com Tue Mar 17 08:12:39 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 17 08:12:48 2009 Subject: McAfee autoupdater debugging In-Reply-To: References: Message-ID: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> 2009/3/17 Scott Silva : > on 3-16-2009 4:32 PM Scott Silva spake the following: >> I need some clues on where to look for a McAfee updater problem on my systems. >> One system updates fine but doesn't delete the old dats(CentOS 5.2). Another >> system doesn't update at all, but manually running the mcafee-autoupdate >> script does update, so it must be in the update_virus_scanner code or >> paths(CentOS 4.7). >> >> I don't see any logging done by the update_virus_scanner script. >> >> >> >> > Never mind on the updating, it was a corrupted virus.scanners.conf, but I > still need a clue stick on the auto deletion of the old dat files, I will read > the code some more in the AM. > IIRC there simply is none.... Was a while since last I looked though, so the usual memory corruption might have happened:-). I'll take a look and see what I find. In the mean time, might one suggest a "not-so-complex" find/cron solution?;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 17 08:38:01 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 17 08:38:09 2009 Subject: McAfee autoupdater debugging In-Reply-To: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> Message-ID: <223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> 2009/3/17 Glenn Steen : > 2009/3/17 Scott Silva : >> on 3-16-2009 4:32 PM Scott Silva spake the following: >>> I need some clues on where to look for a McAfee updater problem on my systems. >>> One system updates fine but doesn't delete the old dats(CentOS 5.2). Another >>> system doesn't update at all, but manually running the mcafee-autoupdate >>> script does update, so it must be in the update_virus_scanner code or >>> paths(CentOS 4.7). >>> >>> I don't see any logging done by the update_virus_scanner script. >>> >>> >>> >>> >> Never mind on the updating, it was a corrupted virus.scanners.conf, but I >> still need a clue stick on the auto deletion of the old dat files, I will read >> the code some more in the AM. >> > IIRC there simply is none.... Was a while since last I looked though, > so the usual memory corruption might have happened:-). > I'll take a look and see what I find. In the mean time, might one > suggest a "not-so-complex" find/cron solution?;) > > Cheers As suspected, the cleanup in that script is fairly broken, it seems. A lot of energy is laid on getting the "previous version", but ... only that. Seems like the script never reaches the delete part during normal operation ... unless "-d" is specified, no deletion will take place anyhow, so ... simplest is likely to do a simple cron thing, rather than trying to fix the script... or do some manual cleanup once in a while:-). At least as a fix. Then perhaps go over the logic of that script a bit more. Seems less than optimal in some ways, when it comes to cleanup:-). I might have a minute or two during the next couple of days, although .. as things are, I cannot promise anything. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jethro.binks at strath.ac.uk Tue Mar 17 12:18:14 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Mar 17 12:18:23 2009 Subject: Blocking of WMF Message-ID: For a long time we've had the following rule enabled: # JKF 01/01/2006 Another Microsoft security vulnerability deny \.wmf$ Windows Metafile security vulnerability Possible format attack in Windows More and more we are finding that .WMFs are being discovered in the zipfile that MS Office 2007 documents are composed of. This MS kb article alludes to one particular issue relating to "thumbnail.wmf" being detected: http://support.microsoft.com/kb/934284 but we very often see "image1.wmf", "image2.wmf", etc discovered too. Very often, the sending user is completely oblivious to the presence of images in the document (zip file), nor what to do to remove them or save them as something else, and at least in the case of the "thumbnail.wmf" content, this is something that the application itself has generated without the user knowing about it. So my question is twofold: 1. do other sites have this issue and what do they do about it; 2. is blocking of .WMF justified these days, given that patches for the potential vulnerability have been available for many years now. Is it still being actively exploited? Thoughts welcome, Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From prandal at herefordshire.gov.uk Tue Mar 17 12:33:44 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Mar 17 12:34:02 2009 Subject: Blocking of WMF In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA06359111@HC-MBX02.herefordshire.gov.uk> Should be OK (until next WMF vulnerability is discovered) if you have MS09-006 applied. http://www.microsoft.com/technet/security/Bulletin/ms09-006.mspx Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro R Binks Sent: 17 March 2009 12:18 To: mailscanner@lists.mailscanner.info Subject: Blocking of WMF For a long time we've had the following rule enabled: # JKF 01/01/2006 Another Microsoft security vulnerability deny \.wmf$ Windows Metafile security vulnerability Possible format attack in Windows More and more we are finding that .WMFs are being discovered in the zipfile that MS Office 2007 documents are composed of. This MS kb article alludes to one particular issue relating to "thumbnail.wmf" being detected: http://support.microsoft.com/kb/934284 but we very often see "image1.wmf", "image2.wmf", etc discovered too. Very often, the sending user is completely oblivious to the presence of images in the document (zip file), nor what to do to remove them or save them as something else, and at least in the case of the "thumbnail.wmf" content, this is something that the application itself has generated without the user knowing about it. So my question is twofold: 1. do other sites have this issue and what do they do about it; 2. is blocking of .WMF justified these days, given that patches for the potential vulnerability have been available for many years now. Is it still being actively exploited? Thoughts welcome, Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jethro.binks at strath.ac.uk Tue Mar 17 12:49:07 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Mar 17 12:49:17 2009 Subject: Blocking of WMF In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA06359111@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA06359111@HC-MBX02.herefordshire.gov.uk> Message-ID: On Tue, 17 Mar 2009, Randal, Phil wrote: > Should be OK (until next WMF vulnerability is discovered) if you have > MS09-006 applied. > > http://www.microsoft.com/technet/security/Bulletin/ms09-006.mspx Oh dear, I hadn't realised there were more recent discoveries of ways to exploit WMF. Sigh. Thanks, I think. Possibly permitting "thumbnail.wmf" specifically would be an acceptable compromise. Although I suppose if I wanted to exploit the format, that's the sort of filename I would use ... Jethro. > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. > Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro > R Binks > Sent: 17 March 2009 12:18 > To: mailscanner@lists.mailscanner.info > Subject: Blocking of WMF > > For a long time we've had the following rule enabled: > > # JKF 01/01/2006 Another Microsoft security vulnerability > deny \.wmf$ Windows Metafile security vulnerability > Possible format attack in Windows > > More and more we are finding that .WMFs are being discovered in the > zipfile that MS Office 2007 documents are composed of. This MS kb > article alludes to one particular issue relating to "thumbnail.wmf" > being > detected: > > http://support.microsoft.com/kb/934284 > > but we very often see "image1.wmf", "image2.wmf", etc discovered too. > > Very often, the sending user is completely oblivious to the presence of > images in the document (zip file), nor what to do to remove them or save > them as something else, and at least in the case of the "thumbnail.wmf" > content, this is something that the application itself has generated > without the user knowing about it. > > So my question is twofold: > > 1. do other sites have this issue and what do they do about it; > > 2. is blocking of .WMF justified these days, given that patches for the > potential vulnerability have been available for many years now. Is it > still being actively exploited? > > Thoughts welcome, > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . > . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From zate75 at gmail.com Tue Mar 17 14:21:18 2009 From: zate75 at gmail.com (Zate Berg) Date: Tue Mar 17 14:21:26 2009 Subject: Office 2007 is a problem for me. Message-ID: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> Hello, MailScanner is working wonderfully, except for Office 2007 files. I find that a lot of these files contain other blocked file contents, and are treated just like any other archive. Has anyone found a way to deal with these types of files without having to white list extensions that are known to be bad? I'd rather not have to allow *.bin , *.wmf or *.dat files through my mailscanner. thanks. Zate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090317/e85b8333/attachment.html From infernix at infernix.net Tue Mar 17 14:30:25 2009 From: infernix at infernix.net (infernix) Date: Tue Mar 17 14:30:37 2009 Subject: Spamassassin cache in mysql - feature request Message-ID: <49BFB401.706@infernix.net> Hi, I've got a few mailscanner nodes in a cluster which all have their own local sqlite spamassassin cache. They all process mail for the same domains in a round robin fashion. I looked at SA.pm for the code that does the caching and it seems that it should be easily adaptable to support a mysql server. Would it be possible to add support for this so that the cache can be stored in mysql? This would allow for a centralized spamassassin cache which, for obvious reasons, would be a nice performance benefit for those that use MailScanner in a multi node setup. I'll give it a shot myself but I'm not great with perl. If I do come up with a patch (read: hack) I will post it. Thanks! infernix From steveb_clamav at sanesecurity.com Tue Mar 17 14:38:38 2009 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Tue Mar 17 14:40:01 2009 Subject: Office 2007 is a problem for me. In-Reply-To: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> References: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> Message-ID: <33083.93.97.28.110.1237300718.squirrel@saturn.dataflame.net> > Hello, > > MailScanner is working wonderfully, except for Office 2007 files. I find > that a lot of these files contain other blocked file contents, and are > treated just like any other archive. Has anyone found a way to deal with > these types of files without having to white list extensions that are > known > to be bad? I'd rather not have to allow *.bin , *.wmf or *.dat files > through my mailscanner. As DOCX are zip files they start (PK) 504B and the docx files seems to have this common hex as the beginning: 130008025B436F6E74656E745F54797065735D2E786D6C20A2040228A0 So perhaps that could be used to tell the difference between it.. and a normal Zip archive? I'll go back to lurking now ;) Cheers, Steve Sanesecurity From jonas at vrt.dk Tue Mar 17 15:16:42 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Mar 17 15:16:56 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <49BFB401.706@infernix.net> References: <49BFB401.706@infernix.net> Message-ID: <000e01c9a713$6102f210$2308d630$@dk> When I setup our cluster I had the same though, im not sure the overhead of using a "real" sql server compared to sqllite is worth the extra performance you will get if identical mails hit multiple clusters. It would be interesting to test though. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From ecasarero at gmail.com Tue Mar 17 15:24:28 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 17 15:24:50 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <000e01c9a713$6102f210$2308d630$@dk> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> Message-ID: <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> 2009/3/17 Jonas Akrouh Larsen : > > When I setup our cluster I had the same though, im not sure the overhead of > using a "real" sql server compared to sqllite is worth the extra performance > you will get if identical mails hit multiple clusters. > > > It would be interesting to test though. > > IMHO running the cache.db in tmpfs (on ram) should be faster than mysql over tcp, however it depends on your configuration. just a balance between pros/cons. > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax: ? ?7020 0978 > Web: www.techbiz.dk > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jonas at vrt.dk Tue Mar 17 15:42:26 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Mar 17 15:42:40 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> Message-ID: <000f01c9a716$f9581bf0$ec0853d0$@dk> > IMHO running the cache.db in tmpfs (on ram) should be faster than > mysql over tcp, however it depends on your configuration. just a > balance between pros/cons. I think you missed the point, i think we can all agree the sqllite db on tmpfs is faster, but if u can share the cache between ur nodes, you should have a higher cache hit ratio as far as I can figure. Whether or not this cache hit ratio increase is worth the penalty of querying a central sql server is the question I guess. Even if you got a replication setup, so you query the sql server running on the local host, it will still be slower than sqllite on tmpfs. My 5 cents. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From jaearick at colby.edu Tue Mar 17 15:55:30 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 17 15:55:51 2009 Subject: russian spam tsunami? Message-ID: Gang, Has anybody else been getting buried by Cyrillic spam? We have been clobbered by it. A big boatload comes from ttnet.net.tr, aka Turktelekom -- I blocked every IP netblock of theirs that I could find this weekend. But it comes from lots of other places too. Suggestions, eg SA rules? Jeff Earickson Colby College From ka at pacific.net Tue Mar 17 16:04:10 2009 From: ka at pacific.net (Ken A) Date: Tue Mar 17 16:04:53 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <000f01c9a716$f9581bf0$ec0853d0$@dk> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> Message-ID: <49BFC9FA.20907@pacific.net> Jonas Akrouh Larsen wrote: >> IMHO running the cache.db in tmpfs (on ram) should be faster than >> mysql over tcp, however it depends on your configuration. just a >> balance between pros/cons. > > I think you missed the point, i think we can all agree the sqllite db on > tmpfs is faster, but if u can share the cache between ur nodes, you should > have a higher cache hit ratio as far as I can figure. > > Whether or not this cache hit ratio increase is worth the penalty of > querying a central sql server is the question I guess. > Even if you got a replication setup, so you query the sql server running on > the local host, it will still be slower than sqllite on tmpfs. What about memcached ? http://www.danga.com/memcached/, either in front of mysql or by itself. Ken > > My 5 cents. > > > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax: 7020 0978 > Web: www.techbiz.dk > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net From ms-list at alexb.ch Tue Mar 17 16:06:50 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue Mar 17 16:06:59 2009 Subject: russian spam tsunami? In-Reply-To: References: Message-ID: <49BFCA9A.6040602@alexb.ch> On 3/17/2009 4:55 PM, Jeff A. Earickson wrote: > Gang, > > Has anybody else been getting buried by Cyrillic spam? We have > been clobbered by it. A big boatload comes from ttnet.net.tr, > aka Turktelekom -- I blocked every IP netblock of theirs that I > could find this weekend. But it comes from lots of other places > too. Suggestions, eg SA rules? reject with zen at smtp level ? reject generic rdns patterns at smtp level ? reject generic rdns HELO patterns at smtp level ? that should get rid of a LOT From lists at tippingmar.com Tue Mar 17 17:23:45 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Mar 17 17:24:02 2009 Subject: russian spam tsunami? In-Reply-To: References: Message-ID: <49BFDCA1.2040202@tippingmar.com> Jeff A. Earickson wrote: > Gang, > > Has anybody else been getting buried by Cyrillic spam? We have > been clobbered by it. A big boatload comes from ttnet.net.tr, > aka Turktelekom -- I blocked every IP netblock of theirs that I > could find this weekend. But it comes from lots of other places > too. Suggestions, eg SA rules? > > Jeff Earickson > Colby College # One of those strange cyrillic fonts header LOCAL_CYRILLIC Subject:raw =~ /windows\-1251/i describe LOCAL_CYRILLIC Cyrillic fonts score LOCAL_CYRILLIC 4 You can do the same with other character sets. Mark Nienberg From dcurtis at sbschools.net Tue Mar 17 17:53:10 2009 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Mar 17 17:51:44 2009 Subject: Assumed disk failure? Message-ID: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> I have a mailscanner box (centos 5) running MailScanner 4.74.16. I am getting the below error over and over again in the maillog: Database complained about this: disk I/O error(10) at dbdimp.c line 271. I suggest you delete your /var/spool/MailScanner/incoming/SpamAssassin.cache.db file and let me re-create it for you I have deleted (moved the file) and I continue to get these errors. The computer is crawling right now and the i/o does not seem high enough to cause this. I am assuming I have a disk going bad and needs replacement? Is there any hope or should I just replace the drive? I am almost certain that I have replaced the drive in this unit less than a year ago due to drive errors. Any suggestions would be great. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090317/10bcbadd/attachment.html From Denis.Beauchemin at USherbrooke.ca Tue Mar 17 18:08:01 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 17 18:08:20 2009 Subject: Assumed disk failure? In-Reply-To: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> References: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> Message-ID: <49BFE701.5030100@USherbrooke.ca> dcurtis@sbschools.net a ?crit : > > I have a mailscanner box (centos 5) running MailScanner 4.74.16. I am > getting the below error over and over again in the maillog: > > Database complained about this: disk I/O error(10) at dbdimp.c line > 271. I suggest you delete your > /var/spool/MailScanner/incoming/SpamAssassin.cache.db file and let me > re-create it for you > > > > I have deleted (moved the file) and I continue to get these errors. > > > > The computer is crawling right now and the i/o does not seem high > enough to cause this. > > > > I am assuming I have a disk going bad and needs replacement? Is there > any hope or should I just replace the drive? I am almost certain that > I have replaced the drive in this unit less than a year ago due to > drive errors. > > > > Any suggestions would be great. > > > > > Are you sure you are not having memory problems instead? It is highly recommended to run that directory from a ram-disk. If it is your case, you may be running short on memory or having a faulty memory chip. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ecasarero at gmail.com Tue Mar 17 18:49:38 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 17 18:49:48 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <000f01c9a716$f9581bf0$ec0853d0$@dk> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> Message-ID: <7d9b3cf20903171149y33e4f826g6f33868ec437ca4c@mail.gmail.com> 2009/3/17 Jonas Akrouh Larsen : >> IMHO running the cache.db in tmpfs (on ram) should be faster than >> mysql over tcp, however it depends on your configuration. just a >> balance between pros/cons. > > I think you missed the point, i think we can all agree the sqllite db on > tmpfs is faster, but if u can share the cache between ur nodes, you should > have a higher cache hit ratio as far as I can figure. > > Whether or not this cache hit ratio increase is worth the penalty of > querying a central sql server is the question I guess. > Even if you got a replication setup, so you query the sql server running on > the local host, it will still be slower than sqllite on tmpfs. > > My 5 cents. > > I did some research in 1 of my servers, today i've procesed 8505 emails, with 338 cache hits. How can we measure if sharnig caches improves (a lot, a little, nothing) cache hits? (there is another server next to it) Obviously without much development so we can test if having a mysql server improves or not the scenario. > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > Laplandsgade 4, 2. sal > 2300 K?benhavn S > > Office: 7020 0979 > Direct: 3336 9974 > Mobile: 5120 1096 > Fax: ? ?7020 0978 > Web: www.techbiz.dk > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Tue Mar 17 20:00:27 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 17 20:05:12 2009 Subject: McAfee autoupdater debugging In-Reply-To: <223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> <223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> Message-ID: on 3-17-2009 1:38 AM Glenn Steen spake the following: > 2009/3/17 Glenn Steen : >> 2009/3/17 Scott Silva : >>> on 3-16-2009 4:32 PM Scott Silva spake the following: >>>> I need some clues on where to look for a McAfee updater problem on my systems. >>>> One system updates fine but doesn't delete the old dats(CentOS 5.2). Another >>>> system doesn't update at all, but manually running the mcafee-autoupdate >>>> script does update, so it must be in the update_virus_scanner code or >>>> paths(CentOS 4.7). >>>> >>>> I don't see any logging done by the update_virus_scanner script. >>>> >>>> >>>> >>>> >>> Never mind on the updating, it was a corrupted virus.scanners.conf, but I >>> still need a clue stick on the auto deletion of the old dat files, I will read >>> the code some more in the AM. >>> >> IIRC there simply is none.... Was a while since last I looked though, >> so the usual memory corruption might have happened:-). >> I'll take a look and see what I find. In the mean time, might one >> suggest a "not-so-complex" find/cron solution?;) >> >> Cheers > > As suspected, the cleanup in that script is fairly broken, it seems. A > lot of energy is laid on getting the "previous version", but ... only > that. Seems like the script never reaches the delete part during > normal operation ... unless "-d" is specified, no deletion will take > place anyhow, so ... simplest is likely to do a simple cron thing, > rather than trying to fix the script... or do some manual cleanup once > in a while:-). At least as a fix. Then perhaps go over the logic of > that script a bit more. Seems less than optimal in some ways, when it > comes to cleanup:-). > > I might have a minute or two during the next couple of days, although > .. as things are, I cannot promise anything. > > Cheers I just seem to remember it cleaning up after itself in the past (maybe distant past), so I had not been checking until I got a low space warning on the /usr partition. I guess I will just write ANOTHER cron job to clean this monster up. ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090317/089ab71c/signature.bin From jaearick at colby.edu Tue Mar 17 20:09:33 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 17 20:09:54 2009 Subject: MS, clam, sanesecurity sigs Message-ID: Julian, I'm trying to get the sanesecurity.co.uk unofficial clam sigs rolled into my MailScanner/clamd setup. I downloaded script 2 from sanesecurity, and went to work. The conf file for it wants to know this setting: # Set path to ClamAV database files location. If unsure, check # your clamd.conf file for the "DatabaseDirectory" path setting. clam_dbs="/opt/clamav/share/clamav" Being unsure, I looked at my clamd.conf file and found the DatabaseDirectory entry commented out: # Path to the database directory. # Default: hardcoded (depends on installation options) #DatabaseDirectory /var/lib/clamav So I guessed that this setting might be buried in MailScanner someplace, but I can't find it. Any idea what MailScanner thinks it is? My MailScanner.conf settings are: Virus Scanners = clamd sophos Monitors for ClamAV Updates = /opt/clamav/share/clamav/*.cld /opt/clamav/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 20971520 # (20 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd.socket Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes My clam database files are in /opt/clamav/share/clamav. Should the mbl-dbs, msrbl-dbs, si-dbs, and similiar directories end up in the same spot, or can they be elsewhere? The three email tests provided by sanesecurity all fail, ie the emails get through. My setup: Solaris 10, MS 4.74.13-2, clamd version 0.94.2. Any hints on how to get sanesecurity to join in with MailScanner? Jeff Earickson Colby College From jethro.binks at strath.ac.uk Tue Mar 17 20:44:44 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Mar 17 20:44:54 2009 Subject: MS, clam, sanesecurity sigs In-Reply-To: References: Message-ID: Caveat: I use clamd called directly from the MTA at SMTP-time, not within MailScanner. On Tue, 17 Mar 2009, Jeff A. Earickson wrote: > I'm trying to get the sanesecurity.co.uk unofficial clam sigs rolled > into my MailScanner/clamd setup. I downloaded script 2 from > sanesecurity, and went to work. The conf file for it wants to know this > setting: > > # Set path to ClamAV database files location. If unsure, check > # your clamd.conf file for the "DatabaseDirectory" path setting. > clam_dbs="/opt/clamav/share/clamav" > > Being unsure, I looked at my clamd.conf file and found the > DatabaseDirectory entry commented out: > > # Path to the database directory. > # Default: hardcoded (depends on installation options) > #DatabaseDirectory /var/lib/clamav > > So I guessed that this setting might be buried in MailScanner someplace, > but I can't find it. Any idea what MailScanner thinks it is? clamd will use the setting given in that DatabaseDirectory, if not set then presumably it has a default (which is probably that commented out one). To find out, set "Debug yes" in clamd.conf, start it, and look for a line like: LibClamAV debug: Loading databases from /var/db/clamav Once you've worked out what that is, and set it to whatever value you want it to be, you need to make sure that both the sanesecurity script and MailScanner are also told the same location in their respective configs. You should probably not rely on a default, and explicitly set it everywhere. > Virus Scanners = clamd sophos > Monitors for ClamAV Updates = /opt/clamav/share/clamav/*.cld /opt/clamav/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 20971520 # (20 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 If you are using clamd, presumably the ClamAVmodule settings are irrelevant, although there are some equivalent settings in clamd.conf that you might want to check. > My clam database files are in /opt/clamav/share/clamav. Should the > mbl-dbs, msrbl-dbs, si-dbs, and similiar directories end up in the same > spot, or can they be elsewhere? MSRBL-Images.hdb etc also go into the same directory. I'm not sure if you can configure clamd to look in different places. No need to keep them separate really. > Any hints on how to get sanesecurity to join in with MailScanner? As long as you've made sure all the settings are consistent, it shouldn't be difficult. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From MailScanner at ecs.soton.ac.uk Tue Mar 17 22:42:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 17 22:42:29 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <000f01c9a716$f9581bf0$ec0853d0$@dk> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> <49C02742.1070306@ecs.soton.ac.uk> Message-ID: On 17/3/09 15:42, Jonas Akrouh Larsen wrote: >> IMHO running the cache.db in tmpfs (on ram) should be faster than >> mysql over tcp, however it depends on your configuration. just a >> balance between pros/cons. >> > I think you missed the point, i think we can all agree the sqllite db on > tmpfs is faster, but if u can share the cache between ur nodes, you should > have a higher cache hit ratio as far as I can figure. > > Whether or not this cache hit ratio increase is worth the penalty of > querying a central sql server is the question I guess. > Even if you got a replication setup, so you query the sql server running on > the local host, it will still be slower than sqllite on tmpfs. > I would be enormously grateful if someone could do a quick and ugly hack into the DB connection code to try out MySQL on a shared setup, before I go to the effort of implementing something to do the job nicely. I personally very much doubt that it will be worth doing. You will hit the maximum hit %-age of the cache pretty fast even with independent caches on multiple servers, and MySQL over a network is a heck of a performance hit. But it does sound worth someone testing. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 17 22:45:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 17 22:45:18 2009 Subject: McAfee autoupdater debugging In-Reply-To: References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> <223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <49C027EC.9020502@ecs.soton.ac.uk> Message-ID: On 17/3/09 20:00, Scott Silva wrote: > on 3-17-2009 1:38 AM Glenn Steen spake the following: > >> 2009/3/17 Glenn Steen: >> >>> 2009/3/17 Scott Silva: >>> >>>> on 3-16-2009 4:32 PM Scott Silva spake the following: >>>> >>>>> I need some clues on where to look for a McAfee updater problem on my systems. >>>>> One system updates fine but doesn't delete the old dats(CentOS 5.2). Another >>>>> system doesn't update at all, but manually running the mcafee-autoupdate >>>>> script does update, so it must be in the update_virus_scanner code or >>>>> paths(CentOS 4.7). >>>>> >>>>> I don't see any logging done by the update_virus_scanner script. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> Never mind on the updating, it was a corrupted virus.scanners.conf, but I >>>> still need a clue stick on the auto deletion of the old dat files, I will read >>>> the code some more in the AM. >>>> >>>> >>> IIRC there simply is none.... Was a while since last I looked though, >>> so the usual memory corruption might have happened:-). >>> I'll take a look and see what I find. In the mean time, might one >>> suggest a "not-so-complex" find/cron solution?;) >>> >>> Cheers >>> >> As suspected, the cleanup in that script is fairly broken, it seems. A >> lot of energy is laid on getting the "previous version", but ... only >> that. Seems like the script never reaches the delete part during >> normal operation ... unless "-d" is specified, no deletion will take >> place anyhow, so ... simplest is likely to do a simple cron thing, >> rather than trying to fix the script... or do some manual cleanup once >> in a while:-). At least as a fix. Then perhaps go over the logic of >> that script a bit more. Seems less than optimal in some ways, when it >> comes to cleanup:-). >> >> I might have a minute or two during the next couple of days, although >> .. as things are, I cannot promise anything. >> >> Cheers >> > I just seem to remember it cleaning up after itself in the past (maybe distant > past), so I had not been checking until I got a low space warning on the /usr > partition. > I guess I will just write ANOTHER cron job to clean this monster up. > I don't run McAfee myself at all, so have to rely on some third-party code to do the updates. If you can suggest improvements to the code (even just descriptions of exactly what files I can get rid of would be better than nothing) then I'll happily improve the script. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jethro.binks at strath.ac.uk Tue Mar 17 23:37:56 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Mar 17 23:38:06 2009 Subject: Office 2007 is a problem for me. In-Reply-To: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> References: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> Message-ID: On Tue, 17 Mar 2009, Zate Berg wrote: > MailScanner is working wonderfully, except for Office 2007 files. I > find that a lot of these files contain other blocked file contents, and > are treated just like any other archive. Has anyone found a way to deal > with these types of files without having to white list extensions that > are known to be bad? I'd rather not have to allow *.bin , *.wmf or > *.dat files through my mailscanner. (Earlier I started a related thread, "Blocking of WMF"). I have often thought that it would useful for MailScanner to have some context when applying the filename rules, to give some flexibility. So for example it might permit all or certain .wmf if it knows it has found them while digging around in an Office 2007 zip doc. Perhaps another field in filename.rules.conf that is a list of context matches ('zip,msofficezip'), with a default of "all contexts". Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From rcooper at dwford.com Wed Mar 18 00:08:39 2009 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 18 00:08:52 2009 Subject: Office 2007 is a problem for me. In-Reply-To: References: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> Message-ID: <7B5E4F1793274B8CA53B11C8B7518B8F@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Jethro R Binks > Sent: Tuesday, March 17, 2009 7:38 PM > To: MailScanner discussion > Subject: Re: Office 2007 is a problem for me. > > On Tue, 17 Mar 2009, Zate Berg wrote: > > > MailScanner is working wonderfully, except for Office 2007 > files. I > > find that a lot of these files contain other blocked file > contents, and > > are treated just like any other archive. Has anyone found > a way to deal > > with these types of files without having to white list > extensions that > > are known to be bad? I'd rather not have to allow *.bin , *.wmf or > > *.dat files through my mailscanner. > > (Earlier I started a related thread, "Blocking of WMF"). > > I have often thought that it would useful for MailScanner to > have some > context when applying the filename rules, to give some > flexibility. So > for example it might permit all or certain .wmf if it knows > it has found > them while digging around in an Office 2007 zip doc. Perhaps another > field in filename.rules.conf that is a list of context matches > ('zip,msofficezip'), with a default of "all contexts". > > Jethro. > If you are saying have different rules for files found in an archive, I second that. I have been patching MailScanner for years so I can have a different (more relaxed) set of file name/type rules for files inside an archive than those for raw files. For instance blocking executables that have names matching known malware while allowing all other .exe files inside an archive. I hate the idea of setting the depth such as files inside archives are not checked at all. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jeffrey at life.illinois.edu Wed Mar 18 00:19:10 2009 From: jeffrey at life.illinois.edu (Jeffrey Haas) Date: Wed Mar 18 00:19:22 2009 Subject: Office 2007 is a problem for me. In-Reply-To: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> References: <319223270903170721s14abae97wc7eff667a34e046d@mail.gmail.com> Message-ID: <49C03DFE.70503@life.illinois.edu> Not sure if this is helpful, but we were seeing Office 2007 files being caught by mismatches from the 'file' command when OLE portions in the .docx file would match some of the more arcane executable types. I changed the following line in /opt/MailScanner/etc/filetypes.rules.conf: --- #deny executable No executables No programs allowed deny MS-DOS executable No executables No programs allowed --- That's worked well so far. --jeff Zate Berg wrote: > Hello, > > MailScanner is working wonderfully, except for Office 2007 files. I > find that a lot of these files contain other blocked file contents, and > are treated just like any other archive. Has anyone found a way to deal > with these types of files without having to white list extensions that > are known to be bad? I'd rather not have to allow *.bin , *.wmf or > *.dat files through my mailscanner. > > thanks. > > Zate > From campbell at cnpapers.com Wed Mar 18 01:20:50 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 18 01:21:05 2009 Subject: OT - Can't find a way to contact the ISP Message-ID: <1237339250.49c04c7269da6@perdition.cnpapers.net> This is OT. I need to contact charter.net about what appears to be a blacklist of our IP addresses. It may be due to where we switched providers and our new IP addresses were blocked before we got them. Does anyone know how to reach these people? All of their web site pages are customer-oriented. Their postmaster is bouncing back to me also. Thanks for any help. Steve Campbell ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From dickenson at cfmc.com Wed Mar 18 02:53:14 2009 From: dickenson at cfmc.com (Jim Dickenson) Date: Wed Mar 18 02:53:26 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: <1237339250.49c04c7269da6@perdition.cnpapers.net> Message-ID: whois charter.net Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: CHARTER.NET Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: AUTH0.NS.CHARTER.NET Name Server: AUTH1.NS.CHARTER.NET Status: clientTransferProhibited Updated Date: 29-mar-2007 Creation Date: 08-aug-1997 Expiration Date: 07-aug-2015 >>> Last update of whois database: Tue, 17 Mar 2009 21:51:27 EST <<< Registrant: Charter Communications Operating, LLC 12405 PowersCourt Drive Saint Louis, MO 63131 US Domain Name: CHARTER.NET Administrative Contact: Charter Communications Operating, LLC dblack3@chartercom.com 12405 PowersCourt Drive Saint Louis, MO 63131 US 314-965-0555 Technical Contact: Charter Communications -, Internet Security & Abuse Team abuse@charter.net Charter Communications 12405 PowersCourt Drive Saint Louis, MO 63131 US 314-288-3111 Record expires on 07-Aug-2015. Record created on 08-Aug-1997. Database last updated on 17-Mar-2009 22:38:19 EDT. Domain servers in listed order: AUTH0.NS.CHARTER.NET 209.225.8.159 AUTH1.NS.CHARTER.NET 209.225.8.160 -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Steve Campbell > Reply-To: MailScanner discussion > Date: Tue, 17 Mar 2009 21:20:50 -0400 > To: > Subject: OT - Can't find a way to contact the ISP > > This is OT. I need to contact charter.net about what appears to be a blacklist > of our IP addresses. It may be due to where we switched providers and our new > IP > addresses were blocked before we got them. > > Does anyone know how to reach these people? All of their web site pages are > customer-oriented. Their postmaster is bouncing back to me also. > > Thanks for any help. > > Steve Campbell > > > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mark at msapiro.net Wed Mar 18 03:20:48 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed Mar 18 03:20:58 2009 Subject: russian spam tsunami? In-Reply-To: <49BFDCA1.2040202@tippingmar.com> References: <49BFDCA1.2040202@tippingmar.com> Message-ID: <20090318032048.GA3760@msapiro> On Tue, Mar 17, 2009 at 10:23:45AM -0700, Mark Nienberg wrote: > Jeff A. Earickson wrote: > >Gang, > > > >Has anybody else been getting buried by Cyrillic spam? We have > >been clobbered by it. A big boatload comes from ttnet.net.tr, > >aka Turktelekom -- I blocked every IP netblock of theirs that I > >could find this weekend. But it comes from lots of other places > >too. Suggestions, eg SA rules? > > > >Jeff Earickson > >Colby College > # One of those strange cyrillic fonts > header LOCAL_CYRILLIC Subject:raw =~ /windows\-1251/i > describe LOCAL_CYRILLIC Cyrillic fonts > score LOCAL_CYRILLIC 4 > > > You can do the same with other character sets. Or you can find # =============== OK Locales =============== # ok_locales en in /etc/MailScanner/spam.assassin.prefs.conf and uncomment the ok_locales line to accept only messages with western character sets. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From lists at tippingmar.com Wed Mar 18 05:20:24 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Wed Mar 18 05:20:39 2009 Subject: russian spam tsunami? In-Reply-To: <20090318032048.GA3760@msapiro> References: <49BFDCA1.2040202@tippingmar.com> <20090318032048.GA3760@msapiro> Message-ID: <49C08498.4060601@tippingmar.com> Mark Sapiro wrote: > On Tue, Mar 17, 2009 at 10:23:45AM -0700, Mark Nienberg wrote: > >> Jeff A. Earickson wrote: >> >>> Gang, >>> >>> Has anybody else been getting buried by Cyrillic spam? We have >>> been clobbered by it. A big boatload comes from ttnet.net.tr, >>> aka Turktelekom -- I blocked every IP netblock of theirs that I >>> could find this weekend. But it comes from lots of other places >>> too. Suggestions, eg SA rules? >>> >>> Jeff Earickson >>> Colby College >>> >> # One of those strange cyrillic fonts >> header LOCAL_CYRILLIC Subject:raw =~ /windows\-1251/i >> describe LOCAL_CYRILLIC Cyrillic fonts >> score LOCAL_CYRILLIC 4 >> >> >> You can do the same with other character sets. >> > > > Or you can find > > # =============== OK Locales =============== > > # ok_locales en > > in /etc/MailScanner/spam.assassin.prefs.conf and uncomment the ok_locales > line to accept only messages with western character sets. > > That helps too. I have that line uncommented but I still get some messages that are in cyrillic fonts and don't trigger the CHARSET_FARAWAY set of rules for some reason. Mark Nienberg From campbell at cnpapers.com Wed Mar 18 08:33:42 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 18 08:33:59 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: References: Message-ID: <1237365222.49c0b1e67662b@perdition.cnpapers.net> Jim, Thanks. I never thought about doing a whois. steve Quoting Jim Dickenson : > whois charter.net > > Whois Server Version 2.0 > > Domain names in the .com and .net domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: CHARTER.NET > Registrar: NETWORK SOLUTIONS, LLC. > Whois Server: whois.networksolutions.com > Referral URL: http://www.networksolutions.com > Name Server: AUTH0.NS.CHARTER.NET > Name Server: AUTH1.NS.CHARTER.NET > Status: clientTransferProhibited > Updated Date: 29-mar-2007 > Creation Date: 08-aug-1997 > Expiration Date: 07-aug-2015 > > >>> Last update of whois database: Tue, 17 Mar 2009 21:51:27 EST <<< > > > Registrant: > Charter Communications Operating, LLC > 12405 PowersCourt Drive > Saint Louis, MO 63131 > US > > Domain Name: CHARTER.NET > > > Administrative Contact: > Charter Communications Operating, LLC dblack3@chartercom.com > 12405 PowersCourt Drive > Saint Louis, MO 63131 > US > 314-965-0555 > > Technical Contact: > Charter Communications -, Internet Security & Abuse Team > abuse@charter.net > Charter Communications > 12405 PowersCourt Drive > Saint Louis, MO 63131 > US > 314-288-3111 > > Record expires on 07-Aug-2015. > Record created on 08-Aug-1997. > Database last updated on 17-Mar-2009 22:38:19 EDT. > > Domain servers in listed order: > > AUTH0.NS.CHARTER.NET 209.225.8.159 > AUTH1.NS.CHARTER.NET 209.225.8.160 > > > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > > From: Steve Campbell > > Reply-To: MailScanner discussion > > Date: Tue, 17 Mar 2009 21:20:50 -0400 > > To: > > Subject: OT - Can't find a way to contact the ISP > > > > This is OT. I need to contact charter.net about what appears to be a > blacklist > > of our IP addresses. It may be due to where we switched providers and our > new > > IP > > addresses were blocked before we got them. > > > > Does anyone know how to reach these people? All of their web site pages > are > > customer-oriented. Their postmaster is bouncing back to me also. > > > > Thanks for any help. > > > > Steve Campbell > > > > > > > > ------------------------------------------------- > > This mail sent through IMP: http://horde.org/imp/ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From ms-list at alexb.ch Wed Mar 18 08:46:36 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 18 08:46:45 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: <1237365222.49c0b1e67662b@perdition.cnpapers.net> References: <1237365222.49c0b1e67662b@perdition.cnpapers.net> Message-ID: <49C0B4EC.3020609@alexb.ch> OR: http://abuse.net/ On 3/18/2009 9:33 AM, Steve Campbell wrote: > Jim, > > Thanks. I never thought about doing a whois. > > steve > > Quoting Jim Dickenson : > >> whois charter.net >> >> Whois Server Version 2.0 >> >> Domain names in the .com and .net domains can now be registered >> with many different competing registrars. Go to http://www.internic.net >> for detailed information. >> >> Domain Name: CHARTER.NET >> Registrar: NETWORK SOLUTIONS, LLC. >> Whois Server: whois.networksolutions.com >> Referral URL: http://www.networksolutions.com >> Name Server: AUTH0.NS.CHARTER.NET >> Name Server: AUTH1.NS.CHARTER.NET >> Status: clientTransferProhibited >> Updated Date: 29-mar-2007 >> Creation Date: 08-aug-1997 >> Expiration Date: 07-aug-2015 >> >>>>> Last update of whois database: Tue, 17 Mar 2009 21:51:27 EST <<< >> >> Registrant: >> Charter Communications Operating, LLC >> 12405 PowersCourt Drive >> Saint Louis, MO 63131 >> US >> >> Domain Name: CHARTER.NET >> >> >> Administrative Contact: >> Charter Communications Operating, LLC dblack3@chartercom.com >> 12405 PowersCourt Drive >> Saint Louis, MO 63131 >> US >> 314-965-0555 >> >> Technical Contact: >> Charter Communications -, Internet Security & Abuse Team >> abuse@charter.net >> Charter Communications >> 12405 PowersCourt Drive >> Saint Louis, MO 63131 >> US >> 314-288-3111 >> >> Record expires on 07-Aug-2015. >> Record created on 08-Aug-1997. >> Database last updated on 17-Mar-2009 22:38:19 EDT. >> >> Domain servers in listed order: >> >> AUTH0.NS.CHARTER.NET 209.225.8.159 >> AUTH1.NS.CHARTER.NET 209.225.8.160 >> >> >> -- >> Jim Dickenson >> mailto:dickenson@cfmc.com >> >> CfMC >> http://www.cfmc.com/ >> >> >> >>> From: Steve Campbell >>> Reply-To: MailScanner discussion >>> Date: Tue, 17 Mar 2009 21:20:50 -0400 >>> To: >>> Subject: OT - Can't find a way to contact the ISP >>> >>> This is OT. I need to contact charter.net about what appears to be a >> blacklist >>> of our IP addresses. It may be due to where we switched providers and our >> new >>> IP >>> addresses were blocked before we got them. >>> >>> Does anyone know how to reach these people? All of their web site pages >> are >>> customer-oriented. Their postmaster is bouncing back to me also. >>> >>> Thanks for any help. >>> >>> Steve Campbell >>> >>> >>> >>> ------------------------------------------------- >>> This mail sent through IMP: http://horde.org/imp/ >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ From maxsec at gmail.com Wed Mar 18 09:00:33 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 18 09:00:42 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: <1237339250.49c04c7269da6@perdition.cnpapers.net> References: <1237339250.49c04c7269da6@perdition.cnpapers.net> Message-ID: <72cf361e0903180200n7706d0a0u70a66b7ae4424715@mail.gmail.com> 2009/3/18 Steve Campbell : > This is OT. I need to contact charter.net about what appears to be a blacklist > of our IP addresses. It may be due to where we switched providers and our new IP > addresses were blocked before we got them. > > Does anyone know how to reach these people? All of their web site pages are > customer-oriented. Their postmaster is bouncing back to me also. > > Thanks for any help. > > Steve Campbell > > > > ------------------------------------------------- > This mail sent through IMP: http://horde.org/imp/ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Or asking on Nanog for a real person to contact you. This seems to work well! -- Martin Hepworth Oxford, UK From gmachin at techconcepts.co.za Wed Mar 18 09:54:50 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Wed Mar 18 09:57:37 2009 Subject: mailscanner-mrtg giving low virus results with new install Message-ID: Hi I have setup a new mail scanner using the latest "Version 4.74.16-1 for RedHat, Fedora and Mandrake Linux (and other RPM-based Linux distributions)" and "ClamAV 0.94.2 and SpamAssassin 3.2.5 installation package." . All seem to be well no errors in the log files. But when comparing the number of viruses found on the new server, compared to that on the old servers Also running MailScanner (updated to the latest version) and an older version Clamav. There is a big difference in the results on mailscanner-mrtg. The old server found 250 viruses yesterday where as the new one only 9 .. and the trend is the same today. The virus scans are being logged for the mails and coming back uninfected. Updates are up to date. Thus my question is 1) How do I test MailScanner and all it's features to check it's working correctly ? 2) Is the mailscanner-mrtg compatible with the current release of MailScanner and the bundled Clamav-SA packages ? 3) Are the old servers giving false positives because of the old clamav installs (clamd -V 0.94.1/9127/Wed Mar 18 06:30:26 2009) This is installed on fedora Core 10 x68_64. Many thanksClamAV Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/439df4e6/attachment.html From prandal at herefordshire.gov.uk Wed Mar 18 10:01:54 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Mar 18 10:02:19 2009 Subject: McAfee autoupdater debugging In-Reply-To: References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Scott Silva wrote: > I just seem to remember it cleaning up after itself in the past > (maybe distant past), so I had not been checking until I got a low > space warning on the /usr partition. > I guess I will just write ANOTHER cron job to clean this monster up. > ;-P Try OPTS="-d" at the start of /usr/lib/MailScanner/mcafee-autoupdate Works here. I think you still have to manually remove existing old dat directories. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From spamlists at coders.co.uk Wed Mar 18 11:21:53 2009 From: spamlists at coders.co.uk (Matt) Date: Wed Mar 18 11:22:58 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <7d9b3cf20903171149y33e4f826g6f33868ec437ca4c@mail.gmail.com> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> <7d9b3cf20903171149y33e4f826g6f33868ec437ca4c@mail.gmail.com> Message-ID: <49C0D951.3010306@coders.co.uk> Eduardo Casarero wrote: > > > I did some research in 1 of my servers, today i've procesed 8505 > emails, with 338 cache hits. How can we measure if sharnig caches > improves (a lot, a little, nothing) cache hits? (there is another > server next to it) Obviously without much development so we can test > if having a mysql server improves or not the scenario. > > On each box you need to do sqlite3 /var/spool/MailScanner/incoming/SpamAssassin.cache.db "select md5 from cache;" > /tmp/cachehashes.servername move the files on to one box cat /tmp/cachehashes.serv1 /tmp/cachehashes.serv2 | sort | uniq -c | sort -n | grep -v " 1 " Any lines outputted will be the same hash on multiple servers From MailScanner at ecs.soton.ac.uk Wed Mar 18 12:27:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 18 12:27:42 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: References: <49C0E8A5.3060409@ecs.soton.ac.uk> Message-ID: On 18/3/09 09:54, Gregory Machin wrote: > > Hi > > I have setup a new mail scanner using the latest ?Version 4.74.16-1 > for RedHat, Fedora and Mandrake Linux (and other RPM-based Linux > distributions)? and ?ClamAV 0.94.2 and SpamAssassin 3.2.5 > installation package.? . All seem to be well no errors in the log > files. But when comparing the number of viruses found on the new > server, compared to that on the old servers Also running MailScanner > (updated to the latest version) and an older version Clamav. There is > a big difference in the results on mailscanner-mrtg. The old server > found 250 viruses yesterday where as the new one only 9 .. and the > trend is the same today. The virus scans are being logged for the > mails and coming back uninfected. Updates are up to date. > > Thus my question is > > 1) How do I test MailScanner and all it?s features to check it?s > working correctly ? > Start by doing a "MailScanner --lint". Then start sending test messages through the system infected with the "Eicar" test pattern (it's not a virus, but it will be detected by the virus scanners). Watch what you see in your maillog. > 2) Is the mailscanner-mrtg compatible with the current release of > MailScanner and the bundled Clamav-SA packages ? > It's only a watcher, so it won't actually affect the success or otherwise of your MailScanner installation. Far better to look at the logs. > > 3) Are the old servers giving false positives because of the old > clamav installs (clamd ?V 0.94.1/9127/Wed Mar 18 06:30:26 2009) > > This is installed on fedora Core 10 x68_64. > > Many thanksClamAV > > Greg > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sbanderson at impromed.com Wed Mar 18 12:42:40 2009 From: sbanderson at impromed.com (Scott B. Anderson) Date: Wed Mar 18 12:45:16 2009 Subject: OT: Possible disk failure was RE: Assumed disk failure? In-Reply-To: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> References: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> Message-ID: <4B16C177313C70448BFF4C80789335B30A295C71CD@ES1.impromed.com> I'm not extremely versed in the usage of smartctl but most distributions have this command to check the SMART hard drive diagnostics. It should be able to tell you if the drive is failing via the command smartctl -a Scott > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net > Sent: Tuesday, March 17, 2009 12:53 PM > To: mailscanner@lists.mailscanner.info > Subject: Assumed disk failure? > > I have a mailscanner box (centos 5) running MailScanner 4.74.16. I am > getting the below error over and over again in the maillog: > > Database complained about this: disk I/O error(10) at dbdimp.c line > 271. > I suggest you delete your > /var/spool/MailScanner/incoming/SpamAssassin.cache.db file and let me > re-create it for you > > > > I have deleted (moved the file) and I continue to get these errors. > > > > The computer is crawling right now and the i/o does not seem high > enough > to cause this. > > > > I am assuming I have a disk going bad and needs replacement? Is there > any hope or should I just replace the drive? I am almost certain that I > have replaced the drive in this unit less than a year ago due to drive > errors. > > > > Any suggestions would be great. > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. From dcurtis at sbschools.net Wed Mar 18 13:02:54 2009 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed Mar 18 13:01:31 2009 Subject: Assumed disk failure? In-Reply-To: <49BFE701.5030100@USherbrooke.ca> References: <24AAD26C88B9534093235DD9C02F4D1702AABD87@exchangesrvr.sbschools.net> <49BFE701.5030100@USherbrooke.ca> Message-ID: <24AAD26C88B9534093235DD9C02F4D1702AABD97@exchangesrvr.sbschools.net> I guess the memory could be causing it, but I would assume I would have more problems than just this one file. This one file is not in a ram disk but on the hard drive. Thanks, Dave -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Tuesday, March 17, 2009 2:08 PM To: MailScanner discussion Subject: Re: Assumed disk failure? dcurtis@sbschools.net a ?crit : > > I have a mailscanner box (centos 5) running MailScanner 4.74.16. I am > getting the below error over and over again in the maillog: > > Database complained about this: disk I/O error(10) at dbdimp.c line > 271. I suggest you delete your > /var/spool/MailScanner/incoming/SpamAssassin.cache.db file and let me > re-create it for you > > > > I have deleted (moved the file) and I continue to get these errors. > > > > The computer is crawling right now and the i/o does not seem high > enough to cause this. > > > > I am assuming I have a disk going bad and needs replacement? Is there > any hope or should I just replace the drive? I am almost certain that > I have replaced the drive in this unit less than a year ago due to > drive errors. > > > > Any suggestions would be great. > > > > > Are you sure you are not having memory problems instead? It is highly recommended to run that directory from a ram-disk. If it is your case, you may be running short on memory or having a faulty memory chip. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ecasarero at gmail.com Wed Mar 18 13:01:38 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Mar 18 13:01:49 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <49C0D951.3010306@coders.co.uk> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> <7d9b3cf20903171149y33e4f826g6f33868ec437ca4c@mail.gmail.com> <49C0D951.3010306@coders.co.uk> Message-ID: <7d9b3cf20903180601k149f8e97t546e717c2711629c@mail.gmail.com> 2009/3/18 Matt : > Eduardo Casarero wrote: >> >> >> I did some research in 1 of my servers, today i've procesed 8505 >> emails, with 338 cache hits. How ?can we measure if sharnig caches >> improves (a lot, a little, nothing) cache hits? (there is another >> server next to it) Obviously without much development so we can test >> if having a mysql server improves or not the scenario. >> >> > > > On each box you need to do > > sqlite3 /var/spool/MailScanner/incoming/SpamAssassin.cache.db "select md5 > from cache;" > /tmp/cachehashes.servername > > move the files on to one box > > cat /tmp/cachehashes.serv1 /tmp/cachehashes.serv2 | sort | uniq -c | sort -n > | grep -v " 1 " > > Any lines outputted will be the same hash on multiple servers > Here are the results: (2 MS servers) 34 matches, one cache had 820 records and the other 548. i just don't see the benefit, however somebody with a different scenario may have a different view... my 5 cents. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ka at pacific.net Wed Mar 18 14:12:53 2009 From: ka at pacific.net (Ken A) Date: Wed Mar 18 14:13:07 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: <7d9b3cf20903180601k149f8e97t546e717c2711629c@mail.gmail.com> References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> <7d9b3cf20903171149y33e4f826g6f33868ec437ca4c@mail.gmail.com> <49C0D951.3010306@coders.co.uk> <7d9b3cf20903180601k149f8e97t546e717c2711629c@mail.gmail.com> Message-ID: <49C10165.7000908@pacific.net> Eduardo Casarero wrote: > 2009/3/18 Matt : >> Eduardo Casarero wrote: >>> >>> I did some research in 1 of my servers, today i've procesed 8505 >>> emails, with 338 cache hits. How can we measure if sharnig caches >>> improves (a lot, a little, nothing) cache hits? (there is another >>> server next to it) Obviously without much development so we can test >>> if having a mysql server improves or not the scenario. >>> >>> >> >> On each box you need to do >> >> sqlite3 /var/spool/MailScanner/incoming/SpamAssassin.cache.db "select md5 >> from cache;" > /tmp/cachehashes.servername >> >> move the files on to one box >> >> cat /tmp/cachehashes.serv1 /tmp/cachehashes.serv2 | sort | uniq -c | sort -n >> | grep -v " 1 " >> >> Any lines outputted will be the same hash on multiple servers >> > > Here are the results: > > (2 MS servers) 34 matches, one cache had 820 records and the other 548. > > i just don't see the benefit, however somebody with a different > scenario may have a different view... > > my 5 cents. > Very similar here: 2 servers, default cache timing. 5800 records, 55 matches = less than 1% are duplicates On each machine, we see about 15% cache hits on low+high scoring spam (we don't log non-spam), but much of this is due to splitting recipients in sendmail. If you don't use anything in your MTA to stop spam (in front of MS/SA), you will probably get higher numbers, since you are using SA to catch a more common variety of spam, which tends to be duplicated more often. Ken > > > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- Ken Anderson Pacific Internet - http://www.pacific.net From ssilva at sgvwater.com Wed Mar 18 15:44:29 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 18 15:44:50 2009 Subject: McAfee autoupdater debugging In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Message-ID: on 3-18-2009 3:01 AM Randal, Phil spake the following: > Scott Silva wrote: >> I just seem to remember it cleaning up after itself in the past >> (maybe distant past), so I had not been checking until I got a low >> space warning on the /usr partition. >> I guess I will just write ANOTHER cron job to clean this monster up. >> ;-P > > Try > > OPTS="-d" > > at the start of /usr/lib/MailScanner/mcafee-autoupdate > > Works here. > > I think you still have to manually remove existing old dat directories. > > Cheers, > > Phil > Testing this today. Just waiting for the next update. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/9a9fa599/signature.bin From glenn.steen at gmail.com Wed Mar 18 16:28:26 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 18 16:28:35 2009 Subject: McAfee autoupdater debugging In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com> <223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Message-ID: <223f97700903180928s68bf9111jfbed230629e966e1@mail.gmail.com> 2009/3/18 Randal, Phil : > Scott Silva wrote: >> I just seem to remember it cleaning up after itself in the past >> (maybe distant past), so I had not been checking until I got a low >> space warning on the /usr partition. >> I guess I will just write ANOTHER cron job to clean this monster up. >> ;-P > > Try > > OPTS="-d" > > at the start of /usr/lib/MailScanner/mcafee-autoupdate > > Works here. > > I think you still have to manually remove existing old dat directories. > > Cheers, > > Phil > Yep, that's about it. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Mar 18 16:51:53 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 18 16:52:17 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: References: Message-ID: on 3-18-2009 2:54 AM Gregory Machin spake the following: > Hi > > I have setup a new mail scanner using the latest ?Version 4.74.16-1 for > RedHat, Fedora and Mandrake Linux (and other RPM-based Linux > distributions)? and ?ClamAV 0.94.2 and SpamAssassin 3.2.5 installation > package.? . All seem to be well no errors in the log files. But when > comparing the number of viruses found on the new server, compared to > that on the old servers Also running MailScanner (updated to the latest > version) and an older version Clamav. There is a big difference in the > results on mailscanner-mrtg. The old server found 250 viruses yesterday > where as the new one only 9 .. and the trend is the same today. The > virus scans are being logged for the mails and coming back uninfected. > Updates are up to date. > > > > Thus my question is > > 1) How do I test MailScanner and all it?s features to check it?s > working correctly ? > > 2) Is the mailscanner-mrtg compatible with the current release of > MailScanner and the bundled Clamav-SA packages ? > > 3) Are the old servers giving false positives because of the old > clamav installs (clamd ?V 0.94.1/9127/Wed Mar 18 06:30:26 2009) > > > > This is installed on fedora Core 10 x68_64. > > > > Many thanksClamAV > > Greg > Do you get logging of infected files, but they get delivered? Have you tried sending a test eicar mail through? Did it get caught? How are you accessing clamav? By clamscan, clamd, or the perl module? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/5db39a72/signature.bin From ssilva at sgvwater.com Wed Mar 18 17:00:09 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 18 17:00:34 2009 Subject: McAfee autoupdater debugging In-Reply-To: References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Message-ID: on 3-18-2009 8:44 AM Scott Silva spake the following: > on 3-18-2009 3:01 AM Randal, Phil spake the following: >> Scott Silva wrote: >>> I just seem to remember it cleaning up after itself in the past >>> (maybe distant past), so I had not been checking until I got a low >>> space warning on the /usr partition. >>> I guess I will just write ANOTHER cron job to clean this monster up. >>> ;-P >> Try >> >> OPTS="-d" >> >> at the start of /usr/lib/MailScanner/mcafee-autoupdate >> >> Works here. >> >> I think you still have to manually remove existing old dat directories. >> >> Cheers, >> >> Phil >> > Testing this today. Just waiting for the next update. > > > I moved the datfiles directory and ran the update. At least it doesn't break anything. Now to see if it cleans. I guess I will have to wait another day. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/05af0261/signature.bin From ssilva at sgvwater.com Wed Mar 18 17:29:36 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 18 17:29:59 2009 Subject: Solved -- Re: McAfee autoupdater debugging In-Reply-To: References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Message-ID: on 3-18-2009 10:00 AM Scott Silva spake the following: > on 3-18-2009 8:44 AM Scott Silva spake the following: >> on 3-18-2009 3:01 AM Randal, Phil spake the following: >>> Scott Silva wrote: >>>> I just seem to remember it cleaning up after itself in the past >>>> (maybe distant past), so I had not been checking until I got a low >>>> space warning on the /usr partition. >>>> I guess I will just write ANOTHER cron job to clean this monster up. >>>> ;-P >>> Try >>> >>> OPTS="-d" >>> >>> at the start of /usr/lib/MailScanner/mcafee-autoupdate >>> >>> Works here. >>> >>> I think you still have to manually remove existing old dat directories. >>> >>> Cheers, >>> >>> Phil >>> >> Testing this today. Just waiting for the next update. >> >> >> > I moved the datfiles directory and ran the update. At least it doesn't break > anything. Now to see if it cleans. I guess I will have to wait another day. > > I tested it on another server that still had an older update on it and it worked great! This must have been the default at one time in the distant past, because I swear it used to clean up after itself. Or maybe I had fixed it in the past (and forgot) and an update wiped it out. Thanks Phil! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/d7412804/signature.bin From ssilva at sgvwater.com Wed Mar 18 17:36:21 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 18 17:36:42 2009 Subject: Solved -- Re: McAfee autoupdater debugging In-Reply-To: References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> Message-ID: on 3-18-2009 10:29 AM Scott Silva spake the following: > on 3-18-2009 10:00 AM Scott Silva spake the following: >> on 3-18-2009 8:44 AM Scott Silva spake the following: >>> on 3-18-2009 3:01 AM Randal, Phil spake the following: >>>> Scott Silva wrote: >>>>> I just seem to remember it cleaning up after itself in the past >>>>> (maybe distant past), so I had not been checking until I got a low >>>>> space warning on the /usr partition. >>>>> I guess I will just write ANOTHER cron job to clean this monster up. >>>>> ;-P >>>> Try >>>> >>>> OPTS="-d" >>>> >>>> at the start of /usr/lib/MailScanner/mcafee-autoupdate >>>> >>>> Works here. >>>> >>>> I think you still have to manually remove existing old dat directories. >>>> >>>> Cheers, >>>> >>>> Phil >>>> >>> Testing this today. Just waiting for the next update. >>> >>> >>> >> I moved the datfiles directory and ran the update. At least it doesn't break >> anything. Now to see if it cleans. I guess I will have to wait another day. >> >> > I tested it on another server that still had an older update on it and it > worked great! This must have been the default at one time in the distant past, > because I swear it used to clean up after itself. Or maybe I had fixed it in > the past (and forgot) and an update wiped it out. > > Thanks Phil! > > Julian, If you see this, is there any reason this option( OPTS="-d" ) can't be the default in the mcafee-autoupdate script? I don't see a reason to keep a bunch of old dat files around. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/f26b0874/signature.bin From MailScanner at ecs.soton.ac.uk Wed Mar 18 18:22:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 18 18:22:50 2009 Subject: Solved -- Re: McAfee autoupdater debugging References: <223f97700903170112s671852f5yb450718945539b30@mail.gmail.com><223f97700903170138j4e371f6dh6c9d92c28ea985f2@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA06359344@HC-MBX02.herefordshire.gov.uk> <49C13BE0.7000804@ecs.soton.ac.uk> Message-ID: On 18/3/09 17:36, Scott Silva wrote: > on 3-18-2009 10:29 AM Scott Silva spake the following: > >> on 3-18-2009 10:00 AM Scott Silva spake the following: >> >>> on 3-18-2009 8:44 AM Scott Silva spake the following: >>> >>>> on 3-18-2009 3:01 AM Randal, Phil spake the following: >>>> >>>>> Scott Silva wrote: >>>>> >>>>>> I just seem to remember it cleaning up after itself in the past >>>>>> (maybe distant past), so I had not been checking until I got a low >>>>>> space warning on the /usr partition. >>>>>> I guess I will just write ANOTHER cron job to clean this monster up. >>>>>> ;-P >>>>>> >>>>> Try >>>>> >>>>> OPTS="-d" >>>>> >>>>> at the start of /usr/lib/MailScanner/mcafee-autoupdate >>>>> >>>>> Works here. >>>>> >>>>> I think you still have to manually remove existing old dat directories. >>>>> >>>>> Cheers, >>>>> >>>>> Phil >>>>> >>>>> >>>> Testing this today. Just waiting for the next update. >>>> >>>> >>>> >>>> >>> I moved the datfiles directory and ran the update. At least it doesn't break >>> anything. Now to see if it cleans. I guess I will have to wait another day. >>> >>> >>> >> I tested it on another server that still had an older update on it and it >> worked great! This must have been the default at one time in the distant past, >> because I swear it used to clean up after itself. Or maybe I had fixed it in >> the past (and forgot) and an update wiped it out. >> >> Thanks Phil! >> >> >> > Julian, > If you see this, is there any reason this option( OPTS="-d" ) can't be the > default in the mcafee-autoupdate script? I don't see a reason to keep a bunch > of old dat files around. > No reason at all. I have changed the master copy, and it will be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Wed Mar 18 19:32:39 2009 From: alex at rtpty.com (Alex Neuman) Date: Wed Mar 18 19:32:49 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: <72cf361e0903180200n7706d0a0u70a66b7ae4424715@mail.gmail.com> References: <1237339250.49c04c7269da6@perdition.cnpapers.net> <72cf361e0903180200n7706d0a0u70a66b7ae4424715@mail.gmail.com> Message-ID: <24e3d2e40903181232i4dde4a95h7a90327c75b3aad@mail.gmail.com> I'm surprised they (Charter) still exist. On Wed, Mar 18, 2009 at 4:00 AM, Martin Hepworth wrote: > 2009/3/18 Steve Campbell : > > This is OT. I need to contact charter.net about what appears to be a > blacklist > > of our IP addresses. It may be due to where we switched providers and our > new IP > > addresses were blocked before we got them. > > > > Does anyone know how to reach these people? All of their web site pages > are > > customer-oriented. Their postmaster is bouncing back to me also. > > > > Thanks for any help. > > > > Steve Campbell > > > > > > > > ------------------------------------------------- > > This mail sent through IMP: http://horde.org/imp/ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > Or asking on Nanog for a real person to contact you. This seems to work > well! > > -- > Martin Hepworth > Oxford, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090318/bcdbc1b7/attachment.html From campbell at cnpapers.com Wed Mar 18 19:47:11 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 18 19:47:43 2009 Subject: OT - Can't find a way to contact the ISP In-Reply-To: <24e3d2e40903181232i4dde4a95h7a90327c75b3aad@mail.gmail.com> References: <1237339250.49c04c7269da6@perdition.cnpapers.net> <72cf361e0903180200n7706d0a0u70a66b7ae4424715@mail.gmail.com> <24e3d2e40903181232i4dde4a95h7a90327c75b3aad@mail.gmail.com> Message-ID: <49C14FBF.9080403@cnpapers.com> Alex, and all, I have it taken care of now. The WHOIS listed a non-charter.net address whom I emailed and they forwarded it to the right place. Our IPs were blocked due to past owners of the IP block and they took care of it. Thanks all steve Alex Neuman wrote: > I'm surprised they (Charter) still exist. > > On Wed, Mar 18, 2009 at 4:00 AM, Martin Hepworth > wrote: > > 2009/3/18 Steve Campbell >: > > This is OT. I need to contact charter.net > about what appears to be a blacklist > > of our IP addresses. It may be due to where we switched > providers and our new IP > > addresses were blocked before we got them. > > > > Does anyone know how to reach these people? All of their web > site pages are > > customer-oriented. Their postmaster is bouncing back to me also. > > > > Thanks for any help. > > > > Steve Campbell > > > > > > > > ------------------------------------------------- > > This mail sent through IMP: http://horde.org/imp/ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > Or asking on Nanog for a real person to contact you. This seems to > work well! > > -- > Martin Hepworth > Oxford, UK > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman From hvdkooij at vanderkooij.org Thu Mar 19 08:05:00 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 19 08:05:12 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: References: Message-ID: <49C1FCAC.5050008@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Machin wrote: > I have setup a new mail scanner using the latest ?Version 4.74.16-1 for > RedHat, Fedora and Mandrake Linux (and other RPM-based Linux > distributions)? and ?ClamAV 0.94.2 and SpamAssassin 3.2.5 installation > package.? . All seem to be well no errors in the log files. But when > comparing the number of viruses found on the new server, compared to > that on the old servers Also running MailScanner (updated to the latest > version) and an older version Clamav. There is a big difference in the > results on mailscanner-mrtg. The old server found 250 viruses yesterday > where as the new one only 9 .. and the trend is the same today. The > virus scans are being logged for the mails and coming back uninfected. > Updates are up to date. I guess either of these 2 statements is true. 1. You don't get virus messages that way as often as you think. So the stats are accurate. 2. Your other system is tagging spam as virus due to extra databases for ClamAV. Again the stats are accurate. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknB/KoACgkQBvzDRVjxmYHcAgCfVfjppTRk+rKVefDapNUU7QeV P7EAoKGB9sEO6TR6cZfiVnK7P41qnJ6p =Qf9L -----END PGP SIGNATURE----- From mailscanner at yeticomputers.com Thu Mar 19 08:16:14 2009 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Thu Mar 19 08:16:51 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: <49C1FCAC.5050008@vanderkooij.org> References: <49C1FCAC.5050008@vanderkooij.org> Message-ID: <49C1FF4E.4010406@yeticomputers.com> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gregory Machin wrote: > > >> I have setup a new mail scanner using the latest ?Version 4.74.16-1 for >> RedHat, Fedora and Mandrake Linux (and other RPM-based Linux >> distributions)? and ?ClamAV 0.94.2 and SpamAssassin 3.2.5 installation >> package.? . All seem to be well no errors in the log files. But when >> comparing the number of viruses found on the new server, compared to >> that on the old servers Also running MailScanner (updated to the latest >> version) and an older version Clamav. There is a big difference in the >> results on mailscanner-mrtg. The old server found 250 viruses yesterday >> where as the new one only 9 .. and the trend is the same today. The >> virus scans are being logged for the mails and coming back uninfected. >> Updates are up to date. >> > > I guess either of these 2 statements is true. > > 1. You don't get virus messages that way as often as you think. So the > stats are accurate. > > 2. Your other system is tagging spam as virus due to extra databases > for ClamAV. Again the stats are accurate. > > Hugo. Another possibility is what happened to me several years ago when I started using RBLs at the MTA level - viruses simply stopped getting far enough to get counted. Is it possible that your new setup uses RBLs at the MTA and the old one did not? Or /any/ method of dropping messages at the MTA? From maillists at conactive.com Thu Mar 19 09:31:27 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 19 09:31:35 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: <49C1FF4E.4010406@yeticomputers.com> References: <49C1FCAC.5050008@vanderkooij.org> <49C1FF4E.4010406@yeticomputers.com> Message-ID: Rick Chadderdon wrote on Thu, 19 Mar 2009 04:16:14 -0400: > Is it possible that your new setup uses RBLs at > the MTA and the old one did not? Or /any/ method of dropping messages > at the MTA? This is indeed the most likely cause. If you disallow dynamic IP ranges, wrong HELOs, machines without PTR etc. your incoming virus rate drops to nearly zero. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gmachin at techconcepts.co.za Thu Mar 19 10:44:31 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Thu Mar 19 10:47:04 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: References: <49C1FCAC.5050008@vanderkooij.org> <49C1FF4E.4010406@yeticomputers.com> Message-ID: Thanks to all for the help. I checked with MailScanner -Lint and found a number of issues one of the being clamscans location. I'm using the original configs after running the update on them. So I don't see any reason for the detection of spam being different mmm but will need to review and see what new settings etc there are that we can use .. This is the first time Im working with MailScnner. What are the pros and cons of the different ways of scanning for viruses clamscan / clamd / perl clam module ? Thanks Greg -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: 19 March 2009 11:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: mailscanner-mrtg giving low virus results with new install Rick Chadderdon wrote on Thu, 19 Mar 2009 04:16:14 -0400: > Is it possible that your new setup uses RBLs at > the MTA and the old one did not? Or /any/ method of dropping messages > at the MTA? This is indeed the most likely cause. If you disallow dynamic IP ranges, wrong HELOs, machines without PTR etc. your incoming virus rate drops to nearly zero. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.19/2010 - Release Date: 03/18/09 20:27:00 From prandal at herefordshire.gov.uk Thu Mar 19 11:00:57 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Mar 19 11:01:15 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: References: <49C1FCAC.5050008@vanderkooij.org> <49C1FF4E.4010406@yeticomputers.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA063596FA@HC-MBX02.herefordshire.gov.uk> Clamdscan's the way to go. Check the list archivces and the MailScanner wiki: http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd&s=clamdscan Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gregory Machin Sent: 19 March 2009 10:45 To: MailScanner discussion Subject: RE: mailscanner-mrtg giving low virus results with new install Thanks to all for the help. I checked with MailScanner -Lint and found a number of issues one of the being clamscans location. I'm using the original configs after running the update on them. So I don't see any reason for the detection of spam being different mmm but will need to review and see what new settings etc there are that we can use .. This is the first time Im working with MailScnner. What are the pros and cons of the different ways of scanning for viruses clamscan / clamd / perl clam module ? Thanks Greg -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: 19 March 2009 11:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: mailscanner-mrtg giving low virus results with new install Rick Chadderdon wrote on Thu, 19 Mar 2009 04:16:14 -0400: > Is it possible that your new setup uses RBLs at the MTA and the old > one did not? Or /any/ method of dropping messages at the MTA? This is indeed the most likely cause. If you disallow dynamic IP ranges, wrong HELOs, machines without PTR etc. your incoming virus rate drops to nearly zero. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.19/2010 - Release Date: 03/18/09 20:27:00 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gmachin at techconcepts.co.za Thu Mar 19 11:08:13 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Thu Mar 19 11:10:57 2009 Subject: too many hops Message-ID: Hi I have a problem with a new spam server. Some of the emails are being giving the following errors Mar 19 12:02:38 spam13 postfix/smtp[23941]: C598732245D: to=, relay=mail10.techconcepts.co.za[66.8.85.146]:25, delay=34, delays=3.9/0/30/0.21, dsn=5.4.0, status=bounced (host mail10.techconcepts.co.za[66.8.85.146] said: 554 5.4.0 Error: too many hops (in reply to end of DATA command)) Mar 19 12:06:36 spam13 postfix/smtp[23941]: 685243241FD: to=, relay=za.mail10.techconcepts.co.za[66.8.52.146]:25, delay=2.9, delays=2.8/0/0/0.01, dsn=5.0.0, status=bounced (host za.mail10.techconcepts.co.za[66.8.52.146] said: 554 Error: too many hops (in reply to end of DATA command)) Mar 19 12:23:02 spam13 postfix/smtp[28658]: 1C4C232A94C: to=, relay=mail10.techconcepts.co.za[66.8.85.146]:25, delay=33, delays=2.9/0/30/0.52, dsn=5.4.0, status=bounced (host mail10.techconcepts.co.za[66.8.85.146] said: 554 5.4.0 Error: too many hops (in reply to end of DATA command)) These are not the only domains that are causing this error. Any suggestions on how to fix this n where to start looking. On one forum a guy resolved this with file permissions in the MailScanner spool directory. The others I found where the obviouse loop between 2 mail boxes. But I don't see this being the problem, because this error spans multiple domains. The configs originate for the older working spam servers. Could it be cuased by this error ? [root@spam13 ~]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [ OK ] incoming postfix: [ OK ] outgoing postfix: [ OK ] Waiting for MailScanner to die gracefully ... dead. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Could not create SpamAssassin temporary directory , No such file or directory at /usr/lib/MailScanner/MailScanner/SA.pm line 80. Please move your "Lockfile Dir" setting in MailScanner.conf. It should point outside /tmp, preferably /var/spool/MailScanner/incoming/Locks [ OK ] Results of Lint. [root@spam13 MailScanner]# MailScanner -Lint Trying to setlogsock(unix) Please move your "Lockfile Dir" setting in MailScanner.conf. It should point outside /tmp, preferably /var/spool/MailScanner/incoming/Locks Checking version numbers... Version installed (4.74.16) does not match version stated in MailScanner.conf file (4.55.9), you may want to run upgrade_MailScanner_conf to ensure your MailScanner.conf file contains all the latest settings. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": dcc_path /usr/local/bin/dccproc config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_dcc 0 SpamAssassin reported an error. Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@spam13 MailScanner]# Where else do I look ? New mail scanner using the latest "Version 4.74.16-1 for RedHat, Fedora and Mandrake Linux (and other RPM-based Linux distributions)" and "ClamAV 0.94.2 and SpamAssassin 3.2.5 installation package. This is installed on fedora Core 10 x68_64. Thanks Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090319/e2933c64/attachment-0001.html From maillists at conactive.com Thu Mar 19 13:31:15 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 19 13:31:29 2009 Subject: too many hops In-Reply-To: References: Message-ID: Gregory Machin wrote on Thu, 19 Mar 2009 13:08:13 +0200: > I have a problem with a new spam server. After reading your posting I wonder if you actually mean "mailserver with antispam" and not "spam server"? The starting of your posting is really misleading then! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From miguelk at konsultex.com.br Thu Mar 19 13:42:21 2009 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Thu Mar 19 13:44:05 2009 Subject: too many hops In-Reply-To: References: Message-ID: <49C24BBD.4040908@konsultex.com.br> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090319/34c345cd/attachment.html From Denis.Beauchemin at USherbrooke.ca Thu Mar 19 14:06:29 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Mar 19 14:06:47 2009 Subject: too many hops In-Reply-To: References: Message-ID: <49C25165.5040700@USherbrooke.ca> Gregory Machin a ?crit : > > Hi > > I have a problem with a new spam server. Some of the emails are being > giving the following errors > > ... > > > Results of Lint. > > > > [root@spam13 MailScanner]# MailScanner -Lint > > Trying to setlogsock(unix) > > Please move your "Lockfile Dir" setting in MailScanner.conf. > > It should point outside /tmp, preferably > /var/spool/MailScanner/incoming/Locks > > Checking version numbers... > > Version installed (4.74.16) does not match version stated in > > MailScanner.conf file (4.55.9), you may want to run > upgrade_MailScanner_conf > > to ensure your MailScanner.conf file contains all the latest settings. > > > Greg, you seem to have some severe errors in there. Start by fixing them first. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090319/6b53820f/smime.bin From MailScanner at ecs.soton.ac.uk Fri Mar 20 08:30:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 20 08:30:37 2009 Subject: mailscanner-mrtg giving low virus results with new install In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA063596FA@HC-MBX02.herefordshire.gov.uk> References: <49C1FCAC.5050008@vanderkooij.org> <49C1FF4E.4010406@yeticomputers.com> <7EF0EE5CB3B263488C8C18823239BEBA063596FA@HC-MBX02.herefordshire.gov.uk> <49C35419.9030801@ecs.soton.ac.uk> Message-ID: He means "Virus Scanners = clamd". But read the wiki page. You need to ensure you have the right path to clamd, and that your freshclam update settings in freshclam.conf will tell clamd correctly so that it auto-restarts itself to load its new databases of signatures, in clamd.conf. On 19/3/09 11:00, Randal, Phil wrote: > Clamdscan's the way to go. > > Check the list archivces and the MailScanner wiki: > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd&s=clamdscan > > Cheers, > > Phil > > > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gregory Machin > Sent: 19 March 2009 10:45 > To: MailScanner discussion > Subject: RE: mailscanner-mrtg giving low virus results with new install > > Thanks to all for the help. > I checked with MailScanner -Lint and found a number of issues one of the being clamscans location. > > I'm using the original configs after running the update on them. So I don't see any reason for the detection of spam being different mmm but will need to review and see what new settings etc there are that we can use .. This is the first time Im working with MailScnner. > > What are the pros and cons of the different ways of scanning for viruses clamscan / clamd / perl clam module ? > > Thanks > Greg > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 19 March 2009 11:31 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: mailscanner-mrtg giving low virus results with new install > > Rick Chadderdon wrote on Thu, 19 Mar 2009 04:16:14 -0400: > > >> Is it possible that your new setup uses RBLs at the MTA and the old >> one did not? Or /any/ method of dropping messages at the MTA? >> > This is indeed the most likely cause. If you disallow dynamic IP ranges, wrong HELOs, machines without PTR etc. your incoming virus rate drops to nearly zero. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.0.238 / Virus Database: 270.11.19/2010 - Release Date: 03/18/09 20:27:00 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pippo at olidata.eu Fri Mar 20 09:06:09 2009 From: pippo at olidata.eu (pippo@olidata.eu) Date: Fri Mar 20 09:06:29 2009 Subject: Creating a "global" whitelist Message-ID: <3447A6A75C58AE47BE98418A69A6EE71434C49@POSTA.olidata.it> Hi, I use MailScanner since 6 monthes ago, and now I'm starting managing whitelists. Normally, what I need to do is let messages coming from a particular user pass untouched regardless the type of potential threat. I found out that, to achieve these, I need to modify 4 different rules: content.scanning.rules.conf (defined as 'Dangerous Content Scanning' ruleset) spam.whitelist.rules (defined as 'Is Definitely Not Spam' ruleset) filename.rules (defined as 'Filename rules' ruleset) filetype.rules (defined as 'Filetype rules' ruleset) Just for reference the last 2 are defined as explained in MailWatch FAQ "Why are messages quarantined again when I release them in MailWatch?" (I don't use MailWatch, but this works anyway for whitelists). Adding the address to whitelist to all the above 4 files works fine, but it's a boring taks, expecially if, like me, you have 4 MailScanner servers in parallel (total of 16 files to modify). So I've 2 (or 3) questions: Is it possible to define a unique file with a list of addresses and then have rulesets reference this file ? Does anyone ever experienced putting ruleset and maybe MailScanner configuration files on a NFS (shared by different MailScanner servers) ? And what about Samba (I mean putting the files on a Windows share) ? Few monthes ago I experienced putting the quarantine on a Samba share and was not working properly, never tryed with configuration files (I fear to create service problems on a production environment). Thanks a lot to everyone. Massimo Piceni. From spamlists at coders.co.uk Fri Mar 20 10:11:45 2009 From: spamlists at coders.co.uk (Matt) Date: Fri Mar 20 11:32:51 2009 Subject: Doh! Message-ID: <49C36BE1.9080107@coders.co.uk> Ok what happens if you run MailScanner with --id flag but not in debug mode? It keeps running looking for the message id even if it has processed it. Doh! Doh! Doh! We monitor the process but of course MailScanner was running. Better start monitoring the queues better. grr. Don't I feel dumb..... From MailScanner at ecs.soton.ac.uk Fri Mar 20 11:51:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 20 11:51:52 2009 Subject: Creating a "global" whitelist In-Reply-To: <3447A6A75C58AE47BE98418A69A6EE71434C49@POSTA.olidata.it> References: <3447A6A75C58AE47BE98418A69A6EE71434C49@POSTA.olidata.it> <49C38344.5050105@ecs.soton.ac.uk> Message-ID: On 20/3/09 09:06, pippo@olidata.eu wrote: > Hi, > > I use MailScanner since 6 monthes ago, and now I'm starting managing > whitelists. Normally, what I need to do is let messages coming from a > particular user pass untouched regardless the type of potential threat. > I found out that, to achieve these, I need to modify 4 different rules: > Why not just set a ruleset for "Scan Messages"? Then you only need to alter one place. > > content.scanning.rules.conf (defined as 'Dangerous Content Scanning' > ruleset) > spam.whitelist.rules (defined as 'Is Definitely Not Spam' ruleset) > filename.rules (defined as 'Filename rules' ruleset) > filetype.rules (defined as 'Filetype rules' ruleset) > > Just for reference the last 2 are defined as explained in MailWatch FAQ > "Why are messages quarantined again when I release them in MailWatch?" > (I don't use MailWatch, but this works anyway for whitelists). > > Adding the address to whitelist to all the above 4 files works fine, but > it's a boring taks, expecially if, like me, you have 4 MailScanner > servers in parallel (total of 16 files to modify). So I've 2 (or 3) > questions: > Is it possible to define a unique file with a list of addresses and then > have rulesets reference this file ? > Yes. In a ruleset, instead of putting in the address to match, put the full path to the file of the address list (or list of address patterns and so on) and it will apply the same rule to all the address patterns contained in that file. > Does anyone ever experienced putting ruleset and maybe MailScanner > configuration files on a NFS (shared by different MailScanner servers) ? > Better to use rsync to copy the configuration files around all the machines you need to update. > And what about Samba (I mean putting the files on a Windows share) ? > You could put /etc/MailScanner on a Samba share, no problem. But using rsync to copy the config files to all the machines is a lot easier to setup. > Few monthes ago I experienced putting the quarantine on a Samba share > and was not working properly, Not a good idea. > never tryed with configuration files (I > fear to create service problems on a production environment). > > Thanks a lot to everyone. > > Massimo Piceni. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 20 11:52:15 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 20 11:52:41 2009 Subject: Doh! In-Reply-To: <49C36BE1.9080107@coders.co.uk> References: <49C36BE1.9080107@coders.co.uk> <49C3836F.1080901@ecs.soton.ac.uk> Message-ID: On 20/3/09 10:11, Matt wrote: > Ok > > what happens if you run MailScanner with --id flag but not in debug > mode? It keeps running looking for the message id even if it has > processed it. So don't do it then :-) It's only doing exactly what you told it to. > We monitor the process but of course MailScanner was running. Better > start monitoring the queues better. > > grr. Don't I feel dumb..... > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamlists at coders.co.uk Fri Mar 20 15:13:43 2009 From: spamlists at coders.co.uk (Matt) Date: Fri Mar 20 15:14:47 2009 Subject: Spamassassin cache in mysql - feature request In-Reply-To: References: <49BFB401.706@infernix.net> <000e01c9a713$6102f210$2308d630$@dk> <7d9b3cf20903170824u2d9350cdnc0d86e88618a0ecc@mail.gmail.com> <000f01c9a716$f9581bf0$ec0853d0$@dk> <49C02742.1070306@ecs.soton.ac.uk> Message-ID: <49C3B2A7.6020207@coders.co.uk> Julian Field wrote: > > I would be enormously grateful if someone could do a quick and ugly > hack into the DB connection code to try out MySQL on a shared setup, > before I go to the effort of implementing something to do the job nicely. We ran it for about a month in production about 3 months ago (it was over Christmas) and it seemed to work ok. > > I personally very much doubt that it will be worth doing. You will hit > the maximum hit %-age of the cache pretty fast even with independent > caches on multiple servers, and MySQL over a network is a heck of a > performance hit. We saw about 10% increase in Cache hits - worth it? don't know. The main reason we stopped doing it was because of the following fault with SA https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5998 matt From stef at aoc-uk.com Fri Mar 20 15:31:17 2009 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Mar 20 15:31:33 2009 Subject: OT: Out of office auto-reply advice Message-ID: <200903201531.n2KFVPCv024645@safir.blacknight.ie> Guys, Does anyone have the first clue how I can set up my stupid outlook 2003 (via exchange) to do out of office, whilst excluding this and similar lists from being pestered with them? I've tried putting a rule in where email NOT:TO is replied, however outlook chokes and says that's too complicated a rule! Cheers Stef From ChrisSweeney at osubucks.org Fri Mar 20 15:43:01 2009 From: ChrisSweeney at osubucks.org (Christopher Sweeney) Date: Fri Mar 20 15:43:29 2009 Subject: Out of office auto-reply advice In-Reply-To: <200903201531.n2KFVPCv024645@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> Message-ID: <5485D83E8AEA2A4C93D5AEB1F34445640451B0@IFCINCINNATI01.ifcincinnati.org> Do the opposite of this in exchange :) To turn on out-of-office replies to the Internet, follow these steps: 1. On the Exchange server, start Exchange System Manager. 2. Double-click Global Settings, and then click Internet Message Formats. 3. In the Details pane, right-click a particular domain name, and then click Properties. The default SMTP domain is "*". 4. In the Properties dialog box, click the Advanced tab, and then click to select the Allow out of office responses check box, and then restart the SMTP and Routing Engine services. Note After you do this, the e-mail messages that are sent from users in the Internet domain that were configured in step 3 receive an Out of Office response from the users in the Exchange organization that have enabled Out of Office on their mailboxes. 5. Stop the Simple Mail Transfer Protocol (SMTP) and Microsoft Exchange Routing Engine services, and then restart them. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stef Morrell Sent: Friday, March 20, 2009 11:31 AM To: MailScanner discussion Subject: OT: Out of office auto-reply advice Guys, Does anyone have the first clue how I can set up my stupid outlook 2003 (via exchange) to do out of office, whilst excluding this and similar lists from being pestered with them? I've tried putting a rule in where email NOT:TO is replied, however outlook chokes and says that's too complicated a rule! Cheers Stef -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- avast!/SMTP2000 Antivirus: Inbound message clean. Virus Database (VPS): 3/19/2009 Tested on: 3/20/2009 11:34:31 -0400 avast! - copyright (c) 1988-2009 ALWIL Software. ________________________________ avast! Antivirus : Inbound message clean. Virus Database (VPS): 090319-0, 03/19/2009 Tested on: 3/20/2009 11:34:56 AM avast! - copyright (c) 1988-2009 ALWIL Software. ________________________________ avast! Antivirus : Inbound message clean. Virus Database (VPS): 090319-0, 03/19/2009 Tested on: 3/20/2009 11:35:14 AM avast! - copyright (c) 1988-2009 ALWIL Software. ________________________________ avast! Antivirus : Outbound message clean. Virus Database (VPS): 090319-0, 03/19/2009 Tested on: 3/20/2009 11:43:01 AM avast! - copyright (c) 1988-2009 ALWIL Software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/3c613204/attachment.html From stef at aoc-uk.com Fri Mar 20 15:55:01 2009 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Mar 20 15:55:18 2009 Subject: Out of office auto-reply advice In-Reply-To: References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> Message-ID: <200903201555.n2KFt9s3025291@safir.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Christopher Sweeney > Sent: 20 March 2009 15:43 > Do the opposite of this in exchange :) I see where you're coming from, but it won't work. > Note After you do this, the e-mail messages that are > sent from users in the Internet domain that were configured > in step 3 receive an Out of Office response from the users in Most lists (MailScanner is an exception) show the sender address as the original sender, so I need a rule which works on TO and not FROM. Cheers Stef From mhw at WittsEnd.com Fri Mar 20 16:02:04 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Fri Mar 20 16:02:24 2009 Subject: OT: Out of office auto-reply advice In-Reply-To: <200903201531.n2KFVPCv024645@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> Message-ID: <1237564924.6938.31.camel@canyon.wittsend.com> On Fri, 2009-03-20 at 15:31 +0000, Stef Morrell wrote: > Guys, > Does anyone have the first clue how I can set up my stupid outlook 2003 > (via exchange) to do out of office, whilst excluding this and similar > lists from being pestered with them? > I've tried putting a rule in where email NOT:TO is > replied, however outlook chokes and says that's too complicated a rule! Not sure how to set the LookOut rule for it but the number one rule is to NEVER autoreply to a message with "Precedence: bulk" or "Precedence: list". I believe at one time, Exchange had an internal rule that would even reply to a "Precedence: bulk" but lacked the rule for "Precedence: list". Most list servers set the priority to "list" and had problems. On some mailman lists I run, I changed the code to default to "bulk" instead. That cut way down on the ooo messages. > Cheers > Stef Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/202d376b/attachment.bin From mhw at WittsEnd.com Fri Mar 20 16:04:03 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Fri Mar 20 16:04:21 2009 Subject: Out of office auto-reply advice In-Reply-To: <200903201555.n2KFt9s3025291@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <200903201555.n2KFt9s3025291@safir.blacknight.ie> Message-ID: <1237565043.6938.34.camel@canyon.wittsend.com> On Fri, 2009-03-20 at 15:55 +0000, Stef Morrell wrote: > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Christopher Sweeney > > Sent: 20 March 2009 15:43 > > > Do the opposite of this in exchange :) > > I see where you're coming from, but it won't work. > > > Note After you do this, the e-mail messages that are > > sent from users in the Internet domain that were configured > > in step 3 receive an Out of Office response from the users in > Most lists (MailScanner is an exception) show the sender address as the > original sender, so I need a rule which works on TO and not FROM. In Outlook, display all headers and you'll see that this list has a "Precedence: list" header. Key off that if you can. > Cheers > Stef Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/59d97223/attachment.bin From ChrisSweeney at osubucks.org Fri Mar 20 16:09:37 2009 From: ChrisSweeney at osubucks.org (Christopher Sweeney) Date: Fri Mar 20 16:10:02 2009 Subject: Out of office auto-reply advice In-Reply-To: <200903201555.n2KFt9s3025291@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <200903201555.n2KFt9s3025291@safir.blacknight.ie> Message-ID: <5485D83E8AEA2A4C93D5AEB1F34445640451B1@IFCINCINNATI01.ifcincinnati.org> > Do the opposite of this in exchange :) I see where you're coming from, but it won't work. > Note After you do this, the e-mail messages that are > sent from users in the Internet domain that were configured > in step 3 receive an Out of Office response from the users in Most lists (MailScanner is an exception) show the sender address as the original sender, so I need a rule which works on TO and not FROM. What does that have to do with it? If you are using Exchange and Outlook your Out of Office reply is sent from Exchange not Outlook itself. So if you tell exchange to not send a reply to a SMTP receipent then it will not be sent out to the internet. Chris ________________________________ avast! Antivirus : Outbound message clean. Virus Database (VPS): 090319-0, 03/19/2009 Tested on: 3/20/2009 12:09:37 PM avast! - copyright (c) 1988-2009 ALWIL Software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/e7d9abaa/attachment.html From stef at aoc-uk.com Fri Mar 20 16:28:37 2009 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Mar 20 16:28:51 2009 Subject: OT: Out of office auto-reply advice In-Reply-To: References: <200903201531.n2KFVPCv024645@safir.blacknight.ie><200903201555.n2KFt9s3025291@safir.blacknight.ie> Message-ID: <200903201628.n2KGSijR027080@safir.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Christopher Sweeney > > Note After you do this, the e-mail messages that are > sent from > > users in the Internet domain that were configured in step 3 > receive an > > Out of Office response from the users in > > Most lists (MailScanner is an exception) show the sender > address as the original sender, so I need a rule which works > on TO and not FROM. > > What does that have to do with it? If you are using Exchange > and Outlook your Out of Office reply is sent from Exchange > not Outlook itself. So if you tell exchange to not send a > reply to a SMTP receipent then it will not be sent out to the > internet. If auto-replies will NOT be sent to users in the Internet domain configured in step 3 AND the list gives the original sender Then I would need to make a list of all domains of all list members, as the email will appear to be sent from that user, not from a list. for MailScanner this is easy as the only 'user' who sends is mailscanner-bounces@lists.mailscanner.info spamassassin list on the other hand, shows the original email address as the 'user' in this context. The auto-reply will happily (and stupidly) send replies to all these individuals, even whilst not sending to the list. Stef From ChrisSweeney at osubucks.org Fri Mar 20 16:35:32 2009 From: ChrisSweeney at osubucks.org (Christopher Sweeney) Date: Fri Mar 20 16:35:59 2009 Subject: OT: Out of office auto-reply advice In-Reply-To: <200903201628.n2KGSijR027080@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie><200903201555.n2KFt9s3025291@safir.blacknight.ie> <200903201628.n2KGSijR027080@safir.blacknight.ie> Message-ID: <5485D83E8AEA2A4C93D5AEB1F34445640451B2@IFCINCINNATI01.ifcincinnati.org> If auto-replies will NOT be sent to users in the Internet domain configured in step 3 Oh I see now I think with where the disconnect is here. In reference to the instructions the internet domain they are refering to is your internal domain. Since outlook can handle multiple domains with multiple rules or a defult configuration for all domains. So for example I have a default in my exchange and several others for other domains I host. Think of it as rules for each domain. ________________________________ avast! Antivirus : Outbound message clean. Virus Database (VPS): 090319-0, 03/19/2009 Tested on: 3/20/2009 12:35:32 PM avast! - copyright (c) 1988-2009 ALWIL Software. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/bed097af/attachment.html From ron.dodson at lmco.com Fri Mar 20 18:34:56 2009 From: ron.dodson at lmco.com (Dodson, Ron) Date: Fri Mar 20 18:35:20 2009 Subject: MailScanner process stop doing anything? Message-ID: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> Running MailScanner 4.31.6 on Solaris 9, Sun v440 with 4 processors. It seems like the MailScanner process just stop doing anything after a few minutes. They're still running, but no messages are moving from in queue to out. I'm doing only virus scanning, no spam assassin or anything else. I have a lyris mailing list server sending large blasts of mail to my MailScanner server, in addition to it handling normal incoming and outgoing mail. It's configured not to scan anything coming from the Lyris server. Running 10 children, mailscanner work directory on tmpfs. At the moment I have over 60,000 messages in the in queue, I've been manually re-starting mailscanner every 10 minutes or so. Whenever I restart, it does 3 or 4 batches and then seems to stop doing anything again. Meanwhile the in queue grows ever larger. Ron Dodson Sr. Network Engineer Lockheed Martin Business Process Services 301-519-6502 ron.dodson@lmco.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/96aede64/attachment.html From Denis.Beauchemin at USherbrooke.ca Fri Mar 20 18:57:02 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Mar 20 18:57:14 2009 Subject: MailScanner process stop doing anything? In-Reply-To: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> References: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> Message-ID: <49C3E6FE.9070908@USherbrooke.ca> Dodson, Ron a ?crit : > > Running MailScanner 4.31.6 on Solaris 9, Sun v440 with 4 processors. > It seems like the MailScanner process just stop doing anything after a > few minutes. They?re still running, but no messages are moving from in > queue to out. > > I?m doing only virus scanning, no spam assassin or anything else. I > have a lyris mailing list server sending large blasts of mail to my > MailScanner server, in addition to it handling normal incoming and > outgoing mail. It?s configured not to scan anything coming from the > Lyris server. Running 10 children, mailscanner work directory on tmpfs. > > At the moment I have over 60,000 messages in the in queue, I?ve been > manually re-starting mailscanner every 10 minutes or so. Whenever I > restart, it does 3 or 4 batches and then seems to stop doing anything > again. Meanwhile the in queue grows ever larger. > > Ron Dodson > > Sr. Network Engineer > > Lockheed Martin > > Business Process Services > > 301-519-6502 > > ron.dodson@lmco.com > Ron, You version of MS is so old that it probably does not have this feature: # If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only". Max Normal Queue Size = 800 This would really help your server process those emails faster. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ssilva at sgvwater.com Fri Mar 20 21:44:33 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 20 21:44:55 2009 Subject: Creating a "global" whitelist In-Reply-To: <3447A6A75C58AE47BE98418A69A6EE71434C49@POSTA.olidata.it> References: <3447A6A75C58AE47BE98418A69A6EE71434C49@POSTA.olidata.it> Message-ID: on 3-20-2009 2:06 AM pippo@olidata.eu spake the following: > Hi, > > I use MailScanner since 6 monthes ago, and now I'm starting managing > whitelists. Normally, what I need to do is let messages coming from a > particular user pass untouched regardless the type of potential threat. > I found out that, to achieve these, I need to modify 4 different rules: > > content.scanning.rules.conf (defined as 'Dangerous Content Scanning' > ruleset) > spam.whitelist.rules (defined as 'Is Definitely Not Spam' ruleset) > filename.rules (defined as 'Filename rules' ruleset) > filetype.rules (defined as 'Filetype rules' ruleset) > > Just for reference the last 2 are defined as explained in MailWatch FAQ > "Why are messages quarantined again when I release them in MailWatch?" > (I don't use MailWatch, but this works anyway for whitelists). > > Adding the address to whitelist to all the above 4 files works fine, but > it's a boring taks, expecially if, like me, you have 4 MailScanner > servers in parallel (total of 16 files to modify). So I've 2 (or 3) > questions: > Is it possible to define a unique file with a list of addresses and then > have rulesets reference this file ? > Does anyone ever experienced putting ruleset and maybe MailScanner > configuration files on a NFS (shared by different MailScanner servers) ? > And what about Samba (I mean putting the files on a Windows share) ? > Few monthes ago I experienced putting the quarantine on a Samba share > and was not working properly, never tryed with configuration files (I > fear to create service problems on a production environment). > > Thanks a lot to everyone. > > Massimo Piceni. It isn't easy because it is a very unsafe practice to get into. I don't whitelist users in this manner, I only will quarantine everything and release it after I can be sure it isn't a destructive attachment. If you have high level people asking you to let this stuff through, just let them know that one bad attachment will damage the entire network, not just one machine. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090320/8a1f3704/signature.bin From MailScanner at ecs.soton.ac.uk Sat Mar 21 00:53:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 21 00:53:48 2009 Subject: MailScanner process stop doing anything? In-Reply-To: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> References: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> <49C43A88.9090201@ecs.soton.ac.uk> Message-ID: I published that version around the start of June 2004. That makes your version nearly 5 years old. Sorry, but there is no feasible way for me to support a version quite *that* old. Someone else may have a few ideas of things you could look at, but I can't help you, a few bugs have been ironed out since then :-) It sounds as if you have a rogue message in your queue that is hanging up MailScanner. More than that, I can't guess. Sorry. Jules. On 3/20/09 6:34 PM, Dodson, Ron wrote: > > Running MailScanner 4.31.6 on Solaris 9, Sun v440 with 4 processors. > It seems like the MailScanner process just stop doing anything after a > few minutes. They?re still running, but no messages are moving from in > queue to out. > > I?m doing only virus scanning, no spam assassin or anything else. I > have a lyris mailing list server sending large blasts of mail to my > MailScanner server, in addition to it handling normal incoming and > outgoing mail. It?s configured not to scan anything coming from the > Lyris server. Running 10 children, mailscanner work directory on tmpfs. > > At the moment I have over 60,000 messages in the in queue, I?ve been > manually re-starting mailscanner every 10 minutes or so. Whenever I > restart, it does 3 or 4 batches and then seems to stop doing anything > again. Meanwhile the in queue grows ever larger. > > Ron Dodson > > Sr. Network Engineer > > Lockheed Martin > > Business Process Services > > 301-519-6502 > > ron.dodson@lmco.com > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Sat Mar 21 01:31:08 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 21 01:31:17 2009 Subject: MailScanner process stop doing anything? In-Reply-To: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> References: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> Message-ID: <625385e30903201831g65504f78t7a3b9747a3e64d0c@mail.gmail.com> On Fri, Mar 20, 2009 at 7:34 PM, Dodson, Ron wrote: > Running MailScanner 4.31.6 on Solaris 9, Sun v440 with 4 processors.? It > seems like the MailScanner process just stop doing anything after a few > minutes.? They?re still running, but no messages are moving from in queue to > out. As others have mentioned your version is really old. To easily get up to date you can use the packages from OpenCSW, we have current versions of MailScanner, ClamAV and SpamAssassin. http://www.opencsw.org/packages You can install all of the above including all needed dependencies with a single command: # pkgutil --install mailscanner spamassassin clamav -- /peter From paul.hutchings at mira.co.uk Sat Mar 21 10:25:40 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Mar 21 10:25:53 2009 Subject: OT: Out of office auto-reply advice In-Reply-To: <1237564924.6938.31.camel@canyon.wittsend.com> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <1237564924.6938.31.camel@canyon.wittsend.com> Message-ID: I don't think any Outlook rule will help as, AFAIK, there simply isn't an option with Out Of Office to specify who/what it replies to, though I believe it will respect certain flags such as bulk/list/junk precedence and not reply. If you enable rules to send to the internet (on the Exchange server) you can be a bit more granular, but you have to be careful with rules because you can get mail loops and the likes because they aren't "smart" enough to only reply once. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From gmachin at techconcepts.co.za Sat Mar 21 14:16:31 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Sat Mar 21 14:18:58 2009 Subject: Clamd error in -Lint run out of ideas .... Please help Message-ID: Hi I'm getting the following error when I run MailScanner -Lint Found these virus scanners installed: clamavmodule, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /mnt/ramdisk/MailScanner/incoming/7041 Virus Scanning: Clamd found 1 infections Virus Scanning: Found 1 viruses =========================================================================== Google has not turned up anything that work . please could someone advise me as how to resolve. Using : install-Clam-0.94.2-SA-3.2.5 MailScanner-4.74.16-1.rpm.tar.gz on Fedora core 10 x86_64 Regards Gregory Machin Email: gmachin@techconcepts.co.za Cell: +27 (0) 72 524 5098 gtalk: gmachin.techconcepts@gmail.com Support helpdesk@techconcepts.co.za Tell: +27 (0) 11 803 2169 Fax: +27 (0) 11 803 2189 After Hours Cell: +27 (0) 82 790 0796 From MailScanner at ecs.soton.ac.uk Sat Mar 21 15:04:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 21 15:05:01 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk> Message-ID: On 21/3/09 14:16, Gregory Machin wrote: > Hi > I'm getting the following error when I run MailScanner -Lint > > > Found these virus scanners installed: clamavmodule, clamd > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /mnt/ramdisk/MailScanner/incoming/7041 > For starters why are you using /mnt/ramdisk? You can just leave it at /var/spool/MailScanner/incoming and mount that directory with tmpfs, not a fixed ramdisk or anything nasty like that. I suspect that's at least part of the source of your trouble. > Virus Scanning: Clamd found 1 infections > Virus Scanning: Found 1 viruses > =========================================================================== > > > Google has not turned up anything that work . please could someone advise me as how to resolve. > > > Using : > install-Clam-0.94.2-SA-3.2.5 > MailScanner-4.74.16-1.rpm.tar.gz > on > Fedora core 10 x86_64 > > > > > Regards > Gregory Machin > Email: gmachin@techconcepts.co.za > Cell: +27 (0) 72 524 5098 > gtalk: gmachin.techconcepts@gmail.com > Support > helpdesk@techconcepts.co.za > Tell: +27 (0) 11 803 2169 > Fax: +27 (0) 11 803 2189 > After Hours > Cell: +27 (0) 82 790 0796 > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mhw at WittsEnd.com Sat Mar 21 16:38:53 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Sat Mar 21 16:39:13 2009 Subject: OT: Out of office auto-reply advice In-Reply-To: References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <1237564924.6938.31.camel@canyon.wittsend.com> Message-ID: <1237653533.5835.50.camel@canyon.wittsend.com> On Sat, 2009-03-21 at 10:25 +0000, Paul Hutchings wrote: > I don't think any Outlook rule will help as, AFAIK, there simply isn't > an option with Out Of Office to specify who/what it replies to, though I > believe it will respect certain flags such as bulk/list/junk precedence > and not reply. > If you enable rules to send to the internet (on the Exchange server) you > can be a bit more granular, but you have to be careful with rules > because you can get mail loops and the likes because they aren't "smart" > enough to only reply once. That's part of what Precedence is used for. It's actually written up in a BCP (Best Common Practice) somewhere. * Never reply to a message with precedence less that 0 (they have numerical values although most systems use string matches). * Autoreplies must set a precedence less that 0 (typically Precedence: bulk). AFAIK, Exchange does this. * Never reply to a DSN. * Never reply to a reply (which is actually redundant if the first two rules are applied properly). I think there were a few more. I don't have the BCP handy. > -- > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090321/3e6b66ed/attachment.bin From gmachin at techconcepts.co.za Sat Mar 21 20:01:01 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Sat Mar 21 20:03:27 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk>, Message-ID: ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] Sent: Saturday, March 21, 2009 5:04 PM To: MailScanner discussion Subject: Re: Clamd error in -Lint run out of ideas .... Please help On 21/3/09 14:16, Gregory Machin wrote: > Hi > I'm getting the following error when I run MailScanner -Lint > > > Found these virus scanners installed: clamavmodule, clamd > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /mnt/ramdisk/MailScanner/incoming/7041 > For starters why are you using /mnt/ramdisk? You can just leave it at /var/spool/MailScanner/incoming and mount that directory with tmpfs, not a fixed ramdisk or anything nasty like that. I suspect that's at least part of the source of your trouble. It's my predecessor's design. Ad it was due to disk IO issues. The machines are just desktop pc's. Not my choice . I have no say in the hardware we use. So I'm sticking with the design for now. I dont see why the location should be the issue. It is configurable in the MailScanner.conf file. I have checked the permission etc and can't see any reason for the error. > Virus Scanning: Clamd found 1 infections > Virus Scanning: Found 1 viruses > =========================================================================== > > > Google has not turned up anything that work . please could someone advise me as how to resolve. > > > Using : > install-Clam-0.94.2-SA-3.2.5 > MailScanner-4.74.16-1.rpm.tar.gz > on > Fedora core 10 x86_64 > > > > > Regards > Gregory Machin > Email: gmachin@techconcepts.co.za > Cell: +27 (0) 72 524 5098 > gtalk: gmachin.techconcepts@gmail.com > Support > helpdesk@techconcepts.co.za > Tell: +27 (0) 11 803 2169 > Fax: +27 (0) 11 803 2189 > After Hours > Cell: +27 (0) 82 790 0796 > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Sat Mar 21 21:07:45 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 21 21:08:10 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk> Message-ID: <625385e30903211407s69fcd003lbf86fe4fe9a4e824@mail.gmail.com> On Sat, Mar 21, 2009 at 9:01 PM, Gregory Machin wrote: > I have checked the permission etc and can't see any reason for the error. Can you create a file in the path shown as the user clamd is running as? -- /peter From ssilva at sgvwater.com Sun Mar 22 00:11:59 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Mar 22 00:12:19 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk>, Message-ID: on 3-21-2009 1:01 PM Gregory Machin spake the following: > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] > Sent: Saturday, March 21, 2009 5:04 PM > To: MailScanner discussion > Subject: Re: Clamd error in -Lint run out of ideas .... Please help > > On 21/3/09 14:16, Gregory Machin wrote: >> Hi >> I'm getting the following error when I run MailScanner -Lint >> >> >> Found these virus scanners installed: clamavmodule, clamd >> =========================================================================== >> Filename Checks: Windows/DOS Executable (1 eicar.com) >> Other Checks: Found 1 problems >> Virus and Content Scanning: Starting >> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /mnt/ramdisk/MailScanner/incoming/7041 >> > For starters why are you using /mnt/ramdisk? You can just leave it at > /var/spool/MailScanner/incoming and mount that directory with tmpfs, not > a fixed ramdisk or anything nasty like that. > I suspect that's at least part of the source of your trouble. > > > It's my predecessor's design. Ad it was due to disk IO issues. The machines are just desktop pc's. Not my choice . I have no say in the hardware we use. So I'm sticking with the design for now. > > I dont see why the location should be the issue. It is configurable in the MailScanner.conf file. > > I have checked the permission etc and can't see any reason for the error. > > >> Virus Scanning: Clamd found 1 infections >> Virus Scanning: Found 1 viruses >> =========================================================================== >> >> >> Google has not turned up anything that work . please could someone advise me as how to resolve. >> >> The creator of the software gave you something to look at, and you basically told him he was wrong. Are you sure you really want help? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090321/6585c9d7/signature.bin From alex at rtpty.com Sun Mar 22 01:01:09 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sun Mar 22 01:01:32 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk>, Message-ID: I've encountered this problem before. The solution usually involves changing the user's perspective on basic problem solving - something you usually take for granted, but which seems to be becoming harder to find in IT professionals these days. The one I encounter more often is the "correlation does not equal causation" dilemma. Socratic thinking (making sure of what you know and, most importantly, what you don't know) is also something that has to be drilled into more and more IT professionals these days. I find myself spending 90% of the time I use to explain a problem and its solution is used to explain how the wrong way of thinking makes it difficult to diagnose the problem in the first place, and at the same time makes it difficult to fix the problem because the user keeps insisting on putting the cart before the horse or some other logically fallacious point of view. The remaining 10% is the actual problem. On Mar 21, 2009, at 7:11 PM, Scott Silva wrote: > The creator of the software gave you something to look at, and you > basically > told him he was wrong. Are you sure you really want help? From root at doctor.nl2k.ab.ca Sun Mar 22 14:25:04 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 22 14:30:58 2009 Subject: perl 5.10.0 thread lockup Message-ID: <20090322142504.GA14693@doctor.nl2k.ab.ca> I managed to compile perl 5.10.0 threded on my system When I run sh /.install.sh --perl=/usr/bin/bin the io.multihomed threaded test goes into an infinte loop. Has this happened to anyone else? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmachin at techconcepts.co.za Sun Mar 22 15:04:24 2009 From: gmachin at techconcepts.co.za (Gregory Machin) Date: Sun Mar 22 15:08:08 2009 Subject: Clamd error in -Lint run out of ideas .... Please help In-Reply-To: References: <49C50208.5040307@ecs.soton.ac.uk>, , Message-ID: Thanks for the English lesson. ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans [alex@rtpty.com] Sent: Sunday, March 22, 2009 3:01 AM To: MailScanner discussion Subject: Re: Clamd error in -Lint run out of ideas .... Please help I've encountered this problem before. The solution usually involves changing the user's perspective on basic problem solving - something you usually take for granted, but which seems to be becoming harder to find in IT professionals these days. The one I encounter more often is the "correlation does not equal causation" dilemma. Socratic thinking (making sure of what you know and, most importantly, what you don't know) is also something that has to be drilled into more and more IT professionals these days. I find myself spending 90% of the time I use to explain a problem and its solution is used to explain how the wrong way of thinking makes it difficult to diagnose the problem in the first place, and at the same time makes it difficult to fix the problem because the user keeps insisting on putting the cart before the horse or some other logically fallacious point of view. The remaining 10% is the actual problem. On Mar 21, 2009, at 7:11 PM, Scott Silva wrote: > The creator of the software gave you something to look at, and you > basically > told him he was wrong. Are you sure you really want help? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maxsec at gmail.com Mon Mar 23 09:25:53 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Mar 23 09:26:01 2009 Subject: Virus bulleting getting into anti-spam Message-ID: <72cf361e0903230225g6550f0fdg51d7a94ac3fe0763@mail.gmail.com> All looks like VB are moving into the anti-spam arena too. http://www.virusbtn.com/vbspam/trialresults.xml Interesting spamassassin only scored 70%. I wonder if this was a completely untuned out-of-the box setup as the results seem very low. If anyone's got a subscription to VB would be interesting to hear how they setup the systems, esp spamassassin -- Martin Hepworth Oxford, UK From t.d.lee at durham.ac.uk Mon Mar 23 09:35:27 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon Mar 23 09:35:55 2009 Subject: MailScanner process stop doing anything? In-Reply-To: References: <483C1FAF8342A349B7C58206AB030FBF2228431C@emss09m02.us.lmco.com> <49C43A88.9090201@ecs.soton.ac.uk> Message-ID: (Top-posting on Julian's t-p'd reply.) Further, if that is the case (a rogue message in your queue hanging MailScanner) then I would suggest that your upgrade be into the current beta stream, 4.75.7-1 or higher, which has new general-purpose code to handle some of the problems in this area. On Sat, 21 Mar 2009, Julian Field wrote: > I published that version around the start of June 2004. > That makes your version nearly 5 years old. > Sorry, but there is no feasible way for me to support a version quite *that* > old. > > Someone else may have a few ideas of things you could look at, but I can't > help you, a few bugs have been ironed out since then :-) > > It sounds as if you have a rogue message in your queue that is hanging up > MailScanner. More than that, I can't guess. > > Sorry. > > Jules. > > On 3/20/09 6:34 PM, Dodson, Ron wrote: >> >> Running MailScanner 4.31.6 on Solaris 9, Sun v440 with 4 processors. It >> seems like the MailScanner process just stop doing anything after a few >> minutes. They?re still running, but no messages are moving from in queue to >> out. >> >> I?m doing only virus scanning, no spam assassin or anything else. I have a >> lyris mailing list server sending large blasts of mail to my MailScanner >> server, in addition to it handling normal incoming and outgoing mail. It?s >> configured not to scan anything coming from the Lyris server. Running 10 >> children, mailscanner work directory on tmpfs. >> >> At the moment I have over 60,000 messages in the in queue, I?ve been >> manually re-starting mailscanner every 10 minutes or so. Whenever I >> restart, it does 3 or 4 batches and then seems to stop doing anything >> again. Meanwhile the in queue grows ever larger. >> >> Ron Dodson >> >> Sr. Network Engineer >> >> Lockheed Martin >> >> Business Process Services >> >> 301-519-6502 >> >> ron.dodson@lmco.com >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From ms-list at alexb.ch Mon Mar 23 09:39:21 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 23 09:39:30 2009 Subject: Virus bulleting getting into anti-spam In-Reply-To: <72cf361e0903230225g6550f0fdg51d7a94ac3fe0763@mail.gmail.com> References: <72cf361e0903230225g6550f0fdg51d7a94ac3fe0763@mail.gmail.com> Message-ID: <49C758C9.2070508@alexb.ch> On 3/23/2009 10:25 AM, Martin Hepworth wrote: > All > > looks like VB are moving into the anti-spam arena too. > > http://www.virusbtn.com/vbspam/trialresults.xml > > Interesting spamassassin only scored 70%. I wonder if this was a > completely untuned out-of-the box setup as the results seem very low. > > If anyone's got a subscription to VB would be interesting to hear how > they setup the systems, esp spamassassin > "The test was run during a period of 11 days in March 2009. During this period, the filters saw a total of 20,764 emails," HAHAHAH.. 20k mails to judge a product.... that's a couple of hours of flow on any halfway busy system. probably no Razor, DCC, Pyzor, nor any extra goodies most ppl use. From ywang at lfm-agile.com.hk Mon Mar 23 10:31:34 2009 From: ywang at lfm-agile.com.hk (Yang Wang) Date: Mon Mar 23 10:30:40 2009 Subject: how long filename of attachment? Message-ID: <016901c9aba2$8a4d6770$4201010a@ruochenpc> Dear All, Our mail server display below information,recipient can't receive attachment,how to resolve it or magnify this limit? Thanks! MailScanner: Very long filename possible OE attack (???????????????????????????????????????.xls) BR -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090323/9a42c5b3/attachment.html From mikael at syska.dk Mon Mar 23 11:25:24 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon Mar 23 11:25:33 2009 Subject: how long filename of attachment? In-Reply-To: <016901c9aba2$8a4d6770$4201010a@ruochenpc> References: <016901c9aba2$8a4d6770$4201010a@ruochenpc> Message-ID: <6beca9db0903230425g23118955kc2a38cf8234ba951@mail.gmail.com> Hi, Look in the rules file ... think its in: installdir/rules/Filename.Rules mvh On Mon, Mar 23, 2009 at 11:31 AM, Yang Wang wrote: > Dear All, > > ???Our mail server display below information,recipient can't receive > attachment,how to resolve it or magnify this limit? Thanks! > > MailScanner: Very long filename > possible OE attack (???????????????????????????????????????.xls) > > > > BR > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Mon Mar 23 11:29:23 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 23 11:29:43 2009 Subject: how long filename of attachment? In-Reply-To: <016901c9aba2$8a4d6770$4201010a@ruochenpc> References: <016901c9aba2$8a4d6770$4201010a@ruochenpc> <49C77293.7050108@ecs.soton.ac.uk> Message-ID: Look in filename.rules.conf. On 23/3/09 10:31, Yang Wang wrote: > Dear All, > Our mail server display below information,recipient can't receive > attachment,how to resolve it or magnify this limit? Thanks! > MailScanner: Very long filename > possible OE attack (???????????????????????????????????????.xls) > BR > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From linux at tuxalafenetre.net Mon Mar 23 13:02:15 2009 From: linux at tuxalafenetre.net (=?iso-8859-1?q?K=E9vin_COUSIN?=) Date: Mon Mar 23 13:02:51 2009 Subject: Per-User spam learning Message-ID: <200903231402.16315.linux@tuxalafenetre.net> Hello List, I have some troubles to train SpamAssassin : I created a crontab on my users : sa-learn --spam --dir --progress ~/Maildir/.Junk/{cur,new} >/dev/null 2>/dev/null. This command run succesfully and a .spamassassin directory is created in my user's homes, but it don't seem any effect on SpamAssassin tagging and scoring. How can I tell to spamassassin where the bayes db is? Must I add a configuration in my MailScanner.conf? Where can I check if SpamAssassin load my rules? Regards ---- COUSIN Kevin Linux Administrator Global Service Provider 75017 PARIS FRANCE From maxsec at gmail.com Mon Mar 23 13:19:14 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Mar 23 13:19:23 2009 Subject: Per-User spam learning In-Reply-To: <200903231402.16315.linux@tuxalafenetre.net> References: <200903231402.16315.linux@tuxalafenetre.net> Message-ID: <72cf361e0903230619x6fcb47b1ob7d7c5903acdde56@mail.gmail.com> 2009/3/23 K?vin COUSIN : > Hello List, > > ? ? ? ?I have some troubles to train SpamAssassin : > > ? ? ? ?I created a crontab on my users : > sa-learn --spam --dir --progress ~/Maildir/.Junk/{cur,new} >/dev/null > 2>/dev/null. > > This command run succesfully and a .spamassassin directory is created in my > user's homes, but it don't seem any effect on SpamAssassin tagging and scoring. > > How can I tell to spamassassin where the bayes db is? Must I add a > configuration in my MailScanner.conf? Where can I check if SpamAssassin load my > rules? > > Regards > > ---- > COUSIN Kevin > Linux Administrator > > Global Service Provider > 75017 PARIS > FRANCE > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Hi you need to set the bayes_dir in /etc/mail/spamassassin/mailscanner.cf make sure the bayes_dir is write-able and read-able by the user mailscanner runs as. This is a site-wide setting not a per user. bayes will only take effect once you have 'learnt' 200 spam and 200 non-spam(ham) into the bayes database. -- Martin Hepworth Oxford, UK From maillists at conactive.com Mon Mar 23 13:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 23 13:31:30 2009 Subject: Out of office auto-reply advice In-Reply-To: <200903201555.n2KFt9s3025291@safir.blacknight.ie> References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <200903201555.n2KFt9s3025291@safir.blacknight.ie> Message-ID: Stef Morrell wrote on Fri, 20 Mar 2009 15:55:01 -0000: > Most lists (MailScanner is an exception) show the sender address as the > original sender, so I need a rule which works on TO and not FROM. Generic advice: You have to set up two email addresses or two users. One of them is used for mailing list subscriptions and the other is used for OoO replies. Do not *ever* subscribe with an email address to a mailing list that you may use some day for auto-replies. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From linux at tuxalafenetre.net Mon Mar 23 14:08:59 2009 From: linux at tuxalafenetre.net (=?iso-8859-1?q?K=E9vin_COUSIN?=) Date: Mon Mar 23 14:09:16 2009 Subject: Per-User spam learning In-Reply-To: <72cf361e0903230619x6fcb47b1ob7d7c5903acdde56@mail.gmail.com> References: <200903231402.16315.linux@tuxalafenetre.net> <72cf361e0903230619x6fcb47b1ob7d7c5903acdde56@mail.gmail.com> Message-ID: <200903231508.59386.linux@tuxalafenetre.net> Le lundi 23 mars 2009 14:19:14, Martin Hepworth a ?crit : > 2009/3/23 K?vin COUSIN : > > Hello List, > > > > I have some troubles to train SpamAssassin : > > > > I created a crontab on my users : > > sa-learn --spam --dir --progress ~/Maildir/.Junk/{cur,new} >/dev/null > > 2>/dev/null. > > > > This command run succesfully and a .spamassassin directory is created in > > my user's homes, but it don't seem any effect on SpamAssassin tagging and > > scoring. > > > > How can I tell to spamassassin where the bayes db is? Must I add a > > configuration in my MailScanner.conf? Where can I check if SpamAssassin > > load my rules? > > > > Regards > > > > ---- > > COUSIN Kevin > > Linux Administrator > > > > Global Service Provider > > 75017 PARIS > > FRANCE > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > Hi > > you need to set the bayes_dir in /etc/mail/spamassassin/mailscanner.cf > > make sure the bayes_dir is write-able and read-able by the user > mailscanner runs as. > > This is a site-wide setting not a per user. > > bayes will only take effect once you have 'learnt' 200 spam and 200 > non-spam(ham) into the bayes database. > > -- > Martin Hepworth > Oxford, UK Hi, Ok, I set my bayes_path : bayes_path /etc/MailScanner/bayes/, with owner and group postfix. if I want to use a crontab, I need to set it in the postfix user? Or there is an sa-learn option to use another bayes DB? -- Regards ---- COUSIN Kevin Linux Administrator Global Service Provider 75017 PARIS FRANCE From campbell at cnpapers.com Mon Mar 23 16:00:45 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Mar 23 16:01:10 2009 Subject: OT - what does nmsgs tell me? Message-ID: <49C7B22D.7060504@cnpapers.com> I've googled, but can't find exactly what the nmsgs part of a log entry in my maillog is telling me. For example, see below: Mar 22 13:21:10 mailserver ipop3d[17789]: Login user=mailuser host=fwx128.cnpap ers.net [216.12.119.190] nmsgs=11/21 I don't understand what the "11/21" means. I thought it meant 11 of 21 messages were deleted, which meant 10 remained on the server, but that doesn't make sense to me. Any answer would be appreciated. Steve Campbell From joost at waversveld.nl Mon Mar 23 16:21:52 2009 From: joost at waversveld.nl (Joost Waversveld) Date: Mon Mar 23 16:22:51 2009 Subject: OT - what does nmsgs tell me? In-Reply-To: <49C7B22D.7060504@cnpapers.com> References: <49C7B22D.7060504@cnpapers.com> Message-ID: <49C7B720.2010605@waversveld.nl> Just an wild guess but doesn't it mean "new messages"? so in this particular case there would be 11 new (unread) messages?? Best regards, Joost Waversveld Steve Campbell wrote: > I've googled, but can't find exactly what the nmsgs part of a log > entry in my maillog is telling me. For example, see below: > > Mar 22 13:21:10 mailserver ipop3d[17789]: Login user=mailuser > host=fwx128.cnpap > ers.net [216.12.119.190] nmsgs=11/21 > > I don't understand what the "11/21" means. I thought it meant 11 of 21 > messages were deleted, which meant 10 remained on the server, but that > doesn't make sense to me. > > Any answer would be appreciated. > > Steve Campbell > -- Joost Waversveld From alex at rtpty.com Mon Mar 23 18:18:22 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 23 18:18:32 2009 Subject: Out of office auto-reply advice In-Reply-To: References: <200903201531.n2KFVPCv024645@safir.blacknight.ie> <200903201555.n2KFt9s3025291@safir.blacknight.ie> Message-ID: <24e3d2e40903231118u560bde2bndebac9a48772562a@mail.gmail.com> Best advice about the subject I've ever heard. On Mon, Mar 23, 2009 at 8:31 AM, Kai Schaetzl wrote: > Stef Morrell wrote on Fri, 20 Mar 2009 15:55:01 -0000: > > > Most lists (MailScanner is an exception) show the sender address as the > > original sender, so I need a rule which works on TO and not FROM. > > Generic advice: You have to set up two email addresses or two users. One > of them is used for mailing list subscriptions and the other is used for > OoO replies. Do not *ever* subscribe with an email address to a mailing > list that you may use some day for auto-replies. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090323/7bf23d72/attachment.html From rabellino at di.unito.it Mon Mar 23 19:02:24 2009 From: rabellino at di.unito.it (Sergio Rabellino) Date: Mon Mar 23 19:02:55 2009 Subject: Can be done with mailscanner ? Message-ID: <49C7DCC0.9050901@di.unito.it> Sorry if I bother you with this question, but i've not found any config line explaining anything similar to the following: if I would remove ALL the attachments from ALL messages, then archive the attachments into a web accessible filesystem, and substituting every attachment with a link to the hashed (secured with an hmac) web storage, this can be done now with MS? Maybe a different behaviour if the mail is coming out or getting in would be useful, or different by domain. The Inboxes will be smaller, and if I receive an attachment directed to 500 users, i will store only one copy of the attachment. What the list think about ? As usual, thanks to JF and the others programmers for MS. -- Ing. Sergio Rabellino Universit? degli Studi di Torino Dipartimento di Informatica ICT Services Director Tel +39-0116706701 Fax +39-011751603 C.so Svizzera , 185 - 10149 - Torino -------------- next part -------------- Skipped content of type multipart/related From ecasarero at gmail.com Mon Mar 23 19:20:07 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Mar 23 19:20:17 2009 Subject: Can be done with mailscanner ? In-Reply-To: <49C7DCC0.9050901@di.unito.it> References: <49C7DCC0.9050901@di.unito.it> Message-ID: <7d9b3cf20903231220u4342a0f3rce99c5197cde7e5c@mail.gmail.com> 2009/3/23 Sergio Rabellino : > Sorry if I bother you with this question, but i've not found any config line > explaining anything similar to the following: > if I would remove ALL the attachments from ALL messages, then archive the > attachments into a web accessible filesystem, and substituting every > attachment with a link to the hashed (secured with an hmac) web storage, > this can be done now with MS? > > Maybe a different behaviour if the mail is coming out or getting in would be > useful, or different by domain. The Inboxes will be smaller, and if I > receive an attachment directed to 500 users, i will store only one copy of > the attachment. > > What the list think about ? > it's an interesting view, it would be like an "uploadbin" but its usefull? thinking in the user view, how can i search a file in a bunch of links? having an uploadbin server separated from your mail server would not be better? giving some training to your users might be more usefull, that trying to do it with mailscanner. I did a custom patch in the uploadbin code, that after you upload the file you could specify the email of the people that had to download de file, so you did not have to send a email, the system did that and send de proper links. hope my english was not too rough :P my 5 cents. Eduardo. > As usual, thanks to JF and the others programmers for MS. > -- > Ing. Sergio Rabellino > > Universit? degli Studi di Torino > Dipartimento di Informatica > ICT Services Director > Tel +39-0116706701? Fax +39-011751603 > C.so Svizzera , 185 - 10149 - Torino > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Mon Mar 23 19:23:37 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 23 19:23:59 2009 Subject: Can be done with mailscanner ? In-Reply-To: <49C7DCC0.9050901@di.unito.it> References: <49C7DCC0.9050901@di.unito.it> <49C7E1B9.1030702@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/3/09 19:02, Sergio Rabellino wrote: > Sorry if I bother you with this question, but i've not found any > config line explaining anything similar to the following: > if I would remove ALL the attachments from ALL messages, then archive > the attachments into a web accessible filesystem, and substituting > every attachment with a link to the hashed (secured with an hmac) web > storage, this can be done now with MS? Not right now, no. Certainly not without some Custom Functions being written for you, anyway. > > Maybe a different behaviour if the mail is coming out or getting in > would be useful, or different by domain. The Inboxes will be smaller, > and if I receive an attachment directed to 500 users, i will store > only one copy of the attachment. If you use a decent mail store, just as Cyrus (or heaven help us, Exchange) then only 1 copy of the message is ever stored anyway, as all the other copies of the message are just hard-links to it (in Cyrus). Exchange implements a similar space-saving tactic in its internal database. > > What the list think about ? > > As usual, thanks to JF Thanks! Jules. > and the others programmers for MS. Don't forget Glenn and the other people who help me out with various parts. They help me a lot :-) > -- > Ing. Sergio Rabellino > > Universit? degli Studi di Torino > Dipartimento di Informatica > ICT Services Director > Tel +39-0116706701 Fax +39-011751603 > C.so Svizzera , 185 - 10149 - Torino > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-15 wj8DBQFJx+G7EfZZRxQVtlQRAgGvAJ9JquJjkHUHZwRdgJMEgdc1pnzGBQCgo0Qh xzX9f0USL0y8Xezt2oBAPMI= =EgAB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Mar 23 19:27:28 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 23 19:27:38 2009 Subject: Virus bulleting getting into anti-spam In-Reply-To: <49C758C9.2070508@alexb.ch> References: <72cf361e0903230225g6550f0fdg51d7a94ac3fe0763@mail.gmail.com> <49C758C9.2070508@alexb.ch> Message-ID: <49C7E2A0.8030505@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 3/23/2009 10:25 AM, Martin Hepworth wrote: >> All >> >> looks like VB are moving into the anti-spam arena too. >> >> http://www.virusbtn.com/vbspam/trialresults.xml >> >> Interesting spamassassin only scored 70%. I wonder if this was a >> completely untuned out-of-the box setup as the results seem very low. >> >> If anyone's got a subscription to VB would be interesting to hear how >> they setup the systems, esp spamassassin >> > > "The test was run during a period of 11 days in March 2009. During this > period, the filters saw a total of 20,764 emails," > > HAHAHAH.. 20k mails to judge a product.... that's a couple of hours of > flow on any halfway busy system. > > probably no Razor, DCC, Pyzor, nor any extra goodies most ppl use. You know that a number of AV manufacurers now refuse VB to test their products due to the poor testing done by VB. So is any of this a real surprise? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknH4p4ACgkQBvzDRVjxmYGZ1gCeNx39WqM4NLxzy7lH58qmVHvU 31oAoJ37DoRMzbEIKpOauTlit48vcrxs =1Fbh -----END PGP SIGNATURE----- From rabellino at di.unito.it Mon Mar 23 19:40:52 2009 From: rabellino at di.unito.it (Sergio Rabellino) Date: Mon Mar 23 19:41:25 2009 Subject: Can be done with mailscanner ? In-Reply-To: <7d9b3cf20903231220u4342a0f3rce99c5197cde7e5c@mail.gmail.com> References: <49C7DCC0.9050901@di.unito.it> <7d9b3cf20903231220u4342a0f3rce99c5197cde7e5c@mail.gmail.com> Message-ID: <49C7E5C4.5060200@di.unito.it> Eduardo Casarero ha scritto: > 2009/3/23 Sergio Rabellino : > >> Sorry if I bother you with this question, but i've not found any config line >> explaining anything similar to the following: >> if I would remove ALL the attachments from ALL messages, then archive the >> attachments into a web accessible filesystem, and substituting every >> attachment with a link to the hashed (secured with an hmac) web storage, >> this can be done now with MS? >> >> Maybe a different behaviour if the mail is coming out or getting in would be >> useful, or different by domain. The Inboxes will be smaller, and if I >> receive an attachment directed to 500 users, i will store only one copy of >> the attachment. >> >> What the list think about ? >> >> > > it's an interesting view, it would be like an "uploadbin" but its > usefull? thinking in the user view, how can i search a file in a bunch > of links? having an uploadbin server separated from your mail server > would not be better? giving some training to your users might be more > usefull, that trying to do it with mailscanner. > > Yes, it's the same idea, but automated by the mail server, the user does not do any special action to get the same behaviour as "uploadbin". For the second question, if I search my messages, if the "link to my attachment(s)" is filled also with some metadata that describe the attachment, it's pretty the same. Thunderbird does not search within an attachment, or i'm wrong ? > I did a custom patch in the uploadbin code, that after you upload the > file you could specify the email of the people that had to download de > file, so you did not have to send a email, the system did that and > send de proper links. > > In my mind, I don't want change the usual way my users send or receive emails with attachments, neither send two emails, one with the attachment(s) and one with the things around the attachment(s). > hope my english was not too rough :P > > better than mine :-) > my 5 cents. > > Eduardo. > > > >> As usual, thanks to JF and the others programmers for MS. >> -- >> Ing. Sergio Rabellino >> >> Universit? degli Studi di Torino >> Dipartimento di Informatica >> ICT Services Director >> Tel +39-0116706701 Fax +39-011751603 >> C.so Svizzera , 185 - 10149 - Torino >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- Ing. Sergio Rabellino Universit? degli Studi di Torino Dipartimento di Informatica ICT Services Director Tel +39-0116706701 Fax +39-011751603 C.so Svizzera , 185 - 10149 - Torino -------------- next part -------------- Skipped content of type multipart/related From rabellino at di.unito.it Mon Mar 23 19:44:14 2009 From: rabellino at di.unito.it (Sergio Rabellino) Date: Mon Mar 23 19:44:51 2009 Subject: Can be done with mailscanner ? In-Reply-To: References: <49C7DCC0.9050901@di.unito.it> <49C7E1B9.1030702@ecs.soton.ac.uk> Message-ID: <49C7E68E.5060905@di.unito.it> Julian Field ha scritto: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 23/3/09 19:02, Sergio Rabellino wrote: > >> Sorry if I bother you with this question, but i've not found any >> config line explaining anything similar to the following: >> if I would remove ALL the attachments from ALL messages, then archive >> the attachments into a web accessible filesystem, and substituting >> every attachment with a link to the hashed (secured with an hmac) web >> storage, this can be done now with MS? >> > Not right now, no. Certainly not without some Custom Functions being > written for you, anyway. > It's what i was thinking about... >> Maybe a different behaviour if the mail is coming out or getting in >> would be useful, or different by domain. The Inboxes will be smaller, >> and if I receive an attachment directed to 500 users, i will store >> only one copy of the attachment. >> > If you use a decent mail store, just as Cyrus (or heaven help us, > Exchange) then only 1 copy of the message is ever stored anyway, as all > the other copies of the message are just hard-links to it (in Cyrus). > Exchange implements a similar space-saving tactic in its internal database. > These mailers works if the message is getting in, but what if the message is going out ? If the server is a mailing list server, the attachment is delivered many times, either the receiver wants it or not. >> What the list think about ? >> >> As usual, thanks to JF >> > Thanks! > > Jules. > >> and the others programmers for MS. >> > Don't forget Glenn and the other people who help me out with various > parts. They help me a lot :-) > >> -- >> Ing. Sergio Rabellino >> >> Universit? degli Studi di Torino >> Dipartimento di Informatica >> ICT Services Director >> Tel +39-0116706701 Fax +39-011751603 >> C.so Svizzera , 185 - 10149 - Torino >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.9.1 (Build 287) > Comment: Use PGP or Thunderbird Enigmail to verify this message > Charset: ISO-8859-15 > > wj8DBQFJx+G7EfZZRxQVtlQRAgGvAJ9JquJjkHUHZwRdgJMEgdc1pnzGBQCgo0Qh > xzX9f0USL0y8Xezt2oBAPMI= > =EgAB > -----END PGP SIGNATURE----- > > -- Ing. Sergio Rabellino Universit? degli Studi di Torino Dipartimento di Informatica ICT Services Director Tel +39-0116706701 Fax +39-011751603 C.so Svizzera , 185 - 10149 - Torino -------------- next part -------------- Skipped content of type multipart/related From ms-list at alexb.ch Mon Mar 23 22:17:26 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 23 22:17:42 2009 Subject: ClamAV 0.95 Released Message-ID: <49C80A76.4080903@alexb.ch> ClamAV 0.95 Released I suggest you don't blindly upgrade before Julian is so kind to confirm that the Clamd protocol changes do not affect MailScanner's interface. https://wiki.clamav.net/Main/UpgradeNotes095#Upgrading_to_the_new_clamd_proto Alex From rcooper at dwford.com Mon Mar 23 22:39:27 2009 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 23 22:39:45 2009 Subject: ClamAV 0.95 Released In-Reply-To: <49C80A76.4080903@alexb.ch> References: <49C80A76.4080903@alexb.ch> Message-ID: <3C72B3A23432494187F8CD689204A183@SAHOMELT> It's installed here, it works fine, I have already addressed the protocol issue. MailScanner doesn't use SESSION, and the new extensions are not used, nor will they be used (they don't fit the mailscanner model) so there is nothing changed that will affect the way MS relates to the clamd daemon. Do, however, note there are a couple of clamd.conf changes that one might want to look at. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Alex Broens > Sent: Monday, March 23, 2009 6:17 PM > To: MailScanner discussion > Subject: ClamAV 0.95 Released > > ClamAV 0.95 Released > > I suggest you don't blindly upgrade before Julian is so kind > to confirm > that the Clamd protocol changes do not affect MailScanner's interface. > > https://wiki.clamav.net/Main/UpgradeNotes095#Upgrading_to_the_ > new_clamd_proto > > Alex > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jethro.binks at strath.ac.uk Mon Mar 23 23:06:16 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Mon Mar 23 23:06:26 2009 Subject: Blocking of WMF In-Reply-To: References: Message-ID: On Tue, 17 Mar 2009, Jethro R Binks wrote: > but we very often see "image1.wmf", "image2.wmf", etc discovered too. > > Very often, the sending user is completely oblivious to the presence of > images in the document (zip file), nor what to do to remove them or save > them as something else, and at least in the case of the "thumbnail.wmf" > content, this is something that the application itself has generated > without the user knowing about it. ... Neither this, nor the other thread where I mentioned: > I have often thought that it would useful for MailScanner to have some > context when applying the filename rules, to give some flexibility. So > for example it might permit all or certain .wmf if it knows it has found > them while digging around in an Office 2007 zip doc. Perhaps another > field in filename.rules.conf that is a list of context matches > ('zip,msofficezip'), with a default of "all contexts". solicited much response. I would like to add something else to the mix: when an objectional file in an archive is found, that as well as listing the objectional file and the reason, that the name of the archive is also available. I currently have a case in hand where someone has sent several Word and Powerpoint documents in one message, and received a rejection from us complaining about: > Report: Possible format attack in Windows (image3.wmf) > Report: Possible format attack in Windows (image4.wmf) > Report: Possible format attack in Windows (image5.wmf) > Report: Possible format attack in Windows (image9.wmf) > Report: Possible format attack in Windows (image2.wmf) > Report: Possible format attack in Windows (image1.wmf) but there appears to be no way to know which of the several attachments caused the problem, other than to have him send them all individually. And if someone can point me at a resource that explains the prevelance of "image1.wmf", "image2.wmf", etc, in MS Office documents, I'd be grateful. (This particular sender insists that his Word documents contained absolutely no images, although there's a Powerpoint document in the mix too). Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From root at doctor.nl2k.ab.ca Mon Mar 23 23:52:40 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon Mar 23 23:53:41 2009 Subject: [luca@clamav.net: [Clamav-announce] announcing ClamAV 0.95] Message-ID: <20090323235240.GA18824@doctor.nl2k.ab.ca> Here ye!! Here ye!! Here ye!! The announcement has come. ----- Forwarded message from Luca Gibelli ----- X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org X-Virus-Scanned: Debian amavisd-new at tad.clamav.net X-Original-To: clamav-announce@tad.clamav.net Delivered-To: clamav-announce@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Date: Mon, 23 Mar 2009 19:14:36 +0100 From: Luca Gibelli To: ClamAV Announce User-Agent: Mutt/1.5.18 (2008-05-17) X-Mailman-Approved-At: Mon, 23 Mar 2009 19:31:14 +0100 Subject: [Clamav-announce] announcing ClamAV 0.95 X-BeenThere: clamav-announce@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: noreply@clamav.net List-Id: ClamAV events are announced here List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: clamav-announce-bounces@lists.clamav.net X-NetKnow-InComing-4-75-9-1-MailScanner-Information: Please contact the ISP for more information X-NetKnow-InComing-4-75-9-1-MailScanner-ID: n2NIVNAM025739 X-NetKnow-InComing-4-75-9-1-MailScanner: Found to be clean X-NetKnow-InComing-4-75-9-1-MailScanner-IP-Protocol: IPv4 X-NetKnow-InComing-4-75-9-1-MailScanner-From: clamav-announce-bounces@lists.clamav.net X-NetKnow-InComing-4-75-9-1-MailScanner-Watermark: 1238265093.62039@ly7PPri6TXNWBWwTcYQLVA X-Spam-Status: No Dear ClamAV users, ClamAV 0.95 introduces many bugfixes, improvements and additions. To make the transition easier, we put various tips and upgrade notes on this page: https://wiki.clamav.net/Main/UpgradeNotes095. For detailed list of changes and bugfixes, please see the ChangeLog. The following are the key features of this release: - Google Safe Browsing support: in addition to the heuristic and signature based phishing detection mechanisms already available in ClamAV, the scanner can now make use of the Google's blacklists of suspected phishing and malware sites. The ClamAV Project distributes a constantly updated Safe Browsing database, which can be automatically fetched by freshclam. For more information, please see freshclam.conf(5) and http://safebrowsing.clamav.net. - New clamav-milter: The program has been redesigned and rewritten from scratch. The most notable difference is that the internal mode has been dropped which means that now a working clamd companion is required. The milter now also has its own configuration file. - Clamd extensions: The protocol has been extended to lighten the load that clamd puts on the system, solve limitations of the old protocol, and reduce latency when signature updates are received. For more information about the new extensions please see the official documentation and the upgrade notes. - Improved API: The API used to program ClamAV's engine (libclamav) has been redesigned to use modern object-oriented techniques and solves various API/ABI compatibility issues between old and new releases. You can find more information in Section 6 of clamdoc.pdf and in the upgrade notes. - ClamdTOP: This is a new program that allows system administrators to monitor clamd. It provides information about the items in the clamd's queue, clamd's memory usage, and the version of the signature database, all in real-time and in nice curses-based interface. - Memory Pool Allocator: Libclamav now includes its own memory pool allocator based on memory mapping. This new solution replaces the traditional malloc/free system for the copy of the signatures that is kept in memory. As a result, clamd requires much less memory, particularly when signature updates are received and the database is loaded into memory. - Unified Option Parser: Prior to version 0.95 each program in ClamAV's suite of programs had its own set of runtime options. The new general parser brings consistency of use and validation to these options across the suite. Some command line switches of clamscan have been renamed (the old ones will still be accepted but will have no effect and will result in warnings), please see clamscan(1) and clamscan --help for the details. -- The ClamAV team (http://www.clamav.net/team) -- Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----- End forwarded message ----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at quantumcc.com Tue Mar 24 14:55:34 2009 From: mrm at quantumcc.com (Mike M) Date: Tue Mar 24 14:56:00 2009 Subject: Blocking of WMF In-Reply-To: References: Message-ID: <49C8F466.9030900@quantumcc.com> Jethro R Binks wrote: > On Tue, 17 Mar 2009, Jethro R Binks wrote: > >> but we very often see "image1.wmf", "image2.wmf", etc discovered too. >> >> Very often, the sending user is completely oblivious to the presence of >> images in the document (zip file), nor what to do to remove them or save >> them as something else, and at least in the case of the "thumbnail.wmf" >> content, this is something that the application itself has generated >> without the user knowing about it. > ... > > Neither this, nor the other thread where I mentioned: > >> I have often thought that it would useful for MailScanner to have some >> context when applying the filename rules, to give some flexibility. So >> for example it might permit all or certain .wmf if it knows it has found >> them while digging around in an Office 2007 zip doc. Perhaps another >> field in filename.rules.conf that is a list of context matches >> ('zip,msofficezip'), with a default of "all contexts". > > solicited much response. > > I would like to add something else to the mix: when an objectional file in > an archive is found, that as well as listing the objectional file and the > reason, that the name of the archive is also available. > > I currently have a case in hand where someone has sent several Word and > Powerpoint documents in one message, and received a rejection from us > complaining about: > >> Report: Possible format attack in Windows (image3.wmf) >> Report: Possible format attack in Windows (image4.wmf) >> Report: Possible format attack in Windows (image5.wmf) >> Report: Possible format attack in Windows (image9.wmf) >> Report: Possible format attack in Windows (image2.wmf) >> Report: Possible format attack in Windows (image1.wmf) > > but there appears to be no way to know which of the several attachments > caused the problem, other than to have him send them all individually. > > And if someone can point me at a resource that explains the prevelance of > "image1.wmf", "image2.wmf", etc, in MS Office documents, I'd be grateful. > (This particular sender insists that his Word documents contained > absolutely no images, although there's a Powerpoint document in the mix > too). > I don't know why office 2007 documents use .wmf files in them, but they've gotten so common that I've simply had to allow all .wmf files since I can't just block them outside of the office documents. It's unfortunate, but blocking .wmf is becoming equivalent to blocking .docx, .xlsx and .pptx with the current way MS handles archives and is only getting worse as more people adopt 2007. It appears as though as long as your patched, then wmf's are safe, but that's only good until the next zero day. I second the request to show in a more apparent way what the source archive file is when MS detects a file inside an archive that it's blocking. From rcooper at dwford.com Tue Mar 24 15:44:24 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 24 15:44:43 2009 Subject: Blocking of WMF In-Reply-To: <49C8F466.9030900@quantumcc.com> References: <49C8F466.9030900@quantumcc.com> Message-ID: <4287819D86884CC99422FEE95F4745EA@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Mike M > Sent: Tuesday, March 24, 2009 10:56 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: Blocking of WMF > > Jethro R Binks wrote: > > On Tue, 17 Mar 2009, Jethro R Binks wrote: > > > >> but we very often see "image1.wmf", "image2.wmf", etc > discovered too. > >> > >> Very often, the sending user is completely oblivious to > the presence of > >> images in the document (zip file), nor what to do to > remove them or save > >> them as something else, and at least in the case of the > "thumbnail.wmf" > >> content, this is something that the application itself has > generated > >> without the user knowing about it. > > ... > > > > Neither this, nor the other thread where I mentioned: > > > >> I have often thought that it would useful for MailScanner > to have some > >> context when applying the filename rules, to give some > flexibility. So > >> for example it might permit all or certain .wmf if it > knows it has found > >> them while digging around in an Office 2007 zip doc. > Perhaps another > >> field in filename.rules.conf that is a list of context matches > >> ('zip,msofficezip'), with a default of "all contexts". > > > > solicited much response. > > > > I would like to add something else to the mix: when an > objectional file in > > an archive is found, that as well as listing the > objectional file and the > > reason, that the name of the archive is also available. > > > > I currently have a case in hand where someone has sent > several Word and > > Powerpoint documents in one message, and received a > rejection from us > > complaining about: > > > >> Report: Possible format attack in Windows (image3.wmf) > >> Report: Possible format attack in Windows (image4.wmf) > >> Report: Possible format attack in Windows (image5.wmf) > >> Report: Possible format attack in Windows (image9.wmf) > >> Report: Possible format attack in Windows (image2.wmf) > >> Report: Possible format attack in Windows (image1.wmf) > > > > but there appears to be no way to know which of the several > attachments > > caused the problem, other than to have him send them all > individually. > > > > And if someone can point me at a resource that explains the > prevelance of > > "image1.wmf", "image2.wmf", etc, in MS Office documents, > I'd be grateful. > > (This particular sender insists that his Word documents contained > > absolutely no images, although there's a Powerpoint > document in the mix > > too). > > > > I don't know why office 2007 documents use .wmf files in them, but > they've gotten so common that I've simply had to allow all .wmf files > since I can't just block them outside of the office documents. It's > unfortunate, but blocking .wmf is becoming equivalent to > blocking .docx, > .xlsx and .pptx with the current way MS handles archives and is only > getting worse as more people adopt 2007. It appears as though > as long as > your patched, then wmf's are safe, but that's only good until > the next > zero day. > > I second the request to show in a more apparent way what the source > archive file is when MS detects a file inside an archive that > it's blocking. > How about if it logged like : Archive Filename Checks: (1Lm8hH-0002we-Gd 11_03_frames.rar -> 11_03_frames.exe) MSgID Archive Blocked name/type And the system admin reports was: Report: MailScanner: Do Not Allow EXEs In Archive (11_03_frames.rar -> 11_03_frames.exe) rule desc archive blocked name/type And the SystemWarning.txt was (same as above): MailScanner: Do Not Allow EXEs In Archive (11_03_frames.rar -> 11_03_frames.exe) I had to set up a special rule to catch the exe in an archive as I generally pass most exes if they are in an archive, but the above logging could be done in a few lines without adding the special archivefilename/type rules feature Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Tue Mar 24 17:10:45 2009 From: john at tradoc.fr (John Wilcock) Date: Tue Mar 24 17:11:54 2009 Subject: Change envelope sender for forwarded messages? Message-ID: <49C91415.3060709@tradoc.fr> I'm trying to set up selective forwarding to an external account to enable my boss to receive mail on her mobile phone. Her key requirement is that the original sender mustn't be aware that the forwarding is happening, and in particular must not receive a nondelivery notice even if her external mailbox is full. In other words, I need to change the envelope sender on forwarded messages. I've tried various solutions, including a forward action in a ruleset on Non Spam Actions, but the original envelope sender is unchanged. I'm open to all suggestions, in MailScanner or elsewhere on the server (running postfix and dovecot). I've also tried postfix's recipient_bcc_maps or a redirect action in a dovecot deliver LDA sieve filter, but in all cases the envelope sender is used unchanged and I can't see any way to rewrite it. Any suggestions? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From ssilva at sgvwater.com Tue Mar 24 17:27:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 24 17:28:15 2009 Subject: Change envelope sender for forwarded messages? In-Reply-To: <49C91415.3060709@tradoc.fr> References: <49C91415.3060709@tradoc.fr> Message-ID: on 3-24-2009 10:10 AM John Wilcock spake the following: > I'm trying to set up selective forwarding to an external account to > enable my boss to receive mail on her mobile phone. Her key requirement > is that the original sender mustn't be aware that the forwarding is > happening, and in particular must not receive a nondelivery notice even > if her external mailbox is full. > > In other words, I need to change the envelope sender on forwarded > messages. I've tried various solutions, including a forward action in a > ruleset on Non Spam Actions, but the original envelope sender is unchanged. > > I'm open to all suggestions, in MailScanner or elsewhere on the server > (running postfix and dovecot). I've also tried postfix's > recipient_bcc_maps or a redirect action in a dovecot deliver LDA sieve > filter, but in all cases the envelope sender is used unchanged and I > can't see any way to rewrite it. > > Any suggestions? > > John. > You aren't supposed to be able to change it. That is why you are having so much trouble. You will probably need to write or get someone else to write it for you. Does your boss realize that she won't be able to reply to these messages? What kind of phone does she have? Can it be set to pull from an IMAP or pop3 account? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090324/d3cca2f8/signature.bin From MailScanner at ecs.soton.ac.uk Tue Mar 24 20:42:42 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 24 20:43:03 2009 Subject: Change envelope sender for forwarded messages? In-Reply-To: <49C91415.3060709@tradoc.fr> References: <49C91415.3060709@tradoc.fr> <49C945C2.6070000@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/3/09 17:10, John Wilcock wrote: > I'm trying to set up selective forwarding to an external account to > enable my boss to receive mail on her mobile phone. Her key > requirement is that the original sender mustn't be aware that the > forwarding is happening, and in particular must not receive a > nondelivery notice even if her external mailbox is full. > > In other words, I need to change the envelope sender on forwarded > messages. I've tried various solutions, including a forward action in > a ruleset on Non Spam Actions, but the original envelope sender is > unchanged. > > I'm open to all suggestions, in MailScanner or elsewhere on the server > (running postfix and dovecot). I've also tried postfix's > recipient_bcc_maps or a redirect action in a dovecot deliver LDA sieve > filter, but in all cases the envelope sender is used unchanged and I > can't see any way to rewrite it. I don't know with Postfix, but I would do it in sendmail with a .forward file that ran a script that invoked the sendmail binary with a different "-f" command-line option. That would change the sender address. I'm pretty sure Postfix has a command-equivalent "sendmail" binary for sending a message. Does it support .forward files as well, or equivalent? Just a thought, it might nudge your thinking in a useful direction... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFJyUXFEfZZRxQVtlQRAjz9AKDpdPUthFuktGHZnaSbDg22La62PgCgzm7f hEpzOPFTX8ikkoAkZzjQPTg= =oasm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jcputter at centreweb.co.za Tue Mar 24 21:11:08 2009 From: jcputter at centreweb.co.za (JC Putter) Date: Tue Mar 24 21:11:43 2009 Subject: spambayes Message-ID: can i use spambayes with mailscanner ? what other spam fighting software is there, i am running postfix/mailscanner with sa 3.2 with sought ruleset, spam still coming in, __________ Information from ESET NOD32 Antivirus, version of virus signature database 3958 (20090324) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090324/65da77bf/attachment.html From ssilva at sgvwater.com Tue Mar 24 21:34:51 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 24 21:35:15 2009 Subject: spambayes In-Reply-To: References: Message-ID: on 3-24-2009 2:11 PM JC Putter spake the following: > can i use spambayes with mailscanner ? what other spam fighting software > is there, i am running postfix/mailscanner with sa 3.2 with sought > ruleset, spam still coming in, > > Razor, Pyzor, botnet rules, custom rules, modified scores, some of the sare rules still hit. There is a lot available. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090324/4e12b21e/signature.bin From jcputter at centreweb.co.za Tue Mar 24 21:41:44 2009 From: jcputter at centreweb.co.za (JC Putter) Date: Tue Mar 24 21:42:22 2009 Subject: Spam from live.com Message-ID: <8A8A5686814D472A8392740D44D33F94@numata.local> this is a raw header of the type of spam coming throught Return-Path: X-Original-To: jcputter@centreweb.co.za Delivered-To: jcputter@centreweb.co.za Received: from mail.centreweb.co.za (localhost [127.0.0.1]) by office.numata.local (Postfix) with ESMTP id 516E24BDB4 for ; Tue, 24 Mar 2009 19:43:29 +0200 (SAST) X-Original-To: jcputter@centreweb.co.za Received: from bay0-omc1-s25.bay0.hotmail.com (bay0-omc1-s25.bay0.hotmail.com [65.54.246.97]) by mail.centreweb.co.za (Postfix) with ESMTP id ACDD1160796 for ; Tue, 24 Mar 2009 23:31:34 +0200 (SAST) Received: from BAY102-W23 ([64.4.61.123]) by bay0-omc1-s25.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 24 Mar 2009 14:31:37 -0700 Message-ID: Content-Type: multipart/alternative; boundary="_6a0f2882-1775-43b5-9655-4147fe68795d_" X-Originating-IP: [92.48.45.254] From: drake ethelind To: , Subject: Hot teen deep f: uc-king giant dog c:o ck Date: Tue, 24 Mar 2009 21:31:38 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 24 Mar 2009 21:31:37.0912 (UTC) FILETIME=[E9E1AB80:01C9ACC7] X-numata_local-MailScanner-ID: 516E24BDB4.877C7 X-numata_local-MailScanner: Found to be clean X-numata_local-MailScanner-From: ethelindkjbhjydkhdeg@live.com X-Spam-Status: No Old-X-EsetId: 4B64842AE47139695462847DE9267B X-EsetId: 4B64842AE47139695462847DE9267B X-EsetScannerBuild: 4657 __________ Information from ESET NOD32 Antivirus, version of virus signature database 3958 (20090324) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090324/8d2e6024/attachment.html From brent.addis at spit.gen.nz Tue Mar 24 22:01:20 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Tue Mar 24 22:01:39 2009 Subject: sender report weirdness Message-ID: <1237932080.7341.15.camel@baddis-laptop> Hi, I've got a little bit of funniness going on with the sender reports (And I guess a feature request?) First off, just in case it makes any difference, my mail setup is split. IE, I have a couple of incoming mailservers (they don't relay mail externally from our clients) and a couple of outgoing (They don't handle incoming mail at all from outside sources) When one of our clients send an email via the outgoing smtp servers, and the file is blocked, the recipient is notified, rather than the sender. I only noticed this today because I sent a file that was blocked, however it may have been going on for ever... Funny thing is, this is the behaviour that I was on the incoming mail server, as our clients want to know if they are getting anything blocked so they can release it (Feature request? I don't see an option for this) However, on the outgoing servers, our clients also want to be notified, for the same reasons as above. Now, I have the following set for my sender reportng: # Do you want to notify the people who sent you messages containing # viruses or badly-named filenames? # This can also be the filename of a ruleset. Notify Senders = yes # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing viruses? # The default value has been changed to "no" as most viruses now fake # sender addresses and therefore should be on the "Silent Viruses" list. # This can also be the filename of a ruleset. Notify Senders Of Viruses = no # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing attachments that are blocked due to # their filename or file contents? # This can also be the filename of a ruleset. Notify Senders Of Blocked Filenames Or Filetypes = yes # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing attachments that are blocked due to # being too small or too large? # This can also be the filename of a ruleset. Notify Senders Of Blocked Size Attachments = no # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing other blocked content, such as # partial messages or messages with external bodies? # This can also be the filename of a ruleset. Notify Senders Of Other Blocked Content = yes # If you supply a space-separated list of message "precedence" settings, # then senders of those messages will not be warned about anything you # rejected. This is particularly suitable for mailing lists, so that any # MailScanner responses do not get sent to the entire list. Never Notify Senders Of Precedence = list bulk Any ideas? Is there something I may have enabled somewhere? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090325/5e0a01f5/attachment.html From ms-list at alexb.ch Tue Mar 24 22:14:20 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue Mar 24 22:14:28 2009 Subject: spambayes In-Reply-To: References: Message-ID: <49C95B3C.2070200@alexb.ch> On 3/24/2009 10:34 PM, Scott Silva wrote: > on 3-24-2009 2:11 PM JC Putter spake the following: >> can i use spambayes with mailscanner ? what other spam fighting software >> is there, i am running postfix/mailscanner with sa 3.2 with sought >> ruleset, spam still coming in, >> > Razor, Pyzor, botnet rules, custom rules, modified scores, some of the sare > rules still hit. There is a lot available. adding.... iXhash, DCC (if low traffic), a bunch of commercial services via SA plugins.. (see http://wiki.apache.org/spamassassin/CustomPlugins) and of course, Fsl.com's BMX . h2h Alex From bfebrian.mailscanner at gedubrak.com Wed Mar 25 06:25:04 2009 From: bfebrian.mailscanner at gedubrak.com (Budi Febrianto) Date: Wed Mar 25 06:25:23 2009 Subject: Spam from two letter domain. Message-ID: <49C9CE40.50109@gedubrak.com> Dear all, Recently I got hit by spam that came only from two letter domain, like xi.com, cn.com, gr.com and many others. Right now it only got hit by this rules 4.00 BAYES_80 Bayesian spam probability is 80 to 95% 1.90 INVALID_MSGID Message-Id is not valid, according to RFC 2822 0.39 SARE_RECV_SPAM_NAME2 Right now I only put many of those two letter domains in our blacklist, but I'm affraid that will come many more with different domain. This is one example of the email >>>>> Return-Path: <<81>g> Received: from mn.com (n219076186134.netvigator.com [219.76.186.134]) by mail.busanagroup.com (8.13.8/8.13.8) with ESMTP id n2P4CHlP022256 for ; Wed, 25 Mar 2009 11:12:34 +0700 Date: Wed, 25 Mar 2009 12:12:52 +0800 From: Milla X-Mailer: cxaz 0.415 Reply-To: pemdb2004@mn.com X-Priority: 3 (Normal) Message-ID: 2818841884.905474100@mn.com To: Rakesh@busanagroup.com Subject: Good afternoon! I Milla MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Good afternoon! I Milla Look my photo, call me and fuck me bjqxhp: http://t-tnov.mail15.su iqylrxcz >>>>> It is safe to block all the two letter domains? Or is there any other rules to block this kind of spam? I'm using MailScanner 4.65.3 Thanks in advance. From jeroen at intuxicated.org Wed Mar 25 08:34:14 2009 From: jeroen at intuxicated.org (jeroen@intuxicated.org) Date: Wed Mar 25 08:34:22 2009 Subject: Postfix Message-ID: <55f90c22b12a6785dcb0bbacf13fb668@mail.perrit.nl> Hi Everybody, I read the suggested postfix installation over at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation. I'm just wondering wouldn't it be better to use something like this: smtpd_recipient_restrictions = ... reject_unauth_destination static:hold Instead of using header_checks = regexp:/etc/postfix/header_checks and running a regexp on every incoming message? Kind regards, Jeroen Koekkoek From maillists at conactive.com Wed Mar 25 09:31:30 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 25 09:31:44 2009 Subject: Spam from live.com In-Reply-To: <8A8A5686814D472A8392740D44D33F94@numata.local> References: <8A8A5686814D472A8392740D44D33F94@numata.local> Message-ID: JC Putter wrote on Tue, 24 Mar 2009 23:41:44 +0200: > this is a raw header of the type of spam coming throught Please stop sending spam to this list. This list is not for submitting spam. And if you ask on the spamassassin list for help, as you did at the same time, please paste your full message to a pastebin and ask for help with a link. The spamassassin list isn't for spam submissions either. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ywang at lfm-agile.com.hk Wed Mar 25 10:02:18 2009 From: ywang at lfm-agile.com.hk (Yang Wang) Date: Wed Mar 25 10:01:32 2009 Subject: how long filename of attachment? References: <016901c9aba2$8a4d6770$4201010a@ruochenpc><49C77293.7050108@ecs.soton.ac.uk> Message-ID: <01a701c9ad30$c80165a0$4201010a@ruochenpc> VGhhbmsgeW91IHZlcnkgbXVjaCENCk5vdyBpIGRpc2FibGUgdGhpcyBydWxlIGluIG15IG1haWwg c3lzdGVtLg0KDQoNCiMgRHVlIHRvIGEgYnVnIGluIE91dGxvb2sgRXhwcmVzcywgeW91IGNhbiBt YWtlIHRoZSAybmQgZnJvbSBsYXN0IGV4dGVuc2lvbg0KIyBiZSB3aGF0IGlzIHVzZWQgdG8gcnVu IHRoZSBmaWxlLiBTbyB2ZXJ5IGxvbmcgZmlsZW5hbWVzIG11c3QgYmUgZGVuaWVkLA0KIyByZWdh cmRsZXNzIG9mIHRoZSBmaW5hbCBleHRlbnNpb24uDQojZGVueSAgIC57MTUwLH0gICAgICAgICAg ICAgICAgIFZlcnkgbG9uZyBmaWxlbmFtZSwgcG9zc2libGUgT0UgYXR0YWNrICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVmVyeSBsb25nIGZpbGVuYW1lcyBhcmUgZ29v ZCBzaWducyBvZiBhdHRhY2sNCnMgYWdhaW5zdCBNaWNyb3NvZnQgZS1tYWlsIHBhY2thZ2VzDQoN Cg0KDQpCZXN0IFJlZ2FyZHMhDQpZYW5nIFdhbmcNCiANClRlbC46IDA3NjktMjE2ODczOTcNCkZh eC46IDA3NjktMjE2ODU1NzcNCkVtYWlsOiB5d2FuZ0BsZm0tYWdpbGUuY29tLmhrDQoNCi0tLS0t IE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0gDQpGcm9tOiAiSnVsaWFuIEZpZWxkIiA8TWFpbFNjYW5u ZXJAZWNzLnNvdG9uLmFjLnVrPg0KVG86ICJNYWlsU2Nhbm5lciBkaXNjdXNzaW9uIiA8bWFpbHNj YW5uZXJAbGlzdHMubWFpbHNjYW5uZXIuaW5mbz4NClNlbnQ6IE1vbmRheSwgTWFyY2ggMjMsIDIw MDkgNzoyOSBQTQ0KU3ViamVjdDogUmU6IGhvdyBsb25nIGZpbGVuYW1lIG9mIGF0dGFjaG1lbnQ/ DQoNCg0KPiBMb29rIGluIGZpbGVuYW1lLnJ1bGVzLmNvbmYuDQo+IA0KPiBPbiAyMy8zLzA5IDEw OjMxLCBZYW5nIFdhbmcgd3JvdGU6DQo+PiBEZWFyIEFsbCwNCj4+ICAgIE91ciBtYWlsIHNlcnZl ciBkaXNwbGF5IGJlbG93IGluZm9ybWF0aW9uLHJlY2lwaWVudCBjYW4ndCByZWNlaXZlIA0KPj4g YXR0YWNobWVudCxob3cgdG8gcmVzb2x2ZSBpdCBvciBtYWduaWZ5IHRoaXMgbGltaXQ/IFRoYW5r cyENCj4+IE1haWxTY2FubmVyOiBWZXJ5IGxvbmcgZmlsZW5hbWUNCj4+IHBvc3NpYmxlIE9FIGF0 dGFjayAow6g/wqrDpT/CqMOmP8Knw6fCvcKuw6jCoz/Dp8K9wq7Dpz/CqMOmPz/DqMK9wrTDqMK/ P8OmP8Klw6fCuz/DpMK7wrYueGxzKQ0KPj4gQlINCj4+DQo+IA0KPiBKdWxlcw0KPiANCj4gLS0g DQo+IEp1bGlhbiBGaWVsZCBNRW5nIENJVFAgQ0VuZw0KPiB3d3cuTWFpbFNjYW5uZXIuaW5mbw0K PiBCdXkgdGhlIE1haWxTY2FubmVyIGJvb2sgYXQgd3d3Lk1haWxTY2FubmVyLmluZm8vc3RvcmUN Cj4gDQo+IE5lZWQgaGVscCBjdXN0b21pc2luZyBNYWlsU2Nhbm5lcj8NCj4gQ29udGFjdCBtZSEN Cj4gTmVlZCBoZWxwIGZpeGluZyBvciBvcHRpbWlzaW5nIHlvdXIgc3lzdGVtcz8NCj4gQ29udGFj dCBtZSENCj4gTmVlZCBoZWxwIGdldHRpbmcgeW91IHN0YXJ0ZWQgc29sdmluZyBuZXcgcmVxdWly ZW1lbnRzIGZyb20geW91ciBib3NzPw0KPiBDb250YWN0IG1lIQ0KPiANCj4gUEdQIGZvb3Rwcmlu dDogRUU4MSBENzYzIDNEQjAgMEJGRCBFMURDIDcyMjIgMTFGNiA1OTQ3IDE0MTUgQjY1NA0KPiAN Cj4gDQo+IC0tIA0KPiBUaGlzIG1lc3NhZ2UgaGFzIGJlZW4gc2Nhbm5lZCBmb3IgdmlydXNlcyBh bmQNCj4gZGFuZ2Vyb3VzIGNvbnRlbnQgYnkgTWFpbFNjYW5uZXIsIGFuZCBpcw0KPiBiZWxpZXZl ZCB0byBiZSBjbGVhbi4NCj4gDQo+IC0tIA0KPiBNYWlsU2Nhbm5lciBtYWlsaW5nIGxpc3QNCj4g bWFpbHNjYW5uZXJAbGlzdHMubWFpbHNjYW5uZXIuaW5mbw0KPiBodHRwOi8vbGlzdHMubWFpbHNj YW5uZXIuaW5mby9tYWlsbWFuL2xpc3RpbmZvL21haWxzY2FubmVyDQo+IA0KPiBCZWZvcmUgcG9z dGluZywgcmVhZCBodHRwOi8vd2lraS5tYWlsc2Nhbm5lci5pbmZvL3Bvc3RpbmcNCj4gDQo+IFN1 cHBvcnQgTWFpbFNjYW5uZXIgZGV2ZWxvcG1lbnQgLSBidXkgdGhlIGJvb2sgb2ZmIHRoZSB3ZWJz aXRlIQ== From glenn.steen at gmail.com Wed Mar 25 12:14:53 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 25 12:15:06 2009 Subject: Postfix In-Reply-To: <55f90c22b12a6785dcb0bbacf13fb668@mail.perrit.nl> References: <55f90c22b12a6785dcb0bbacf13fb668@mail.perrit.nl> Message-ID: <223f97700903250514j316aab68o7be4503a26640736@mail.gmail.com> 2009/3/25 : > > Hi Everybody, > > I read the suggested postfix installation over at > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation. > I'm just wondering wouldn't it be better to use something like this: > > smtpd_recipient_restrictions = > ? ? ? ?... > ? ? ? ?reject_unauth_destination > ? ? ? ?static:hold > > Instead of using header_checks = regexp:/etc/postfix/header_checks and > running a regexp on every incoming message? > > Kind regards, > > Jeroen Koekkoek Well, sure you can, but that does infer a few slight differences (like only messages received through smtpd would be put on hold), but IIRC the design sprung from the problems with the defer method... and at that time, the "static:hold" syntax wasn't present. There are definitely other ways one could do this (look at how Hugo van der Koij uses an access map to do selective holds), but basically ... if it ain't broke, don't fix it;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From norbert.schmidt at interactivedata.com Wed Mar 25 12:20:27 2009 From: norbert.schmidt at interactivedata.com (Norbert Schmidt) Date: Wed Mar 25 12:20:37 2009 Subject: Change envelope sender for forwarded messages? In-Reply-To: <200903251200.n2PC02hT021449@safir.blacknight.ie> Message-ID: > ----- Message from John Wilcock on Tue, 24 Mar 2009 18: > 10:45 +0100 ----- > > To: > > MailScanner discussion > > Subject: > > Change envelope sender for forwarded messages? > > I'm trying to set up selective forwarding to an external account to > enable my boss to receive mail on her mobile phone. Her key requirement > is that the original sender mustn't be aware that the forwarding is > happening, and in particular must not receive a nondelivery notice even > if her external mailbox is full. > > In other words, I need to change the envelope sender on forwarded > messages. I've tried various solutions, including a forward action in a > ruleset on Non Spam Actions, but the original envelope sender is unchanged. > > I'm open to all suggestions, in MailScanner or elsewhere on the server > (running postfix and dovecot). I've also tried postfix's > recipient_bcc_maps or a redirect action in a dovecot deliver LDA sieve > filter, but in all cases the envelope sender is used unchanged and I > can't see any way to rewrite it. > > Any suggestions? > > John. > I've done it on postfix with a sender_canonical_map: put this into main.cf: sender_canonical_maps = regexp:/etc/postfix-10025/sender_canonical and this into the sender_canonical file: /^/ new_envelope_sender@domain.com This will change the envelope sender on all incoming mail. I've routed the special mail that needed to be processed through this to a second instance of postfix running on port 10025. This does the job fine and in our case you even see the unchanged from: in the mail. Regards Norbert -- Norbert Schmidt | IT / Systems Interactive Data Managed Solutions AG -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090325/a251e514/attachment.html From john at tradoc.fr Wed Mar 25 13:16:28 2009 From: john at tradoc.fr (John Wilcock) Date: Wed Mar 25 13:17:38 2009 Subject: Change envelope sender for forwarded messages? In-Reply-To: References: Message-ID: <49CA2EAC.5070901@tradoc.fr> Le 25/03/2009 13:20, Norbert Schmidt a ?crit : > I've done it on postfix with a sender_canonical_map: > put this into main.cf: > sender_canonical_maps = regexp:/etc/postfix-10025/sender_canonical > and this into the sender_canonical file: > > /^/ new_envelope_sender@domain.com > > This will change the envelope sender on all incoming mail. I've routed > the special mail that needed to be processed through this to a second > instance of postfix running on port 10025. > This does the job fine and in our case you even see the unchanged from: > in the mail. Thanks, Norbert. That certainly looks like one possible solution. I'll also look at Julian's .forward with sendmail -f suggestion, though I'm not sure I can use .forward files in conjunction with dovecot deliver LDA (which I want to use for sieve filtering). John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From mailbag at partnersolutions.ca Wed Mar 25 13:26:06 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed Mar 25 13:26:31 2009 Subject: Change envelope sender for forwarded messages? In-Reply-To: <49CA2EAC.5070901@tradoc.fr> References: <49CA2EAC.5070901@tradoc.fr> Message-ID: <120EBC42C8319846842A4A49B3D5566BBDD9A8@psims003.pshosting.intranet> > Thanks, Norbert. That certainly looks like one possible solution. I'll > also look at Julian's .forward with sendmail -f suggestion, though I'm > not sure I can use .forward files in conjunction with dovecot deliver > LDA (which I want to use for sieve filtering). I'm not sure if this will work with dovecot's LDA, but you could set up an alias that pipes into a script (Perl or otherwise) to do the rewriting for you. After you have that in place, you could use a non-spam forward function to hit the alias (or whatever other method you prefer). I've only ever specifically tried it with procmail, but it might work in your case too. Cheers, -Joshua From paul.welsh.3 at googlemail.com Wed Mar 25 22:33:23 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Wed Mar 25 22:33:37 2009 Subject: Sophos and Phishing In-Reply-To: <200903151201.n2FC0QDC023254@safir.blacknight.ie> Message-ID: <49cab137.0a4d5e0a.36af.ffffe8c9@mx.google.com> I have clam and sophos running on my MailScanner box. I notice that clam regularly blocks phishing messages (particularly bank related ones) as viruses. Sophos doesn't. Is this a configuration issue or is clam just better at this? From paul.welsh.3 at googlemail.com Wed Mar 25 22:56:54 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Wed Mar 25 22:57:08 2009 Subject: OT: Outsourced services In-Reply-To: <200903151201.n2FC0QDC023254@safir.blacknight.ie> Message-ID: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> Thought it was worth mentioning for anyone who doesn't know that Google bought Postini last year and are offering outsourced mail scanning for $12 per user per year. For $25 they'll archive all mail for a year. For $45 they'll archive for 10 years. http://www.google.com/postini/compare.html. The archiving will include internal mail for those running certain products like Exchange Enterprise. I've used MailScanner on my own dedicated server for years. Recently I spent some time setting up 2 x MailScanner servers for the company I work for (80 - 100 people). However, when I found out about Google's offering I suggested we switch. The pricing and the archiving facility made it a no brainer. We're going through one of Google's partners so there is a setup and annual support fee but it's a few hundred quid. The sterling pricing for the actual service is equivalent to the dollar pricing. We used to use MessageLabs which used to cost over GBP40 per user per year so the Google service is about a fifth of the price. I was talked through the Postini web interface yesterday and it seems highly configurable. So configurable, in fact, that I'm glad we are spending a bit more to get some support from people we can phone. Presuming that the service works well in blocking spam and viruses, I really think SMEs have to think very carefully before installing their own mail scanning server. Of course, for big organisations where money is tight and user numbers are high then $12 per user per year is still more expensive. For a company like the one I work for though, the time taken to maintain our own mail servers is just not worthwhile at these prices. From ssilva at sgvwater.com Wed Mar 25 23:18:24 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 25 23:18:46 2009 Subject: Sophos and Phishing In-Reply-To: <49cab137.0a4d5e0a.36af.ffffe8c9@mx.google.com> References: <200903151201.n2FC0QDC023254@safir.blacknight.ie> <49cab137.0a4d5e0a.36af.ffffe8c9@mx.google.com> Message-ID: on 3-25-2009 3:33 PM Paul Welsh spake the following: > I have clam and sophos running on my MailScanner box. I notice that clam > regularly blocks phishing messages (particularly bank related ones) as > viruses. Sophos doesn't. Is this a configuration issue or is clam just > better at this? > Clam has some phishing signatures that maybe sophos doesn't. Plus there are a lot of third party signatures for clam. Open source means more people contribute to it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090325/de0beffe/signature.bin From ssilva at sgvwater.com Wed Mar 25 23:20:01 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 25 23:25:11 2009 Subject: OT: Outsourced services In-Reply-To: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> References: <200903151201.n2FC0QDC023254@safir.blacknight.ie> <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> Message-ID: on 3-25-2009 3:56 PM Paul Welsh spake the following: > Thought it was worth mentioning for anyone who doesn't know that Google > bought Postini last year and are offering outsourced mail scanning for $12 > per user per year. For $25 they'll archive all mail for a year. For $45 > they'll archive for 10 years. http://www.google.com/postini/compare.html. > The archiving will include internal mail for those running certain products > like Exchange Enterprise. > > I've used MailScanner on my own dedicated server for years. Recently I > spent some time setting up 2 x MailScanner servers for the company I work > for (80 - 100 people). However, when I found out about Google's offering I > suggested we switch. The pricing and the archiving facility made it a no > brainer. We're going through one of Google's partners so there is a setup > and annual support fee but it's a few hundred quid. The sterling pricing > for the actual service is equivalent to the dollar pricing. > > We used to use MessageLabs which used to cost over GBP40 per user per year > so the Google service is about a fifth of the price. > > I was talked through the Postini web interface yesterday and it seems highly > configurable. So configurable, in fact, that I'm glad we are spending a bit > more to get some support from people we can phone. > > Presuming that the service works well in blocking spam and viruses, I really > think SMEs have to think very carefully before installing their own mail > scanning server. Of course, for big organisations where money is tight and > user numbers are high then $12 per user per year is still more expensive. > For a company like the one I work for though, the time taken to maintain our > own mail servers is just not worthwhile at these prices. > Don't tell my boss that. I need to eat too! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090325/33f0897b/signature.bin From ms-list at alexb.ch Wed Mar 25 23:43:06 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 25 23:43:15 2009 Subject: OT: Outsourced services In-Reply-To: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> Message-ID: <49CAC18A.60506@alexb.ch> On 3/25/2009 11:56 PM, Paul Welsh wrote: > Thought it was worth mentioning for anyone who doesn't know that Google > bought Postini last year and are offering outsourced mail scanning for $12 > per user per year. For $25 they'll archive all mail for a year. For $45 > they'll archive for 10 years. http://www.google.com/postini/compare.html. > The archiving will include internal mail for those running certain products > like Exchange Enterprise. > > I've used MailScanner on my own dedicated server for years. Recently I > spent some time setting up 2 x MailScanner servers for the company I work > for (80 - 100 people). However, when I found out about Google's offering I > suggested we switch. The pricing and the archiving facility made it a no > brainer. We're going through one of Google's partners so there is a setup > and annual support fee but it's a few hundred quid. The sterling pricing > for the actual service is equivalent to the dollar pricing. > > We used to use MessageLabs which used to cost over GBP40 per user per year > so the Google service is about a fifth of the price. > > I was talked through the Postini web interface yesterday and it seems highly > configurable. So configurable, in fact, that I'm glad we are spending a bit > more to get some support from people we can phone. > > Presuming that the service works well in blocking spam and viruses, I really > think SMEs have to think very carefully before installing their own mail > scanning server. Of course, for big organisations where money is tight and > user numbers are high then $12 per user per year is still more expensive. > For a company like the one I work for though, the time taken to maintain our > own mail servers is just not worthwhile at these prices. Good your bosses feel safe having corp's mail in hands of the largest search engine and data minining company in the world. I know my boss wouldn't want that. From root at doctor.nl2k.ab.ca Thu Mar 26 00:18:20 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Thu Mar 26 00:23:29 2009 Subject: AWL weirdness Message-ID: <20090326001820.GA1984@doctor.nl2k.ab.ca> How can AWL be considered spam? I am seeing scores of AWL 30+ and I have set score AWL -1000. Huh?? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From l_mailscanner at mail2news.4t2.com Thu Mar 26 00:47:11 2009 From: l_mailscanner at mail2news.4t2.com (Tom Weber) Date: Thu Mar 26 00:47:41 2009 Subject: Syslogging broken Message-ID: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> Hello, last month there was a thread from Greg Deputy about Mailscanner not logging correctly to syslog. While Greg probably worked around his problem, I think it still exists. On debian lenny with Mailscanner from testing (4.74.16-1) I get logging like this: 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333) 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333) 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality... 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam. 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 4278 hostnames from the phishing blacklist 2,6,Mar 26 01:06:24,MailScanner[9713]: Using SpamAssassin results cache 2,6,Mar 26 01:06:24,MailScanner[9713]: Connected to SpamAssassin cache database 2,6,Mar 26 01:06:24,MailScanner[9713]: Enabling SpamAssassin auto-whitelist functionality... 19,7,Mar 26 01:06:25,check[9713]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog 19,6,Mar 26 01:06:26,check[9707]: Using locktype = flock 19,7,Mar 26 01:06:27,check[9713]: [ 3] mail 1 is not known spam. 2,6,Mar 26 01:06:29,MailScanner[9717]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 848 hostnames from the phishing whitelist 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 4278 hostnames from the phishing blacklist 2,6,Mar 26 01:06:29,MailScanner[9717]: Using SpamAssassin results cache 2,6,Mar 26 01:06:29,MailScanner[9717]: Connected to SpamAssassin cache database 2,6,Mar 26 01:06:29,MailScanner[9717]: Enabling SpamAssassin auto-whitelist functionality... 19,7,Mar 26 01:06:30,check[9717]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog 19,7,Mar 26 01:06:31,check[9717]: [ 3] mail 1 is not known spam. 19,6,Mar 26 01:06:32,check[9713]: Using locktype = flock 19,6,Mar 26 01:06:37,check[9717]: Using locktype = flock 19,6,Mar 26 01:12:56,check[9707]: New Batch: Scanning 1 messages, 1615 bytes 19,6,Mar 26 01:12:56,check[9707]: Spam Checks: Starting 19,5,Mar 26 01:12:57,check[9707]: RBL checks: 567081E5.644FE found in SORBS-DNSBL 19,7,Mar 26 01:12:57,check[9739]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog 19,7,Mar 26 01:12:59,check[9739]: [ 3] mail 1 is known spam. 19,6,Mar 26 01:13:04,check[9707]: Message 567081E5.644FE from .... is spam .... 19,5,Mar 26 01:13:04,check[9707]: Spam Checks: Found 1 spam messages 19,5,Mar 26 01:13:04,check[9707]: Non-delivery of spam: message 567081E5.644FE from ... to ... 19,5,Mar 26 01:13:04,check[9707]: Spam Actions: message 567081E5.644FE actions are store,delete 19,6,Mar 26 01:13:04,check[9707]: Spam Checks completed at 222 bytes per second 19,6,Mar 26 01:13:04,check[9707]: Virus and Content Scanning: Starting 19,6,Mar 26 01:13:05,check[9707]: Virus Scanning completed at 1063 bytes per second 19,6,Mar 26 01:13:05,check[9707]: Batch completed at 183 bytes per second (1615 / 8) 19,6,Mar 26 01:13:05,check[9707]: Batch (1 message) processed in 8.78 seconds For debuggin I configured rsyslogd to log facility and priority (the first 2 numbers each line). 2 = LOG_MAIL, 19=LOG_LOCAL3 No matter what I configure in MailScanner.conf, this value is only used on the same Lines that log with the tag "MailScanner". For me it seems that the child processes get this messed up and continue logging with the tag "check" and always with LOG_LOCAL3. I have another MailScanner running on a debian etch box just fine with correct logging. The output of --version of both working and broken setup are attached. Let me know if you need more information, Tom -------------- next part -------------- Linux XXXX 2.6.28.8-vs2.3.0.36.8 #1 SMP Wed Mar 18 13:38:01 UTC 2009 i686 GNU/Linux This is Perl version 5.010000 (5.10.0) This is MailScanner version 4.74.16 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 0.22 bignum 1.08 Carp 2.012 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_14 Data::Dumper 2.27 Date::Parse 1.01 DirHandle 1.06 Fcntl 2.76 File::Basename 2.11 File::Copy 2.01 FileHandle 2.04 File::Path 0.18 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23_01 IO 1.14 IO::File 1.13 IO::Pipe 2.03 Mail::Header 1.88 Math::BigInt 0.21 Math::BigRat 3.07_01 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.07 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.13 POSIX 1.19 Scalar::Util 1.80 Socket 2.18 Storable 1.4 Sys::Hostname::Long 0.26 Sys::Syslog missing Test::Pod 0.72 Test::Simple 1.9711 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.22 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.816_1 DB_File 1.14 DBD::SQLite 1.605 DBI 1.15 Digest 1.01 Digest::HMAC 2.36_01 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error 0.21 ExtUtils::CBuilder 2.18_02 ExtUtils::ParseXS 2.37 Getopt::Long missing Inline 1.08 IO::String 1.07 IO::Zlib missing IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin missing Mail::SPF 1.999001 Mail::SPF::Query 0.280801 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable 0.36 Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.74 version missing YAML -------------- next part -------------- Running on Linux XXXX 2.6.22.7-vs23024 #1 SMP Tue Sep 25 03:55:21 CEST 2007 i686 GNU/Linux This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.56.8 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.55 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.13 DBD::SQLite 1.53 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Inline missing Mail::ClamAV 3.002003 Mail::SpamAssassin 1.999001 Mail::SPF::Query 0.20 Net::CIDR::Lite 1.25 Net::IP 0.59 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI From mailscanner at yeticomputers.com Thu Mar 26 02:29:57 2009 From: mailscanner at yeticomputers.com (MailScanner Account) Date: Thu Mar 26 02:27:01 2009 Subject: AWL weirdness In-Reply-To: <20090326001820.GA1984@doctor.nl2k.ab.ca> Message-ID: <28789348.41238034380692.JavaMail.VIXEN$@Vixen> > How can AWL be considered spam? > > I am seeing scores of AWL 30+ and > I have set > score AWL -1000. > Huh?? ---- I don't believe you can set a score for AWL. That would defeat the entire purpose of the rule which, unfortunately, is poorly named. It is in no way a whitelist. Check http://wiki.apache.org/spamassassin/AutoWhitelist for more information. The rule is used to adjust scores based on the prior history of the sender. Setting it manually would make no sense. All of that said, I disable the thing. It is too unreliable with my specific mail flow. I hear it works great for some. From dave.list at pixelhammer.com Thu Mar 26 02:36:21 2009 From: dave.list at pixelhammer.com (DAve) Date: Thu Mar 26 02:36:52 2009 Subject: OT: Outsourced services In-Reply-To: <49CAC18A.60506@alexb.ch> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> <49CAC18A.60506@alexb.ch> Message-ID: <49CAEA25.9050104@pixelhammer.com> Alex Broens wrote: > On 3/25/2009 11:56 PM, Paul Welsh wrote: >> Thought it was worth mentioning for anyone who doesn't know that Google >> bought Postini last year and are offering outsourced mail scanning for >> $12 >> per user per year. For $25 they'll archive all mail for a year. For $45 >> they'll archive for 10 years. >> http://www.google.com/postini/compare.html. >> The archiving will include internal mail for those running certain >> products >> like Exchange Enterprise. >> >> I've used MailScanner on my own dedicated server for years. Recently I >> spent some time setting up 2 x MailScanner servers for the company I work >> for (80 - 100 people). However, when I found out about Google's >> offering I >> suggested we switch. The pricing and the archiving facility made it a no >> brainer. We're going through one of Google's partners so there is a >> setup >> and annual support fee but it's a few hundred quid. The sterling pricing >> for the actual service is equivalent to the dollar pricing. >> >> We used to use MessageLabs which used to cost over GBP40 per user per >> year >> so the Google service is about a fifth of the price. >> >> I was talked through the Postini web interface yesterday and it seems >> highly >> configurable. So configurable, in fact, that I'm glad we are spending >> a bit >> more to get some support from people we can phone. >> >> Presuming that the service works well in blocking spam and viruses, I >> really >> think SMEs have to think very carefully before installing their own mail >> scanning server. Of course, for big organisations where money is >> tight and >> user numbers are high then $12 per user per year is still more expensive. >> For a company like the one I work for though, the time taken to >> maintain our >> own mail servers is just not worthwhile at these prices. > > Good your bosses feel safe having corp's mail in hands of the largest > search engine and data mining company in the world. > > I know my boss wouldn't want that. +1 Looking at the amount of spam that comes from Google owned services I would say they could claim greatly improved spam/virus catching just by blocking their own traffic. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org From maxsec at gmail.com Thu Mar 26 09:08:09 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 26 09:08:18 2009 Subject: Syslogging broken In-Reply-To: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> Message-ID: <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> Tom from memory this was a problem with Greg's syslog.conf setup. 2009/3/26 Tom Weber : > Hello, > > last month there was a thread from Greg Deputy about Mailscanner not > logging correctly to syslog. While Greg probably worked around his > problem, I think it still exists. > > On debian lenny with Mailscanner from testing (4.74.16-1) I get logging > like this: > > 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333) > 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333) > 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... > 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist > 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist > 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache > 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database > 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality... > 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog > 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam. > 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... > 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist > 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 4278 hostnames from the phishing blacklist > 2,6,Mar 26 01:06:24,MailScanner[9713]: Using SpamAssassin results cache > 2,6,Mar 26 01:06:24,MailScanner[9713]: Connected to SpamAssassin cache database > 2,6,Mar 26 01:06:24,MailScanner[9713]: Enabling SpamAssassin auto-whitelist functionality... > 19,7,Mar 26 01:06:25,check[9713]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog > 19,6,Mar 26 01:06:26,check[9707]: Using locktype = flock > 19,7,Mar 26 01:06:27,check[9713]: [ 3] mail 1 is not known spam. > 2,6,Mar 26 01:06:29,MailScanner[9717]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... > 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 848 hostnames from the phishing whitelist > 2,6,Mar 26 01:06:29,MailScanner[9717]: Read 4278 hostnames from the phishing blacklist > 2,6,Mar 26 01:06:29,MailScanner[9717]: Using SpamAssassin results cache > 2,6,Mar 26 01:06:29,MailScanner[9717]: Connected to SpamAssassin cache database > 2,6,Mar 26 01:06:29,MailScanner[9717]: Enabling SpamAssassin auto-whitelist functionality... > 19,7,Mar 26 01:06:30,check[9717]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog > 19,7,Mar 26 01:06:31,check[9717]: [ 3] mail 1 is not known spam. > 19,6,Mar 26 01:06:32,check[9713]: Using locktype = flock > 19,6,Mar 26 01:06:37,check[9717]: Using locktype = flock > 19,6,Mar 26 01:12:56,check[9707]: New Batch: Scanning 1 messages, 1615 bytes > 19,6,Mar 26 01:12:56,check[9707]: Spam Checks: Starting > 19,5,Mar 26 01:12:57,check[9707]: RBL checks: 567081E5.644FE found in SORBS-DNSBL > 19,7,Mar 26 01:12:57,check[9739]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog > 19,7,Mar 26 01:12:59,check[9739]: [ 3] mail 1 is known spam. > 19,6,Mar 26 01:13:04,check[9707]: Message 567081E5.644FE from .... is spam .... > 19,5,Mar 26 01:13:04,check[9707]: Spam Checks: Found 1 spam messages > 19,5,Mar 26 01:13:04,check[9707]: Non-delivery of spam: message 567081E5.644FE from ... to ... > 19,5,Mar 26 01:13:04,check[9707]: Spam Actions: message 567081E5.644FE actions are store,delete > 19,6,Mar 26 01:13:04,check[9707]: Spam Checks completed at 222 bytes per second > 19,6,Mar 26 01:13:04,check[9707]: Virus and Content Scanning: Starting > 19,6,Mar 26 01:13:05,check[9707]: Virus Scanning completed at 1063 bytes per second > 19,6,Mar 26 01:13:05,check[9707]: Batch completed at 183 bytes per second (1615 / 8) > 19,6,Mar 26 01:13:05,check[9707]: Batch (1 message) processed in 8.78 seconds > > For debuggin I configured rsyslogd to log facility and priority (the > first 2 numbers each line). > 2 = LOG_MAIL, 19=LOG_LOCAL3 > No matter what I configure in MailScanner.conf, this value is only used > on the same Lines that log with the tag "MailScanner". For me it seems > that the child processes get this messed up and continue logging with > the tag "check" and always with LOG_LOCAL3. > > I have another MailScanner running on a debian etch box just fine with > correct logging. > > The output of --version of both working and broken setup are attached. > > Let me know if you need more information, > ?Tom > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK From vincent at zijnemail.nl Thu Mar 26 09:17:50 2009 From: vincent at zijnemail.nl (Vincent Verhagen) Date: Thu Mar 26 09:18:04 2009 Subject: OT: Outsourced services In-Reply-To: <49CAC18A.60506@alexb.ch> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> <49CAC18A.60506@alexb.ch> Message-ID: <49CB483E.6030302@zijnemail.nl> Alex Broens wrote: > On 3/25/2009 11:56 PM, Paul Welsh wrote: >> Thought it was worth mentioning for anyone who doesn't know that Google >> bought Postini last year and are offering outsourced mail scanning >> for $12 >> per user per year. For $25 they'll archive all mail for a year. For >> $45 >> they'll archive for 10 years. >> http://www.google.com/postini/compare.html. >> The archiving will include internal mail for those running certain >> products >> like Exchange Enterprise. >> >> I've used MailScanner on my own dedicated server for years. Recently I >> spent some time setting up 2 x MailScanner servers for the company I >> work >> for (80 - 100 people). However, when I found out about Google's >> offering I >> suggested we switch. The pricing and the archiving facility made it >> a no >> brainer. We're going through one of Google's partners so there is a >> setup >> and annual support fee but it's a few hundred quid. The sterling >> pricing >> for the actual service is equivalent to the dollar pricing. >> >> We used to use MessageLabs which used to cost over GBP40 per user per >> year >> so the Google service is about a fifth of the price. >> >> I was talked through the Postini web interface yesterday and it seems >> highly >> configurable. So configurable, in fact, that I'm glad we are >> spending a bit >> more to get some support from people we can phone. >> >> Presuming that the service works well in blocking spam and viruses, I >> really >> think SMEs have to think very carefully before installing their own mail >> scanning server. Of course, for big organisations where money is >> tight and >> user numbers are high then $12 per user per year is still more >> expensive. >> For a company like the one I work for though, the time taken to >> maintain our >> own mail servers is just not worthwhile at these prices. > > Good your bosses feel safe having corp's mail in hands of the largest > search engine and data minining company in the world. > > I know my boss wouldn't want that. > > > > Amen! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090326/6c360039/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 26 09:27:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 26 09:28:13 2009 Subject: Sophos and Phishing In-Reply-To: <49cab137.0a4d5e0a.36af.ffffe8c9@mx.google.com> References: <49cab137.0a4d5e0a.36af.ffffe8c9@mx.google.com> <49CB4A99.6000802@ecs.soton.ac.uk> Message-ID: On 25/3/09 22:33, Paul Welsh wrote: > I have clam and sophos running on my MailScanner box. I notice that clam > regularly blocks phishing messages (particularly bank related ones) as > viruses. Sophos doesn't. Is this a configuration issue or is clam just > better at this? > > Sophos is an anti-virus package. ClamAV is an anti-virus package that in addition has some anti-phishing signatures available for it. Different products, different markets. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From l_mailscanner at mail2news.4t2.com Thu Mar 26 09:44:20 2009 From: l_mailscanner at mail2news.4t2.com (Tom Weber) Date: Thu Mar 26 09:44:40 2009 Subject: Syslogging broken In-Reply-To: <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> Message-ID: <1238060660.7413.138.camel@morgoth.abyss.4t2.com> Am Donnerstag, den 26.03.2009, 09:08 +0000 schrieb Martin Hepworth: > Tom > > from memory this was a problem with Greg's syslog.conf setup. Not afair. Greg also claimed that MailScanner suddenly started logging as local3 not mail. One may be able to work around this by redirecting local3 in syslog.conf which is what he probably did. His Logs and mine below clearly show that MailScanner logging comes with wrong facility into syslog. This might be some perl or perl module weirdness below MailScanner, but it's definitely not a config problem with syslog. I suspect that things (open files / handles) get messed up while forking the childs. I'm not good enough at perl and deep enough into MailScanner to dig through this though. Tom > 2009/3/26 Tom Weber : > > Hello, > > > > last month there was a thread from Greg Deputy about Mailscanner not > > logging correctly to syslog. While Greg probably worked around his > > problem, I think it still exists. > > > > On debian lenny with Mailscanner from testing (4.74.16-1) I get logging > > like this: > > > > 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333) > > 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333) > > 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... > > 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist > > 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist > > 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache > > 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database > > 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality... > > 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog > > 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam. > > 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... > > 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist From root at doctor.nl2k.ab.ca Thu Mar 26 12:46:26 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Thu Mar 26 12:48:28 2009 Subject: {?} Re: AWL weirdness In-Reply-To: <28789348.41238034380692.JavaMail.VIXEN$@Vixen> References: <20090326001820.GA1984@doctor.nl2k.ab.ca> <28789348.41238034380692.JavaMail.VIXEN$@Vixen> Message-ID: <20090326124625.GC25029@doctor.nl2k.ab.ca> On Wed, Mar 25, 2009 at 10:29:57PM -0400, MailScanner Account wrote: > > How can AWL be considered spam? > > > > I am seeing scores of AWL 30+ and > > I have set > > > score AWL -1000. > > > Huh?? > > ---- > > I don't believe you can set a score for AWL. That would defeat the entire purpose of the rule which, unfortunately, is poorly named. It is in no way a whitelist. Check http://wiki.apache.org/spamassassin/AutoWhitelist for more information. The rule is used to adjust scores based on the prior history of the sender. Setting it manually would make no sense. All of that said, I disable the thing. It is too unreliable with my specific mail flow. I hear it works great for some. > Sounds like an option. How do you disble this feature? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Thu Mar 26 13:32:19 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 26 13:32:28 2009 Subject: {?} Re: AWL weirdness In-Reply-To: <20090326124625.GC25029@doctor.nl2k.ab.ca> References: <20090326001820.GA1984@doctor.nl2k.ab.ca> <28789348.41238034380692.JavaMail.VIXEN$@Vixen> <20090326124625.GC25029@doctor.nl2k.ab.ca> Message-ID: <72cf361e0903260632h6bd1e7cdk5a06d218c75d857b@mail.gmail.com> You comment out the plugin in init.pre (or *.pre whereevery it appears for you). 2009/3/26 Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem : > On Wed, Mar 25, 2009 at 10:29:57PM -0400, MailScanner Account wrote: >> > How can AWL be considered spam? >> > >> > I am seeing scores of AWL 30+ and >> > I have set >> >> > score AWL -1000. >> >> > Huh?? >> >> ---- >> >> I don't believe you can set a score for AWL. ?That would defeat the entire purpose of the rule which, unfortunately, is poorly named. ?It is in no way a whitelist. ?Check http://wiki.apache.org/spamassassin/AutoWhitelist for more information. ?The rule is used to adjust scores based on the prior history of the sender. ?Setting it manually would make no sense. ?All of that said, I disable the thing. ?It is too unreliable with my specific mail flow. ?I hear it works great for some. >> > > Sounds like an option. ?How do you disble this feature? > >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK From ssilva at sgvwater.com Thu Mar 26 17:34:59 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 26 17:35:19 2009 Subject: OT: Outsourced services In-Reply-To: <49CAEA25.9050104@pixelhammer.com> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> <49CAC18A.60506@alexb.ch> <49CAEA25.9050104@pixelhammer.com> Message-ID: on 3-25-2009 7:36 PM DAve spake the following: > Alex Broens wrote: >> On 3/25/2009 11:56 PM, Paul Welsh wrote: >>> Thought it was worth mentioning for anyone who doesn't know that Google >>> bought Postini last year and are offering outsourced mail scanning >>> for $12 >>> per user per year. For $25 they'll archive all mail for a year. For >>> $45 >>> they'll archive for 10 years. >>> http://www.google.com/postini/compare.html. >>> The archiving will include internal mail for those running certain >>> products >>> like Exchange Enterprise. >>> >>> I've used MailScanner on my own dedicated server for years. Recently I >>> spent some time setting up 2 x MailScanner servers for the company I >>> work >>> for (80 - 100 people). However, when I found out about Google's >>> offering I >>> suggested we switch. The pricing and the archiving facility made it >>> a no >>> brainer. We're going through one of Google's partners so there is a >>> setup >>> and annual support fee but it's a few hundred quid. The sterling >>> pricing >>> for the actual service is equivalent to the dollar pricing. >>> >>> We used to use MessageLabs which used to cost over GBP40 per user per >>> year >>> so the Google service is about a fifth of the price. >>> >>> I was talked through the Postini web interface yesterday and it seems >>> highly >>> configurable. So configurable, in fact, that I'm glad we are >>> spending a bit >>> more to get some support from people we can phone. >>> >>> Presuming that the service works well in blocking spam and viruses, I >>> really >>> think SMEs have to think very carefully before installing their own mail >>> scanning server. Of course, for big organisations where money is >>> tight and >>> user numbers are high then $12 per user per year is still more >>> expensive. >>> For a company like the one I work for though, the time taken to >>> maintain our >>> own mail servers is just not worthwhile at these prices. >> >> Good your bosses feel safe having corp's mail in hands of the largest >> search engine and data mining company in the world. >> >> I know my boss wouldn't want that. > > +1 > > Looking at the amount of spam that comes from Google owned services I > would say they could claim greatly improved spam/virus catching just by > blocking their own traffic. > > DAve > > And a new set of data to mine for e-mail addresses! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090326/fbf7c551/signature.bin From ssilva at sgvwater.com Thu Mar 26 17:38:53 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 26 17:40:12 2009 Subject: Syslogging broken In-Reply-To: <1238060660.7413.138.camel@morgoth.abyss.4t2.com> References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> Message-ID: on 3-26-2009 2:44 AM Tom Weber spake the following: > Am Donnerstag, den 26.03.2009, 09:08 +0000 schrieb Martin Hepworth: >> Tom >> >> from memory this was a problem with Greg's syslog.conf setup. > > Not afair. Greg also claimed that MailScanner suddenly started logging > as local3 not mail. > One may be able to work around this by redirecting local3 in syslog.conf > which is what he probably did. > > His Logs and mine below clearly show that MailScanner logging comes with > wrong facility into syslog. > > This might be some perl or perl module weirdness below MailScanner, but > it's definitely not a config problem with syslog. > > I suspect that things (open files / handles) get messed up while forking > the childs. I'm not good enough at perl and deep enough into MailScanner > to dig through this though. > > Tom > >> 2009/3/26 Tom Weber : >>> Hello, >>> >>> last month there was a thread from Greg Deputy about Mailscanner not >>> logging correctly to syslog. While Greg probably worked around his >>> problem, I think it still exists. >>> >>> On debian lenny with Mailscanner from testing (4.74.16-1) I get logging >>> like this: >>> >>> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333) >>> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333) >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database >>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality... >>> 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog >>> 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam. >>> 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>> 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist > > Is it only showing up in Debian? I don't have any problems in CentOS, maybe something is broken in a Debian perl module or the Debian package. Or maybe the Debian package inits too early and breaks something there? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090326/3110b3c3/signature.bin From MailScanner at ecs.soton.ac.uk Thu Mar 26 19:34:37 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 26 19:34:56 2009 Subject: Syslogging broken In-Reply-To: References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> <49CBD8CD.1020109@ecs.soton.ac.uk> Message-ID: On 26/3/09 17:38, Scott Silva wrote: > on 3-26-2009 2:44 AM Tom Weber spake the following: > >> Am Donnerstag, den 26.03.2009, 09:08 +0000 schrieb Martin Hepworth: >> >>> Tom >>> >>> from memory this was a problem with Greg's syslog.conf setup. >>> >> Not afair. Greg also claimed that MailScanner suddenly started logging >> as local3 not mail. >> One may be able to work around this by redirecting local3 in syslog.conf >> which is what he probably did. >> >> His Logs and mine below clearly show that MailScanner logging comes with >> wrong facility into syslog. >> >> This might be some perl or perl module weirdness below MailScanner, but >> it's definitely not a config problem with syslog. >> >> I suspect that things (open files / handles) get messed up while forking >> the childs. I'm not good enough at perl and deep enough into MailScanner >> to dig through this though. >> >> Tom >> >> >>> 2009/3/26 Tom Weber: >>> >>>> Hello, >>>> >>>> last month there was a thread from Greg Deputy about Mailscanner not >>>> logging correctly to syslog. While Greg probably worked around his >>>> problem, I think it still exists. >>>> >>>> On debian lenny with Mailscanner from testing (4.74.16-1) I get logging >>>> like this: >>>> >>>> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting GID to postfix (333) >>>> 1,6,Mar 26 01:06:18,MailScanner: MailScanner setting UID to postfix (333) >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 848 hostnames from the phishing whitelist >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Read 4278 hostnames from the phishing blacklist >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Using SpamAssassin results cache >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Connected to SpamAssassin cache database >>>> 2,6,Mar 26 01:06:19,MailScanner[9707]: Enabling SpamAssassin auto-whitelist functionality... >>>> 19,7,Mar 26 01:06:20,check[9707]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to sys-syslog >>>> 19,7,Mar 26 01:06:21,check[9707]: [ 3] mail 1 is not known spam. >>>> 2,6,Mar 26 01:06:24,MailScanner[9713]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>>> 2,6,Mar 26 01:06:24,MailScanner[9713]: Read 848 hostnames from the phishing whitelist >>>> >> >> > Is it only showing up in Debian? > I don't have any problems in CentOS, maybe something is broken in a Debian > perl module or the Debian package. Or maybe the Debian package inits too early > and breaks something there? > I would be very interested if you could narrow this down. It has *never* (to my knowledge) occurred in a RedHat or CentOS Linux system, nor any other Unix system at all. It only appears to be a few Debian Linux guys who have the problem. I must admit that does rather tend to point the finger... There is nothing in MailScanner that will make it "run to mummy" and syslog to "mail" rather than what you request in the config file. Feel free to read the code in "Log.pm", you can read it just the same as I can. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Thu Mar 26 22:26:14 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 26 22:26:39 2009 Subject: OT: Outsourced services In-Reply-To: <49CAEA25.9050104@pixelhammer.com> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> <49CAC18A.60506@alexb.ch> <49CAEA25.9050104@pixelhammer.com> Message-ID: <625385e30903261526q63264dc6x2aee7a38ab33094f@mail.gmail.com> On Thu, Mar 26, 2009 at 3:36 AM, DAve wrote: > Looking at the amount of spam that comes from Google owned services I would > say they could claim greatly improved spam/virus catching just by blocking > their own traffic. As a user of Gmail I'll have to say they do a very good job of cleaning out spam for me, no more than one error a month at most. Yahoo, on the other hand, is hopeless. Not only do they let in 5-10 spam every day no matter how much I report it, they also cliassify 1-2 ham as spam every day which is much worse! So as a professional customer I would trust Google's spam filtering capacity, what they do with my mail is another issue of course but that question is relevant to all companies not filtering their own mail. I do filtering for other companies and it's quite surprising who "needs" their own on-site servers and who is ok to share off-site servers with anyone. -- /peter From l_mailscanner at mail2news.4t2.com Thu Mar 26 22:28:42 2009 From: l_mailscanner at mail2news.4t2.com (Tom Weber) Date: Thu Mar 26 22:29:14 2009 Subject: Syslogging broken - culprit found In-Reply-To: References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> <49CBD8CD.1020109@ecs.soton.ac.uk> Message-ID: <1238106522.7413.161.camel@morgoth.abyss.4t2.com> Am Donnerstag, den 26.03.2009, 19:34 +0000 schrieb Julian Field: > > Is it only showing up in Debian? > > I don't have any problems in CentOS, maybe something is broken in a Debian > > perl module or the Debian package. Or maybe the Debian package inits too early > > and breaks something there? > > > I would be very interested if you could narrow this down. It has *never* > (to my knowledge) occurred in a RedHat or CentOS Linux system, nor any > other Unix system at all. It only appears to be a few Debian Linux guys > who have the problem. I must admit that does rather tend to point the > finger... > There is nothing in MailScanner that will make it "run to mummy" and > syslog to "mail" rather than what you request in the config file. Feel > free to read the code in "Log.pm", you can read it just the same as I can. I narrowed it down.. took me half the day. I have debian systems where it works and others where it doesnt. Same (relevant) packages etc. Stracing, trying comparing etc finally led me to the culprit: razor (2.85 here) and only if you have logfile = sys-syslog configured in /etc/razor/razor-agent.conf (on debian at least). Without looking at the code, since my eyes are about to finally freak out now, i guess you integrate the razor perl modules directly in MailScanner which then initialize/openlog the Syslog again and mess it up. Maybe someone else wants to verify this on a non debian system too, but i'm quite confident that this is the cause for the behaviour. regards, Tom From vg_us at hotmail.com Fri Mar 27 00:24:57 2009 From: vg_us at hotmail.com (vg_us@hotmail.com) Date: Fri Mar 27 00:25:07 2009 Subject: Received: header and Mark Unscanned Message problem Message-ID: Hello. I have a problem delivering to one of the sites: mail gets rejected because "Not scanned: please contact your Internet E-Mail Service Provider for details" added to Received: header is not RFC compliant (according to that site's postmaster). When I disable Mark Unscanned Messages and set "Unscanned Header Value =", mailscanner still inserts a "," after original header and my mail is rejected again. Is there any way to make sure mailscanner doesn't touch Received: header at all? I'm running version mailscanner-4.65.3-1 from rpm on centos5 Thank you V From MailScanner at ecs.soton.ac.uk Fri Mar 27 01:11:18 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 27 01:11:40 2009 Subject: Syslogging broken - culprit found In-Reply-To: <1238106522.7413.161.camel@morgoth.abyss.4t2.com> References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> <49CBD8CD.1020109@ecs.soton.ac.uk> <1238106522.7413.161.camel@morgoth.abyss.4t2.com> <49CC27B6.8050600@ecs.soton.ac.uk> Message-ID: On 3/26/09 10:28 PM, Tom Weber wrote: > Am Donnerstag, den 26.03.2009, 19:34 +0000 schrieb Julian Field: > >>> Is it only showing up in Debian? >>> I don't have any problems in CentOS, maybe something is broken in a Debian >>> perl module or the Debian package. Or maybe the Debian package inits too early >>> and breaks something there? >>> >>> >> I would be very interested if you could narrow this down. It has *never* >> (to my knowledge) occurred in a RedHat or CentOS Linux system, nor any >> other Unix system at all. It only appears to be a few Debian Linux guys >> who have the problem. I must admit that does rather tend to point the >> finger... >> There is nothing in MailScanner that will make it "run to mummy" and >> syslog to "mail" rather than what you request in the config file. Feel >> free to read the code in "Log.pm", you can read it just the same as I can. >> > I narrowed it down.. took me half the day. I have debian systems where > it works and others where it doesnt. Same (relevant) packages etc. > Stracing, trying comparing etc finally led me to the culprit: > razor (2.85 here) > and only if you have > logfile = sys-syslog > configured in /etc/razor/razor-agent.conf (on debian at least). > > Without looking at the code, since my eyes are about to finally freak > out now, i guess you integrate the razor perl modules directly in > MailScanner which then initialize/openlog the Syslog again and mess it > up. > I don't call Razor at all, I leave SpamAssassin to do that. I suspect that it's just the SA initialisation call that is screwing with it. I could always just call the Log::initialise function again after initialising SpamAssassin, that *shouldn't* have any major consequences. > Maybe someone else wants to verify this on a non debian system too, but > i'm quite confident that this is the cause for the behaviour. > Please can someone do this for me? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 27 01:14:37 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 27 01:15:00 2009 Subject: Received: header and Mark Unscanned Message problem In-Reply-To: References: <49CC287D.6070606@ecs.soton.ac.uk> Message-ID: On 3/27/09 12:24 AM, vg_us@hotmail.com wrote: > Hello. > > I have a problem delivering to one of the sites: mail gets rejected > because "Not scanned: please contact your Internet E-Mail Service > Provider for details" added to Received: header is not RFC compliant > (according to that site's postmaster). Something's wrong in that case, MailScanner should never touch any Received: header, under the default shipped settings. That text should go in the X-MailScanner: header where it is legit. > When I disable Mark Unscanned Messages and set "Unscanned Header Value > =", mailscanner still inserts a "," after original header and my mail > is rejected again. > Is there any way to make sure mailscanner doesn't touch Received: > header at all? Please try it with a default MailScanner.conf and see if it still does it. It shouldn't, and I don't believe it does on other people's systems. > I'm running version mailscanner-4.65.3-1 from rpm on centos5 That's about a year old, but I haven't made changes to that code in a very long time (that I can remember, anyway). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From vg_us at hotmail.com Fri Mar 27 01:21:34 2009 From: vg_us at hotmail.com (vg_us@hotmail.com) Date: Fri Mar 27 01:21:44 2009 Subject: Received: header and Mark Unscanned Message problem In-Reply-To: <49CC287D.6070606@ecs.soton.ac.uk> References: <49CC287D.6070606@ecs.soton.ac.uk> Message-ID: -------------------------------------------------- From: "Julian Field" Sent: Thursday, March 26, 2009 9:14 PM To: "MailScanner discussion" Subject: Re: Received: header and Mark Unscanned Message problem > > > On 3/27/09 12:24 AM, vg_us@hotmail.com wrote: >> Hello. >> >> I have a problem delivering to one of the sites: mail gets rejected >> because "Not scanned: please contact your Internet E-Mail Service >> Provider for details" added to Received: header is not RFC compliant >> (according to that site's postmaster). > Something's wrong in that case, MailScanner should never touch any > Received: header, under the default shipped settings. That text should go > in the X-MailScanner: header where it is legit. >> When I disable Mark Unscanned Messages and set "Unscanned Header Value >> =", mailscanner still inserts a "," after original header and my mail is >> rejected again. >> Is there any way to make sure mailscanner doesn't touch Received: header >> at all? > Please try it with a default MailScanner.conf and see if it still does it. > It shouldn't, and I don't believe it does on other people's systems. we'll do. is it possible this happened because of config file format changes between my rpm upgrades? > >> I'm running version mailscanner-4.65.3-1 from rpm on centos5 > That's about a year old, but I haven't made changes to that code in a very > long time (that I can remember, anyway). > > Jules > From l_mailscanner at mail2news.4t2.com Fri Mar 27 09:44:22 2009 From: l_mailscanner at mail2news.4t2.com (Tom Weber) Date: Fri Mar 27 09:44:44 2009 Subject: Syslogging broken - culprit found In-Reply-To: References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> <49CBD8CD.1020109@ecs.soton.ac.uk> <1238106522.7413.161.camel@morgoth.abyss.4t2.com> <49CC27B6.8050600@ecs.soton.ac.uk> Message-ID: <1238147062.7413.186.camel@morgoth.abyss.4t2.com> Am Freitag, den 27.03.2009, 01:11 +0000 schrieb Julian Field: > > Without looking at the code, since my eyes are about to finally freak > > out now, i guess you integrate the razor perl modules directly in > > MailScanner which then initialize/openlog the Syslog again and mess it > > up. > > > I don't call Razor at all, I leave SpamAssassin to do that. I suspect Yeah, of course. I put this wrong. The result is the same though (MS importing SA importing razor). > that it's just the SA initialisation call that is screwing with it. I > could always just call the Log::initialise function again after > initialising SpamAssassin, that *shouldn't* have any major consequences. I personally don't care that much about razor logging to syslog. But these Side-effects should be eliminated. > > Maybe someone else wants to verify this on a non debian system too, but > > i'm quite confident that this is the cause for the behaviour. > > > Please can someone do this for me? May I add that this is not how debian ships. The debian default for razor is to log into a file not using syslog at all. All my MailScanner installations are linux-vservers which I usually derive from a tared up template. For some reason I had changed this setting somewhere in the past and it made it into my template resulting in a couple of MailScanner Installations with this behaviour. Tom From MailScanner at ecs.soton.ac.uk Fri Mar 27 09:47:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 27 09:47:27 2009 Subject: Received: header and Mark Unscanned Message problem In-Reply-To: References: <49CC287D.6070606@ecs.soton.ac.uk> <49CCA094.5080005@ecs.soton.ac.uk> Message-ID: On 27/3/09 01:21, vg_us@hotmail.com wrote: > -------------------------------------------------- > From: "Julian Field" > Sent: Thursday, March 26, 2009 9:14 PM > To: "MailScanner discussion" > Subject: Re: Received: header and Mark Unscanned Message problem > >> >> >> On 3/27/09 12:24 AM, vg_us@hotmail.com wrote: >>> Hello. >>> >>> I have a problem delivering to one of the sites: mail gets rejected >>> because "Not scanned: please contact your Internet E-Mail Service >>> Provider for details" added to Received: header is not RFC compliant >>> (according to that site's postmaster). >> Something's wrong in that case, MailScanner should never touch any >> Received: header, under the default shipped settings. That text >> should go in the X-MailScanner: header where it is legit. >>> When I disable Mark Unscanned Messages and set "Unscanned Header >>> Value =", mailscanner still inserts a "," after original header and >>> my mail is rejected again. >>> Is there any way to make sure mailscanner doesn't touch Received: >>> header at all? >> Please try it with a default MailScanner.conf and see if it still >> does it. It shouldn't, and I don't believe it does on other people's >> systems. > > we'll do. is it possible this happened because of config file format > changes between my rpm upgrades? That shouldn't cause it, no. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 27 13:33:56 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 27 13:34:15 2009 Subject: Syslogging broken - culprit found In-Reply-To: <1238147062.7413.186.camel@morgoth.abyss.4t2.com> References: <1238028432.7413.125.camel@morgoth.abyss.4t2.com> <72cf361e0903260208he664a06s86fc8badff36a266@mail.gmail.com> <1238060660.7413.138.camel@morgoth.abyss.4t2.com> <49CBD8CD.1020109@ecs.soton.ac.uk> <1238106522.7413.161.camel@morgoth.abyss.4t2.com> <49CC27B6.8050600@ecs.soton.ac.uk> <1238147062.7413.186.camel@morgoth.abyss.4t2.com> <49CCD5C4.4000207@ecs.soton.ac.uk> Message-ID: On 27/3/09 09:44, Tom Weber wrote: > Am Freitag, den 27.03.2009, 01:11 +0000 schrieb Julian Field: > > >>> Without looking at the code, since my eyes are about to finally freak >>> out now, i guess you integrate the razor perl modules directly in >>> MailScanner which then initialize/openlog the Syslog again and mess it >>> up. >>> >>> >> I don't call Razor at all, I leave SpamAssassin to do that. I suspect >> > Yeah, of course. I put this wrong. The result is the same though (MS > importing SA importing razor). > > >> that it's just the SA initialisation call that is screwing with it. I >> could always just call the Log::initialise function again after >> initialising SpamAssassin, that *shouldn't* have any major consequences. >> > I personally don't care that much about razor logging to syslog. But > these Side-effects should be eliminated. > Absolutely agreed. I have added some code which will work around this problem, which will be in the next release. > >>> Maybe someone else wants to verify this on a non debian system too, but >>> i'm quite confident that this is the cause for the behaviour. >>> >>> >> Please can someone do this for me? >> > May I add that this is not how debian ships. The debian default for > razor is to log into a file not using syslog at all. > > All my MailScanner installations are linux-vservers which I usually > derive from a tared up template. For some reason I had changed this > setting somewhere in the past and it made it into my template resulting > in a couple of MailScanner Installations with this behaviour. > > Tom > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Fri Mar 27 15:32:02 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Mar 27 15:32:12 2009 Subject: OT: DroneBL Message-ID: <7d9b3cf20903270832h7be80648q4c34cbc283d60b66@mail.gmail.com> Hi! is anyone using this rbl? http://dronebl.org/ i just saw it because its under a DDoS http://dronebl.org/blog. May be someone has it on SA to increase score. Any comment would be appreciated. Eduardo. From MailScanner at ecs.soton.ac.uk Fri Mar 27 15:36:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 27 15:37:05 2009 Subject: Different rules for files within archives References: <49CCF290.3060906@ecs.soton.ac.uk> Message-ID: This is turning into a very major job, requiring many changes throughout the whole of MailScanner, as the original design was never intended to be able to do this. However, I am working on it. The intention is that you will have totally separate settings for Filename Rules Filetype Rules Allow Filenames Allow Filetypes Allow File MIME Types Deny Filenames Deny Filetypes Deny File MIME Types for archived and non-archived attachments. You will also be able to specify what you consider to be an "archived" attachment, be it a file in a zip attachment, a rar attachment, an OLE attachment (Word doc, for example), a UU-encoded attachment and a TNEF (winmail.dat) attachment. All these settings will be on a per-message basis and so will take rulesets, allowing different clients to have totally different rules for their setups. That's the aim. I'm over half way through the implementation now, but none of it has been tested yet. There's going to be a fair bit of debugging required, I guarantee that. So beta-testers, on your blocks please... :-) Hopefully this will keep you all happy for a little while ;-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Mar 27 22:24:34 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 27 22:25:17 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> Message-ID: on 3-27-2009 8:36 AM Julian Field spake the following: > This is turning into a very major job, requiring many changes throughout > the whole of MailScanner, as the original design was never intended to > be able to do this. > However, I am working on it. > The intention is that you will have totally separate settings for > Filename Rules > Filetype Rules > Allow Filenames > Allow Filetypes > Allow File MIME Types > Deny Filenames > Deny Filetypes > Deny File MIME Types > for archived and non-archived attachments. > > You will also be able to specify what you consider to be an "archived" > attachment, be it a file in a zip attachment, a rar attachment, an OLE > attachment (Word doc, for example), a UU-encoded attachment and a TNEF > (winmail.dat) attachment. > > All these settings will be on a per-message basis and so will take > rulesets, allowing different clients to have totally different rules for > their setups. > > That's the aim. I'm over half way through the implementation now, but > none of it has been tested yet. There's going to be a fair bit of > debugging required, I guarantee that. So beta-testers, on your blocks > please... :-) > > Hopefully this will keep you all happy for a little while ;-) > > Jules > Are you going to release a stable before all these changes, or just wait until they are done and tested? Not pushing or anything, just curious. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090327/1467c056/signature.bin From james at gray.net.au Fri Mar 27 22:54:44 2009 From: james at gray.net.au (James Gray) Date: Fri Mar 27 22:54:58 2009 Subject: RSS for the MailScanner site? Message-ID: <6EEDFCFB-2469-4EC8-987A-A811466C93CB@gray.net.au> Hi All, Not sure how much work is involved in this, but I was wondering if there is an RSS feed somewhere that tracks the releases of the various RPM's and TAR balls on the MailScanner downloads page (http://mailscanner.info/downloads.html ). Seems I get more of my information these days from RSS than any other medium and I find it really easy to parse and script stuff based on said feeds. Here's what I see being the most useful info in a MailScanner RSS feed: - new file notifications with URL's to files. - release notes and/or change logs for new files. - news from the front page. Just thought I'd throw it out there, no pressure :) Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090328/548d61fa/smime.bin From MailScanner at ecs.soton.ac.uk Sat Mar 28 10:00:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 28 10:00:40 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> <49CDF53C.5070901@ecs.soton.ac.uk> Message-ID: On 27/3/09 22:24, Scott Silva wrote: > on 3-27-2009 8:36 AM Julian Field spake the following: > >> This is turning into a very major job, requiring many changes throughout >> the whole of MailScanner, as the original design was never intended to >> be able to do this. >> However, I am working on it. >> The intention is that you will have totally separate settings for >> Filename Rules >> Filetype Rules >> Allow Filenames >> Allow Filetypes >> Allow File MIME Types >> Deny Filenames >> Deny Filetypes >> Deny File MIME Types >> for archived and non-archived attachments. >> >> You will also be able to specify what you consider to be an "archived" >> attachment, be it a file in a zip attachment, a rar attachment, an OLE >> attachment (Word doc, for example), a UU-encoded attachment and a TNEF >> (winmail.dat) attachment. >> >> All these settings will be on a per-message basis and so will take >> rulesets, allowing different clients to have totally different rules for >> their setups. >> >> That's the aim. I'm over half way through the implementation now, but >> none of it has been tested yet. There's going to be a fair bit of >> debugging required, I guarantee that. So beta-testers, on your blocks >> please... :-) >> >> Hopefully this will keep you all happy for a little while ;-) >> >> Jules >> >> > Are you going to release a stable before all these changes, or just wait until > they are done and tested? > That's a good idea, which hadn't occurred to me. I can still do that, as I haven't committed anything yet. Yes, I'll do that later today. > Not pushing or anything, just curious. > Absolutely not, good thinking! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 29 10:37:31 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 29 10:37:52 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> <49CF415B.1030104@ecs.soton.ac.uk> Message-ID: Just to keep you updated, I've written all the code now. As a rough guide to the amount of work involved on Friday and yesterday, the diff is 2,969 lines long. A good couple of days work :-) I've done some initial testing with zip, rar and tnef files, and it's all looking very good so far. So far at least 90% of the code is working nicely, I've just got to test the rest. I want to do some more testing tomorrow, but I need to take most of today off as I could do with the break. I've also found a nasty bug in the interaction between "Use TNEF = replace" and "Zip Attachments = yes", which is clearly a combination no-one uses, as it didn't work. That's all fixed now too, and it should be considerably faster unpacking TNEF files (winmail.dat) using the "TNEF Expander = internal" setting than it was. I have also managed to speed up all the "filename.rules.conf" and "filetype.rules.conf" code quite a bit too, which is good. I should have a beta of all of this out in the next couple of days or so. Best regards, Jules. On 27/3/09 15:36, Julian Field wrote: > This is turning into a very major job, requiring many changes > throughout the whole of MailScanner, as the original design was never > intended to be able to do this. > However, I am working on it. > The intention is that you will have totally separate settings for > Filename Rules > Filetype Rules > Allow Filenames > Allow Filetypes > Allow File MIME Types > Deny Filenames > Deny Filetypes > Deny File MIME Types > for archived and non-archived attachments. > > You will also be able to specify what you consider to be an "archived" > attachment, be it a file in a zip attachment, a rar attachment, an OLE > attachment (Word doc, for example), a UU-encoded attachment and a TNEF > (winmail.dat) attachment. > > All these settings will be on a per-message basis and so will take > rulesets, allowing different clients to have totally different rules > for their setups. > > That's the aim. I'm over half way through the implementation now, but > none of it has been tested yet. There's going to be a fair bit of > debugging required, I guarantee that. So beta-testers, on your blocks > please... :-) > > Hopefully this will keep you all happy for a little while ;-) > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zepplin at exemail.com.au Sun Mar 29 11:16:36 2009 From: zepplin at exemail.com.au (George C) Date: Sun Mar 29 11:16:45 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> <49CF415B.1030104@ecs.soton.ac.uk> Message-ID: <49CF4A84.9060807@exemail.com.au> Julian Field wrote: > Just to keep you updated, I've written all the code now. As a rough > guide to the amount of work involved on Friday and yesterday, the diff > is 2,969 lines long. A good couple of days work :-) > > I've done some initial testing with zip, rar and tnef files, and it's > all looking very good so far. So far at least 90% of the code is > working nicely, I've just got to test the rest. I want to do some more > testing tomorrow, but I need to take most of today off as I could do > with the break. > > I've also found a nasty bug in the interaction between "Use TNEF = > replace" and "Zip Attachments = yes", which is clearly a combination > no-one uses, as it didn't work. That's all fixed now too, and it > should be considerably faster unpacking TNEF files (winmail.dat) using > the "TNEF Expander = internal" setting than it was. > > I have also managed to speed up all the "filename.rules.conf" and > "filetype.rules.conf" code quite a bit too, which is good. > > I should have a beta of all of this out in the next couple of days or so. > > Best regards, > Jules. > > On 27/3/09 15:36, Julian Field wrote: >> This is turning into a very major job, requiring many changes >> throughout the whole of MailScanner, as the original design was never >> intended to be able to do this. >> However, I am working on it. >> The intention is that you will have totally separate settings for >> Filename Rules >> Filetype Rules >> Allow Filenames >> Allow Filetypes >> Allow File MIME Types >> Deny Filenames >> Deny Filetypes >> Deny File MIME Types >> for archived and non-archived attachments. >> >> You will also be able to specify what you consider to be an >> "archived" attachment, be it a file in a zip attachment, a rar >> attachment, an OLE attachment (Word doc, for example), a UU-encoded >> attachment and a TNEF (winmail.dat) attachment. >> >> All these settings will be on a per-message basis and so will take >> rulesets, allowing different clients to have totally different rules >> for their setups. >> >> That's the aim. I'm over half way through the implementation now, but >> none of it has been tested yet. There's going to be a fair bit of >> debugging required, I guarantee that. So beta-testers, on your blocks >> please... :-) >> >> Hopefully this will keep you all happy for a little while ;-) >> >> Jules >> > > Jules > Great work m8 ;-) From root at doctor.nl2k.ab.ca Sun Mar 29 14:07:36 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun Mar 29 14:09:16 2009 Subject: Clamav 0.95 Message-ID: <20090329130736.GA7986@doctor.nl2k.ab.ca> Julian in the latest beta ready for Clamav 0.95? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 29 15:06:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 29 15:06:45 2009 Subject: Clamav 0.95 In-Reply-To: <20090329130736.GA7986@doctor.nl2k.ab.ca> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: From what people have been saying, yes. I haven't tried it myself, but a quick "MailScanner --lint" will tell you. On 29/3/09 14:07, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Julian in the latest beta ready for Clamav 0.95? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Sun Mar 29 17:23:46 2009 From: lhaig at haigmail.com (Lance Haig) Date: Sun Mar 29 17:24:05 2009 Subject: Minimum RAM for a small mailscanner implementation? Message-ID: <49CFA092.8070504@haigmail.com> Hi, I would like to run a small MailScanner install on a vps and was wondering what size ram do I need? Probably 1000 mails a day Thanks Lance From MailScanner at ecs.soton.ac.uk Sun Mar 29 17:33:56 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 29 17:34:16 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA092.8070504@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> Message-ID: I wouldn't run it in much less than 1GB. It depends a bit on how many "additions" to SpamAssassin you run. I would advise using clamd and "Max Children = 1". On 29/3/09 17:23, Lance Haig wrote: > Hi, > > I would like to run a small MailScanner install on a vps and was > wondering what size ram do I need? > > Probably 1000 mails a day > > Thanks > > Lance > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Sun Mar 29 17:40:08 2009 From: lhaig at haigmail.com (Lance Haig) Date: Sun Mar 29 17:40:26 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> Message-ID: <49CFA468.7050406@haigmail.com> Hey Julian, I seem to remember a discussion on a mailscanner repo for a RedHat distro is that still a feature? Thanks Lance Julian Field wrote: > I wouldn't run it in much less than 1GB. It depends a bit on how many > "additions" to SpamAssassin you run. I would advise using clamd and "Max > Children = 1". > > On 29/3/09 17:23, Lance Haig wrote: >> Hi, >> >> I would like to run a small MailScanner install on a vps and was >> wondering what size ram do I need? >> >> Probably 1000 mails a day >> >> Thanks >> >> Lance >> > > Jules > From mmcintosh at infowall.com Sun Mar 29 17:42:04 2009 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sun Mar 29 17:42:15 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA092.8070504@haigmail.com> References: <49CFA092.8070504@haigmail.com> Message-ID: <49CFA4DC.7050001@infowall.com> Lance Haig wrote: > Hi, > > I would like to run a small MailScanner install on a vps and was > wondering what size ram do I need? > > Probably 1000 mails a day > > Thanks > > Lance > I run a small mailscanner postfix set up and tried it at first with 512mb; it was not sufficient it runs fine at 1gb of ram. mail 350 - 500 per day 10 domains Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmcintosh at infowall.com Sun Mar 29 17:44:09 2009 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sun Mar 29 17:44:20 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> Message-ID: <49CFA559.7040001@infowall.com> Julian Field wrote: > I wouldn't run it in much less than 1GB. It depends a bit on how many > "additions" to SpamAssassin you run. I would advise using clamd and > "Max Children = 1". > > On 29/3/09 17:23, Lance Haig wrote: >> Hi, >> >> I would like to run a small MailScanner install on a vps and was >> wondering what size ram do I need? >> >> Probably 1000 mails a day >> >> Thanks >> >> Lance >> > > Jules > Julian, What is the default Max children? Would it speed up the mail delivery if I decrease it to one ? Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Sun Mar 29 17:44:04 2009 From: lhaig at haigmail.com (Lance Haig) Date: Sun Mar 29 17:44:23 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA468.7050406@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> Message-ID: <49CFA554.2090301@haigmail.com> I just realised I did not reply to your questions. :-) I aim to install basics to kill off spam for a small family server. Thanks Lance Lance Haig wrote: > Hey Julian, > > I seem to remember a discussion on a mailscanner repo for a RedHat > distro is that still a feature? > > Thanks > > Lance > > Julian Field wrote: >> I wouldn't run it in much less than 1GB. It depends a bit on how many >> "additions" to SpamAssassin you run. I would advise using clamd and "Max >> Children = 1". >> >> On 29/3/09 17:23, Lance Haig wrote: >>> Hi, >>> >>> I would like to run a small MailScanner install on a vps and was >>> wondering what size ram do I need? >>> >>> Probably 1000 mails a day >>> >>> Thanks >>> >>> Lance >>> >> Jules >> > From MailScanner at ecs.soton.ac.uk Sun Mar 29 17:47:01 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 29 17:47:22 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA468.7050406@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> <49CFA605.10205@ecs.soton.ac.uk> Message-ID: On 29/3/09 17:40, Lance Haig wrote: > Hey Julian, > > I seem to remember a discussion on a mailscanner repo for a RedHat > distro is that still a feature? > You can get a very easy-to-use system in the form of MailScanner Gold from Fort Systems Ltd (www.fsl.com). No upgrade problems, takes about 1 command to install everything and update it all, a very cheap way of saving yourself a load of hassle. Jules. > Thanks > > Lance > > Julian Field wrote: > >> I wouldn't run it in much less than 1GB. It depends a bit on how many >> "additions" to SpamAssassin you run. I would advise using clamd and "Max >> Children = 1". >> >> On 29/3/09 17:23, Lance Haig wrote: >> >>> Hi, >>> >>> I would like to run a small MailScanner install on a vps and was >>> wondering what size ram do I need? >>> >>> Probably 1000 mails a day >>> >>> Thanks >>> >>> Lance >>> >>> >> Jules >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 29 17:50:58 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 29 17:51:17 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA559.7040001@infowall.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA559.7040001@infowall.com> <49CFA6F2.1060709@ecs.soton.ac.uk> Message-ID: On 29/3/09 17:44, Mark McIntosh Infowall wrote: > Julian Field wrote: >> I wouldn't run it in much less than 1GB. It depends a bit on how many >> "additions" to SpamAssassin you run. I would advise using clamd and >> "Max Children = 1". >> >> On 29/3/09 17:23, Lance Haig wrote: >>> Hi, >>> >>> I would like to run a small MailScanner install on a vps and was >>> wondering what size ram do I need? >>> >>> Probably 1000 mails a day >>> >>> Thanks >>> >>> Lance >> >> Jules >> > Julian, > > What is the default Max children? About 5 I believe. > > Would it speed up the mail delivery if I decrease it to one ? If you have small amounts of mail, 1 would do. > > Mark > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Sun Mar 29 17:56:14 2009 From: lhaig at haigmail.com (Lance Haig) Date: Sun Mar 29 17:56:32 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> <49CFA605.10205@ecs.soton.ac.uk> Message-ID: <49CFA82E.8070404@haigmail.com> Hi Julian, That might be cheap for you but for me that will be the equivalent to ?240 pm after exchange rates. So I will have to go with the hassel really. Thanks Lance Julian Field wrote: > > > On 29/3/09 17:40, Lance Haig wrote: >> Hey Julian, >> >> I seem to remember a discussion on a mailscanner repo for a RedHat >> distro is that still a feature? >> > You can get a very easy-to-use system in the form of MailScanner Gold > from Fort Systems Ltd (www.fsl.com). No upgrade problems, takes about 1 > command to install everything and update it all, a very cheap way of > saving yourself a load of hassle. > > Jules. >> Thanks >> >> Lance >> >> Julian Field wrote: >> >>> I wouldn't run it in much less than 1GB. It depends a bit on how many >>> "additions" to SpamAssassin you run. I would advise using clamd and "Max >>> Children = 1". >>> >>> On 29/3/09 17:23, Lance Haig wrote: >>> >>>> Hi, >>>> >>>> I would like to run a small MailScanner install on a vps and was >>>> wondering what size ram do I need? >>>> >>>> Probably 1000 mails a day >>>> >>>> Thanks >>>> >>>> Lance >>>> >>>> >>> Jules >>> >>> >> > > Jules > From mmcintosh at infowall.com Sun Mar 29 18:04:30 2009 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sun Mar 29 18:04:39 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA559.7040001@infowall.com> <49CFA6F2.1060709@ecs.soton.ac.uk> Message-ID: <49CFAA1E.2070008@infowall.com> Julian Field wrote: > > > On 29/3/09 17:44, Mark McIntosh Infowall wrote: >> Julian Field wrote: >>> I wouldn't run it in much less than 1GB. It depends a bit on how >>> many "additions" to SpamAssassin you run. I would advise using clamd >>> and "Max Children = 1". >>> >>> On 29/3/09 17:23, Lance Haig wrote: >>>> Hi, >>>> >>>> I would like to run a small MailScanner install on a vps and was >>>> wondering what size ram do I need? >>>> >>>> Probably 1000 mails a day >>>> >>>> Thanks >>>> >>>> Lance >>> >>> Jules >>> >> Julian, >> >> What is the default Max children? > About 5 I believe. >> >> Would it speed up the mail delivery if I decrease it to one ? > If you have small amounts of mail, 1 would do. >> >> Mark >> > > Jules > Thanks will do Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Sun Mar 29 18:07:51 2009 From: lhaig at haigmail.com (Lance Haig) Date: Sun Mar 29 18:08:10 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA82E.8070404@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> <49CFA605.10205@ecs.soton.ac.uk> <49CFA82E.8070404@haigmail.com> Message-ID: <49CFAAE7.9030001@haigmail.com> I think I might need to sleep. I did not read your e-mail properly so please don't take offence I will apply for access to the beta repo. Thank you Lance Lance Haig wrote: > Hi Julian, > > That might be cheap for you but for me that will be the equivalent to > ?240 pm after exchange rates. So I will have to go with the hassel really. > > Thanks > > Lance > > Julian Field wrote: >> >> On 29/3/09 17:40, Lance Haig wrote: >>> Hey Julian, >>> >>> I seem to remember a discussion on a mailscanner repo for a RedHat >>> distro is that still a feature? >>> >> You can get a very easy-to-use system in the form of MailScanner Gold >> from Fort Systems Ltd (www.fsl.com). No upgrade problems, takes about 1 >> command to install everything and update it all, a very cheap way of >> saving yourself a load of hassle. >> >> Jules. >>> Thanks >>> >>> Lance >>> >>> Julian Field wrote: >>> >>>> I wouldn't run it in much less than 1GB. It depends a bit on how many >>>> "additions" to SpamAssassin you run. I would advise using clamd and "Max >>>> Children = 1". >>>> >>>> On 29/3/09 17:23, Lance Haig wrote: >>>> >>>>> Hi, >>>>> >>>>> I would like to run a small MailScanner install on a vps and was >>>>> wondering what size ram do I need? >>>>> >>>>> Probably 1000 mails a day >>>>> >>>>> Thanks >>>>> >>>>> Lance >>>>> >>>>> >>>> Jules >>>> >>>> >>> >> Jules >> > From jaearick at colby.edu Sun Mar 29 19:18:36 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun Mar 29 19:18:58 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: I have been running clamd 0.95 with 4.75.9-2 since the new clam came out, with no problems. Jeff Earickson Colby College On Sun, 29 Mar 2009, Julian Field wrote: > Date: Sun, 29 Mar 2009 15:06:26 +0100 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Clamav 0.95 > > From what people have been saying, yes. > I haven't tried it myself, but a quick "MailScanner --lint" will tell you. > > On 29/3/09 14:07, Dave Shariff Yadallee - System Administrator a.k.a. The > Root of the Problem wrote: >> Julian in the latest beta ready for Clamav 0.95? >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Mar 30 09:20:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 30 09:20:46 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D080C5.7050808@ecs.soton.ac.uk> Message-ID: Please can you try it out for me? The new ClamAV+SpamAssassin package is here: http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz Please let me know if you hit any problems with "clamavmodule" or "clamd" or "clamav". Thanks folks! Jules. On 29/3/09 19:18, Jeff A. Earickson wrote: > I have been running clamd 0.95 with 4.75.9-2 since the new clam came > out, with no problems. > > Jeff Earickson > Colby College > > On Sun, 29 Mar 2009, Julian Field wrote: > >> Date: Sun, 29 Mar 2009 15:06:26 +0100 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: Clamav 0.95 >> >> From what people have been saying, yes. >> I haven't tried it myself, but a quick "MailScanner --lint" will tell >> you. >> >> On 29/3/09 14:07, Dave Shariff Yadallee - System Administrator a.k.a. >> The Root of the Problem wrote: >>> Julian in the latest beta ready for Clamav 0.95? >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Mon Mar 30 13:15:22 2009 From: steve at fsl.com (Stephen Swaney) Date: Mon Mar 30 13:15:32 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA82E.8070404@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> <49CFA605.10205@ecs.soton.ac.uk> <49CFA82E.8070404@haigmail.com> Message-ID: <49D0B7DA.9060408@fsl.com> Lance Haig wrote: > Hi Julian, > > That might be cheap for you but for me that will be the equivalent to > ?240 pm after exchange rates. So I will have to go with the hassel really. > > Thanks > > Lance > > If it's for home use try the MailScanner Gold beta version. It's free and it's been trouble free. Best regards, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available From maillists at conactive.com Mon Mar 30 13:31:33 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 30 13:31:45 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Sun, 29 Mar 2009 17:33:56 +0100: > I wouldn't run it in much less than 1GB. It depends a bit on how many > "additions" to SpamAssassin you run. I would advise using clamd and "Max > Children = 1". yep. And discard most stuff on MTA level first. With that you can run it even on 512 MB. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Mar 30 13:31:32 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 30 13:31:46 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA82E.8070404@haigmail.com> References: <49CFA092.8070504@haigmail.com> <49CFA2F4.1070800@ecs.soton.ac.uk> <49CFA468.7050406@haigmail.com> <49CFA605.10205@ecs.soton.ac.uk> <49CFA82E.8070404@haigmail.com> Message-ID: Lance Haig wrote on Sun, 29 Mar 2009 17:56:14 +0100: > That might be cheap for you but for me that will be the equivalent to > ?240 pm after exchange rates. So I will have to go with the hassel really. You can Hugo's repo, it works fine. And if you are installing on Red Hat/CentOS it's also evry easy. You just install all missing modules from rpmforge and then only the mailscanner*.rpm. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Mar 30 13:31:33 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 30 13:31:47 2009 Subject: Minimum RAM for a small mailscanner implementation? In-Reply-To: <49CFA4DC.7050001@infowall.com> References: <49CFA092.8070504@haigmail.com> <49CFA4DC.7050001@infowall.com> Message-ID: Mark McIntosh Infowall wrote on Sun, 29 Mar 2009 12:42:04 -0400: > I run a small mailscanner postfix set up and tried it at first with > 512mb; it was not sufficient it runs fine at 1gb of ram. > > mail 350 - 500 per day > 10 domains There should be no problem to run with 1 or children and clamd. Of course, you have to check what and where your RAM is needed and tweak a bit either MS or some other service/application. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at bengrimm.net Mon Mar 30 13:53:58 2009 From: mailscanner at bengrimm.net (mailscanner@bengrimm.net) Date: Mon Mar 30 13:55:04 2009 Subject: Problem with Perl 5.8 -> 5.10 upgrade Message-ID: <49D0C0E6.2010708@bengrimm.net> Hi guys, hope you can shed some light on this: Platform: FreeBSD 7.1-STABLE Version: MailScanner-4.67.6_4 (latest version in ports) With: clamav-0.95, bdc-7.0.1_2, p5-Mail-SpamAssassin-3.2.5_2 Perl: 5.10 (no problems with exact same config under perl 5.8) ---------------------------------------------------------- Error in logs when starting on a new email: MailScanner: waiting for children to die: Process did not exit cleanly, returned 255 with signal 0 ---------------------------------------------------------- # mailscanner --lint /usr/local/etc/MailScanner/MailScanner.conf Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = bitdefender clamd" Found these virus scanners installed: bitdefender, clamd =========================================================================== =========================================================================== Virus Scanner test reports: Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" If any of your virus scanners (bitdefender,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. No problems there. ---------------------------------------------------------- # mailscanner --debug-sa /usr/local/etc/MailScanner/MailScanner.conf (nothing) No problems there. ---------------------------------------------------------- # mailscanner --debug /usr/local/etc/MailScanner/MailScanner.conf In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /tmp/SpamAssassin-Temp Building a message batch to scan... Have a batch of 2 messages. Can't use string ("1036") as an ARRAY ref while "strict refs" in use at /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, line 1037. Note: the "1036" "" and "1037" depend on the emails being processed, so these numbers vary all the time. When there's no email to scan, the --debug session will just sit there patiently. As soon as an email arrives: Have a batch of 1 message. Can't use string ("36") as an ARRAY ref while "strict refs" in use at /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, line 36. Any idea what may be causing this? MailScanner, SA, ClamAV, BDC, and all necessary perl modules have been rebuilt against perl 5.10. As noted, this setup worked flawlessly with perl 5.8 TIA. From MailScanner at ecs.soton.ac.uk Mon Mar 30 14:27:01 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 30 14:27:22 2009 Subject: Problem with Perl 5.8 -> 5.10 upgrade In-Reply-To: <49D0C0E6.2010708@bengrimm.net> References: <49D0C0E6.2010708@bengrimm.net> <49D0C8A5.8090008@ecs.soton.ac.uk> Message-ID: You've got an old version, this is a bug in Perl 5.10. However, there is a workaround in the latest beta. But if you don't want to install a new version, you can patch your existing one. Edit SMDiskStore.pm and around line 359, there is an "if" statement with a loop in it. Replace that whole chunk of code with this: # Handle trackback -- This is the tricky one if ($configwords[1] =~ /tr[ua]/i) { my $i; for ($i=(@{$body}-1); $i>=0; $i--) { last if $body->[$i] =~ /^\s*$/i; pop @{$body}; } return; } and then restart MailScanner, and you should find it works now. On 30/3/09 13:53, mailscanner@bengrimm.net wrote: > Hi guys, hope you can shed some light on this: > > Platform: FreeBSD 7.1-STABLE > Version: MailScanner-4.67.6_4 (latest version in ports) > With: clamav-0.95, bdc-7.0.1_2, p5-Mail-SpamAssassin-3.2.5_2 > Perl: 5.10 (no problems with exact same config under perl 5.8) > > ---------------------------------------------------------- > Error in logs when starting on a new email: > > MailScanner: waiting for children to die: Process did not exit > cleanly, returned 255 with signal 0 > > ---------------------------------------------------------- > # mailscanner --lint /usr/local/etc/MailScanner/MailScanner.conf > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = bitdefender clamd" > Found these virus scanners installed: bitdefender, clamd > =========================================================================== > > =========================================================================== > > Virus Scanner test reports: > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > > If any of your virus scanners (bitdefender,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > No problems there. > ---------------------------------------------------------- > # mailscanner --debug-sa /usr/local/etc/MailScanner/MailScanner.conf > (nothing) > > No problems there. > ---------------------------------------------------------- > # mailscanner --debug /usr/local/etc/MailScanner/MailScanner.conf > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > Building a message batch to scan... > Have a batch of 2 messages. > Can't use string ("1036") as an ARRAY ref while "strict refs" in use > at /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, > line 1037. > > Note: the "1036" "" and "1037" depend on the emails being > processed, so these numbers vary all the time. When there's no email > to scan, the --debug session will just sit there patiently. As soon as > an email arrives: > > Have a batch of 1 message. > Can't use string ("36") as an ARRAY ref while "strict refs" in use at > /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, > line 36. > > Any idea what may be causing this? MailScanner, SA, ClamAV, BDC, and > all necessary perl modules have been rebuilt against perl 5.10. As > noted, this setup worked flawlessly with perl 5.8 > > TIA. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at bengrimm.net Mon Mar 30 14:40:45 2009 From: mailscanner at bengrimm.net (mailscanner@bengrimm.net) Date: Mon Mar 30 14:41:18 2009 Subject: Problem with Perl 5.8 -> 5.10 upgrade In-Reply-To: References: <49D0C0E6.2010708@bengrimm.net> <49D0C8A5.8090008@ecs.soton.ac.uk> Message-ID: <49D0CBDD.6010000@bengrimm.net> Hey Julian, excellent work, as always. It works. Thanks! I hope the FreeBSD port maintainer will manage to get with the times a bit more, but with this bug he will probably have to real soon. Thanks again! Julian Field wrote: > You've got an old version, this is a bug in Perl 5.10. > However, there is a workaround in the latest beta. > But if you don't want to install a new version, you can patch your > existing one. > Edit SMDiskStore.pm and around line 359, there is an "if" statement with > a loop in it. > Replace that whole chunk of code with this: > # Handle trackback -- This is the tricky one > if ($configwords[1] =~ /tr[ua]/i) { > my $i; > for ($i=(@{$body}-1); $i>=0; $i--) { > last if $body->[$i] =~ /^\s*$/i; > pop @{$body}; > } > return; > } > and then restart MailScanner, and you should find it works now. > > On 30/3/09 13:53, mailscanner@bengrimm.net wrote: >> Hi guys, hope you can shed some light on this: >> >> Platform: FreeBSD 7.1-STABLE >> Version: MailScanner-4.67.6_4 (latest version in ports) >> With: clamav-0.95, bdc-7.0.1_2, p5-Mail-SpamAssassin-3.2.5_2 >> Perl: 5.10 (no problems with exact same config under perl 5.8) >> >> ---------------------------------------------------------- >> Error in logs when starting on a new email: >> >> MailScanner: waiting for children to die: Process did not exit >> cleanly, returned 255 with signal 0 >> >> ---------------------------------------------------------- >> # mailscanner --lint /usr/local/etc/MailScanner/MailScanner.conf >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.67.6) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /tmp/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = bitdefender clamd" >> Found these virus scanners installed: bitdefender, clamd >> =========================================================================== >> >> =========================================================================== >> >> Virus Scanner test reports: >> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file >> eicar.com" >> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >> >> If any of your virus scanners (bitdefender,clamd) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> No problems there. >> ---------------------------------------------------------- >> # mailscanner --debug-sa /usr/local/etc/MailScanner/MailScanner.conf >> (nothing) >> >> No problems there. >> ---------------------------------------------------------- >> # mailscanner --debug /usr/local/etc/MailScanner/MailScanner.conf >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> SpamAssassin temp dir = /tmp/SpamAssassin-Temp >> Building a message batch to scan... >> Have a batch of 2 messages. >> Can't use string ("1036") as an ARRAY ref while "strict refs" in use >> at /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, >> line 1037. >> >> Note: the "1036" "" and "1037" depend on the emails being >> processed, so these numbers vary all the time. When there's no email >> to scan, the --debug session will just sit there patiently. As soon as >> an email arrives: >> >> Have a batch of 1 message. >> Can't use string ("36") as an ARRAY ref while "strict refs" in use at >> /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, >> line 36. >> >> Any idea what may be causing this? MailScanner, SA, ClamAV, BDC, and >> all necessary perl modules have been rebuilt against perl 5.10. As >> noted, this setup worked flawlessly with perl 5.8 >> >> TIA. >> >> > > Jules > From maxsec at gmail.com Mon Mar 30 15:16:15 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Mar 30 15:16:23 2009 Subject: Problem with Perl 5.8 -> 5.10 upgrade In-Reply-To: <49D0CBDD.6010000@bengrimm.net> References: <49D0C0E6.2010708@bengrimm.net> <49D0C8A5.8090008@ecs.soton.ac.uk> <49D0CBDD.6010000@bengrimm.net> Message-ID: <72cf361e0903300716h18f4beb7v14759cb9fb1b9e99@mail.gmail.com> I doubt it. Unless someone else is willing to take over it's best to use the tar.gz general MS installer. 2009/3/30 : > Hey Julian, excellent work, as always. It works. Thanks! I hope the FreeBSD > port maintainer will manage to get with the times a bit more, but with this > bug he will probably have to real soon. > > Thanks again! > > Julian Field wrote: >> >> You've got an old version, this is a bug in Perl 5.10. >> However, there is a workaround in the latest beta. >> But if you don't want to install a new version, you can patch your >> existing one. >> Edit SMDiskStore.pm and around line 359, there is an "if" statement with a >> loop in it. >> Replace that whole chunk of code with this: >> # Handle trackback -- This is the tricky one >> ?if ($configwords[1] =~ /tr[ua]/i) { >> ? ?my $i; >> ? ?for ($i=(@{$body}-1); $i>=0; $i--) { >> ? ? ?last if $body->[$i] =~ /^\s*$/i; >> ? ? ?pop @{$body}; >> ? ?} >> ? ?return; >> ?} >> and then restart MailScanner, and you should find it works now. >> >> On 30/3/09 13:53, mailscanner@bengrimm.net wrote: >>> >>> Hi guys, hope you can shed some light on this: >>> >>> Platform: FreeBSD 7.1-STABLE >>> Version: MailScanner-4.67.6_4 (latest version in ports) >>> With: clamav-0.95, bdc-7.0.1_2, p5-Mail-SpamAssassin-3.2.5_2 >>> Perl: 5.10 (no problems with exact same config under perl 5.8) >>> >>> ---------------------------------------------------------- >>> Error in logs when starting on a new email: >>> >>> MailScanner: waiting for children to die: Process did not exit cleanly, >>> returned 255 with signal 0 >>> >>> ---------------------------------------------------------- >>> # mailscanner --lint /usr/local/etc/MailScanner/MailScanner.conf >>> Trying to setlogsock(unix) >>> Checking version numbers... >>> Version number in MailScanner.conf (4.67.6) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = /tmp/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = bitdefender clamd" >>> Found these virus scanners installed: bitdefender, clamd >>> >>> =========================================================================== >>> >>> =========================================================================== >>> Virus Scanner test reports: >>> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file >>> eicar.com" >>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>> >>> If any of your virus scanners (bitdefender,clamd) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> >>> No problems there. >>> ---------------------------------------------------------- >>> # mailscanner --debug-sa /usr/local/etc/MailScanner/MailScanner.conf >>> (nothing) >>> >>> No problems there. >>> ---------------------------------------------------------- >>> # mailscanner --debug /usr/local/etc/MailScanner/MailScanner.conf >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> SpamAssassin temp dir = /tmp/SpamAssassin-Temp >>> Building a message batch to scan... >>> Have a batch of 2 messages. >>> Can't use string ("1036") as an ARRAY ref while "strict refs" in use at >>> /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, line >>> 1037. >>> >>> Note: the "1036" "" and "1037" depend on the emails being >>> processed, so these numbers vary all the time. When there's no email to >>> scan, the --debug session will just sit there patiently. As soon as an email >>> arrives: >>> >>> Have a batch of 1 message. >>> Can't use string ("36") as an ARRAY ref while "strict refs" in use at >>> /usr/local/lib/MailScanner/MailScanner/SMDiskStore.pm line 359, line >>> 36. >>> >>> Any idea what may be causing this? MailScanner, SA, ClamAV, BDC, and all >>> necessary perl modules have been rebuilt against perl 5.10. As noted, this >>> setup worked flawlessly with perl 5.8 >>> >>> TIA. >>> >>> >> >> Jules >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK From MailScanner at ecs.soton.ac.uk Mon Mar 30 15:16:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 30 15:16:44 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> <49CF415B.1030104@ecs.soton.ac.uk> <49D0D438.3010407@ecs.soton.ac.uk> Message-ID: It's now ready for testing by other people. If you are interested in this at all, please do give it a try, as it will be going into 4.76. The download links are these: http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.1-1.rpm.tar.gz http://www.mailscanner.info/files/4/suse/MailScanner-4.76.1-1.suse.tar.gz http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.1-1.tar.gz The ChangeLog tells you about it a bit, and if you look in the MailScanner.conf file for "Archives Are" and all the new options at the end of the same section, you'll find it all. Please test it for me! Many thanks, Jules. On 29/3/09 10:37, Julian Field wrote: > Just to keep you updated, I've written all the code now. As a rough > guide to the amount of work involved on Friday and yesterday, the diff > is 2,969 lines long. A good couple of days work :-) > > I've done some initial testing with zip, rar and tnef files, and it's > all looking very good so far. So far at least 90% of the code is > working nicely, I've just got to test the rest. I want to do some more > testing tomorrow, but I need to take most of today off as I could do > with the break. > > I've also found a nasty bug in the interaction between "Use TNEF = > replace" and "Zip Attachments = yes", which is clearly a combination > no-one uses, as it didn't work. That's all fixed now too, and it > should be considerably faster unpacking TNEF files (winmail.dat) using > the "TNEF Expander = internal" setting than it was. > > I have also managed to speed up all the "filename.rules.conf" and > "filetype.rules.conf" code quite a bit too, which is good. > > I should have a beta of all of this out in the next couple of days or so. > > Best regards, > Jules. > > On 27/3/09 15:36, Julian Field wrote: >> This is turning into a very major job, requiring many changes >> throughout the whole of MailScanner, as the original design was never >> intended to be able to do this. >> However, I am working on it. >> The intention is that you will have totally separate settings for >> Filename Rules >> Filetype Rules >> Allow Filenames >> Allow Filetypes >> Allow File MIME Types >> Deny Filenames >> Deny Filetypes >> Deny File MIME Types >> for archived and non-archived attachments. >> >> You will also be able to specify what you consider to be an >> "archived" attachment, be it a file in a zip attachment, a rar >> attachment, an OLE attachment (Word doc, for example), a UU-encoded >> attachment and a TNEF (winmail.dat) attachment. >> >> All these settings will be on a per-message basis and so will take >> rulesets, allowing different clients to have totally different rules >> for their setups. >> >> That's the aim. I'm over half way through the implementation now, but >> none of it has been tested yet. There's going to be a fair bit of >> debugging required, I guarantee that. So beta-testers, on your blocks >> please... :-) >> >> Hopefully this will keep you all happy for a little while ;-) >> >> Jules >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Mon Mar 30 15:44:21 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 30 15:44:31 2009 Subject: OFFTOPIC: Bind resolution oddity Message-ID: <49D0DAC5.9000803@alexb.ch> This is for those using Bind as resolvers and NOT forwarding queries to some DNS down the line. pls run dig NS yucdedag . cn (remove spaces in domain name) If using Bimd for recursing it should timeout. If you're using pdns-recursor your should be able to resolve. If you're using Bind and some BSD you should be able to resolve I have been able to reproduce on Centos 5.x / latest Ubuntu trying to find out if other distros do it as well, if its a one off, or what the heck is going on. Any Comments/Feedback appreciated. Alex From ms-list at alexb.ch Mon Mar 30 16:33:50 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 30 16:33:59 2009 Subject: OFFTOPIC: Bind resolution oddity In-Reply-To: <49D0DAC5.9000803@alexb.ch> References: <49D0DAC5.9000803@alexb.ch> Message-ID: <49D0E65E.70103@alexb.ch> Replying to myself after ppl clueign me in (Thanks SteveF and DallasE) "the spammers block queries to the authority..." On 3/30/2009 4:44 PM, Alex Broens wrote: > This is for those using Bind as resolvers and NOT forwarding queries to > some DNS down the line. > > pls run > > dig NS yucdedag . cn > > (remove spaces in domain name) > > If using Bimd for recursing it should timeout. > > If you're using pdns-recursor your should be able to resolve. > If you're using Bind and some BSD you should be able to resolve > > I have been able to reproduce on Centos 5.x / latest Ubuntu > > trying to find out if other distros do it as well, if its a one off, or > what the heck is going on. > > > Any Comments/Feedback appreciated. > > > Alex From ms-list at alexb.ch Mon Mar 30 16:50:54 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 30 16:51:04 2009 Subject: OFFTOPIC: Bind resolution oddity In-Reply-To: <49D0E65E.70103@alexb.ch> References: <49D0DAC5.9000803@alexb.ch> <49D0E65E.70103@alexb.ch> Message-ID: <49D0EA5E.3000805@alexb.ch> Update: not all of spammy's NS resolve. so that explains... oh well. On 3/30/2009 5:33 PM, Alex Broens wrote: > Replying to myself after ppl clueign me in > (Thanks SteveF and DallasE) > > "the spammers block queries to the authority..." > > > > > > On 3/30/2009 4:44 PM, Alex Broens wrote: > >> This is for those using Bind as resolvers and NOT forwarding queries >> to some DNS down the line. >> >> pls run >> >> dig NS yucdedag . cn >> >> (remove spaces in domain name) >> >> If using Bimd for recursing it should timeout. >> >> If you're using pdns-recursor your should be able to resolve. >> If you're using Bind and some BSD you should be able to resolve >> >> I have been able to reproduce on Centos 5.x / latest Ubuntu >> >> trying to find out if other distros do it as well, if its a one off, >> or what the heck is going on. >> >> >> Any Comments/Feedback appreciated. >> >> >> Alex From ssilva at sgvwater.com Mon Mar 30 17:33:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 30 17:34:07 2009 Subject: Different rules for files within archives In-Reply-To: References: <49CCF290.3060906@ecs.soton.ac.uk> <49CDF53C.5070901@ecs.soton.ac.uk> Message-ID: on 3-28-2009 3:00 AM Julian Field spake the following: > > > On 27/3/09 22:24, Scott Silva wrote: >> on 3-27-2009 8:36 AM Julian Field spake the following: >> >>> This is turning into a very major job, requiring many changes throughout >>> the whole of MailScanner, as the original design was never intended to >>> be able to do this. >>> However, I am working on it. >>> The intention is that you will have totally separate settings for >>> Filename Rules >>> Filetype Rules >>> Allow Filenames >>> Allow Filetypes >>> Allow File MIME Types >>> Deny Filenames >>> Deny Filetypes >>> Deny File MIME Types >>> for archived and non-archived attachments. >>> >>> You will also be able to specify what you consider to be an "archived" >>> attachment, be it a file in a zip attachment, a rar attachment, an OLE >>> attachment (Word doc, for example), a UU-encoded attachment and a TNEF >>> (winmail.dat) attachment. >>> >>> All these settings will be on a per-message basis and so will take >>> rulesets, allowing different clients to have totally different rules for >>> their setups. >>> >>> That's the aim. I'm over half way through the implementation now, but >>> none of it has been tested yet. There's going to be a fair bit of >>> debugging required, I guarantee that. So beta-testers, on your blocks >>> please... :-) >>> >>> Hopefully this will keep you all happy for a little while ;-) >>> >>> Jules >>> >>> >> Are you going to release a stable before all these changes, or just >> wait until >> they are done and tested? >> > That's a good idea, which hadn't occurred to me. I can still do that, as > I haven't committed anything yet. Yes, I'll do that later today. >> Not pushing or anything, just curious. >> > Absolutely not, good thinking! > > Jules > Thanks Jules! I was thinking it was near time for a stable, and it would give you a couple months to work out the new code without getting pestered (as much). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090330/333756c1/signature.bin From rwahyudi at gmail.com Tue Mar 31 13:46:24 2009 From: rwahyudi at gmail.com (R Wahyudi) Date: Tue Mar 31 13:46:34 2009 Subject: OT: Outsourced services In-Reply-To: <625385e30903261526q63264dc6x2aee7a38ab33094f@mail.gmail.com> References: <49cab6ba.1f145e0a.1625.ffff8e78@mx.google.com> <49CAC18A.60506@alexb.ch> <49CAEA25.9050104@pixelhammer.com> <625385e30903261526q63264dc6x2aee7a38ab33094f@mail.gmail.com> Message-ID: <9173fd7e0903310546u27ff219dxb2f0f031defbfd16@mail.gmail.com> Small organisation can apply for free google apps.... I signup few company that does export / import with people in China. SpamAssassin rules mainly based on english and most blacklist aren't that accurate for tracking chinese IP adresses. I dont understand Chinese and couldn't tell if the email is spam or junk, so I decided to outsource it to google. I must admin google did a good job filtering those mails .. the spam scanning speed is amazingly fast. Rianto Wahyudi From eddie at emcuk.com Tue Mar 31 14:14:35 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Tue Mar 31 14:15:13 2009 Subject: clamavmodule or clamd ? Message-ID: <49D2173B.6000706@emcuk.com> Hi all, We currently run a chunk of servers and am having real grief with the perl clamav module. Our servers currently use clamavmodule in their scanning. What would be the issues if we switched to clamd - i.e. would this slow things down/speed them up, not make a difference? Regards -- Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. From prandal at herefordshire.gov.uk Tue Mar 31 14:20:58 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Mar 31 14:21:19 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA065590B3@HC-MBX02.herefordshire.gov.uk> In my experience, it's much better with clamd. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eddie Hallahan Sent: 31 March 2009 14:15 To: MailScanner discussion Subject: clamavmodule or clamd ? Hi all, We currently run a chunk of servers and am having real grief with the perl clamav module. Our servers currently use clamavmodule in their scanning. What would be the issues if we switched to clamd - i.e. would this slow things down/speed them up, not make a difference? Regards -- Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ecasarero at gmail.com Tue Mar 31 14:23:36 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 31 14:23:45 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <7d9b3cf20903310623k3dc1926xb3a2861f3f540d17@mail.gmail.com> 2009/3/31 Eddie Hallahan : > Hi all, > > We currently run a chunk of servers and am having real grief with the > perl clamav module. ?Our servers currently use clamavmodule in their > scanning. ?What would be the issues if we switched to clamd - i.e. would > this slow things down/speed them up, not make a difference? > Definitively speed (really) up! and the memory footprint of mailscanner child will be smaller! > Regards > > -- > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jonas at vrt.dk Tue Mar 31 14:26:30 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Mar 31 14:26:40 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <001a01c9b204$4db12c80$e9138580$@dk> I would say the performance is about the same. However maintaining clamd si much easier and simpler than with the module, also updates to clamav comeout sooner for clamd than the module. Just my 5 cents Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From Denis.Beauchemin at USherbrooke.ca Tue Mar 31 14:29:18 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 31 14:29:32 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <49D21AAE.9060101@USherbrooke.ca> Eddie Hallahan a ?crit : > Hi all, > > We currently run a chunk of servers and am having real grief with the > perl clamav module. Our servers currently use clamavmodule in their > scanning. What would be the issues if we switched to clamd - i.e. would > this slow things down/speed them up, not make a difference? > > Regards > > Eddie, We switched to clamd a while ago and noticed that MS uses much less RAM: each child had its own copy of Clam loaded into RAM with clamavmodule; now with clamd, only one instance is running. It definitely is not slower! Be aware, though, that with the external phishing signatures, clamd has a tendency to crash some times each day so make sure to monitor it and restart it as soon as it dies. I've heard people are using monit to this task (http://mmonit.com/monit/). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From rcooper at dwford.com Tue Mar 31 14:40:21 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 31 14:40:35 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <14DB97F6A8944EABA1C784D6D6631A82@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Eddie Hallahan > Sent: Tuesday, March 31, 2009 9:15 AM > To: MailScanner discussion > Subject: clamavmodule or clamd ? > > Hi all, > > We currently run a chunk of servers and am having real grief with the > perl clamav module. Our servers currently use clamavmodule in their > scanning. What would be the issues if we switched to clamd - > i.e. would > this slow things down/speed them up, not make a difference? > There is virtually no difference in speed Clamd uses much less memory/resources The basic clamd protocol that scans dirs/files hasn't changed in years (or ever) they expanded the protocol for version 0.95 (which did not change CONTSCAN/MULTISCAN) they modified SESSION and STREAM a bit but that doesn't affect the basic scans either MailScanner talks directly to the daemon so there are no external calls requiring a shell No need to do anything with MailScanner to update the database, not need to restart when Clamav or the signatures are updated You should monitor the daemon (although it rarely fails) but you are already monitoring your MTA and MailScanner right? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Mar 31 14:43:59 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 31 14:44:13 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D21AAE.9060101@USherbrooke.ca> References: <49D2173B.6000706@emcuk.com> <49D21AAE.9060101@USherbrooke.ca> Message-ID: <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Denis Beauchemin > Sent: Tuesday, March 31, 2009 9:29 AM > To: MailScanner discussion > Subject: Re: clamavmodule or clamd ? > > Eddie Hallahan a ?crit : > > Hi all, > > > > We currently run a chunk of servers and am having real > grief with the > > perl clamav module. Our servers currently use clamavmodule in their > > scanning. What would be the issues if we switched to clamd > - i.e. would > > this slow things down/speed them up, not make a difference? > > > > Regards > > > > > > Eddie, > > We switched to clamd a while ago and noticed that MS uses > much less RAM: > each child had its own copy of Clam loaded into RAM with > clamavmodule; > now with clamd, only one instance is running. It definitely > is not slower! > > Be aware, though, that with the external phishing signatures, > clamd has > a tendency to crash some times each day so make sure to > monitor it and > restart it as soon as it dies. I've heard people are using monit to > this task (http://mmonit.com/monit/). > > Denis > I have not experienced crashing do to 3d party signatures, ever. If you are using a proper D/L script it should be checking the Files before moving them into use. I did have a problem with The official signatures a while back however. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eddie at emcuk.com Tue Mar 31 15:00:07 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Tue Mar 31 15:01:09 2009 Subject: clamavmodule or clamd ? In-Reply-To: <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> References: <49D2173B.6000706@emcuk.com> <49D21AAE.9060101@USherbrooke.ca> <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> Message-ID: <49D221E7.703@emcuk.com> Hi all, I reckon I'll give it a try with a couple of them and see what difference it makes - is there a howto for switching from running as clamavmodule to clamd anywhere? I assume it will require a bit more tinkering than changing the virus Scanners line. Regards Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. From Denis.Beauchemin at USherbrooke.ca Tue Mar 31 15:08:32 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 31 15:08:50 2009 Subject: clamavmodule or clamd ? In-Reply-To: <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> References: <49D2173B.6000706@emcuk.com> <49D21AAE.9060101@USherbrooke.ca> <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> Message-ID: <49D223E0.60500@USherbrooke.ca> Rick Cooper a ?crit : > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Denis Beauchemin >> Sent: Tuesday, March 31, 2009 9:29 AM >> To: MailScanner discussion >> Subject: Re: clamavmodule or clamd ? >> >> Eddie Hallahan a ?crit : >> >>> Hi all, >>> >>> We currently run a chunk of servers and am having real >>> >> grief with the >> >>> perl clamav module. Our servers currently use clamavmodule in their >>> scanning. What would be the issues if we switched to clamd >>> >> - i.e. would >> >>> this slow things down/speed them up, not make a difference? >>> >>> Regards >>> >>> >>> >> Eddie, >> >> We switched to clamd a while ago and noticed that MS uses >> much less RAM: >> each child had its own copy of Clam loaded into RAM with >> clamavmodule; >> now with clamd, only one instance is running. It definitely >> is not slower! >> >> Be aware, though, that with the external phishing signatures, >> clamd has >> a tendency to crash some times each day so make sure to >> monitor it and >> restart it as soon as it dies. I've heard people are using monit to >> this task (http://mmonit.com/monit/). >> >> Denis >> >> > > I have not experienced crashing do to 3d party signatures, ever. > If you are using a proper D/L script it should be checking the > Files before moving them into use. I did have a problem with > The official signatures a while back however. > Rick, I do use one of the download scripts. Clamd does crash randomly, sometimes while there were no new updates to load... many people are having this problem on the SaneSecurity list. Some say that 0.95 solves that problem but I am still at 0.94.2. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/e27dfe8f/smime.bin From mrm at quantumcc.com Tue Mar 31 15:41:49 2009 From: mrm at quantumcc.com (Mike M) Date: Tue Mar 31 15:42:06 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson wrote: > I have been running clamd 0.95 with 4.75.9-2 since the new clam came > out, with no problems. > > Jeff Earickson > Colby College > What is the best way to update clamd?? When you try to install the ClamAV+Spamassassin package, it says: If you want to use MailScanners support for Clamd (virus-scanning daemon) then I recommend you cancel this script now (press Ctrl-C) and install the RPMs for clamav, clamav-db and clamd from http://dag.wieers.com/rpm/packages/clamav The version of clamd that's there hasn't been updated since .92. Where is the best place to get the latest clamd rpm and Should the ClamAV+Spamassassin package be updated to say so? If rpm is not an option, is there anything special that needs to be done if compiling a newer version AFTER an rpm version has already been installed? Mike From eddie at emcuk.com Tue Mar 31 15:45:50 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Tue Mar 31 15:46:27 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: <49D22C9E.7000902@emcuk.com> Heyho I use this repository http://packages.sw.be/clamav/ Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. Mike M wrote: > Jeff A. Earickson wrote: >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >> out, with no problems. >> >> Jeff Earickson >> Colby College >> > > What is the best way to update clamd?? When you try to install the > ClamAV+Spamassassin package, it says: > > If you want to use MailScanners support for Clamd (virus-scanning > daemon) then I recommend you cancel this script now (press Ctrl-C) > and install the RPMs for clamav, clamav-db and clamd from > http://dag.wieers.com/rpm/packages/clamav > > The version of clamd that's there hasn't been updated since .92. Where > is the best place to get the latest clamd rpm and Should the > ClamAV+Spamassassin package be updated to say so? If rpm is not an > option, is there anything special that needs to be done if compiling a > newer version AFTER an rpm version has already been installed? > > Mike > > From Denis.Beauchemin at USherbrooke.ca Tue Mar 31 15:57:00 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 31 15:57:13 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: <49D22F3C.2010907@USherbrooke.ca> Mike M a ?crit : > Jeff A. Earickson wrote: >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >> out, with no problems. >> >> Jeff Earickson >> Colby College >> > > What is the best way to update clamd?? When you try to install the > ClamAV+Spamassassin package, it says: > > If you want to use MailScanners support for Clamd (virus-scanning > daemon) then I recommend you cancel this script now (press Ctrl-C) > and install the RPMs for clamav, clamav-db and clamd from > http://dag.wieers.com/rpm/packages/clamav > > The version of clamd that's there hasn't been updated since .92. Where > is the best place to get the latest clamd rpm and Should the > ClamAV+Spamassassin package be updated to say so? If rpm is not an > option, is there anything special that needs to be done if compiling a > newer version AFTER an rpm version has already been installed? > > Mike > > Mike, Dag Wieers' site has been replaced by this one: http://rpmrepo.org/RPMforge So far they are still at 0.94.2... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ecasarero at gmail.com Tue Mar 31 16:02:24 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 31 16:02:34 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D080C5.7050808@ecs.soton.ac.uk> Message-ID: <7d9b3cf20903310802q3e430e62k3d80ab657e947049@mail.gmail.com> 2009/3/30 Julian Field : > Please can you try it out for me? > The new ClamAV+SpamAssassin package is here: > http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz > > Please let me know if you hit any problems with "clamavmodule" or "clamd" or > "clamav". > i've just upgraded one server with the install-Clam-SA-latest and everything seems to be fine! Great work julian (as usual) Eduardo. > Thanks folks! > Jules. > > On 29/3/09 19:18, Jeff A. Earickson wrote: >> >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >> out, with no problems. >> >> Jeff Earickson >> Colby College >> >> On Sun, 29 Mar 2009, Julian Field wrote: >> >>> Date: Sun, 29 Mar 2009 15:06:26 +0100 >>> From: Julian Field >>> Reply-To: MailScanner discussion >>> To: MailScanner discussion >>> Subject: Re: Clamav 0.95 >>> >>> From what people have been saying, yes. >>> I haven't tried it myself, but a quick "MailScanner --lint" will tell >>> you. >>> >>> On 29/3/09 14:07, Dave Shariff Yadallee - System Administrator a.k.a. The >>> Root of the Problem wrote: >>>> >>>> Julian in the latest beta ready for Clamav 0.95? >>>> >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration help? >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> PGP public key: http://www.jules.fm/julesfm.asc >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jaearick at colby.edu Tue Mar 31 16:02:45 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 31 16:03:18 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: On Tue, 31 Mar 2009, Mike M wrote: > Date: Tue, 31 Mar 2009 09:41:49 -0500 > From: Mike M > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: Re: Clamav 0.95 > > Jeff A. Earickson wrote: >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >> out, with no problems. >> >> Jeff Earickson >> Colby College >> > > What is the best way to update clamd?? When you try to install the > ClamAV+Spamassassin package, it says: > > If you want to use MailScanners support for Clamd (virus-scanning > daemon) then I recommend you cancel this script now (press Ctrl-C) > and install the RPMs for clamav, clamav-db and clamd from > http://dag.wieers.com/rpm/packages/clamav > > The version of clamd that's there hasn't been updated since .92. Where is the > best place to get the latest clamd rpm and Should the ClamAV+Spamassassin > package be updated to say so? If rpm is not an option, is there anything > special that needs to be done if compiling a newer version AFTER an rpm > version has already been installed? Since I'm on Solaris, I don't use rpms. I build from tarballs. But if you are using Linux, rpms will be your path of least resistance. Jeff Earickson Colby College From list-mailscanner at linguaphone.com Tue Mar 31 16:07:12 2009 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Mar 31 16:08:12 2009 Subject: clamavmodule or clamd ? In-Reply-To: <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> References: <49D2173B.6000706@emcuk.com> <49D21AAE.9060101@USherbrooke.ca> <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> Message-ID: <1238512032.15999.9.camel@gblades-suse.linguaphone-intranet.co.uk> On Tue, 2009-03-31 at 14:43, Rick Cooper wrote: > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Denis Beauchemin > > Sent: Tuesday, March 31, 2009 9:29 AM > > To: MailScanner discussion > > Subject: Re: clamavmodule or clamd ? > > > > Eddie Hallahan a ?crit : > > > Hi all, > > > > > > We currently run a chunk of servers and am having real > > grief with the > > > perl clamav module. Our servers currently use clamavmodule in their > > > scanning. What would be the issues if we switched to clamd > > - i.e. would > > > this slow things down/speed them up, not make a difference? > > > > > > Regards > > > > > > > > > > Eddie, > > > > We switched to clamd a while ago and noticed that MS uses > > much less RAM: > > each child had its own copy of Clam loaded into RAM with > > clamavmodule; > > now with clamd, only one instance is running. It definitely > > is not slower! > > > > Be aware, though, that with the external phishing signatures, > > clamd has > > a tendency to crash some times each day so make sure to > > monitor it and > > restart it as soon as it dies. I've heard people are using monit to > > this task (http://mmonit.com/monit/). > > > > Denis > > > > I have not experienced crashing do to 3d party signatures, ever. > If you are using a proper D/L script it should be checking the > Files before moving them into use. I did have a problem with > The official signatures a while back however. The problem wasn't due to the download script but was some strange timing issue shortly after an update was performed. The exact fault wasn't found since running it within a diagnostic enviroment was enough to stop the crash from happening. The change to the memory management in 0.95 appears to have stopped it crashing for the people who were previously having issues (myself included) so I would suggest if you do switch to clamd you make sure you are running 0.95. From alex at rtpty.com Tue Mar 31 16:58:43 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 31 16:58:53 2009 Subject: Clamav 0.95 In-Reply-To: <49D22C9E.7000902@emcuk.com> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> Message-ID: <24e3d2e40903310858w14e705b0scb27c11662aa8932@mail.gmail.com> How would one incorporate it into yum? On Tue, Mar 31, 2009 at 9:45 AM, Eddie Hallahan wrote: > Heyho > > I use this repository > > http://packages.sw.be/clamav/ > > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and > Wales with company number 3134544. VAT registration number is 681038440. > > > > Mike M wrote: > > Jeff A. Earickson wrote: > >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came > >> out, with no problems. > >> > >> Jeff Earickson > >> Colby College > >> > > > > What is the best way to update clamd?? When you try to install the > > ClamAV+Spamassassin package, it says: > > > > If you want to use MailScanners support for Clamd (virus-scanning > > daemon) then I recommend you cancel this script now (press Ctrl-C) > > and install the RPMs for clamav, clamav-db and clamd from > > http://dag.wieers.com/rpm/packages/clamav > > > > The version of clamd that's there hasn't been updated since .92. Where > > is the best place to get the latest clamd rpm and Should the > > ClamAV+Spamassassin package be updated to say so? If rpm is not an > > option, is there anything special that needs to be done if compiling a > > newer version AFTER an rpm version has already been installed? > > > > Mike > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/b6ae907d/attachment.html From alex at rtpty.com Tue Mar 31 16:59:06 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 31 16:59:08 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D2173B.6000706@emcuk.com> References: <49D2173B.6000706@emcuk.com> Message-ID: <24e3d2e40903310859i4dd544fbj773ed0d9b790064d@mail.gmail.com> Speed things up. On Tue, Mar 31, 2009 at 8:14 AM, Eddie Hallahan wrote: > Hi all, > > We currently run a chunk of servers and am having real grief with the > perl clamav module. Our servers currently use clamavmodule in their > scanning. What would be the issues if we switched to clamd - i.e. would > this slow things down/speed them up, not make a difference? > > Regards > > -- > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and > Wales with company number 3134544. VAT registration number is 681038440. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/667a2cc5/attachment.html From prandal at herefordshire.gov.uk Tue Mar 31 17:02:16 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Mar 31 17:02:38 2009 Subject: Clamav 0.95 In-Reply-To: <49D22F3C.2010907@USherbrooke.ca> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22F3C.2010907@USherbrooke.ca> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA065591B3@HC-MBX02.herefordshire.gov.uk> Denis Beauchemin wrote: > > Mike, > > Dag Wieers' site has been replaced by this one: > http://rpmrepo.org/RPMforge > > So far they are still at 0.94.2... > > Denis Interesting - the packages are in here but the yum repo hasn't been updated :-( http://packages.sw.be/clamav/ Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From eddie at emcuk.com Tue Mar 31 17:07:15 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Tue Mar 31 17:07:51 2009 Subject: Clamav 0.95 In-Reply-To: <24e3d2e40903310858w14e705b0scb27c11662aa8932@mail.gmail.com> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> <24e3d2e40903310858w14e705b0scb27c11662aa8932@mail.gmail.com> Message-ID: <49D23FB3.2030406@emcuk.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/01705073/attachment.html From lists at tippingmar.com Tue Mar 31 17:21:05 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Mar 31 17:21:19 2009 Subject: clamavmodule or clamd ? In-Reply-To: <49D221E7.703@emcuk.com> References: <49D2173B.6000706@emcuk.com> <49D21AAE.9060101@USherbrooke.ca> <4A2FC27B85A74C0C900C52C3E4752E48@SAHOMELT> <49D221E7.703@emcuk.com> Message-ID: <49D242F1.8040709@tippingmar.com> Eddie Hallahan wrote: > Hi all, > > I reckon I'll give it a try with a couple of them and see what > difference it makes - is there a howto for switching from running as > clamavmodule to clamd anywhere? I assume it will require a bit more > tinkering than changing the virus Scanners line. > > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd&s=clamd Mark From MailScanner at ecs.soton.ac.uk Tue Mar 31 17:50:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 31 17:51:19 2009 Subject: Clamav 0.95 In-Reply-To: <49D22C9E.7000902@emcuk.com> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> <49D249F1.7080502@ecs.soton.ac.uk> Message-ID: I have changed the install.sh script to refer you to this repo instead of dag.wieers.com. It's the same one I've been using recently too, and seems to have inherited Dag's work. On 31/3/09 15:45, Eddie Hallahan wrote: > Heyho > > I use this repository > > http://packages.sw.be/clamav/ > > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. > > > > Mike M wrote: > >> Jeff A. Earickson wrote: >> >>> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >>> out, with no problems. >>> >>> Jeff Earickson >>> Colby College >>> >>> >> What is the best way to update clamd?? When you try to install the >> ClamAV+Spamassassin package, it says: >> >> If you want to use MailScanners support for Clamd (virus-scanning >> daemon) then I recommend you cancel this script now (press Ctrl-C) >> and install the RPMs for clamav, clamav-db and clamd from >> http://dag.wieers.com/rpm/packages/clamav >> >> The version of clamd that's there hasn't been updated since .92. Where >> is the best place to get the latest clamd rpm and Should the >> ClamAV+Spamassassin package be updated to say so? If rpm is not an >> option, is there anything special that needs to be done if compiling a >> newer version AFTER an rpm version has already been installed? >> >> Mike >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Tue Mar 31 17:56:21 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Mar 31 17:56:39 2009 Subject: Different rules for files within archives In-Reply-To: Message-ID: Julian Field wrote: >It's now ready for testing by other people. >If you are interested in this at all, please do give it a try, as it >will be going into 4.76. > >The download links are these: > >http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.1-1.rpm.tar.gz >http://www.mailscanner.info/files/4/suse/MailScanner-4.76.1-1.suse.tar.gz >http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.1-1.tar.gz > >The ChangeLog tells you about it a bit, and if you look in the >MailScanner.conf file for "Archives Are" and all the new options at the >end of the same section, you'll find it all. > >Please test it for me! I have just done the RPM install, and I have questions and a problem. First the questions: The comments in MailScanner.conf say ># There are now 2 sets of configurations for filename and filetype checking. ># One set of configuration options applies to normal attachments, these are ># marked by their names starting with "Archives:". ># The other set applies to files found within attachments which are archives, ># their names do *not* start with "Archives:". Isn't the above backwards? Also added to MailScanner.conf is the following ># These are the equivalent of the settings above, except they apply to ># files which are contained within "archives", as defined by the ># "Archives Are" setting at the top of this section. ># They can all be rulesets. >Archives: Allow Filenames = >Archives: Deny Filenames = >Archives: Filename Rules = %etc-dir%/filename.rules.conf >Archives: Allow Filetypes = >Archives: Allow File MIME Types = >Archives: Deny Filetypes = >Archives: Deny File MIME Types = >Archives: Filetype Rules = %etc-dir%/filetype.rules.conf and the changelog says: > By default, the checks applied to files within archives are the same as > those applied to normal attachments that are not within an archive. I'm a little confused about what that means. Does it just mean that the defaults for the Archives: settings are set to the same values as the defaults for the non-Archive: settings or does it mean for example that if I have Allow Filenames = %rules-dir%/allow.filename.rules and I also have Archives: Allow Filenames = that the ruleset for Allow Filenames also applies to Archives: Allow Filenames? Now for the problem. Starting MailScanner gives: Starting MailScanner: Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1962 Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at /usr/lib/MailScanner/MailScanner/Config.pm line 1965 Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm line 1970 Apparently this version doesn't like Unpack Microsoft Documents = yes -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From prandal at herefordshire.gov.uk Tue Mar 31 18:12:57 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Mar 31 18:13:18 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> <49D249F1.7080502@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA065591DE@HC-MBX02.herefordshire.gov.uk> It looks like Dag's 0.95 packages aren't quite ready for real world use: When I tried it on Centos 5.2 x64, I got: "Starting Clam AntiVirus Daemon: LibClamAV Warning: Cannot dlopen: file not found - unrar support unavailable" Which seems to be https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1476 Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 31 March 2009 17:51 To: MailScanner discussion Subject: Re: Clamav 0.95 I have changed the install.sh script to refer you to this repo instead of dag.wieers.com. It's the same one I've been using recently too, and seems to have inherited Dag's work. On 31/3/09 15:45, Eddie Hallahan wrote: > Heyho > > I use this repository > > http://packages.sw.be/clamav/ > > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. > > > > Mike M wrote: > >> Jeff A. Earickson wrote: >> >>> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >>> out, with no problems. >>> >>> Jeff Earickson >>> Colby College >>> >>> >> What is the best way to update clamd?? When you try to install the >> ClamAV+Spamassassin package, it says: >> >> If you want to use MailScanners support for Clamd (virus-scanning >> daemon) then I recommend you cancel this script now (press Ctrl-C) >> and install the RPMs for clamav, clamav-db and clamd from >> http://dag.wieers.com/rpm/packages/clamav >> >> The version of clamd that's there hasn't been updated since .92. >> Where is the best place to get the latest clamd rpm and Should the >> ClamAV+Spamassassin package be updated to say so? If rpm is not an >> option, is there anything special that needs to be done if compiling >> a newer version AFTER an rpm version has already been installed? >> >> Mike >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Mar 31 18:22:25 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 31 18:22:45 2009 Subject: Different rules for files within archives In-Reply-To: References: Message-ID: on 3-31-2009 9:56 AM Mark Sapiro spake the following: > Julian Field wrote: > >> It's now ready for testing by other people. >> If you are interested in this at all, please do give it a try, as it >> will be going into 4.76. >> >> The download links are these: >> >> http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.1-1.rpm.tar.gz >> http://www.mailscanner.info/files/4/suse/MailScanner-4.76.1-1.suse.tar.gz >> http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.1-1.tar.gz >> >> The ChangeLog tells you about it a bit, and if you look in the >> MailScanner.conf file for "Archives Are" and all the new options at the >> end of the same section, you'll find it all. >> >> Please test it for me! > > > I have just done the RPM install, and I have questions and a problem. > > First the questions: > > The comments in MailScanner.conf say > >> # There are now 2 sets of configurations for filename and filetype checking. >> # One set of configuration options applies to normal attachments, these are >> # marked by their names starting with "Archives:". >> # The other set applies to files found within attachments which are archives, >> # their names do *not* start with "Archives:". > > > Isn't the above backwards? > > Also added to MailScanner.conf is the following > >> # These are the equivalent of the settings above, except they apply to >> # files which are contained within "archives", as defined by the >> # "Archives Are" setting at the top of this section. >> # They can all be rulesets. >> Archives: Allow Filenames = >> Archives: Deny Filenames = >> Archives: Filename Rules = %etc-dir%/filename.rules.conf >> Archives: Allow Filetypes = >> Archives: Allow File MIME Types = >> Archives: Deny Filetypes = >> Archives: Deny File MIME Types = >> Archives: Filetype Rules = %etc-dir%/filetype.rules.conf > > and the changelog says: > >> By default, the checks applied to files within archives are the same as >> those applied to normal attachments that are not within an archive. > > I'm a little confused about what that means. Does it just mean that the > defaults for the Archives: settings are set to the same values as the > defaults for the non-Archive: settings or does it mean for example > that if I have > > Allow Filenames = %rules-dir%/allow.filename.rules > > and I also have > > Archives: Allow Filenames = > > that the ruleset for Allow Filenames also applies to Archives: Allow > Filenames? > > Now for the problem. Starting MailScanner gives: > > Starting MailScanner: Syntax error(s) in configuration file: at > /usr/lib/MailScanner/MailScanner/Config.pm line 1962 > Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at > /usr/lib/MailScanner/MailScanner/Config.pm line 1965 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at > /usr/lib/MailScanner/MailScanner/Config.pm line 1970 > > Apparently this version doesn't like > > Unpack Microsoft Documents = yes > Did you check if you needed to upgrade the languages.conf file? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/1480c3a8/signature.bin From ssilva at sgvwater.com Tue Mar 31 18:26:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 31 18:30:11 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> <49D249F1.7080502@ecs.soton.ac.uk> Message-ID: on 3-31-2009 9:50 AM Julian Field spake the following: > I have changed the install.sh script to refer you to this repo instead > of dag.wieers.com. It's the same one I've been using recently too, and > seems to have inherited Dag's work. > > On 31/3/09 15:45, Eddie Hallahan wrote: >> Heyho >> >> I use this repository >> >> http://packages.sw.be/clamav/ >> >> Eddie Hallahan >> Enterprise Management Consulting >> www.emcuk.com >> >> Enterprise Management Consulting is a company registered in England >> and Wales with company number 3134544. VAT registration number is >> 681038440. >> >> >> >> Mike M wrote: >> >>> Jeff A. Earickson wrote: >>> >>>> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >>>> out, with no problems. >>>> >>>> Jeff Earickson >>>> Colby College >>>> >>>> >>> What is the best way to update clamd?? When you try to install the >>> ClamAV+Spamassassin package, it says: >>> >>> If you want to use MailScanners support for Clamd (virus-scanning >>> daemon) then I recommend you cancel this script now (press Ctrl-C) >>> and install the RPMs for clamav, clamav-db and clamd from >>> http://dag.wieers.com/rpm/packages/clamav >>> >>> The version of clamd that's there hasn't been updated since .92. Where >>> is the best place to get the latest clamd rpm and Should the >>> ClamAV+Spamassassin package be updated to say so? If rpm is not an >>> option, is there anything special that needs to be done if compiling a >>> newer version AFTER an rpm version has already been installed? >>> >>> Mike >>> >>> >>> > > Jules > Dag has been putting all his work into Rpmforge lately. But their yum repofiles aren't up to date yet, so you will have to get the files manually. Also, it seems that you need to install the devel rpm to get proper rar file support in clamd. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090331/08302400/signature.bin From mark at msapiro.net Tue Mar 31 20:02:44 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Mar 31 20:02:59 2009 Subject: Different rules for files within archives In-Reply-To: Message-ID: Scott Silva wrote: >on 3-31-2009 9:56 AM Mark Sapiro spake the following: >> >> Now for the problem. Starting MailScanner gives: >> >> Starting MailScanner: Syntax error(s) in configuration file: at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1962 >> Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1965 >> Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1970 >> >> Apparently this version doesn't like >> >> Unpack Microsoft Documents = yes >> >Did you check if you needed to upgrade the languages.conf file? Thanks for the reminder. I did find two items in en/languages.conf that weren't in local/languages.conf (I hadn't checked this for a long time) and added them, but I still have the above error. This time, I just uncommented the line in MailScanner.conf that I had temporarily commented and ran MailScanner --lint and got Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1962 Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at /usr/lib/MailScanner/MailScanner/Config.pm line 1965 Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm line 1970 Just as before. The problem appears to my naive eye to be that between 4.75.9-2 (the version I upgraded from) and 4.76.1-1 an "unpackmicrosoftdocuments" entry disappeared from /usr/lib/MailScanner/MailScanner/ConfigDefs.pl -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From hvdkooij at vanderkooij.org Tue Mar 31 20:24:34 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 31 20:24:44 2009 Subject: Clamav 0.95 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA065591B3@HC-MBX02.herefordshire.gov.uk> References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22F3C.2010907@USherbrooke.ca> <7EF0EE5CB3B263488C8C18823239BEBA065591B3@HC-MBX02.herefordshire.gov.uk> Message-ID: <49D26DF2.9030904@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Randal, Phil wrote: > Denis Beauchemin wrote: >> Mike, >> >> Dag Wieers' site has been replaced by this one: >> http://rpmrepo.org/RPMforge >> >> So far they are still at 0.94.2... >> >> Denis > > Interesting - the packages are in here but the yum repo hasn't been > updated :-( > > http://packages.sw.be/clamav/ I think the keyword is YET. They are not updated YET. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAknSbfEACgkQBvzDRVjxmYH29ACgkPo7/SQhTGJZAkQ6vURRQx1C 2LoAoKaDVREFuX0Txohj7SG3Q40LyhQB =ReOo -----END PGP SIGNATURE----- From glenn.steen at gmail.com Tue Mar 31 20:30:53 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 31 20:31:01 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> Message-ID: <223f97700903311230i1b5f68bdu72f108923506c239@mail.gmail.com> 2009/3/31 Mike M : > Jeff A. Earickson wrote: >> >> I have been running clamd 0.95 with 4.75.9-2 since the new clam came >> out, with no problems. >> >> Jeff Earickson >> Colby College >> > > What is the best way to update clamd?? ? When you try to install the > ClamAV+Spamassassin package, it says: > > If you want to use MailScanners support for Clamd (virus-scanning > daemon) then I recommend you cancel this script now (press Ctrl-C) > and install the RPMs for clamav, clamav-db and clamd from > ? ? http://dag.wieers.com/rpm/packages/clamav > > The version of clamd that's there hasn't been updated since .92. Where is > the best place to get the latest clamd rpm and Should the > ClamAV+Spamassassin package be updated to say so? ? If rpm is not an option, > is there anything special that needs to be done if compiling a newer version > AFTER an rpm version has already been installed? > > Mike > > It's actually quite simple to "stay source" for clamd... all needed components are in the contrib part, like init script and clamdwatch, so ... that's what I do (I use Jules packaging, since it's so ... convenient:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 31 20:34:04 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 31 20:34:13 2009 Subject: Different rules for files within archives In-Reply-To: References: Message-ID: <223f97700903311234l2a62753dnacc286fc82deab27@mail.gmail.com> 2009/3/31 Mark Sapiro : > Scott Silva wrote: > >>on 3-31-2009 9:56 AM Mark Sapiro spake the following: >>> >>> Now for the problem. Starting MailScanner gives: >>> >>> Starting MailScanner: ? ? ? Syntax error(s) in configuration file: at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 1962 >>> Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 1965 >>> Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 1970 >>> >>> Apparently this version doesn't like >>> >>> Unpack Microsoft Documents = yes >>> >>Did you check if you needed to upgrade the languages.conf file? > > > Thanks for the reminder. I did find two items in en/languages.conf that > weren't in local/languages.conf (I hadn't checked this for a long > time) and added them, but I still have the above error. This time, I > just uncommented the line in MailScanner.conf that I had temporarily > commented and ran MailScanner --lint and got > > Syntax error(s) in configuration file: at > /usr/lib/MailScanner/MailScanner/Config.pm line 1962 > Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at > /usr/lib/MailScanner/MailScanner/Config.pm line 1965 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at > /usr/lib/MailScanner/MailScanner/Config.pm line 1970 > > > Just as before. > > The problem appears to my naive eye to be that between 4.75.9-2 (the > version I upgraded from) and 4.76.1-1 an "unpackmicrosoftdocuments" > entry disappeared from /usr/lib/MailScanner/MailScanner/ConfigDefs.pl > And does adding it back in cure the problem? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From k.joch at kmjeuro.com Tue Mar 31 20:38:46 2009 From: k.joch at kmjeuro.com (Karl M. Joch) Date: Tue Mar 31 20:39:06 2009 Subject: AW: Clamav 0.95 In-Reply-To: <223f97700903311230i1b5f68bdu72f108923506c239@mail.gmail.com> Message-ID: <69e4564fe3fcf145b737916032e4649e@kmjeuro.com> Just a Tip for all running mod_clamav on the same installation. mod_clamav doesnt support 0.95 at the moment. There was API changes in the ClamAV API, which prevents mod_clamav from working with 0.95. Regards, Karl > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] Im > Auftrag von Glenn Steen > Gesendet: Dienstag, 31. M?rz 2009 21:31 > An: MailScanner discussion > Betreff: Re: Clamav 0.95 > > 2009/3/31 Mike M : > > Jeff A. Earickson wrote: > >> > >> I have been running clamd 0.95 with 4.75.9-2 since the new > clam came > >> out, with no problems. > >> > >> Jeff Earickson > >> Colby College > >> > > > > What is the best way to update clamd?? ? When you try to install the > > ClamAV+Spamassassin package, it says: > > > > If you want to use MailScanners support for Clamd (virus-scanning > > daemon) then I recommend you cancel this script now (press Ctrl-C) > > and install the RPMs for clamav, clamav-db and clamd from > > ? ? http://dag.wieers.com/rpm/packages/clamav > > > > The version of clamd that's there hasn't been updated since > .92. Where is > > the best place to get the latest clamd rpm and Should the > > ClamAV+Spamassassin package be updated to say so? ? If rpm > is not an option, > > is there anything special that needs to be done if > compiling a newer version > > AFTER an rpm version has already been installed? > > > > Mike > > > > > It's actually quite simple to "stay source" for clamd... all needed > components are in the contrib part, like init script and clamdwatch, > so ... that's what I do (I use Jules packaging, since it's so ... > convenient:-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Mar 31 20:38:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 31 20:39:12 2009 Subject: Different rules for files within archives In-Reply-To: References: <49D2714B.40509@ecs.soton.ac.uk> Message-ID: On 31/3/09 18:22, Scott Silva wrote: > on 3-31-2009 9:56 AM Mark Sapiro spake the following: > >> Julian Field wrote: >> >> >>> It's now ready for testing by other people. >>> If you are interested in this at all, please do give it a try, as it >>> will be going into 4.76. >>> >>> The download links are these: >>> >>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.1-1.rpm.tar.gz >>> http://www.mailscanner.info/files/4/suse/MailScanner-4.76.1-1.suse.tar.gz >>> http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.1-1.tar.gz >>> >>> The ChangeLog tells you about it a bit, and if you look in the >>> MailScanner.conf file for "Archives Are" and all the new options at the >>> end of the same section, you'll find it all. >>> >>> Please test it for me! >>> >> >> I have just done the RPM install, and I have questions and a problem. >> >> First the questions: >> >> The comments in MailScanner.conf say >> >> >>> # There are now 2 sets of configurations for filename and filetype checking. >>> # One set of configuration options applies to normal attachments, these are >>> # marked by their names starting with "Archives:". >>> # The other set applies to files found within attachments which are archives, >>> # their names do *not* start with "Archives:". >>> >> >> Isn't the above backwards? >> Absolutely. Well spotted. >> Also added to MailScanner.conf is the following >> >> >>> # These are the equivalent of the settings above, except they apply to >>> # files which are contained within "archives", as defined by the >>> # "Archives Are" setting at the top of this section. >>> # They can all be rulesets. >>> Archives: Allow Filenames = >>> Archives: Deny Filenames = >>> Archives: Filename Rules = %etc-dir%/filename.rules.conf >>> Archives: Allow Filetypes = >>> Archives: Allow File MIME Types = >>> Archives: Deny Filetypes = >>> Archives: Deny File MIME Types = >>> Archives: Filetype Rules = %etc-dir%/filetype.rules.conf >>> >> and the changelog says: >> >> >>> By default, the checks applied to files within archives are the same as >>> those applied to normal attachments that are not within an archive. >>> >> I'm a little confused about what that means. Does it just mean that the >> defaults for the Archives: settings are set to the same values as the >> defaults for the non-Archive: settings Yes. >> or does it mean for example >> that if I have >> >> Allow Filenames = %rules-dir%/allow.filename.rules >> >> and I also have >> >> Archives: Allow Filenames = >> >> that the ruleset for Allow Filenames also applies to Archives: Allow >> Filenames? >> No. >> Now for the problem. Starting MailScanner gives: >> >> Starting MailScanner: Syntax error(s) in configuration file: at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1962 >> Unrecognised keyword "unpackmicrosoftdocuments" at line 498 at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1965 >> Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at >> /usr/lib/MailScanner/MailScanner/Config.pm line 1970 >> >> Apparently this version doesn't like >> >> Unpack Microsoft Documents = yes >> Correct. I screwed up the ConfigDefs.pl file. I am publishing 4.76.2-1 as I type this, which has these two items corrected. Download from http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.2-1.rpm.tar.gz http://www.mailscanner.info/files/4/suse/MailScanner-4.76.2-1.suse.tar.gz http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.2-1.tar.gz Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Tue Mar 31 22:37:14 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Mar 31 22:37:23 2009 Subject: Different rules for files within archives In-Reply-To: <223f97700903311234l2a62753dnacc286fc82deab27@mail.gmail.com> Message-ID: Glenn Steen wrote: >2009/3/31 Mark Sapiro : >> >> The problem appears to my naive eye to be that between 4.75.9-2 (the >> version I upgraded from) and 4.76.1-1 an "unpackmicrosoftdocuments" >> entry disappeared from /usr/lib/MailScanner/MailScanner/ConfigDefs.pl >> >And does adding it back in cure the problem? OK. I'm busted :( I would have tried adding it back had I known exactly what to add where, but I've had such good experiences upgrading MailScanner that I've gotten lazy and didn't back up the previous installed version before proceeding. I had the previous rpm, but I don't know how to extract files from an rpm without actually installing it. I suppose I could have downloaded the previous non-rpm tarball package, but Jules posted before I thought much further about it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From craigwhite at azapple.com Tue Mar 31 22:55:18 2009 From: craigwhite at azapple.com (Craig White) Date: Tue Mar 31 22:55:31 2009 Subject: Clamav 0.95 In-Reply-To: References: <20090329130736.GA7986@doctor.nl2k.ab.ca> <49CF8062.3060006@ecs.soton.ac.uk> <49D22C9E.7000902@emcuk.com> <49D249F1.7080502@ecs.soton.ac.uk> Message-ID: <1238536518.3680.20.camel@lin-workstation.azapple.com> On Tue, 2009-03-31 at 17:50 +0100, Julian Field wrote: > I have changed the install.sh script to refer you to this repo instead > of dag.wieers.com. It's the same one I've been using recently too, and > seems to have inherited Dag's work. > > On 31/3/09 15:45, Eddie Hallahan wrote: > > Heyho > > > > I use this repository > > > > http://packages.sw.be/clamav/ > > ---- ftr... from /etc/yum.repos.d/rpmforge.repo mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge sw.be is rpmforge (dag) packages Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.