From kse at hovmark.dk Fri May 1 07:16:48 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 1 07:14:59 2009 Subject: Common SQL Backend for several MailScanner clients. Message-ID: <1241158608.5854.8.camel@kse> Good morning. Can you have several MailScanner clients, that all run on a single SQL Database. That includes a bayesian filter, but afaik that shouldn't cause any problems, as it's already shared between users on some servers. The logging is through SQL ofcourse, as we use the mailwatch front-end. Will this create any problems that anyone can foresee? The reasoning behind this would be common logging, so we wouldn't have to edit several white/blacklists, check several filters for what went through and so on. And my boss does not want clustering, as depending on the bandwidth it uses, we might spread them out over several geographical locations. Thanks for the great software. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 From Johan at double-l.nl Fri May 1 08:07:15 2009 From: Johan at double-l.nl (Johan Hendriks) Date: Fri May 1 08:07:31 2009 Subject: FreeBSD port of MailScanner-4.75.11,1 - could someone test References: <57200BF94E69E54880C9BB1AF714BBCB5DE7CA@w2003s01.double-l.local> Message-ID: <57200BF94E69E54880C9BB1AF714BBCB5DE7DD@w2003s01.double-l.local> Thanks for this it has been committed today Because of the long outdates port i started to create my own! Try to see if that worked. I am no ports guru or Mailscanner guru also. Thanks again -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Kevin Kobb Verzonden: donderdag 30 april 2009 19:47 Aan: mailscanner@lists.mailscanner.info Onderwerp: Re: FreeBSD port of MailScanner-4.75.11,1 - could someone test Johan Hendriks wrote: > I created a port for MailScanner-4.75.11,1 on FreeBSD. > My programming skills are poor, but it al seems to work on my 7.1-stable > and 8.0 machine (both AMD64) > This is with perl 5.10.x , it does not work with perl-5.8.9 > > So please test it and let me know if it al works. > > > > You can download the file here. > > http://www.double-l.nl/mailscanner.tar > > > > regards, > > Johan Hendriks > > > For better or worse, the official FreeBSD port has been updated to 4.75.11. I had submitted a patch to an open PR and to the port maintainer several weeks ago, but never got any feedback. It looks like the update was automatically committed. I don't claim to be a ports, or MailScanner expert, but I gave it the old college try. Hopefully, this will work for others (seems to be OK on my tests), or motivate some guru to fix my feeble effort ;-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.9/2087 - Release Date: 04/29/09 18:03:00 No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.9/2087 - Release Date: 04/29/09 18:03:00 From support-lists at petdoctors.co.uk Fri May 1 09:38:16 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 09:38:42 2009 Subject: MailScanner slowwing down In-Reply-To: <49FA1147.7060101@whidbey.com> References: <045c01c9c970$75545130$5ffcf390$@ie><72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> Message-ID: >I was looking at those yesterday because I was running the load average up to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it does swap when it gets busy. >I can upgrade to a machine that's half again faster with twice the memory for the same monthly fee, but I'd have to run both during the transition and it would take a ton of >time to move everything over. (It's a webserver for a couple of dozen domains and my secondary name server.) May not be relevant here, but I had a box that slowed down last week. It was a P4 3GHz unit with only 768MB RAM and I had just upgraded it to the latest MailScanner download. I was getting a similar load average and lots of swapping. First off I noticed that the bitdefender update script was hogging over half the RAM when it kicked in so I turned it off, but since I was at the machine anyway, I did a yum update (it's running CentOS4). This updated quite a lot, but also messed up a MailScanner perl dependency, so I reinstalled MailScanner from Julian's script and ever since then the server's been running fine and still with only 768MB RAM. Nigel From support-lists at petdoctors.co.uk Fri May 1 10:09:49 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 10:10:20 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> Message-ID: Hi, I'm coming in a bit late here and am trying to catch up on this thread. I have had a good read but would appreciate some advice on the following: On the mail server that ground to a halt on me (frequently) about a week ago, it's currently showing 384 messages in the processing queue, stretching back to 20th April. Here's the top of the list: Number of messages: 384 Tries Message Next Try At ===== ======= =========== 1 762C72F0039.D1D4C Fri May 1 05:12:13 2009 1 762C72F0039.9458D Fri May 1 05:10:57 2009 1 762C72F0039.217F1 Fri May 1 05:09:31 2009 1 CA1472F003B.F132E Fri May 1 04:17:22 2009 1 8511F2F0038.17722 Fri May 1 04:13:59 2009 1 847282F003A.0C804 Fri May 1 04:12:34 2009 1 25C4167800F.C6CF0 Thu Apr 30 19:21:03 2009 1 25C4167800F.AE019 Thu Apr 30 19:19:56 2009 1 25C4167800F.3120B Thu Apr 30 19:17:54 2009 1 04BE62F003A.1F69E Thu Apr 30 13:20:46 2009 1 02D6867800F.64CA4 Thu Apr 30 13:18:50 2009 1 02D6867800F.3EF79 Thu Apr 30 13:18:05 2009 1 8628B67800F.1D156 Wed Apr 29 15:23:21 2009 1 D694C678019.51D4F Wed Apr 29 15:22:41 2009 1 B49BF678017.BC390 Wed Apr 29 15:22:27 2009 1 8628B67800F.5F79F Wed Apr 29 15:20:27 2009 1 3DDF567800F.D497F Wed Apr 29 13:41:58 2009 1 29634678033.E00D4 Wed Apr 29 13:39:45 2009 1 E1CB367801A.10092 Wed Apr 29 13:39:16 2009 1 AAFCC67802C.D024A Wed Apr 29 13:38:52 2009 1 0B532678019.78254 Wed Apr 29 13:37:36 2009 1 6244F67800F.34B35 Wed Apr 29 11:18:31 2009 1 6244F67800F.0537D Wed Apr 29 11:18:19 2009 1 6244F67800F.A73C3 Wed Apr 29 11:17:11 2009 Are these entries now considered 'spurious' and do I need to take any action, wait for the current MailScanner beta release to go stable or even install it now? Or do I have an ongoing problem!? Thanks Nigel Kendrick From mailadmin at midland-ics.ie Fri May 1 12:53:29 2009 From: mailadmin at midland-ics.ie (Mail Admin) Date: Fri May 1 12:54:41 2009 Subject: MailScanner slowwing down In-Reply-To: <49FA1147.7060101@whidbey.com> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> Message-ID: <005301c9ca53$7268b1d0$573a1570$@ie> I've managed to reduce the load (fingers crossed), I cant get smf-sav to compile on my box yet, but still looking into it. I firewalled some brazil IP Ranges which took a good load off too. Seen some bogus recipient addresses that are really targeted to and rejected them in my access database. I'm going to try my utmost to get smf-sav working - would love a sample of someones conf file where they have multiple domains multiple exchange servers for recipient verification From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour Van Horn Sent: 30 April 2009 22:00 To: MailScanner discussion Subject: Re: MailScanner slowwing down I was looking at those yesterday because I was running the load average up to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it does swap when it gets busy. I can upgrade to a machine that's half again faster with twice the memory for the same monthly fee, but I'd have to run both during the transition and it would take a ton of time to move everything over. (It's a webserver for a couple of dozen domains and my secondary name server.) I told Sendmail to stop accepting connections at load average of 6, which kept the load average from trying to get to 50. (Yes, I have seen the la go that high, although not on this system. It ain't pretty!) I dropped the child count from five to three, which seemed to help - each child just took bigger bites and the throughput didn't seem to be affected. One thing that looked appealing was setting up a caching nameserver, but all the docs I ran into assumed that you weren't already running BIND on the box and that you wanted to cache your local network, so I was too confused to get that running. (I do have everything installed, just need to figure out the config.) I did add pause-greet to the Sendmail config, it blocked at least a hundred messages overnight. Not a big change, but the price is right. I'm thinking about setting up greylisting, it will cut down on the MS load and should spread out the surges a little. I guess I should have expected things to slow down when I leapfrogged so many versions on Tuesday. Now I've got to figure out how to get it back in control or bite the bullet and get some more horsepower. Van Martin Hepworth wrote: See http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_s pamassassin Dropping unknown recipients and having a local caching nameserver are generally the first things to sort, then look at the number of children and batch size... -- Martin Hepworth Oxford, UK 2009/4/30 Mail Admin Hi All, Recently I am finding that the amount of incoming mail through my MailScanner Server is really slowing down things. There is a heavy load now since I took on a domain that seems to me well spammed. Yesterdays processing processed 22,000 emails @88% Spam approx. Server Spec POWEREDGE 1850 XEON 2.8GHZ/2MB 800FSB - WITH 2 GIG RAM and RAID 1 Configuration on two Disks RPM 10K. Its Running Fedora Core 5, Send Mail 8.13.8-1.fc5 with MailScanner 4.69.7-1 with SA, Razor, DCC., MailWatch V1 Its working very well blocking spam, but only in the last couple of days its got really slow. Any ideas on how to reduce the load on this server>? By blocking mail at the MTA before it hits MS? OR Tweaking my processes? What do the Experts think on the Server Spec, for the amount of traffic? I'd appreciate any help Regards Kevin This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although we make every effort to keep our systems free from viruses, you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/dc3e6144/attachment.html From ka at pacific.net Fri May 1 15:48:27 2009 From: ka at pacific.net (Ken A) Date: Fri May 1 15:48:46 2009 Subject: MailScanner slowwing down In-Reply-To: <005301c9ca53$7268b1d0$573a1570$@ie> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> Message-ID: <49FB0BBB.5090109@pacific.net> Mail Admin wrote: > I've managed to reduce the load (fingers crossed), I cant get smf-sav to > compile on my box yet, but still looking into it. > > I firewalled some brazil IP Ranges which took a good load off too. > > Seen some bogus recipient addresses that are really targeted to and rejected > them in my access database. > > I'm going to try my utmost to get smf-sav working - would love a sample of > someones conf file where they have multiple domains multiple exchange > servers for recipient verification I don't think smf-sav currently has that ability. You can only define 1 mailstore in the config. milter-ahead handles this correctly, of course, by asking sendmail where the mail for the domain would go, then using that host to test the recipient. http://www.snertsoft.com/sendmail/milter-ahead/ Ken > > > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour > Van Horn > Sent: 30 April 2009 22:00 > To: MailScanner discussion > Subject: Re: MailScanner slowwing down > > > > I was looking at those yesterday because I was running the load average up > to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it > does swap when it gets busy. I can upgrade to a machine that's half again > faster with twice the memory for the same monthly fee, but I'd have to run > both during the transition and it would take a ton of time to move > everything over. (It's a webserver for a couple of dozen domains and my > secondary name server.) > > I told Sendmail to stop accepting connections at load average of 6, which > kept the load average from trying to get to 50. (Yes, I have seen the la go > that high, although not on this system. It ain't pretty!) > > I dropped the child count from five to three, which seemed to help - each > child just took bigger bites and the throughput didn't seem to be affected. > > One thing that looked appealing was setting up a caching nameserver, but all > the docs I ran into assumed that you weren't already running BIND on the box > and that you wanted to cache your local network, so I was too confused to > get that running. (I do have everything installed, just need to figure out > the config.) > > I did add pause-greet to the Sendmail config, it blocked at least a hundred > messages overnight. Not a big change, but the price is right. > > I'm thinking about setting up greylisting, it will cut down on the MS load > and should spread out the surges a little. > > I guess I should have expected things to slow down when I leapfrogged so > many versions on Tuesday. Now I've got to figure out how to get it back in > control or bite the bullet and get some more horsepower. > > Van > > Martin Hepworth wrote: > > See > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > > > and > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_s > pamassassin > > > > Dropping unknown recipients and having a local caching nameserver are > generally the first things to sort, then look at the number of children and > batch size... > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net From axisml at gmail.com Fri May 1 16:09:46 2009 From: axisml at gmail.com (Chris Stone) Date: Fri May 1 16:09:55 2009 Subject: MailScanner slowwing down In-Reply-To: <49FB0BBB.5090109@pacific.net> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> <49FB0BBB.5090109@pacific.net> Message-ID: <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> On Fri, May 1, 2009 at 8:48 AM, Ken A wrote: >> I'm going to try my utmost to get smf-sav working ?- would love a sample >> of >> someones conf file where they have multiple domains multiple exchange >> servers for recipient verification > > I don't think smf-sav currently has that ability. You can only define 1 > mailstore in the config. I'm not currently using smf-sav, but I did do some testing with it and I believe it does use mailertable to find out the server for the recipient validation checks. According to their site: "Sendmail virtusertable and mailertable features full support."..... Chris From MailScanner at ecs.soton.ac.uk Fri May 1 16:21:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 1 16:21:34 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> Message-ID: On 01/05/2009 10:09, Nigel Kendrick wrote: > Hi, > > I'm coming in a bit late here and am trying to catch up on this thread. I > have had a good read but would appreciate some advice > on the following: > > On the mail server that ground to a halt on me (frequently) about a week > ago, it's currently showing 384 messages in the processing queue, stretching > back > to 20th April. Here's the top of the list: > > Number of messages: 384 > Tries Message Next Try At > ===== ======= =========== > 1 762C72F0039.D1D4C Fri May 1 05:12:13 2009 > 1 762C72F0039.9458D Fri May 1 05:10:57 2009 > 1 762C72F0039.217F1 Fri May 1 05:09:31 2009 > 1 CA1472F003B.F132E Fri May 1 04:17:22 2009 > 1 8511F2F0038.17722 Fri May 1 04:13:59 2009 > 1 847282F003A.0C804 Fri May 1 04:12:34 2009 > 1 25C4167800F.C6CF0 Thu Apr 30 19:21:03 2009 > 1 25C4167800F.AE019 Thu Apr 30 19:19:56 2009 > 1 25C4167800F.3120B Thu Apr 30 19:17:54 2009 > 1 04BE62F003A.1F69E Thu Apr 30 13:20:46 2009 > 1 02D6867800F.64CA4 Thu Apr 30 13:18:50 2009 > 1 02D6867800F.3EF79 Thu Apr 30 13:18:05 2009 > 1 8628B67800F.1D156 Wed Apr 29 15:23:21 2009 > 1 D694C678019.51D4F Wed Apr 29 15:22:41 2009 > 1 B49BF678017.BC390 Wed Apr 29 15:22:27 2009 > 1 8628B67800F.5F79F Wed Apr 29 15:20:27 2009 > 1 3DDF567800F.D497F Wed Apr 29 13:41:58 2009 > 1 29634678033.E00D4 Wed Apr 29 13:39:45 2009 > 1 E1CB367801A.10092 Wed Apr 29 13:39:16 2009 > 1 AAFCC67802C.D024A Wed Apr 29 13:38:52 2009 > 1 0B532678019.78254 Wed Apr 29 13:37:36 2009 > 1 6244F67800F.34B35 Wed Apr 29 11:18:31 2009 > 1 6244F67800F.0537D Wed Apr 29 11:18:19 2009 > 1 6244F67800F.A73C3 Wed Apr 29 11:17:11 2009 > > Are these entries now considered 'spurious' and do I need to take any > action, wait for the current MailScanner beta release to go stable or even > install it now? It already is a stable release. I just haven't had time to announce it yet, sorry, that's tomorrow's job. Install the stable release, stop MailScanner, destroy /var/spool/MailScanner/incoming/*db and fire it up again. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Fri May 1 16:26:04 2009 From: ka at pacific.net (Ken A) Date: Fri May 1 16:26:21 2009 Subject: MailScanner slowwing down In-Reply-To: <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> <49FB0BBB.5090109@pacific.net> <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> Message-ID: <49FB148C.4090205@pacific.net> Chris Stone wrote: > On Fri, May 1, 2009 at 8:48 AM, Ken A wrote: >>> I'm going to try my utmost to get smf-sav working - would love a sample >>> of >>> someones conf file where they have multiple domains multiple exchange >>> servers for recipient verification >> I don't think smf-sav currently has that ability. You can only define 1 >> mailstore in the config. > > I'm not currently using smf-sav, but I did do some testing with it and > I believe it does use mailertable to find out the server for the > recipient validation checks. According to their site: "Sendmail > virtusertable and mailertable features full support."..... > > You are correct. It does use mailertable entries, so that is all that's needed to route mail to several exchange boxes. Just tested here, and it works as advertised. Ken > > Chris -- Ken Anderson Pacific Internet - http://www.pacific.net From support-lists at petdoctors.co.uk Fri May 1 16:35:51 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 16:36:28 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> Message-ID: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, May 01, 2009 4:21 PM To: MailScanner discussion Subject: Re: Found nn messages in the processing-messages database On 01/05/2009 10:09, Nigel Kendrick wrote: > Hi, > > I'm coming in a bit late here and am trying to catch up on this thread. I > have had a good read but would appreciate some advice [Snip] It already is a stable release. I just haven't had time to announce it yet, sorry, that's tomorrow's job. Install the stable release, stop MailScanner, destroy /var/spool/MailScanner/incoming/*db and fire it up again. Jules Thanks Jules, I think you deserve some time off - take it easy! Nigel From eli at orbsky.homelinux.org Fri May 1 18:27:51 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 1 18:28:15 2009 Subject: Problem with the Installer Message-ID: <200905012027.52181.eli@orbsky.homelinux.org> Hi I just tried to install version MailScanner-4.76.24-1.rpm.tar.gz on Fedora 10 x86_64 and I'm getting I think your system will build architecture-dependent modules for x86_64 Deleting all the old versions of your Perl modules, I will re-install them in a minute. Removing perl-ExtUtils-MakeMaker Removing perl-TimeDate Removing perl-Pod-Escapes Removing perl-Pod-Simple Removing perl-Test-Harness Removing perl-Test-Simple Removing perl-IO-stringy Removing perl-HTML-Tagset Removing perl-HTML-Parser Removing perl-Compress-Zlib Removing perl-DBI Removing perl-Digest-SHA1 Removing perl-Digest-HMAC Removing perl-Net-DNS Perl modules have been removed... Rebuilding all the Perl RPMs for your version of Perl Oh good, module File-Spec version 0.82 is already installed. Attempting to build and install perl-ExtUtils-MakeMaker-6.50-1 Installing perl-ExtUtils-MakeMaker-6.50-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.yH6vlt + umask 022 + cd /root/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + cd /root/rpmbuild/BUILD + rm -rf ExtUtils-MakeMaker-6.50 + /bin/gzip -dc /root/rpmbuild/SOURCES/ExtUtils-MakeMaker-6.50.tar.gz + /bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd ExtUtils-MakeMaker-6.50 + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.6jpseI + umask 022 + cd /root/rpmbuild/BUILD + cd ExtUtils-MakeMaker-6.50 + LANG=C + export LANG + unset DISPLAY + CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' + perl Makefile.PL INSTALLDIRS=vendor Warning: prerequisite Pod::Man 0 not found. Checking if your kit is complete... Looks good Using included version of ExtUtils::Command (1.16) as it is newer than the installed version (1.13). Writing Makefile for ExtUtils::MakeMaker + make Can't locate ExtUtils/Install.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib64/perl5/site_perl/5.10.0 /usr/local/lib64/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0 /usr/local/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.10.0 /usr/lib64/perl5/vendor_perl /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .). BEGIN failed--compilation aborted. make: *** [pm_to_blib] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/e6eb3107/attachment.html From howard.kash at us.army.mil Fri May 1 19:36:14 2009 From: howard.kash at us.army.mil (Howard M. Kash (Civ, ARL/CISD)) Date: Fri May 1 19:36:26 2009 Subject: 4.76 install issues Message-ID: <49FB411E.9030301@us.army.mil> Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: http://rt.cpan.org/Public/Bug/Display.html?id=45171 Had to revert to previous version of perl-DBD-SQLlite. Had to run install.sh twice to get all modules to install. File::Temp didn't install after first run. Same behavior on two separate RHEL4 boxes. Still having issues with up2date not working after MailScanner update. Had to "rpm -e --nodeps perl" and "up2date -i perl" to fix. Howard From ssilva at sgvwater.com Fri May 1 23:24:08 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 1 23:24:31 2009 Subject: 4.76 install issues In-Reply-To: <49FB411E.9030301@us.army.mil> References: <49FB411E.9030301@us.army.mil> Message-ID: on 5-1-2009 11:36 AM Howard M. Kash (Civ, ARL/CISD) spake the following: > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > Had to revert to previous version of perl-DBD-SQLlite. > > Had to run install.sh twice to get all modules to install. File::Temp > didn't install after first run. Same behavior on two separate RHEL4 boxes. > > Still having issues with up2date not working after MailScanner update. > Had to "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > Howard I Gave up fighting with perl-DBD-SQLite and installed 1.25 from rpmforge. I figured my CentOS 4 box had been beaten into submission so many times that I didn't want to fight with it anymore. I'll be hitting my 5.3 boxes this weekend. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/b6b88adc/signature.bin From MailScanner at ecs.soton.ac.uk Sat May 2 01:13:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 2 01:13:46 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: <1241158608.5854.8.camel@kse> References: <1241158608.5854.8.camel@kse> <49FB900F.9070406@ecs.soton.ac.uk> Message-ID: That sounds mostly like SpamAssassin and MailWatch issues, not directly MailScanner related. Am I correct or not? MailScanner's use of SQL is strictly limited and not much can be gained by sharing its SQL databases (there are only about 2 tables). On 01/05/2009 07:16, Kasper Sacharias Eenberg wrote: > Good morning. > > Can you have several MailScanner clients, that all run on a single SQL > Database. > That includes a bayesian filter, but afaik that shouldn't cause any > problems, as it's already shared between users on some servers. > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > Will this create any problems that anyone can foresee? > > > The reasoning behind this would be common logging, so we wouldn't have > to edit several white/blacklists, check several filters for what went > through and so on. > > And my boss does not want clustering, as depending on the bandwidth it > uses, we might spread them out over several geographical locations. > > > > Thanks for the great software. > With regards, > > ________________________________________________________________________ > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Sat May 2 07:20:36 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 07:21:03 2009 Subject: Problem with the Installer In-Reply-To: <200905012027.52181.eli@orbsky.homelinux.org> References: <200905012027.52181.eli@orbsky.homelinux.org> Message-ID: <200905020920.37267.eli@orbsky.homelinux.org> Never mind... I had a problem with the perl development environment. Once I reinstalled perl-devel everythnig seems to be building correctly. Thank You for any attention that you might have put into this. Eli On Friday 01 May 2009 20:27:51 Eli Wapniarski wrote: > Hi > > I just tried to install version MailScanner-4.76.24-1.rpm.tar.gz on Fedora 10 x86_64 and I'm getting > > I think your system will build architecture-dependent modules for x86_64 > > Deleting all the old versions of your Perl modules, > I will re-install them in a minute. > > Removing perl-ExtUtils-MakeMaker > Removing perl-TimeDate > Removing perl-Pod-Escapes > Removing perl-Pod-Simple > Removing perl-Test-Harness > Removing perl-Test-Simple > Removing perl-IO-stringy > Removing perl-HTML-Tagset > Removing perl-HTML-Parser > Removing perl-Compress-Zlib > Removing perl-DBI > Removing perl-Digest-SHA1 > Removing perl-Digest-HMAC > Removing perl-Net-DNS > Perl modules have been removed... > > Rebuilding all the Perl RPMs for your version of Perl > > Oh good, module File-Spec version 0.82 is already installed. > > Attempting to build and install perl-ExtUtils-MakeMaker-6.50-1 > Installing perl-ExtUtils-MakeMaker-6.50-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.yH6vlt > + umask 022 > + cd /root/rpmbuild/BUILD > + LANG=C > + export LANG > + unset DISPLAY > + cd /root/rpmbuild/BUILD > + rm -rf ExtUtils-MakeMaker-6.50 > + /bin/gzip -dc /root/rpmbuild/SOURCES/ExtUtils-MakeMaker-6.50.tar.gz > + /bin/tar -xf - > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd ExtUtils-MakeMaker-6.50 > + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.6jpseI > + umask 022 > + cd /root/rpmbuild/BUILD > + cd ExtUtils-MakeMaker-6.50 > + LANG=C > + export LANG > + unset DISPLAY > + CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' > + perl Makefile.PL INSTALLDIRS=vendor > Warning: prerequisite Pod::Man 0 not found. > Checking if your kit is complete... > Looks good > Using included version of ExtUtils::Command (1.16) as it is newer than the installed version (1.13). > Writing Makefile for ExtUtils::MakeMaker > + make > Can't locate ExtUtils/Install.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib64/perl5/site_perl/5.10.0 /usr/local/lib64/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0 /usr/local/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.10.0 /usr/lib64/perl5/vendor_perl /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .). > BEGIN failed--compilation aborted. > make: *** [pm_to_blib] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/b3306196/attachment.html From eli at orbsky.homelinux.org Sat May 2 07:43:15 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 07:43:42 2009 Subject: 4.76 install issues In-Reply-To: <49FB411E.9030301@us.army.mil> References: <49FB411E.9030301@us.army.mil> Message-ID: <200905020943.15717.eli@orbsky.homelinux.org> This could be relevant. I had the following install issues on a Fedora 10 x86_64 installation error: Failed dependencies: <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 I also got the following error for the packages mentioned below. RPM build errors: Arch dependent binaries in noarch package perl-IO-1.2301-4.x86_64 perl-DBD-SQLite-1.21-1 perl-Net-DNS-0.65-1 On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > Had to revert to previous version of perl-DBD-SQLlite. > > Had to run install.sh twice to get all modules to install. File::Temp didn't > install after first run. Same behavior on two separate RHEL4 boxes. > > Still having issues with up2date not working after MailScanner update. Had to > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > Howard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/c33edf88/attachment.html From eli at orbsky.homelinux.org Sat May 2 21:00:14 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 21:00:40 2009 Subject: 4.76 install issues In-Reply-To: <200905020943.15717.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> Message-ID: <200905022300.14437.eli@orbsky.homelinux.org> Same installation problems exist for MailScanner-4.76.24-2 Eli On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: > This could be relevant. I had the following install issues on a Fedora 10 x86_64 installation > > error: Failed dependencies: > <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 > > > I also got the following error for the packages mentioned below. > > RPM build errors: > Arch dependent binaries in noarch package > > perl-IO-1.2301-4.x86_64 > perl-DBD-SQLite-1.21-1 > perl-Net-DNS-0.65-1 > > > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > > > Had to revert to previous version of perl-DBD-SQLlite. > > > > Had to run install.sh twice to get all modules to install. File::Temp didn't > > install after first run. Same behavior on two separate RHEL4 boxes. > > > > Still having issues with up2date not working after MailScanner update. Had to > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > > > > Howard > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/869a8200/attachment.html From paul.hutchings at mira.co.uk Sun May 3 16:50:45 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 3 16:50:59 2009 Subject: Testing update_virus_scanners is working? Message-ID: Just done an update from Centos 5.2 to 5.3 and then to the latest MailScanner. I want to be sure the update_virus_scanners script in /etc/cron.hourly is actually working, but when I run it nothing seems to happen or be logged to /var/log/maillog. How can I confirm it's working (barring just waiting and seeing if my definitions eventually get updated)? Cheers, Paul -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Sun May 3 22:39:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 3 22:39:27 2009 Subject: Twitter! References: <49FE0EFC.1000504@ecs.soton.ac.uk> Message-ID: Just to remind you all I'm on Twitter these days at twitter.com/JulesFM You never know, some of my random ramblings might be interesting! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Mon May 4 06:35:32 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 06:36:00 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 Message-ID: <200905040835.33176.eli@orbsky.homelinux.org> Hi Quotting from th changelog "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need Math-BigInt first. Great :-( 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build system is fundamentally broken. Take Pod-Escapes as a fine example, it cannot build without Pod-Simple. But Pod-Simple cannot build without Pod-Escapes. I quit." Please don't quit. I installed everything relatively correctly with version 4.76.24-3 ---------------------------------- Building perl-ExtUtils-MakeMaker ---------------------------------- Fedora provides a version of the module version 6.36. This module and perl-devel must be installed. You might need to reinstall perl-devel. I did that. Up to package version 2 perl-ExtUtils-MakeMaker would not install due to a conflict with perl-devel. It now installs fine. -------------------------- Building Perl-Pod-Simple -------------------------- No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 and perl-Pod-Simple 3.07 Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/ff46c165/attachment.html From eli at orbsky.homelinux.org Mon May 4 06:43:11 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 06:43:35 2009 Subject: 4.76 install issues In-Reply-To: <200905022300.14437.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> Message-ID: <200905040843.11609.eli@orbsky.homelinux.org> Hi RE installation on Fedora 10 x86_64 Prior to version 4.76-3 I got the following. > > error: Failed dependencies: > > <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 > > As of version 4.76-3 building and installing perl-ExtUtils-MakeMaker builds and installs just fine. Because the rpm was rebuilt just fine, it should probably can lead to a solution for the following errors which still exist. > > RPM build errors: > > Arch dependent binaries in noarch package > > > > perl-IO-1.2301-4.x86_64 > > perl-DBD-SQLite-1.21-1 > > perl-Net-DNS-0.65-1 However there is no real need to build them. These modules are already provided by Fedora. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/af6f1ae7/attachment.html From jonas at vrt.dk Mon May 4 09:44:43 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon May 4 09:44:58 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: <1241158608.5854.8.camel@kse> References: <1241158608.5854.8.camel@kse> Message-ID: <002001c9cc94$925e00b0$b71a0210$@dk> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kasper Sacharias Eenberg > Sent: 1. maj 2009 08:17 > To: mailscanner@lists.mailscanner.info > Subject: Common SQL Backend for several MailScanner clients. > > Good morning. > > Can you have several MailScanner clients, that all run on a single SQL > Database. > That includes a bayesian filter, but afaik that shouldn't cause any > problems, as it's already shared between users on some servers. > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > Will this create any problems that anyone can foresee? Nope, the systems are designed to be used in the way you describe. We do so ourselves, even with a more advanced setup with a distributed sql setup. So you can go right ahead. Just make sure your SQL server can handle the load. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From kse at hovmark.dk Mon May 4 09:54:02 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Mon May 4 09:52:03 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: References: <1241158608.5854.8.camel@kse> <49FB900F.9070406@ecs.soton.ac.uk> Message-ID: <1241427242.6227.13.camel@kse> It is probably a mailwatch 'issue'. We have several MailScanners running (We filter about 50k emails every day after greylisting). My boss wants a common backend so we don't have to check several logs when there's a problem. And honestly i thought i could take a shortcut by asking here whether logging in SQL is dangerous and may overwrite something :) I'll ask the Mailwatch people, or look through the code first. Thanks for your help and great software :) With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Sat, 2009-05-02 at 01:13 +0100, Julian Field wrote: > That sounds mostly like SpamAssassin and MailWatch issues, not directly > MailScanner related. Am I correct or not? MailScanner's use of SQL is > strictly limited and not much can be gained by sharing its SQL databases > (there are only about 2 tables). > > On 01/05/2009 07:16, Kasper Sacharias Eenberg wrote: > > Good morning. > > > > Can you have several MailScanner clients, that all run on a single SQL > > Database. > > That includes a bayesian filter, but afaik that shouldn't cause any > > problems, as it's already shared between users on some servers. > > > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > > > Will this create any problems that anyone can foresee? > > > > > > The reasoning behind this would be common logging, so we wouldn't have > > to edit several white/blacklists, check several filters for what went > > through and so on. > > > > And my boss does not want clustering, as depending on the bandwidth it > > uses, we might spread them out over several geographical locations. > > > > > > > > Thanks for the great software. > > With regards, > > > > ________________________________________________________________________ > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > Follow me at twitter.com/JulesFM > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Mon May 4 12:47:21 2009 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon May 4 12:47:50 2009 Subject: 4.76 install issues In-Reply-To: <200905022300.14437.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> Message-ID: <49FED5C9.6080900@firstbhph.com> I, too, have had installation issues. I've been running MS successfully on a CentOS 3.x box for quite some time now. Last Friday, I decided to upgrade from 4.74 to 4.76. I had a very tough time, as MS complained about one perl module or another (mainly TNEF, HTML-Parser, MIME-tools, along with one or two others). I had to re-install these, then run the MailScanner RPM to at least get mail flowing. Now, however, I get the following in syslog every minute or so: May 4 07:32:11 mail1 MailScanner: waiting for children to die: Process did not exit cleanly, returned 255 with signal 0 Also, MailWatch has completely stopped. The last message recorded was just before MS 4.76 start. I've tried everything to correct the above issues, but haven't succeeded. Help would be greatly appreciated. Thanks. Dimitri Eli Wapniarski wrote: > Same installation problems exist for > > > MailScanner-4.76.24-2 > > > Eli > > > > On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: > > This could be relevant. I had the following install issues on a > Fedora 10 x86_64 installation > > > > error: Failed dependencies: > > <------>perl(ExtUtils::Installed) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > > > > > > I also got the following error for the packages mentioned below. > > > > RPM build errors: > > Arch dependent binaries in noarch package > > > > perl-IO-1.2301-4.x86_64 > > perl-DBD-SQLite-1.21-1 > > perl-Net-DNS-0.65-1 > > > > > > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > > > > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > > > > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > > > > > Had to revert to previous version of perl-DBD-SQLlite. > > > > > > Had to run install.sh twice to get all modules to install. > File::Temp didn't > > > install after first run. Same behavior on two separate RHEL4 boxes. > > > > > > Still having issues with up2date not working after MailScanner > update. Had to > > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > > > > > > > Howard > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- Dimitri Yioulos Chief Information Officer First 1 Financial Corporation 600 Cordwainer Dr. Norwell, MA 02061 (781) 871-4220 x1007 dyioulos@firstbhph.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Mon May 4 12:56:39 2009 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon May 4 12:57:04 2009 Subject: 4.76 install issues In-Reply-To: <49FED5C9.6080900@firstbhph.com> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> <49FED5C9.6080900@firstbhph.com> Message-ID: <49FED7F7.8030705@firstbhph.com> Er, sorry, more info - MailScanner --lint returns no errors. Dimitri Yioulos wrote: > I, too, have had installation issues. I've been running MS successfully > on a CentOS 3.x box for quite some time now. Last Friday, I decided to > upgrade from 4.74 to 4.76. I had a very tough time, as MS complained > about one perl module or another (mainly TNEF, HTML-Parser, MIME-tools, > along with one or two others). I had to re-install these, then run the > MailScanner RPM to at least get mail flowing. Now, however, I get the > following in syslog every minute or so: > > May 4 07:32:11 mail1 MailScanner: waiting for children to die: Process > did not exit cleanly, returned 255 with signal 0 > > Also, MailWatch has completely stopped. The last message recorded was > just before MS 4.76 start. > > I've tried everything to correct the above issues, but haven't > succeeded. Help would be greatly appreciated. > > Thanks. > > Dimitri > > > Eli Wapniarski wrote: >> Same installation problems exist for >> >> >> MailScanner-4.76.24-2 >> >> >> Eli >> >> >> >> On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: >> > This could be relevant. I had the following install issues on a >> Fedora 10 x86_64 installation >> > >> > error: Failed dependencies: >> > <------>perl(ExtUtils::Installed) is needed by (installed) >> perl-devel-4:5.10.0-68.fc10.x86_64 >> > >> > >> > I also got the following error for the packages mentioned below. >> > >> > RPM build errors: >> > Arch dependent binaries in noarch package >> > >> > perl-IO-1.2301-4.x86_64 >> > perl-DBD-SQLite-1.21-1 >> > perl-Net-DNS-0.65-1 >> > >> > >> > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: >> > > >> > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: >> > > >> > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 >> > > >> > > Had to revert to previous version of perl-DBD-SQLlite. >> > > >> > > Had to run install.sh twice to get all modules to install. >> File::Temp didn't >> > > install after first run. Same behavior on two separate RHEL4 boxes. >> > > >> > > Still having issues with up2date not working after MailScanner >> update. Had to >> > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. >> > > >> > > >> > > Howard >> > > -- >> > > MailScanner mailing list >> > > mailscanner@lists.mailscanner.info >> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > >> > > Before posting, read http://wiki.mailscanner.info/posting >> > > >> > > Support MailScanner development - buy the book off the website! >> > > >> > >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean. >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean. >> > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 4 13:54:24 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 4 13:54:40 2009 Subject: Testing update_virus_scanners is working? In-Reply-To: References: Message-ID: <49FEE580.7040103@USherbrooke.ca> Paul Hutchings a ?crit : > Just done an update from Centos 5.2 to 5.3 and then to the latest > MailScanner. I want to be sure the update_virus_scanners script in > /etc/cron.hourly is actually working, but when I run it nothing seems to > happen or be logged to /var/log/maillog. > > How can I confirm it's working (barring just waiting and seeing if my > definitions eventually get updated)? > > Cheers, > Paul > > > Paul, Run "bash -vx /usr/sbin/update_virus_scanners" as your usual MS user and you'll see a trace of what is being executed (lines prefixed with "+"). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/4508a364/smime.bin From malli at mcrirents.com Mon May 4 16:34:12 2009 From: malli at mcrirents.com (Mohammed Alli) Date: Mon May 4 15:41:15 2009 Subject: Ubuntu 9.04 with MailScanner 4.75.11 Message-ID: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> Guys, I'm running MailScanner 4.75.11 on Ubuntu 9.04 with the MailWatch Gui. I did an apt-get install mailscanner and then apt-get remove mailscanner, just to install the dependencies. I then used the tar file to install version 4.75.11 in the /opt folder. I'm trying to get the /etc/init.d/mailscanner stop/restart/start script working, but can totally use killall mailscanner and check_mailscanner. I noticed that the tar install does not create the following 2 directories: /var/lock/subsys/MailScanner /var/run/MailScanner I believe the above directories is the source of my problem, but cannot confirm. Is this something I should worry about or something that can be fixed? MO -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/46440dc9/attachment.html From shuttlebox at gmail.com Mon May 4 15:58:41 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Mon May 4 15:59:07 2009 Subject: Ubuntu 9.04 with MailScanner 4.75.11 In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> References: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> Message-ID: <625385e30905040758s1c3dc060sefeea9e5368cf5a4@mail.gmail.com> On Mon, May 4, 2009 at 5:34 PM, Mohammed Alli wrote: > I noticed that the tar install does not create the following 2 directories: > /var/lock/subsys/MailScanner > /var/run/MailScanner You need the following dirs for MS to start: Incoming Work Dir Incoming Queue Dir Outgoing Queue Dir Lockfile Dir Quarantine Dir -- /peter From MailScanner at ecs.soton.ac.uk Mon May 4 16:54:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 16:54:43 2009 Subject: MailScanner ANNOUNCE: 4.76 released References: <49FF0FAD.2040101@ecs.soton.ac.uk> Message-ID: Hi folks! This is to let you all know that I have released a new stable version of MailScanner, 4.76. Also, to let you know that you can now follow me at twitter.com/JulesFM if you want to :-) See the Change Log for full details, but the main new features I have introduced this time around are: - Totally separate rules for filename and filetype tests for attachments added directly to email messages, from files which are put into zip files or other archives, which are then attached to the message. So you can very different rules for objects allowed in zip files or Word documents such as, say, allowing executables, while still stopping people accidentally running a malicious executable with 1 click from their email program. You even get to decide what is considered to be "an archive" and what is not, out of zip, rar, Office document, TNEF (winmail.dat) and uu-encoded files. - I have done a lot of the work on the installer and the installation that you get. Perl modules are no longer "forced" into installing at all, neither do any of them cause problems with updating Perl itself. If you have any issues with the new installer, please do get in touch straight away with details of your system, and I will produce a solution for you. - "Sign Clean Messages" will put the signature at any location of your choice within the message, instead of always being at the bottom. So you can have a corporate sig/disclaimer (added by MailScanner) which goes before your personal signature (added by your email application) if you so wish. - Fixed all the issues with Postfix not playing nicely with the crash-protection defence system introduced in the last version of MailScanner. - Speeded up SQL to reduce the penalty of running the crash-protection system enabled with the "Maximum Processing Attempts" configuration setting in MailScanner.conf. You can download it as usual from www.mailscanner.info The full Change Log is this: * New Features and Improvements * 1 Added the ability to have totally different filename and filetype checks for files which are attachments and files which are members of attached archives. You even get to define what you consider to be an archive and what is not. New Configuration options in MailScanner.conf are Archives Are = Archives: Allow Filenames = Archives: Deny Filenames = Archives: Filename Rules = Archives: Allow Filetypes = Archives: Allow File MIME Types = Archives: Deny Filetypes = Archives: Deny File MIME Types = Archives: Filetype Rules = In the shipped MailScanner.conf, the checks applied to files within archives are the same as those applied to normal attachments that are not within an archive. See the relevant settings in MailScanner.conf for more information. 4 RPM builds changed so that no RPMs are "forced" into being installed on RedHat 5 or CentOS 5 systems. 5 RPM builds changed so that no RPMs are "forced" into being installed at all. 5 RPM builds changed so that any previously installed RPM will not be rebuilt, even if the perl version check shows that it is not being used. This will dramatically speed up the upgrade process in future, especially if you use "./install.sh fast" to upgrade. 5 Changed @INC which is where Perl looks for its Perl modules. It was previously mostly left alone so that RedHat could override some versions of modules that you thought you had upgraded. The new @INC path inserts the "site_perl" and "vendor_perl" directories before the core directories. This may result in your MailScanner behaving differently from before as it will actually be using all your upgraded modules, and not sticking with ones supplied by RedHat (at which point it ignore your upgrades). This should not cause any problems with MailScanner. 7 Rebuilt i386 version of "tnef" on RHEL4 to be compatible with more systems. 8 Drastically improved getPERLLIB added in 4.76.5. Perl does funny things with $PERL5LIB when calculating @INC to find Perl modules. 8 Added Digest::HMAC as RedHat Enterprise 4 needs it for Net::DNS. 9 Upgraded Perl module DBD::SQLite. 11 The "Archives: Filename Rules" and "Archives: Filetype Rules" now point to copies of the normal filename and filetype.rules.conf files, rather than pointing to the same file. This will make it easier for new users to customise the rules for files in archives. 12 Improved RPM install.sh installation script so that it detects an upgrade from before the big RPM rebuild in 4.76.11 and forces a "reinstall" of all the Perl modules, which will fix problems with later upgrading Perl. 13 Improved Postfix MailScanner message id so that it relates much better with the "messages being processed" database. It is now based on the "Fletcher" checksum of the data at the start of the file. Thanks to JD Marsters (jd@oddlittle.me) for this one! 17 If you use "Sign Clean Messages", then the signature will be placed in your email message wherever you put the marker "_SIGNATURE_", and it will be placed at the end by default if that marker is not found. 22 Both the "Phishing Safe Sites File" and the "Phishing Bad Sites File" settings can now take a space-separated list of filenames, to make local management simpler. Note that your filenames must not have spaces in them! 22 Speeded up SQL processing-messages database code by pre-preparing all SQL statements. I am now tempted to leave this feature enabled by default for safety. We can always add a note to the performance tips on the wiki that users struggling under high load might want to switch this feature off. 23 Changed RPM installation order to fit better with CentOS 5.2->5.3 systems. * Fixes * 2 Added "Unpack Microsoft Documents" back into the list of recognised settings in MailScanner.conf. 3 Fixed "Add Text Of Doc" for Apple Mail's utterly broken MIME structure. 6 Fixed problems with RHEL5 installation created by 4.76.5. 7 Fixed problems with RHEL4 installation created by 4.76.5. 10 Fixed problems with Fedora Core 10 installation created by 4.76.5. 10-2 Fixed missing Locks dir. 14 Possibly fixed problem with incomplete Postfix messages getting into the 'processed messages' table. 15 Neatened up message rejection code to help solve processing-messages database problem. 16 Fixed permissions and ownership problems with data extracted from TNEF winmail.dat attachments. 16 Fixed slight problem in installer on new systems, so it does not complain about perl-TimeDate already being installed. 16 Fixed problem with Postfix leaving messages in the processing-messages db. Many thanks to Kai Schaetzl and Mark Sapiro for spotting the common features of the message ids being left behind. 18 Fixed Postfix entropy bug. 19 Changed handling of "Sign Clean Messages" so that if the signing process fails, we don't worry about it too much, and we certainly don't create a new message section just containing a signature and nothing else. 20 Alternate solution to Postfix procesing database bug, without adding 'P'. 21 Better solution to Postfix processing database bug, adding 'A' to shorter entropy value, so no change to final message id. 21 Moved Net::CIDR much lower down in the installation order, to avoid problems with CentOS 5.2-->5.3 upgraded systems. 22 Made sure it works with the processing-messages database switched on. 23 Fixed problem with HTML sig being re-added at end of message. 24 Removed type identifier from filenames listed in sender warnings. 24-2 Don't uninstall ExtUtils-MakeMaker in "./install.sh --reinstall". 24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need Math-BigInt first. Great :-( 24-3 Fedora Core 10 upgrades are no longer officially supported. The RPM Perl build system is fundamentally broken. Take Pod-Escapes as a fine example, it cannot build without Pod-Simple. But Pod-Simple cannot build without Pod-Escapes. I quit. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 4 17:30:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 17:30:42 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905040835.33176.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: On 04/05/2009 06:35, Eli Wapniarski wrote: > Hi > > > Quotting from th changelog > > > "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. > 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need > Math-BigInt > first. Great :-( > 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build > system is fundamentally broken. Take Pod-Escapes as a fine example, it > cannot build without Pod-Simple. But Pod-Simple cannot build without > Pod-Escapes. I quit." > > > > Please don't quit. > > > I installed everything relatively correctly with version 4.76.24-3 > > > ---------------------------------- > Building perl-ExtUtils-MakeMaker > ---------------------------------- > > > Fedora provides a version of the module version 6.36. This module and > perl-devel must be installed. You might need to reinstall perl-devel. > I did that. Up to package version 2 perl-ExtUtils-MakeMaker would not > install due to a conflict with perl-devel. It now installs fine. > > > -------------------------- > Building Perl-Pod-Simple > -------------------------- > > > No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 > and perl-Pod-Simple 3.07 Yes, I haven't quite quit, just upgrades on Fedora 10 won't always be very smooth. I did get a clean install on a fresh Fedora 10 box to work eventually. But upgrading from version prior to MailScanner 4.76 are probably best done like this: Back up /etc/MailScanner. rpm -e mailscanner ./install.sh fast Use upgrade_MailScanner_conf and upgrade_languages_conf to get the new options into your MailScanner.conf and copy over your /etc/MailScanner/rules directory and /etc/MailScanner/file{name,type}.rules.conf from your backup. The MailScanner installer will, by default, detect an upgrade from a version prior to 4.76.11 (it's about that). If it finds it, it will remove each perl module RPM before installing the new one even if that version of the module is already installed but by a different RPM. This makes it install all the updated RPMs I developed over Easter so that nothing clashes with Perl yum updates any more and no modules are "forced" to install. This procedure doesn't work well on Fedora 10 as their perl build setup is so horribly broken. So you are better off wiping the mailscanner RPM and doing an install.sh from that state, so it thinks it is a fresh install and not an upgrade. If I could find a better solution, I would. You shouldn't be running production servers on Fedora anyway if you can *possibly* avoid it, so I'm not too worried about making Fedora less than comfortable, it's a fairly small subset of users. The important thing was to solve the CentOS issues and make it trivial to "yum update" the whole machine without MailScanner breaking the process. > > > Eli > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 4 17:31:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 17:31:36 2009 Subject: 4.76 install issues In-Reply-To: <200905040843.11609.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> <200905040843.11609.eli@orbsky.homelinux.org> <49FF1852.2020900@ecs.soton.ac.uk> Message-ID: Do the procedure I already described in a previous article about Fedora 10. On 04/05/2009 06:43, Eli Wapniarski wrote: > Hi > > > RE installation on Fedora 10 x86_64 > > > Prior to version 4.76-3 I got the following. > > > > > error: Failed dependencies: > > > <------>perl(ExtUtils::Installed) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > > > > > > As of version 4.76-3 building and installing perl-ExtUtils-MakeMaker > builds and installs just fine. > > > Because the rpm was rebuilt just fine, it should probably can lead to > a solution for the following errors which still exist. > > > > > RPM build errors: > > > Arch dependent binaries in noarch package > > > > > > perl-IO-1.2301-4.x86_64 > > > perl-DBD-SQLite-1.21-1 > > > perl-Net-DNS-0.65-1 > > > However there is no real need to build them. These modules are already > provided by Fedora. > > > Eli > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Mon May 4 18:11:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:12:20 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042011.50514.eli@orbsky.homelinux.org> > But upgrading from version prior to MailScanner 4.76 are > probably best done like this: > Back up /etc/MailScanner. > rpm -e mailscanner > ./install.sh fast Ahh,... Now I understand why after I ran rpm -Uvh --force mailscanner-4,76*.rpm why the installer did not try to remove the rpms currently installed. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/4033a2b9/attachment.html From eli at orbsky.homelinux.org Mon May 4 18:12:55 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:13:18 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042012.55578.eli@orbsky.homelinux.org> > This procedure doesn't work well on Fedora 10 as their perl build setup > is so horribly broken. So you are better off wiping the mailscanner RPM > and doing an install.sh from that state, so it thinks it is a fresh > install and not an upgrade. Are you in contact with the Fedora Perl Packagers? Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/02fe9271/attachment.html From eli at orbsky.homelinux.org Mon May 4 18:20:49 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:21:17 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042020.50111.eli@orbsky.homelinux.org> On Monday 04 May 2009 19:30:20 Julian Field wrote: Maybe a dumb question. Is there any reason why MailScanner cannot be packaged and distributed within the various distributions themselves. For example, with Fedora if the Mailscanner would be packaged correctly then the dependancies would have to be built as well and simply downloaded and installed as well. Nobody would have to build anything as the build systems for the various distros would do the job. You wouldn't have to worry about arch issues or whether or not there would be a conflict etc. This is a great tool in the fight against spam and mail borne malware. More people should be made aware of the product and having the distros themselves distribute the applicaiton might help spread the word better. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/04430489/attachment.html From glenn.steen at gmail.com Mon May 4 20:41:26 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 4 20:41:35 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905042020.50111.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> <200905042020.50111.eli@orbsky.homelinux.org> Message-ID: <223f97700905041241j72e38586i6b914fb594be0f6@mail.gmail.com> 2009/5/4 Eli Wapniarski : > On Monday 04 May 2009 19:30:20 Julian Field wrote: > > > Maybe a dumb question. Is there any reason why MailScanner cannot be > packaged and distributed within the various distributions themselves. For > example, with Fedora if the Mailscanner would be packaged correctly then the > dependancies would have to be built as well and simply downloaded and > installed as well. Nobody would have to build anything as the build systems > for the various distros would do the job. You wouldn't have to worry about > arch issues or whether or not there would be a conflict etc. This is a great > tool in the fight against spam and mail borne malware. More people should be > made aware of the product and having the distros themselves distribute the > applicaiton might help spread the word better. > > Eli Historically, and looking to keep being so, MailScanner has been a bit too volatile for most distros. Not that there haven't been attempts (like the horrid debian thing), and some quite successful (the FreeBSD one, as long as JP has (or rather had) the time/energy:)... Keeping up with the bad boys (and gals) as well as Jules... involves a bit of tinkering. But basically there's nothing stopping any enterprising soul from submitting it all to their favourite packagers/distributors. Don't expect Jules to have time for it though... Believe it or not, but he has a day job too:-). And the different distributions all have very different takes on version freezing etc so... might not work that well with Jules schedule. There have been numerous efforts. Still. The only One True release is the one (or rather two or three) packages Jules release. There's also a bit of philosophical pondering to do here... Can youu (and your users) live with the lag of repackaging? I don't. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jpabuyer at tecnoera.com Mon May 4 22:03:44 2009 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Mon May 4 22:04:03 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> Message-ID: <49FF5830.1050802@tecnoera.com> I downloaded MailScanner-4.76.24-3, installed, stopped MailScanner, removed /var/spool/MailScanner/incoming/*db and started MailScanner again. But again, it is piling up messages in the database. The last entry in the logfile before the operation was: ay 4 16:02:44 anubis MailScanner[24886]: Found 23937 messages in the processing-messages database After the procedure it started like this: May 4 16:08:35 anubis MailScanner[32765]: Found 0 messages in the processing-messages database May 4 16:08:38 anubis MailScanner[412]: Found 9 messages in the processing-messages database May 4 16:08:43 anubis MailScanner[501]: Found 31 messages in the processing-messages database now I have this: May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the processing-messages database May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the processing-messages database May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the processing-messages database (Can this be related to the fact that the server is piling up mail queue?) JP Nigel Kendrick wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Friday, May 01, 2009 4:21 PM > To: MailScanner discussion > Subject: Re: Found nn messages in the processing-messages database > > > > On 01/05/2009 10:09, Nigel Kendrick wrote: > >> Hi, >> >> I'm coming in a bit late here and am trying to catch up on this thread. I >> have had a good read but would appreciate some advice >> > > [Snip] > > It already is a stable release. I just haven't had time to announce it > yet, sorry, that's tomorrow's job. > Install the stable release, stop MailScanner, destroy > /var/spool/MailScanner/incoming/*db and fire it up again. > > Jules > > > > > Thanks Jules, > > I think you deserve some time off - take it easy! > > Nigel > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/b35baefe/attachment.html From seven at seven.dorksville.net Tue May 5 00:45:25 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Tue May 5 00:45:43 2009 Subject: What can cause really low spamassassin scores on obvious spam & GTUBE Message-ID: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> I've got 2 servers that are almost identical except one is rating very obvious spam very low (ie. less then 1) then other is fine event the GTUBE test was getting past spamassassin and was being picked up by clamav. I tried updating the low rating server to 4.75.11-1 to no effect both servers are using sendmail as the MTA, spamassassin & clamav. The low rating server was running as a standalone sendmail/spamassassin server for quiet some time before being installed as a MailScanner server. Can anyone please suggest some setting to check, I'm at a loss why this is happening. Cheers, Anthony From infernix at infernix.net Tue May 5 01:13:42 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 01:13:54 2009 Subject: Measuring the time it takes to process one message or batch Message-ID: <49FF84B6.7060901@infernix.net> Hi, I've got a 6 node cluster with 4 scanning nodes running mailscanner. Some details: - per box 2x quad core amd, 4GB (soon 6GB for more children and some headroom); mqueue, mqueue.in, MailScanner/incoming and Mimedefang are all in tmpfs so hardly any disk IO -22 children, 50 messages/batch, queue mode, normal queue size 5000. Only using local spamhaus and sorbs zones plus a few whitelists and Spam Domain lists, that are served with rbldnsd+bind on a separate cluster. Clamd virus scanning. No content checks apart from spam checking and virus scanning. Spamassassin scans all messages, even those that got hit on MSs rbl lists. - Sendmail+mimedefang take care of incoming mail with receiver validity check + outgoing mail. I don't block at SMTP level. Most of the time, mail processes fine; the 4 nodes have about 40 to 70 SMTP connections and are processing about one million messages on average. However, I've got one node that processes batches significantly slower than the rest. Of course there can be a variety of factors that could cause one batch of real (and thus random) messages to be slower, but is there any way to test mailscanners performance on a single batch or message similar to 'time spamassassin -D < spammail' so I can do repeated tests on the same subset? I'd like to be able to test this on the live setup just as spamassassin can. As far as i can tell, MailScanner --lint only does internal checking and does not actually support processing a message or batch of messages. Thanks! Regards, infernix From seven at seven.dorksville.net Tue May 5 04:03:37 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Tue May 5 04:03:58 2009 Subject: What can cause really low spamassassin scores on obvious spam & GTUBE In-Reply-To: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> References: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> Message-ID: <37592.125.168.254.15.1241492617.squirrel@seven.dorksville.net> Dont worry I found my answer from another post mentioning MailScanner --lint I had previously been using spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf which had no issues but MailScanner --lint was showing some issues with ther spamassassin perl modules. cpan install Mail::SpamAssassin fixed the issue. Thank You From eli at orbsky.homelinux.org Tue May 5 08:41:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 08:42:10 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905051041.39398.eli@orbsky.homelinux.org> One more query. One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) Processing files: perl-IO-1.2301-4-noarch Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) error: Arch dependent binaries in noarch package RPM build errors: Arch dependent binaries in noarch package Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. So I guess in the end I'm asking why not remove the BuildArch: noarch from the spec file? If a user needs to compile for both an 64bit platform 32bit platform, ppc platform etc. that user would have to rebuild everything multiple times anyway. Thank you for any better insight you can provide me. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 09:12:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:12:33 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <49FF5830.1050802@tecnoera.com> References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <49FFF4D8.6050608@ecs.soton.ac.uk> Message-ID: You don't *have* to run with the processing-messages database. Just set Maximum Processing Attempts = 0 and it will all go away. On 04/05/2009 22:03, Juan Pablo Abuyeres wrote: > I downloaded MailScanner-4.76.24-3, installed, stopped MailScanner, > removed /var/spool/MailScanner/incoming/*db and started MailScanner again. > > But again, it is piling up messages in the database. > > The last entry in the logfile before the operation was: > ay 4 16:02:44 anubis MailScanner[24886]: Found 23937 messages in the > processing-messages database > > After the procedure it started like this: > May 4 16:08:35 anubis MailScanner[32765]: Found 0 messages in the > processing-messages database > May 4 16:08:38 anubis MailScanner[412]: Found 9 messages in the > processing-messages database > May 4 16:08:43 anubis MailScanner[501]: Found 31 messages in the > processing-messages database > > > now I have this: > May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the > processing-messages database > May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the > processing-messages database > May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the > processing-messages database > > > (Can this be related to the fact that the server is piling up mail queue?) > > JP > > > > Nigel Kendrick wrote: >> >> >> -----Original Message----- >> From:mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Friday, May 01, 2009 4:21 PM >> To: MailScanner discussion >> Subject: Re: Found nn messages in the processing-messages database >> >> >> >> On 01/05/2009 10:09, Nigel Kendrick wrote: >> >>> Hi, >>> >>> I'm coming in a bit late here and am trying to catch up on this thread. I >>> have had a good read but would appreciate some advice >>> >> >> [Snip] >> >> It already is a stable release. I just haven't had time to announce it >> yet, sorry, that's tomorrow's job. >> Install the stable release, stop MailScanner, destroy >> /var/spool/MailScanner/incoming/*db and fire it up again. >> >> Jules >> >> >> >> >> Thanks Jules, >> >> I think you deserve some time off - take it easy! >> >> Nigel >> >> >> >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 09:13:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:13:46 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: <49FF84B6.7060901@infernix.net> References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> Message-ID: On 05/05/2009 01:13, infernix wrote: > Hi, > > I've got a 6 node cluster with 4 scanning nodes running mailscanner. > Some details: > > - per box 2x quad core amd, 4GB (soon 6GB for more children and some > headroom); mqueue, mqueue.in, MailScanner/incoming and Mimedefang are > all in tmpfs so hardly any disk IO > > -22 children, 50 messages/batch, queue mode, normal queue size 5000. > Only using local spamhaus and sorbs zones plus a few whitelists and > Spam Domain lists, that are served with rbldnsd+bind on a separate > cluster. Clamd virus scanning. No content checks apart from spam > checking and virus scanning. Spamassassin scans all messages, even > those that got hit on MSs rbl lists. > > - Sendmail+mimedefang take care of incoming mail with receiver > validity check + outgoing mail. I don't block at SMTP level. > > Most of the time, mail processes fine; the 4 nodes have about 40 to 70 > SMTP connections and are processing about one million messages on > average. However, I've got one node that processes batches > significantly slower than the rest. > > Of course there can be a variety of factors that could cause one batch > of real (and thus random) messages to be slower, but is there any way > to test mailscanners performance on a single batch or message similar > to 'time spamassassin -D < spammail' so I can do repeated tests on the > same subset? > > I'd like to be able to test this on the live setup just as > spamassassin can. As far as i can tell, MailScanner --lint only does > internal checking and does not actually support processing a message > or batch of messages. Do "MailScanner --help" and you will find the "--debug" and "--debug-sa" switches, among others. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Tue May 5 09:13:51 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 09:15:35 2009 Subject: filename rules Message-ID: hi we see a few messages like this: The virus detector said this about the message: Report: Report: MailScanner: Attempt to hide real filename extension (invoice 657 L%F8.pdf) because people are using the dainsh chars ??? in the filenames - Im guessing other languages have the samme issues when people are attaching documents that are using special hars not in \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ I would like to say "yea but its simply not allowed in the mail standard" - but im not even sure if its true or if its just an old rule not updated now that its 2009 and unicode or what ever. I dont actually see how it would hit this rule as there is only one \. in the filename and the rule seams to need two \. to hit... But I dont find any other rules having the response "Attempt to hide real filename extension". -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/34af8ff9/attachment.html From MailScanner at ecs.soton.ac.uk Tue May 5 09:15:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:16:03 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051041.39398.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> <200905051041.39398.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> Message-ID: On 05/05/2009 08:41, Eli Wapniarski wrote: > One more query. > > One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > > > From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > > Processing files: perl-IO-1.2301-4-noarch > Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > error: Arch dependent binaries in noarch package > > > RPM build errors: > Arch dependent binaries in noarch package > > > Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > > So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > > So I guess in the end I'm asking why not remove the > > BuildArch: noarch > > from the spec file? I can't remove it altogether, as the BuildArch selects where the RPM file is put, which I need to know to be able to install it. I admit that some of the BuildArch settings are just plain wrong, but it doesn't affect the installed system or the execution of MailScanner one jot, so I've never bothered fixing them. There are simply more important things than something that purely affects a bit of metadata which no-one ever uses anyway. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Tue May 5 10:32:30 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 10:33:50 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <018501c9c726$a225ca00$0a00080a@gordon> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> Message-ID: you can also try the lowlevel solution - write a script that looks at the queue length and when its longer than what you can handle then block incomming connections using iptables :D -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gordon Colyn Sent: 27. april 2009 12:55 To: 'MailScanner discussion' Subject: RE: Stop incoming mail if message queue exceeds set value Thanks, have implemented these already. The issue is not on the load, the load stays pretty under control. I just want to stop accepting mail on the 1 server so the mails are forced to go to the other servers, i.e. 1000 messages handled by 4 servers will be quicker than 1000 mails handled by 1... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Pentland Sent: 27 April 2009 12:47 PM To: 'MailScanner discussion' Subject: RE: Stop incoming mail if message queue exceeds set value Hi, Look here... http://www.sendmail.org/m4/tweaking_config.html Particularly these... confQUEUE_LA QueueLA [varies] Load average at which queue-only function kicks in. Default values is (8 * numproc) where numproc is the number of processors online (if that can be determined). confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP connections are refused. Default values is (12 * numproc) where numproc is the number of processors online (if that can be determined). confDELAY_LA DelayLA [0] Load average at which sendmail will sleep for one second on most SMTP commands and before accepting connections. 0 means no limit. But a few others might be of use. Be sure you're rejecting invalid recipients during the SMTP dialouge and not at some stage later. It sounds obvious but can easily be missed and result in 1,000s of messages from a bot being queued and work being done on them, reject these before you queue them! Regards, Gary mailscanner-bounces@lists.mailscanner.info wrote: > I am running a round robin dns mail solution with 4 mailscanner > servers accepting mail. The problem I am having is that on occasion 1 > of the servers gets hit with massive volumes over a very short time so > the queue can grow to 5000+ in a matter of minutes causing mail > delivery delays on that specific server. I would like to be able to > set a limit on the queue size so that the server stops accepting mail > until the queue drops below that set value. > > I have tried with sendmail creating 2 cf files but can't get it > working. Does this have to be managed by mailscanner, r can it be done > in sendmail? > > Currently using sendmail-8.14.1 and Mailscanner 4.63.8 > > Thanks > > > Gordon Colyn > Office : 086 123 ITNT (4868) > Cell : 083 296 7534 > Fax : 086 520 0885 > InTheNet Technologies > www.itnt.co.za > MSN:gordoncolyn@hotmail.com > SKYPE:gordoncolyn > > Confidentiality: This e-mail including any attachments is intended for > the above named addressee(s) only and contains confidential > information. If you have received this email in error you must take no > action based on its contents, nor must you reproduce or show the > e-mail or any attachments or any part thereof or communicate the > contents to anyone; please reply to the sender of this e-mail > informing them of the error. > > Viruses: We recommend that in keeping with good computing practice the > recipient should ensure that e-mails received are virus free before > opening. > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4035 (20090425) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! __________ Information from ESET NOD32 Antivirus, version of virus signature database 4036 (20090427) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eli at orbsky.homelinux.org Tue May 5 11:12:12 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 11:12:39 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> Message-ID: <200905051312.12974.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > > On 05/05/2009 08:41, Eli Wapniarski wrote: > > One more query. > > > > One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > > > > > From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > > > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > > > > > Processing files: perl-IO-1.2301-4-noarch > > Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > > Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > error: Arch dependent binaries in noarch package > > > > > > RPM build errors: > > Arch dependent binaries in noarch package > > > > > > Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > > > > So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > > > > So I guess in the end I'm asking why not remove the > > > > BuildArch: noarch > > > > from the spec file? > I can't remove it altogether, as the BuildArch selects where the RPM > file is put, which I need to know to be able to install it. I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Tue May 5 11:52:28 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue May 5 11:52:22 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905040835.33176.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> Message-ID: > Quotting from th changelog > > "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. > 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need > Math-BigInt > first. Great :-( > 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build > system is fundamentally broken. Take Pod-Escapes as a fine example, > it > cannot build without Pod-Simple. But Pod-Simple cannot build without > Pod-Escapes. I quit." > > > Please don't quit. > > I installed everything relatively correctly with version 4.76.24-3 +1 > ---------------------------------- > Building perl-ExtUtils-MakeMaker > ---------------------------------- > > Fedora provides a version of the module version 6.36. This module and > perl-devel must be installed. You might need to reinstall perl-devel. I > did that. Up to package version 2 perl-ExtUtils-MakeMaker would not > install due to a conflict with perl-devel. It now installs fine. The perlExtUtils-MakeMaker provided with MailScanner built and installed fine on my FC10 machine, replacing the 6.36 provided by Fedora with the 6.50 provided by MailScanner. > -------------------------- > Building Perl-Pod-Simple > -------------------------- > > No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 and > perl-Pod-Simple 3.07 For reference, I needed to remove these package requirements from the top of MailScanner's install.sh (so it didn't uninstall them for me, causing the build to fail). Instead I installed them using yum from the standard Fedora repositories: perl-Pod-Simple perl-Pod-Escapes perl-Test-Pod perl-Test-Harness perl-Compress-Zlib perl-Archive-Zip I now have MailScanner 4.76.24-3 running happily on FC10, having upgraded from the pre-RPM-rebuild version 4.74.16. Jules, am I right in saying that the next few upgrades won't do the uninstall of RPMs now that I've done this upgrade step? In which case MailScanner should upgrade quite happily on my machine without tweaking the install.sh script next time. Cheers! Anthony -- www.fonant.com - Quality web sites From infernix at infernix.net Tue May 5 11:59:30 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 11:59:48 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> Message-ID: <4A001C12.5080001@infernix.net> Julian Field wrote: >> I'd like to be able to test this on the live setup just as >> spamassassin can. As far as i can tell, MailScanner --lint only does >> internal checking and does not actually support processing a message >> or batch of messages. > Do "MailScanner --help" and you will find the "--debug" and "--debug-sa" > switches, among others. I know about those, but: -lint: Test the configuration and report errors. -debug: Run MailScanner in debug-mode. In debug-mode MailScanner doesn't spawn childrens and produce a lot of output. Can be compined with -debug-sa. -debug-sa: Run the spamassassine module inside MailScanner in debug-mode. Warning: This option doesn't stop MailScanner from spawning children! Can be combined with -debug. These options will just spawn MailScanner as normal, possibly not forked, but with much more output. This is not the equivalent of 'spamassassin -D < spammail', because MailScanner in debug mode will just load the MailScanner.conf that is used in production and start processing the configured queue directory. There is also no option to specify some alternative config. It's not possible to run it in debug mode while the live mailscanner processes continue on as normal, nor is it possible to let it process one mail (or batch) by pointing it to a file (or directory). So my question still stands; is there a way to let MailScanner process one (batch of) messages in debug mode *without* having it affect the running (live) mailscanner process? Because right now the only way I can see this happening is if I copy the MailScanner binary to MailScannerTest and start modifying paths so that it runs with its own unique config files, which is a real hassle for obvious reasons. Thanks! From MailScanner at ecs.soton.ac.uk Tue May 5 12:07:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:07:19 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051312.12974.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> <200905051312.12974.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:12, Eli Wapniarski wrote: > On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > >> On 05/05/2009 08:41, Eli Wapniarski wrote: >> >>> One more query. >>> >>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >>> >>> >>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads >>>> >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>> >>> >>> Processing files: perl-IO-1.2301-4-noarch >>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 >>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>> error: Arch dependent binaries in noarch package >>> >>> >>> RPM build errors: >>> Arch dependent binaries in noarch package >>> >>> >>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. >>> >>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. >>> >>> So I guess in the end I'm asking why not remove the >>> >>> BuildArch: noarch >>> >>> from the spec file? >>> >> I can't remove it altogether, as the BuildArch selects where the RPM >> file is put, which I need to know to be able to install it. >> > I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it puts it in /root/rpmbuild/RPMS/ directory, where is the BuildArch. If I don't specify it, then I don't know where it put the final RPM that I'm trying to install! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 12:07:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:08:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001E03.4040700@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:52, Anthony Cartmell wrote: > > Jules, am I right in saying that the next few upgrades won't do the > uninstall of RPMs now that I've done this upgrade step? In which case > MailScanner should upgrade quite happily on my machine without > tweaking the install.sh script next time. Correct. It has done the upgrade once, so it won't need to do it again. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 12:09:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:09:39 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: <4A001C12.5080001@infernix.net> References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> <4A001C12.5080001@infernix.net> <4A001E5F.5060900@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:59, infernix wrote: > Julian Field wrote: >>> I'd like to be able to test this on the live setup just as >>> spamassassin can. As far as i can tell, MailScanner --lint only does >>> internal checking and does not actually support processing a message >>> or batch of messages. >> Do "MailScanner --help" and you will find the "--debug" and >> "--debug-sa" switches, among others. > > I know about those, but: > > -lint: Test the configuration and report errors. > > -debug: Run MailScanner in debug-mode. In debug-mode MailScanner > doesn't spawn childrens and produce a lot of output. Can be compined > with -debug-sa. > > -debug-sa: Run the spamassassine module inside MailScanner in > debug-mode. Warning: This option doesn't stop MailScanner from > spawning children! Can be combined with -debug. > > These options will just spawn MailScanner as normal, possibly not > forked, but with much more output. This is not the equivalent of > 'spamassassin -D < spammail', because MailScanner in debug mode will > just load the MailScanner.conf that is used in production and start > processing the configured queue directory. There is also no option to > specify some alternative config. Yes there is, just specify the config file on the command line. No switch needed for that. > It's not possible to run it in debug mode while the live mailscanner > processes continue on as normal, nor is it possible to let it process > one mail (or batch) by pointing it to a file (or directory). Yes it is, read the output of "MailScanner --help" before you say things like this :-) > > So my question still stands; is there a way to let MailScanner process > one (batch of) messages in debug mode *without* having it affect the > running (live) mailscanner process? Yes, just run it with --debug. It will not affect the live MailScanner process at all. I do it all the time. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From infernix at infernix.net Tue May 5 12:29:41 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 12:30:01 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> <4A001C12.5080001@infernix.net> <4A001E5F.5060900@ecs.soton.ac.uk> Message-ID: <4A002325.50903@infernix.net> Julian Field wrote: > Yes it is, read the output of "MailScanner --help" before you say things > like this :-) >> So my question still stands; is there a way to let MailScanner process >> one (batch of) messages in debug mode *without* having it affect the >> running (live) mailscanner process? > Yes, just run it with --debug. It will not affect the live MailScanner > process at all. I do it all the time. My apologies, i was looking at the Debian manpage and it was missing some of the options that show up with --help. Won't happen again :) From correo at miguelangelnieto.net Tue May 5 12:34:18 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Tue May 5 13:09:13 2009 Subject: mailscanner whitelist (SQLWhitelist) Message-ID: <1241523258.2761.5.camel@miguel.irontec.com> Hi, I have the whitelists configured with MailWatch: Is Definitely Not Spam = &SQLWhitelist Mailscanner reads the whitelist: May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 whitelist entries But Mailscanner scans the message with Spamassassin, and It shouldn't happen. What i'm doing wrong? Thank you. Mailscanner version: 4.55.10-3 From simonmjones at gmail.com Tue May 5 13:17:16 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 13:17:24 2009 Subject: leaky gateway Message-ID: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> Hi folks, I'm running a distributed system, one of the gateways seems to have sprung a leek though and is letting some spam through which is being caught on the other systems. I copied the config files between the systems to ensure consistancy when the systems were built so I'm wondering if it could be some other weakness I haven't considered, perhaps a time-out or setitng which causes the messages to be sent through unscanned or part scanned perhaps? I'm using mailwatch too and can see the scores in the message headers, an example of one is below; thanks for any help or suggestions you may offer, 2.44 Spam Report: Score Matching Rule Description cached score=2.441 3 required autolearn=disabled 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area 0.00 HTML_MESSAGE HTML included in message 1.67 MIME_HTML_ONLY Message only has text/html MIME parts 0.10 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS From maxsec at gmail.com Tue May 5 13:33:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 5 13:33:51 2009 Subject: leaky gateway In-Reply-To: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> References: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> Message-ID: <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> Simonthe cached here means it's already seen it and scored it 'low'. Try removing the spamassassin cache and restarting mailscanner in the system. http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin NB I'd say 3 a little low for a 'low spam threshold' anyway, you're quite likely to hit alot of ham. I'd look at what rulesets you've got and see if iXhasf and the sought ruleset (and others) help 2009/5/5 Simon Jones > Hi folks, > > I'm running a distributed system, one of the gateways seems to have > sprung a leek though and is letting some spam through which is being > caught on the other systems. I copied the config files between the > systems to ensure consistancy when the systems were built so I'm > wondering if it could be some other weakness I haven't considered, > perhaps a time-out or setitng which causes the messages to be sent > through unscanned or part scanned perhaps? I'm using mailwatch too > and can see the scores in the message headers, an example of one is > below; > > thanks for any help or suggestions you may offer, > > 2.44 > Spam Report: Score Matching Rule Description > cached > score=2.441 > 3 required > autolearn=disabled > 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d > 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area > 0.00 HTML_MESSAGE HTML included in message > 1.67 MIME_HTML_ONLY Message only has text/html MIME parts > 0.10 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking > rDNS > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/912cb363/attachment.html From simonmjones at gmail.com Tue May 5 13:40:46 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 13:40:54 2009 Subject: leaky gateway In-Reply-To: <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> References: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> Message-ID: <70572c510905050540s723c9b80h8a9c7b35192892bd@mail.gmail.com> 2009/5/5 Martin Hepworth : > Simon > the cached here means it's already seen it and scored it 'low'. Try removing > the spamassassin cache and restarting mailscanner in the system. > > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin > > > NB I'd say 3 a little low for a 'low spam threshold' anyway, you're quite > likely to hit alot of ham. I'd look at what rulesets you've got and see if > iXhasf and the sought ruleset (and others) help > > 2009/5/5 Simon Jones >> >> Hi folks, >> >> I'm running a distributed system, one of the gateways seems to have >> sprung a leek though and is letting some spam through which is being >> caught on the other systems. ?I copied the config files between the >> systems to ensure consistancy when the systems were built so I'm >> wondering if it could be some other weakness I haven't considered, >> perhaps a time-out or setitng which causes the messages to be sent >> through unscanned or part scanned perhaps? ?I'm using mailwatch too >> and can see the scores in the message headers, an example of one is >> below; >> >> thanks for any help or suggestions you may offer, >> >> 2.44 >> Spam Report: Score Matching Rule Description >> ?cached >> ?score=2.441 >> 3 required >> ?autolearn=disabled >> 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d >> 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area >> 0.00 HTML_MESSAGE HTML included in message >> 1.67 MIME_HTML_ONLY Message only has text/html MIME parts >> 0.10 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > thanks Martin, I'll give that a go, would never have thought of it! From eli at orbsky.homelinux.org Tue May 5 13:36:35 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 13:48:24 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> Message-ID: <200905051536.36288.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > > On 05/05/2009 11:12, Eli Wapniarski wrote: > > On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > > > >> On 05/05/2009 08:41, Eli Wapniarski wrote: > >> > >>> One more query. > >>> > >>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > >>> > >>> > >>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > >>>> > >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>> > >>> > >>> Processing files: perl-IO-1.2301-4-noarch > >>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > >>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>> error: Arch dependent binaries in noarch package > >>> > >>> > >>> RPM build errors: > >>> Arch dependent binaries in noarch package > >>> > >>> > >>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > >>> > >>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > >>> > >>> So I guess in the end I'm asking why not remove the > >>> > >>> BuildArch: noarch > >>> > >>> from the spec file? > >>> > >> I can't remove it altogether, as the BuildArch selects where the RPM > >> file is put, which I need to know to be able to install it. > >> > > I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > > > That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it > puts it in /root/rpmbuild/RPMS/ directory, where is the > BuildArch. If I don't specify it, then I don't know where it put the > final RPM that I'm trying to install! > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however On my x86_64 platform rpm --showrc | grep "build arch" shows build arch : x86_64 compatible build archs: x86_64 noarch and on my i686 system build arch : i386 compatible build archs: i686 i586 i486 i386 noarch fat Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Tue May 5 13:50:57 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 5 13:51:08 2009 Subject: filename rules In-Reply-To: References: Message-ID: <4A003631.5070507@USherbrooke.ca> Jan Agermose a ?crit : > > hi > > > > we see a few messages like this: > > > > The virus detector said this about the message: > Report: Report: MailScanner: Attempt to hide real filename extension > (invoice 657 L%F8.pdf) > > > > > > because people are using the dainsh chars ??? in the filenames - Im > guessing other languages have the samme issues when people are > attaching documents that are using special hars not in > > > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > > > I would like to say "yea but its simply not allowed in the mail > standard" - but im not even sure if its true or if its just an old > rule not updated now that its 2009 and unicode or what ever. > > > > I dont actually see how it would hit this rule as there is only one \. > in the filename and the rule seams to need two \. to hit... But I dont > find any other rules having the response "Attempt to hide real > filename extension". > > > > > Jan, I doubt this is the rule that matched (unless the filename you provided isn't complete because it was sanitized). You are right about the 2 \. This rule wants to deny files such as filename.pdf.exe. I disabled this rule a long while ago. I have never permitted EXE|COM|REG|BAT and many other dangerous file extensions anyways. Maybe the filetype rules got involved instead? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Tue May 5 13:55:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 13:55:57 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051536.36288.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> <200905051536.36288.eli@orbsky.homelinux.org> <4A003739.6080600@ecs.soton.ac.uk> Message-ID: On 05/05/2009 13:36, Eli Wapniarski wrote: > On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > >> On 05/05/2009 11:12, Eli Wapniarski wrote: >> >>> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: >>> >>> >>>> On 05/05/2009 08:41, Eli Wapniarski wrote: >>>> >>>> >>>>> One more query. >>>>> >>>>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >>>>> >>>>> >>>>> >>>>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads >>>>>> >>>>>> >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>>>> >>>>> >>>>> Processing files: perl-IO-1.2301-4-noarch >>>>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 >>>>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>>>> error: Arch dependent binaries in noarch package >>>>> >>>>> >>>>> RPM build errors: >>>>> Arch dependent binaries in noarch package >>>>> >>>>> >>>>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. >>>>> >>>>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. >>>>> >>>>> So I guess in the end I'm asking why not remove the >>>>> >>>>> BuildArch: noarch >>>>> >>>>> from the spec file? >>>>> >>>>> >>>> I can't remove it altogether, as the BuildArch selects where the RPM >>>> file is put, which I need to know to be able to install it. >>>> >>>> >>> I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). >>> >>> >> That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it >> puts it in /root/rpmbuild/RPMS/ directory, where is the >> BuildArch. If I don't specify it, then I don't know where it put the >> final RPM that I'm trying to install! >> >> > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however > > On my x86_64 platform > > rpm --showrc | grep "build arch" > > shows > > build arch : x86_64 > compatible build archs: x86_64 noarch > > and on my i686 system > > build arch : i386 > compatible build archs: i686 i586 i486 i386 noarch fat > > Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. > But that does not tell you if it decided to build the rpm with i386/x86_64 or noarch. So it only partially helps. I already work out whether it's i386 or x86_64, I can do that already very easily. What I *don't* know is whether it decided it was a noarch RPM or not. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Tue May 5 14:26:20 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 14:26:40 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <1241523258.2761.5.camel@miguel.irontec.com> References: <1241523258.2761.5.camel@miguel.irontec.com> Message-ID: <4A003E7C.7000000@pacific.net> Miguel Angel Nieto wrote: > Hi, > > I have the whitelists configured with MailWatch: > > Is Definitely Not Spam = &SQLWhitelist > > Mailscanner reads the whitelist: > > May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time > reached > May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL Whitelist > May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 whitelist entries > > But Mailscanner scans the message with Spamassassin, and It shouldn't > happen. > > What i'm doing wrong? Nothing. That is normal behavior. Whitelisting does not exclude a message from SA scanning. It doesn't apply the MailScanner SA rules to the message, so even if it scores above your 'high' threshold, it will not be spam tagged or quarantined or whatever. If you want to exclude a message from scanning, you need to use the "Use SpamAssassin" instead, or even "Spam Checks". Read the config file. Ken > > Thank you. > > Mailscanner version: 4.55.10-3 > -- Ken Anderson Pacific Internet - http://www.pacific.net From eli at orbsky.homelinux.org Tue May 5 14:29:28 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 14:29:52 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A003739.6080600@ecs.soton.ac.uk> Message-ID: <200905051629.28486.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 15:55:21 Julian Field wrote: > > On 05/05/2009 13:36, Eli Wapniarski wrote: > > On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > > > >> On 05/05/2009 11:12, Eli Wapniarski wrote: > >> > >>> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > >>> > >>> > >>>> On 05/05/2009 08:41, Eli Wapniarski wrote: > >>>> > >>>> > >>>>> One more query. > >>>>> > >>>>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > >>>>> > >>>>> > >>>>> > >>>>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > >>>>>> > >>>>>> > >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>>>> > >>>>> > >>>>> Processing files: perl-IO-1.2301-4-noarch > >>>>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > >>>>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>>>> error: Arch dependent binaries in noarch package > >>>>> > >>>>> > >>>>> RPM build errors: > >>>>> Arch dependent binaries in noarch package > >>>>> > >>>>> > >>>>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > >>>>> > >>>>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > >>>>> > >>>>> So I guess in the end I'm asking why not remove the > >>>>> > >>>>> BuildArch: noarch > >>>>> > >>>>> from the spec file? > >>>>> > >>>>> > >>>> I can't remove it altogether, as the BuildArch selects where the RPM > >>>> file is put, which I need to know to be able to install it. > >>>> > >>>> > >>> I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > >>> > >>> > >> That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it > >> puts it in /root/rpmbuild/RPMS/ directory, where is the > >> BuildArch. If I don't specify it, then I don't know where it put the > >> final RPM that I'm trying to install! > >> > >> > > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however > > > > On my x86_64 platform > > > > rpm --showrc | grep "build arch" > > > > shows > > > > build arch : x86_64 > > compatible build archs: x86_64 noarch > > > > and on my i686 system > > > > build arch : i386 > > compatible build archs: i686 i586 i486 i386 noarch fat > > > > Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. > > > But that does not tell you if it decided to build the rpm with > i386/x86_64 or noarch. So it only partially helps. I already work out > whether it's i386 or x86_64, I can do that already very easily. What I > *don't* know is whether it decided it was a noarch RPM or not. > I don't believe that you need to worry about it. The packages will be built in the directory build arch is configured for by the distro. (ie /root/rpmbuild/RPMS/x86_64, or /root/rpmbuild/RPMS/i386 or /root/rpmbuild/RPMS/i586. no arch is not required and confusing. I'm assuming that you're worried about running the rpm -Uvh / -ivh package command. Like I said I'm not trying to be too smart but, with the right regular expression you could grep "build arch" into a variable and then you would be able to exec rpm -Uvh /root/rpmbuild/RPMS/BuildArchVariable or however it is that you get the packages installed. That would take care of the issues regarding noarch and arch dependant variables. You then do not need to specify whch arch you are installing on. The system will do that for you. It is probably the shape of things to come for upcoming Redhat and Centos versions and probably anything else that relies on RPM for package management since Fedora is probably the first to incorporate the latest greatest version. Of course, its your baby and your decisions regarding how you wish to build and have MailScanner installed on the system. I am grateful for the insight you have provided. I will personally be doing some additional digging into this. Thank You for this great and wonderful tool. A loyal user. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Tue May 5 15:44:56 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue May 5 15:45:27 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <018501c9c726$a225ca00$0a00080a@gordon> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> Message-ID: <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> 2009/4/27 Gordon Colyn : > Thanks, have implemented these already. ?The issue is not on the load, the > load stays pretty under control. ?I just want to stop accepting mail on the > 1 server so the mails are forced to go to the other servers, i.e. 1000 > messages handled by 4 servers will be quicker than 1000 mails handled by > 1... > milter-limit? http://www.milter.info/sendmail/milter-limit/ this milter responses with a 451 xxxx when the amount of N emails in M time is reached, example when you have recieved 1000 emails in less than 5 minutes sendmail starts answering with 451 (while the 5 minutes are not complete) so the traffic should go away to other box. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary > Pentland > Sent: 27 April 2009 12:47 PM > To: 'MailScanner discussion' > Subject: RE: Stop incoming mail if message queue exceeds set value > > Hi, > > Look here... > > http://www.sendmail.org/m4/tweaking_config.html > > Particularly these... > > confQUEUE_LA QueueLA [varies] Load average at which queue-only function > kicks in. Default values is (8 * numproc) where numproc is the number of > processors online (if that can be determined). > > confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP > connections are refused. Default values is (12 * numproc) where numproc is > the number of processors online (if that can be determined). > > confDELAY_LA DelayLA [0] Load average at which sendmail will sleep for one > second on most SMTP commands and before accepting connections. 0 means no > limit. > > > But a few others might be of use. ?Be sure you're rejecting invalid > recipients during the SMTP dialouge and not at some stage later. ?It sounds > obvious but can easily be missed and result in 1,000s of messages from a bot > being queued and work being done on them, reject these before you queue > them! > > Regards, > > Gary > > > mailscanner-bounces@lists.mailscanner.info wrote: >> I am running a round robin dns mail solution with 4 mailscanner >> servers accepting mail. ?The problem I am having is that on occasion 1 >> of the servers gets hit with massive volumes over a very short time so >> the queue can grow to 5000+ in a matter of minutes causing mail >> delivery delays on that specific server. ?I would like to be able to >> set a limit on the queue size so that the server stops accepting mail >> until the queue drops below that set value. >> >> I have tried with sendmail creating 2 cf files but can't get it >> working. Does this have to be managed by mailscanner, r can it be done >> in sendmail? >> >> Currently using sendmail-8.14.1 and Mailscanner 4.63.8 >> >> Thanks >> >> >> Gordon Colyn >> Office : 086 123 ITNT (4868) >> Cell : 083 296 7534 >> Fax : 086 520 0885 >> InTheNet Technologies >> www.itnt.co.za >> MSN:gordoncolyn@hotmail.com >> SKYPE:gordoncolyn >> >> Confidentiality: This e-mail including any attachments is intended for >> the above named addressee(s) only and contains confidential >> information. If you have received this email in error you must take no >> action based on its contents, nor must you reproduce or show the >> e-mail or any attachments or any part thereof or communicate the >> contents to anyone; please reply to the sender of this e-mail >> informing them of the error. >> >> Viruses: We recommend that in keeping with good computing practice the >> recipient should ensure that e-mails received are virus free before >> opening. >> >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 4035 (20090425) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4036 (20090427) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ja at conviator.com Tue May 5 16:08:48 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 16:09:57 2009 Subject: filename rules In-Reply-To: <4A003631.5070507@USherbrooke.ca> References: <4A003631.5070507@USherbrooke.ca> Message-ID: Jan Agermose a ?crit : > > hi > > > > we see a few messages like this: > > > > The virus detector said this about the message: > Report: Report: MailScanner: Attempt to hide real filename extension > (invoice 657 L%F8.pdf) > > > > > > because people are using the dainsh chars ??? in the filenames - Im > guessing other languages have the samme issues when people are > attaching documents that are using special hars not in > > > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > > > I would like to say "yea but its simply not allowed in the mail > standard" - but im not even sure if its true or if its just an old > rule not updated now that its 2009 and unicode or what ever. > > > > I dont actually see how it would hit this rule as there is only one \. > in the filename and the rule seams to need two \. to hit... But I dont > find any other rules having the response "Attempt to hide real > filename extension". > > > > > Jan, I doubt this is the rule that matched (unless the filename you provided isn't complete because it was sanitized). You are right about the 2 \. This rule wants to deny files such as filename.pdf.exe. I disabled this rule a long while ago. I have never permitted EXE|COM|REG|BAT and many other dangerous file extensions anyways. Maybe the filetype rules got involved instead? Denis -- _ HI I was looking at the mail "on disk" and found what might be the real reason why it actually is this rule. Just strange that even mailwatch shows the name of the attachment different than what it seams to really be. Part of the maildump looks like this and this has clearly ".xls.pdf" what would be stopped by the rule. Im just thinking if this rule will actually help anything or just make to much trouble so I should be removed... there are other rules that will take care of .exe and so on and also based on application type - that must be secure or? --Apple-Mail-6--942219872 Content-Disposition: inline; filename*=ISO-8859-1''invoice%20657%20L%F8bekompagniet.xls.pdf Content-Type: application/pdf; x-unix-mode=0644; name="=?ISO-8859-1?Q?invoice_657_L=F8bekompagniet.xls.pdf?=" Content-Transfer-Encoding: base64 From simonmjones at gmail.com Tue May 5 16:14:25 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 16:14:34 2009 Subject: db clean Message-ID: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> what's the best way to reduce the size of the db, currently i have over 6 mil records and the search and stuff is slow as a turd :( i run dbclean.php on a cron but the site of the db, in particular the maillog table are mahoosive... anyone point me to some docs or have any tips? From steve.freegard at fsl.com Tue May 5 16:30:43 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue May 5 16:30:54 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A003E7C.7000000@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> Message-ID: <4A005BA3.8070602@fsl.com> Ken A wrote: > Miguel Angel Nieto wrote: >> Hi, >> >> I have the whitelists configured with MailWatch: >> >> Is Definitely Not Spam = &SQLWhitelist >> >> Mailscanner reads the whitelist: >> >> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >> whitelist entries >> But Mailscanner scans the message with Spamassassin, and It shouldn't >> happen. >> >> What i'm doing wrong? > > Nothing. That is normal behavior. Whitelisting does not exclude a > message from SA scanning. It doesn't apply the MailScanner SA rules to > the message, so even if it scores above your 'high' threshold, it will > not be spam tagged or quarantined or whatever. > > If you want to exclude a message from scanning, you need to use the "Use > SpamAssassin" instead, or even "Spam Checks". Read the config file. > That's not quite correct. Set 'Always Include SpamAssassin Report = No' and MailScanner will not run SA for messages that are whitelisted. Regards, Steve. From maxsec at gmail.com Tue May 5 16:48:43 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 5 16:48:53 2009 Subject: db clean In-Reply-To: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> References: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> Message-ID: <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> more of a mailwatch question, but make sure the db_clean.php is running with the appropriate number of days - you may wish to reduce the default of 60 days down a little (and make sure the require line at the start of the script points to the correct place to start with!) Also make sure the quarantine is cleared out correctly if you're using that in mailscanner (again see the tools dir) 2009/5/5 Simon Jones > what's the best way to reduce the size of the db, currently i have > over 6 mil records and the search and stuff is slow as a turd :( i > run dbclean.php on a cron but the site of the db, in particular the > maillog table are mahoosive... anyone point me to some docs or have > any tips? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/19833297/attachment.html From ka at pacific.net Tue May 5 16:57:04 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 16:57:27 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A005BA3.8070602@fsl.com> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> Message-ID: <4A0061D0.7010306@pacific.net> Steve Freegard wrote: > Ken A wrote: >> Miguel Angel Nieto wrote: >>> Hi, >>> >>> I have the whitelists configured with MailWatch: >>> >>> Is Definitely Not Spam = &SQLWhitelist >>> >>> Mailscanner reads the whitelist: >>> >>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>> whitelist entries >>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>> happen. >>> >>> What i'm doing wrong? >> Nothing. That is normal behavior. Whitelisting does not exclude a >> message from SA scanning. It doesn't apply the MailScanner SA rules to >> the message, so even if it scores above your 'high' threshold, it will >> not be spam tagged or quarantined or whatever. >> >> If you want to exclude a message from scanning, you need to use the "Use >> SpamAssassin" instead, or even "Spam Checks". Read the config file. >> > > That's not quite correct. > > Set 'Always Include SpamAssassin Report = No' and MailScanner will not > run SA for messages that are whitelisted. > > Regards, > Steve. Ah, that's a simpler to change, no ruleset required. Maybe I need to read the config file again. It's been a couple years. :-) Thanks for correcting me. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From simonmjones at gmail.com Tue May 5 17:35:46 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 17:35:55 2009 Subject: db clean In-Reply-To: <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> References: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> Message-ID: <70572c510905050935o790c39d6t7c9d699b831cda0a@mail.gmail.com> 2009/5/5 Martin Hepworth : > more of a mailwatch question, but make sure the db_clean.php is running with > the appropriate number of days - you may wish to reduce the default of 60 > days down a little (and make sure the require line at the start of the > script points to the correct place to start with!) > > Also make sure the quarantine is cleared out correctly if you're using that > in mailscanner (again see the tools dir) > 2009/5/5 Simon Jones >> >> what's the best way to reduce the size of the db, currently i have >> over 6 mil records and the search and stuff is slow as a turd :( ?i >> run dbclean.php on a cron but the site of the db, in particular the >> maillog table are mahoosive... ?anyone point me to some docs or have >> any tips? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > thanks Martin, apologies for wrong list posting. i have days to keep set at 15 and i run a seperate db server so there's no quatantine_maint to run as it doesn't process mail and it seems to point to the correct functions.php location. From paul.lemmons at tmcaz.com Tue May 5 18:44:49 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 18:45:02 2009 Subject: filetype rules and pptx files Message-ID: <4A007B11.5030700@tmcaz.com> Our CIO (of all people) is trying to send a PowerPoint 2007 document and it is getting rejected. It turns out that the .pptx file is really a zip archive and within that archive there is a file named "0000.dat" which is getting identified as a DOS executable. When I extract the file and run the file command against it I get the following: $ file 0000.dat 0000.dat: DOS executable (device driver) for DOS $ file -i 0000.dat 0000.dat: text/plain charset=iso-8859-1 When I look at the file itself, it appears to be a bunch of binary zeros. I have tried to to add the following line to the filetypes.rules file: allow - text\/plain - - allow - text/plain - - with no success. I also tried adding the following line to the filenames.rules file: allow \.dat$ - - with no success. And to save time on an obvious question or two, Yes, I am using tabs between fields and Yes I am restarting MailScanner after an update. I am hoping that it is something very simple that I am missing. Any assistance would be greatly appreciated. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/352a4b21/smime-0001.bin From steve.freegard at fsl.com Tue May 5 18:50:25 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue May 5 18:50:35 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A0061D0.7010306@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: <4A007C61.1050609@fsl.com> Ken A wrote: > Steve Freegard wrote: >> Ken A wrote: >>> Miguel Angel Nieto wrote: >>>> Hi, >>>> >>>> I have the whitelists configured with MailWatch: >>>> >>>> Is Definitely Not Spam = &SQLWhitelist >>>> >>>> Mailscanner reads the whitelist: >>>> >>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>> whitelist entries >>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>> happen. >>>> >>>> What i'm doing wrong? >>> Nothing. That is normal behavior. Whitelisting does not exclude a >>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>> the message, so even if it scores above your 'high' threshold, it will >>> not be spam tagged or quarantined or whatever. >>> >>> If you want to exclude a message from scanning, you need to use the "Use >>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>> >> >> That's not quite correct. >> >> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >> run SA for messages that are whitelisted. >> >> Regards, >> Steve. > > Ah, that's a simpler to change, no ruleset required. Maybe I need to > read the config file again. It's been a couple years. :-) > Thanks for correcting me. No problem; it's actually not clear in the docs in MailScanner.conf what effect this option can have - it's from bitter experience and reading the code that I know about this behaviour. I always disable this option on sites that are struggling with load issues as it almost always helps. Cheers, Steve. From paul.lemmons at tmcaz.com Tue May 5 18:55:43 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 18:55:55 2009 Subject: Validating Email addresses Message-ID: <4A007D9F.7090403@tmcaz.com> We are getting a great deal of Spam bypassing both Postini and Mail Scanner due to a discrepancy between how these two products define an email address and the way Exchange does. The two scanning products recognize emails with a pipe character "|" at the beginning of the address as both valid and part of the email address. I believe this is in line with the email standards. Exchange, othe the other hand simply ignores the character. So a message sent to me@mydom.com and |me@mydom.com are seen as two different addresses by the scanning systems and as a single address by Exchange. I have tried with minimal success to check for the pipe using sendmail rules. I have it stopped but it is stopping more than it should. I would like to stop it with MailScanner. I have tried what appears to be obvious to me but so far I have not hit upon the magic combination of options to make this work. Has anyone else encountered this situation and come up with a solution? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/36dcb565/smime.bin From mark at msapiro.net Tue May 5 19:10:44 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue May 5 19:33:20 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <49FF5830.1050802@tecnoera.com> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> Message-ID: <20090505181044.GA384@msapiro> On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: > > now I have this: > May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the > processing-messages database > May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the > processing-messages database > May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the > processing-messages database When a child processes a batch, do you see log messages similar to May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database I.e. does the child say it deleted the messages from the processing-database, and if not are there other messages to indicate why not? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From eli at orbsky.homelinux.org Tue May 5 21:10:41 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 21:11:08 2009 Subject: Validating Email addresses In-Reply-To: <4A007D9F.7090403@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> Message-ID: <200905052310.41338.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: > We are getting a great deal of Spam bypassing both Postini and Mail > Scanner due to a discrepancy between how these two products define an > email address and the way Exchange does. The two scanning products > recognize emails with a pipe character "|" at the beginning of the > address as both valid and part of the email address. I believe this is > in line with the email standards. Exchange, othe the other hand simply > ignores the character. So a message sent to me@mydom.com and > |me@mydom.com are seen as two different addresses by the scanning > systems and as a single address by Exchange. > > I have tried with minimal success to check for the pipe using sendmail > rules. I have it stopped but it is stopping more than it should. I would > like to stop it with MailScanner. I have tried what appears to be > obvious to me but so far I have not hit upon the magic combination of > options to make this work. Has anyone else encountered this situation > and come up with a solution? > Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: http://www.benzedrine.cx/milter-regex.html It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e LegitimateTo = header /^TO$/i /(\|\|\)/e LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e LegitimateMail = $LegitimateTo or $LegitimateFrom discard not $LegitimateMail discard $IllegitimateTo -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Tue May 5 21:15:27 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 21:15:50 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: <200905052315.27727.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: Why is your cio trying to send a pptx (powerpoint xml) file? Why not send it as a standard ppt file? Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue May 5 21:29:41 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 21:30:01 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A0061D0.7010306@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: on 5-5-2009 8:57 AM Ken A spake the following: > Steve Freegard wrote: >> Ken A wrote: >>> Miguel Angel Nieto wrote: >>>> Hi, >>>> >>>> I have the whitelists configured with MailWatch: >>>> >>>> Is Definitely Not Spam = &SQLWhitelist >>>> >>>> Mailscanner reads the whitelist: >>>> >>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>> whitelist entries >>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>> happen. >>>> >>>> What i'm doing wrong? >>> Nothing. That is normal behavior. Whitelisting does not exclude a >>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>> the message, so even if it scores above your 'high' threshold, it will >>> not be spam tagged or quarantined or whatever. >>> >>> If you want to exclude a message from scanning, you need to use the "Use >>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>> >> >> That's not quite correct. >> >> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >> run SA for messages that are whitelisted. >> >> Regards, >> Steve. > > Ah, that's a simpler to change, no ruleset required. Maybe I need to > read the config file again. It's been a couple years. :-) That's OK, because the version you are running is a couple of years old anyway. It looks to have been written in January of 2006. MailScanner has made some very large strides since then. You might think about upgrading. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/9a102d89/signature.bin From paul.lemmons at tmcaz.com Tue May 5 21:29:59 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 21:30:12 2009 Subject: filetype rules and pptx files In-Reply-To: <200905052315.27727.eli@orbsky.homelinux.org> References: <4A007B11.5030700@tmcaz.com> <200905052315.27727.eli@orbsky.homelinux.org> Message-ID: <4A00A1C7.9090500@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Eli Wapniarski To: "mailscanner@lists.mailscanner.info" Date: 05/05/2009 01:15 PM > On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> > > Why is your cio trying to send a pptx (powerpoint xml) file? Why not send it as a standard ppt file? > > Eli > > And I quote (my CIO)... "...In order to send the file, I have to save it in 93-97 format and resend. A real pain and unnecessary. Please fix so I can send pptx attachments." So, there I am :/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/f021c835/smime.bin From ssilva at sgvwater.com Tue May 5 21:46:06 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 21:46:26 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: on 5-5-2009 10:44 AM Paul Lemmons spake the following: > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: > > $ file 0000.dat > 0000.dat: DOS executable (device driver) for DOS > > $ file -i 0000.dat > 0000.dat: text/plain charset=iso-8859-1 > > When I look at the file itself, it appears to be a bunch of binary zeros. > > I have tried to to add the following line to the filetypes.rules file: > > allow - text\/plain - - > allow - text/plain - - > > with no success. > > I also tried adding the following line to the filenames.rules file: > > allow \.dat$ - - > > with no success. > > And to save time on an obvious question or two, Yes, I am using tabs > between fields and Yes I am restarting MailScanner after an update. > > I am hoping that it is something very simple that I am missing. Any > assistance would be greatly appreciated. > The latest version has some conveniences added for this type of situation. Download, install, and read the changelog, and your life might get easier! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/0b5457cc/signature.bin From steve at fsl.com Tue May 5 21:53:01 2009 From: steve at fsl.com (Stephen Swaney) Date: Tue May 5 21:53:11 2009 Subject: filetype rules and pptx files In-Reply-To: <4A00A1C7.9090500@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> <200905052315.27727.eli@orbsky.homelinux.org> <4A00A1C7.9090500@tmcaz.com> Message-ID: <4A00A72D.2060809@fsl.com> Paul Lemmons wrote: > -------- Original Message -------- > Subject: filetype rules and pptx files > From: Eli Wapniarski > To: "mailscanner@lists.mailscanner.info" > > Date: 05/05/2009 01:15 PM >> On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: >> >>> Our CIO (of all people) is trying to send a PowerPoint 2007 document >>> and it is getting rejected. It turns out that the .pptx file is >>> really a zip archive and within that archive there is a file named >>> "0000.dat" which is getting identified as a DOS executable. When I >>> extract the file and run the file command against it I get the >>> following: >>> >> >> Why is your cio trying to send a pptx (powerpoint xml) file? Why not >> send it as a standard ppt file? >> >> Eli >> >> > And I quote (my CIO)... > > "...In order to send the file, I have to save it in 93-97 format and > resend. A real pain and unnecessary. Please fix so I can send pptx > attachments." > > So, there I am :/ Below are the filename rules we install as the default to allow for safe Office 2007 filenames to pass through MailScanner. We've had zero complaints since we started using these rules. DO NOT CUT "N PATE these rules into filename.rules.conf. You'll need to replace some of spaces with tabs for MailScanner to parse the rules. Remember: Syntax for filename.rules.conf rules is four fields: Field one: allow/deny/deny+delete, Field two: regular expression to match Field three: log text to use Field four: user report text. !!!!! NOTE: Fields are separated by TAB characters --- Important!!!!! And below are the rules: # ---- Start the Word 2007 File Type Extensions # ------------------------------------------- # docx - Word 2007 XML Document # docm - Word 2007 XML Macro-Enabled Document # dotx - Word 2007 XML Template # dotm - Word 2007 XML Macro-Enabled Template # Excel 2007 File Type Extension # ------------------------------------------- # xlsx - Excel 2007 XML Workbook # xlsm - Excel 2007 XML Macro-Enabled Workbook # xltx - Excel 2007 XML Template # xltm - Excel 2007 XML Macro-Enabled Template # xlsb - Excel 2007 binary workbook (BIFF12) # xlam - Excel 2007 XML Macro-Enabled Add-In # PowerPoint 2007 File Type Extension # ------------------------------------------- # pptx - PowerPoint 2007 XML Presentation # pptm - PowerPoint 2007 Macro-Enabled XML Presentation # potx - PowerPoint 2007 XML Template # potm - PowerPoint 2007 Macro-Enabled XML Template # ppam - PowerPoint 2007 Macro-Enabled XML Add-In # ppsx - PowerPoint 2007 XML Show # ppsm - PowerPoint 2007 Macro-Enabled XML Show # Word 2007 File Type Extensions # ------------------------------------------- allow \.docx$ Word 2007 XML Document Word 2007 XML Document deny \.docmx$ Word 2007 XML Macro-Enabled Document Word 2007 XML Macro-Enabled Document deny \.dotx$ Word 2007 XML Template Word 2007 XML Template deny \.dotm$ Word 2007 XML Macro-Enabled Template Word 2007 XML Macro-Enabled Template # Excel 2007 File Type Extension # ------------------------------------------- allow \.xlsx$ Excel 2007 XML Workbook Excel 2007 XML Workbook deny \.xlsm$ Excel 2007 XML Macro-Enabled Workbook Excel 2007 XML Macro-Enabled Workbook deny \.xltx$ Excel 2007 XML Template Excel 2007 XML Template deny \.xltm$ Excel 2007 XML Macro-Enabled Template Excel 2007 XML Macro-Enabled Template deny \.xlsb$ Excel 2007 binary workbook Excel 2007 binary workbook deny \.xlam$ Excel 2007 XML Macro-Enabled Add-In Excel 2007 XML Macro-Enabled Add-In # PowerPoint 2007 File Type Extension # ------------------------------------------- allow \.pptx$ PowerPoint 2007 XML Presentation PowerPoint 2007 XML Presentation deny \.pptm$ PowerPoint 2007 Macro-Enabled XML Presentation PowerPoint 2007 Macro-Enabled XML Presentation deny \.potx$ PowerPoint 2007 XML Template PowerPoint 2007 XML Template deny \.potm$ PowerPoint 2007 Macro-Enabled XML Template PowerPoint 2007 Macro-Enabled XML Template deny \.ppam$ PowerPoint 2007 Macro-Enabled XML Add-In PowerPoint 2007 Macro-Enabled XML Add-In deny \.ppsx$ PowerPoint 2007 XML Show PowerPoint 2007 XML Show deny \.ppsm$ PowerPoint 2007 Macro-Enabled XML Show PowerPoint 2007 Macro-Enabled XML Show # ------- End the Office 2007 rules Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available From ka at pacific.net Tue May 5 21:57:23 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 21:57:38 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: <4A00A833.3000706@pacific.net> Scott Silva wrote: > on 5-5-2009 8:57 AM Ken A spake the following: >> Steve Freegard wrote: >>> Ken A wrote: >>>> Miguel Angel Nieto wrote: >>>>> Hi, >>>>> >>>>> I have the whitelists configured with MailWatch: >>>>> >>>>> Is Definitely Not Spam = &SQLWhitelist >>>>> >>>>> Mailscanner reads the whitelist: >>>>> >>>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>>> whitelist entries >>>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>>> happen. >>>>> >>>>> What i'm doing wrong? >>>> Nothing. That is normal behavior. Whitelisting does not exclude a >>>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>>> the message, so even if it scores above your 'high' threshold, it will >>>> not be spam tagged or quarantined or whatever. >>>> >>>> If you want to exclude a message from scanning, you need to use the "Use >>>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>>> >>> That's not quite correct. >>> >>> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >>> run SA for messages that are whitelisted. >>> >>> Regards, >>> Steve. >> Ah, that's a simpler to change, no ruleset required. Maybe I need to >> read the config file again. It's been a couple years. :-) > > That's OK, because the version you are running is a couple of years old > anyway. It looks to have been written in January of 2006. MailScanner has made > some very large strides since then. You might think about upgrading. > > > > um.. no. Not sure where you get that idea. You must have me confused with the person who started the thread. I've done about 25 upgrades since Jan 06. I average about 10 a year, almost keeping pace with Julian. I wish I had more time to do beta testing, but I seem to 'think' I'm going to have more time than I actually do. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From rcooper at dwford.com Tue May 5 22:01:16 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 5 22:01:26 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: > > $ file 0000.dat > 0000.dat: DOS executable (device driver) for DOS > > $ file -i 0000.dat > 0000.dat: text/plain charset=iso-8859-1 > > When I look at the file itself, it appears to be a bunch of binary zeros. > > I have tried to to add the following line to the filetypes.rules file: > > allow - text\/plain - - > allow - text/plain - - > > with no success. > > I also tried adding the following line to the filenames.rules file: > > allow \.dat$ - - > > with no success. > > And to save time on an obvious question or two, Yes, I am using tabs > between fields and Yes I am restarting MailScanner after an update. > > I am hoping that it is something very simple that I am missing. Any > assistance would be greatly appreciated. You are going to have to pass it in the flietype rules as well. And you should be able to handle this failry easily with the latest version of MS and you won't have to allow raw files of this type through. The latest version allows you to apply rules specific to files within archives, and I think even speficy the type of archive to unarchive for checks as well. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jpabuyer at tecnoera.com Tue May 5 22:38:44 2009 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Tue May 5 22:39:01 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <20090505181044.GA384@msapiro> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <20090505181044.GA384@msapiro> Message-ID: <4A00B1E4.6040207@tecnoera.com> I had this feature disabled. Now I re-enabled it to see what happens: I see messages like these: May 5 17:29:41 anubis MailScanner[30612]: Connected to processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Using locktype = flock May 5 17:30:12 anubis MailScanner[30612]: New Batch: Found 141 messages waiting May 5 17:30:12 anubis MailScanner[30612]: New Batch: Scanning 3 messages, 828769 bytes ... May 5 17:30:34 anubis MailScanner[30612]: Requeue: 933CB39DEA6.A75E7 to 0ED7239CC08 May 5 17:30:34 anubis MailScanner[30612]: Uninfected: Delivered 2 messages May 5 17:30:35 anubis MailScanner[30612]: Deleted 3 messages from processing-database May 5 17:30:35 anubis MailScanner[30612]: Batch completed at 35483 bytes per second (828769 / 23) May 5 17:30:35 anubis MailScanner[30612]: Batch (3 messages) processed in 23.36 seconds But the number of messages in the processing messages database is increasing. Although sometimes it decreses. It's like it is deleting some messages, but not all of them. May 5 17:29:00 anubis MailScanner[29799]: Found 112 messages in the processing-messages database May 5 17:29:13 anubis MailScanner[30022]: Found 110 messages in the processing-messages database May 5 17:29:16 anubis MailScanner[30139]: Found 106 messages in the processing-messages database May 5 17:29:21 anubis MailScanner[30259]: Found 97 messages in the processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the processing-messages database ... May 5 17:35:31 anubis MailScanner[7161]: Found 154 messages in the processing-messages database JP Mark Sapiro wrote: > On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: > >> now I have this: >> May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the >> processing-messages database >> May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the >> processing-messages database >> May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the >> processing-messages database >> > > > > When a child processes a batch, do you see log messages similar to > > May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes > May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages > May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database > > I.e. does the child say it deleted the messages from the > processing-database, and if not are there other messages to indicate > why not? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/74e60ec4/attachment.html From ssilva at sgvwater.com Tue May 5 23:03:14 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 23:03:36 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A00A833.3000706@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> <4A00A833.3000706@pacific.net> Message-ID: on 5-5-2009 1:57 PM Ken A spake the following: > Scott Silva wrote: >> on 5-5-2009 8:57 AM Ken A spake the following: >>> Steve Freegard wrote: >>>> Ken A wrote: >>>>> Miguel Angel Nieto wrote: >>>>>> Hi, >>>>>> >>>>>> I have the whitelists configured with MailWatch: >>>>>> >>>>>> Is Definitely Not Spam = &SQLWhitelist >>>>>> >>>>>> Mailscanner reads the whitelist: >>>>>> >>>>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>>>> whitelist entries >>>>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>>>> happen. >>>>>> >>>>>> What i'm doing wrong? >>>>> Nothing. That is normal behavior. Whitelisting does not exclude a >>>>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>>>> the message, so even if it scores above your 'high' threshold, it will >>>>> not be spam tagged or quarantined or whatever. >>>>> >>>>> If you want to exclude a message from scanning, you need to use the >>>>> "Use >>>>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>>>> >>>> That's not quite correct. >>>> >>>> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >>>> run SA for messages that are whitelisted. >>>> >>>> Regards, >>>> Steve. >>> Ah, that's a simpler to change, no ruleset required. Maybe I need to >>> read the config file again. It's been a couple years. :-) >> >> That's OK, because the version you are running is a couple of years old >> anyway. It looks to have been written in January of 2006. MailScanner >> has made >> some very large strides since then. You might think about upgrading. >> >> >> >> > > um.. no. Not sure where you get that idea. You must have me confused > with the person who started the thread. > > I've done about 25 upgrades since Jan 06. I average about 10 a year, > almost keeping pace with Julian. I wish I had more time to do beta > testing, but I seem to 'think' I'm going to have more time than I > actually do. > > Ken > Sorry, I must have replied to the wrong message. That is what I get for having 2 monitors running full of help sessions and message threads. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/2fe7cb15/signature.bin From mrm at quantumcc.com Tue May 5 23:38:34 2009 From: mrm at quantumcc.com (Mike M) Date: Tue May 5 23:38:51 2009 Subject: Too Large or Too small or neither????? Message-ID: After updating to 4.76.23 from 4.74 today I had some users complain about not getting some messages. Here is a portion of the error they get: ---------------------------------------------------------------------- The original e-mail message, or an attachment it contained, was too large and has been removed. At Tue May 5 13:15:51 2009 the content filters said: MailScanner: Attachment is too small --------- All of the messages I've looked at with this problem appear to have both text and html versions. There's an example of a quarantined message at: http://pastebin.com/dc6ed9a1 If it would be helpful to see the qf file just let me know. I have changed the min attachment size from 1 to 0 for now so that hopefully these messages can go through, but I don't know what it is about these html emails that is triggering the attachment size filter. Oh and MailScanner --lint shows no errors. Any clues?? Mike From alex at rtpty.com Tue May 5 23:57:31 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 5 23:57:41 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> Message-ID: <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> > > > milter-limit? http://www.milter.info/sendmail/milter-limit/ this > milter responses with a 451 xxxx when the amount of N emails in M time > is reached, example when you have recieved 1000 emails in less than 5 > minutes sendmail starts answering with 451 (while the 5 minutes are > not complete) so the traffic should go away to other box. > > You have to take into account some broken mailservers will treat this as undeliverable and some others (broken in different ways) will take a long time to retry using the next server. You should keep an eye out for the possibility, even though it is remote. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/df160e70/attachment.html From ecasarero at gmail.com Wed May 6 03:40:48 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed May 6 03:41:13 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> Message-ID: <7d9b3cf20905051940w11617188gaf7bdafe9788cd06@mail.gmail.com> 2009/5/5 Alex Neuman : > >> >> >> milter-limit? http://www.milter.info/sendmail/milter-limit/ this >> milter responses with a 451 xxxx when the amount of N emails in M time >> is reached, example when you have recieved 1000 emails in less than 5 >> minutes sendmail starts answering with 451 (while the 5 minutes are >> not complete) so the traffic should go away to other box. >> > You have to take into account some broken mailservers will treat this as > undeliverable and some others (broken in different ways) will take a long > time to retry using the next server. You should keep an eye out for the > possibility, even though it is remote. > i'm actually using milter-greylisting, in fact i did have problems in the past with bugged Exchange's (just a couple) now a days i have no complies, In my setup i apply limits per to_address, no to_domain. > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Wed May 6 09:54:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:54:50 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <4A015044.2010903@ecs.soton.ac.uk> Message-ID: On 05/05/2009 21:46, Scott Silva wrote: > on 5-5-2009 10:44 AM Paul Lemmons spake the following: > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> >> $ file 0000.dat >> 0000.dat: DOS executable (device driver) for DOS >> >> $ file -i 0000.dat >> 0000.dat: text/plain charset=iso-8859-1 >> >> When I look at the file itself, it appears to be a bunch of binary zeros. >> >> I have tried to to add the following line to the filetypes.rules file: >> >> allow - text\/plain - - >> allow - text/plain - - >> >> with no success. >> >> I also tried adding the following line to the filenames.rules file: >> >> allow \.dat$ - - >> >> with no success. >> >> And to save time on an obvious question or two, Yes, I am using tabs >> between fields and Yes I am restarting MailScanner after an update. >> >> I am hoping that it is something very simple that I am missing. Any >> assistance would be greatly appreciated. >> >> > The latest version has some conveniences added for this type of situation. > Download, install, and read the changelog, and your life might get easier! > > Yes, you want the latest release with a filetype rule allowing executables in archives, *or else* Use the MIME type of the 0000.dat file and put in a line allowing that in the normal filetype.rules.conf, but read the stuff at the top of the file on how to specify the MIME type of the file, and put the rule above the line that denies executables. "file -i" which works out the MIME type, often produces different results from "file" which is what is normally used. The filetype.rules.conf file allows you to specify the MIME type instead of the keywords to look for in the output of the "file" command, read the docs. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 09:57:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:57:33 2009 Subject: Validating Email addresses In-Reply-To: <4A007D9F.7090403@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> Message-ID: On 05/05/2009 18:55, Paul Lemmons wrote: > We are getting a great deal of Spam bypassing both Postini and Mail > Scanner due to a discrepancy between how these two products define an > email address and the way Exchange does. The two scanning products > recognize emails with a pipe character "|" at the beginning of the > address as both valid and part of the email address. I believe this is > in line with the email standards. Exchange, othe the other hand simply > ignores the character. So a message sent to me@mydom.com and > |me@mydom.com are seen as two different addresses by the scanning > systems and as a single address by Exchange. Set "Reject Messages" to point to a ruleset, and have a ruleset that looks roughly like this: FromOrTo: /^\|/ yes FromOrTo: default no and MailScanner will reject messages coming from or going to an address starting with a pipe character. Simple as that. Remember to "service MailScanner reload" after changing the ruleset and MailScanner.conf file. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 09:58:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:59:06 2009 Subject: filetype rules and pptx files In-Reply-To: <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> References: <4A007B11.5030700@tmcaz.com> <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> <4A015140.1060302@ecs.soton.ac.uk> Message-ID: On 05/05/2009 22:01, Rick Cooper wrote: > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: > mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files > > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> >> $ file 0000.dat >> 0000.dat: DOS executable (device driver) for DOS >> >> $ file -i 0000.dat >> 0000.dat: text/plain charset=iso-8859-1 >> >> When I look at the file itself, it appears to be a bunch of binary zeros. >> >> I have tried to to add the following line to the filetypes.rules file: >> >> allow - text\/plain - - >> allow - text/plain - - >> >> with no success. >> >> I also tried adding the following line to the filenames.rules file: >> >> allow \.dat$ - - >> >> with no success. >> >> And to save time on an obvious question or two, Yes, I am using tabs >> between fields and Yes I am restarting MailScanner after an update. >> >> I am hoping that it is something very simple that I am missing. Any >> assistance would be greatly appreciated. >> > You are going to have to pass it in the flietype rules as well. And you > should be able to handle this failry easily with the latest version of MS > and you won't have to allow raw files of this type through. The latest > version allows you to apply rules specific to files within archives, and I > think even speficy the type of archive to unarchive for checks as well. > Correct. But give the MIME type stuff a go as well, as "file -i" may produce a very different answer for your 0000.dat file from the output of the plain "file" command with no "-i". Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 10:01:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 10:01:29 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <4A00B1E4.6040207@tecnoera.com> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <20090505181044.GA384@msapiro> <4A00B1E4.6040207@tecnoera.com> <4A0151D3.8060808@ecs.soton.ac.uk> Message-ID: You can only accurately see if there any messages abandoned by letting a) MailScanner stop nicely or b) wait until there are no messages outstanding in your queue and all batches of messages still being processed have been delivered. Or else it will report the number of messages being processed by the sum of all the other MailScanner children, which may be quite a large number. Also make sure you are running the latest stable release as earlier releases had a problem with the number not going down properly on Postfix systems. On 05/05/2009 22:38, Juan Pablo Abuyeres wrote: > I had this feature disabled. Now I re-enabled it to see what happens: > > I see messages like these: > > May 5 17:29:41 anubis MailScanner[30612]: Connected to > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Using locktype = flock > May 5 17:30:12 anubis MailScanner[30612]: New Batch: Found 141 > messages waiting > May 5 17:30:12 anubis MailScanner[30612]: New Batch: Scanning 3 > messages, 828769 bytes > ... > May 5 17:30:34 anubis MailScanner[30612]: Requeue: 933CB39DEA6.A75E7 > to 0ED7239CC08 > May 5 17:30:34 anubis MailScanner[30612]: Uninfected: Delivered 2 > messages > May 5 17:30:35 anubis MailScanner[30612]: Deleted 3 messages from > processing-database > May 5 17:30:35 anubis MailScanner[30612]: Batch completed at 35483 > bytes per second (828769 / 23) > May 5 17:30:35 anubis MailScanner[30612]: Batch (3 messages) > processed in 23.36 seconds > > But the number of messages in the processing messages database is > increasing. Although sometimes it decreses. It's like it is deleting > some messages, but not all of them. > > May 5 17:29:00 anubis MailScanner[29799]: Found 112 messages in the > processing-messages database > May 5 17:29:13 anubis MailScanner[30022]: Found 110 messages in the > processing-messages database > May 5 17:29:16 anubis MailScanner[30139]: Found 106 messages in the > processing-messages database > May 5 17:29:21 anubis MailScanner[30259]: Found 97 messages in the > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the > processing-messages database > ... > May 5 17:35:31 anubis MailScanner[7161]: Found 154 messages in the > processing-messages database > > > JP > > Mark Sapiro wrote: >> On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: >> >>> now I have this: >>> May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the >>> processing-messages database >>> May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the >>> processing-messages database >>> May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the >>> processing-messages database >>> >> >> >> >> When a child processes a batch, do you see log messages similar to >> >> May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes >> May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages >> May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database >> >> I.e. does the child say it deleted the messages from the >> processing-database, and if not are there other messages to indicate >> why not? >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 10:57:17 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 10:57:45 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051629.28486.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <200905051629.28486.eli@orbsky.homelinux.org> Message-ID: <200905061257.17355.eli@orbsky.homelinux.org> Hi Julian If this is getting annoynig please forgive me. Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. My request would be to please indicate what problems would crop up with the procedure as outlined. Once again thanks for any insight you would be willing to provide. Sincerely Eli Wapniarski ----------------------------------------- DISCOVERING DEFAULT BUILD ARCH ------------------------------------------ With rpm there is a default build arch. You can discover what that is and isolate it by running. rpm --showrc | awk '/^build arch/ {print $NF}' so.... rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') echo rpmBuildArch will produce x86_64 or i386 or i586 depending on the default value. -------------------------------------------------------- REBUILDING RPMs USING THE DEFAULT BUILD ARCH -------------------------------------------------------- (I've tested this with your perl-IO package) I've installed the perl-IO SRPM after removing the BUILDARCH parameter from the perl-IO spec filed I ran rpmbuild -ba perl-IO.spec. The module rebuilt successfully. ------------------------------------- INSTALLING THE REBUILT MODULE ------------------------------------- To install the module I ran rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm perl-IO was found and installed as expected. Again, thanks for your patience. Eli Wapniarski -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From correo at miguelangelnieto.net Wed May 6 10:23:00 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Wed May 6 10:58:20 2009 Subject: disable recipent virus notifications Message-ID: <1241601780.2772.3.camel@miguel.irontec.com> Hi, How can I disable virus notifications to recipients? I want only to delete them :) I tried to disable "Deleted Virus Message Report" with no luck :( Thank you. From eli at orbsky.homelinux.org Wed May 6 10:59:54 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 11:00:22 2009 Subject: Validating Email addresses In-Reply-To: <200905052310.41338.eli@orbsky.homelinux.org> References: <4A007D9F.7090403@tmcaz.com> <200905052310.41338.eli@orbsky.homelinux.org> Message-ID: <200905061259.54928.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 23:10:41 Eli Wapniarski wrote: > On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: > > We are getting a great deal of Spam bypassing both Postini and Mail > > Scanner due to a discrepancy between how these two products define an > > email address and the way Exchange does. The two scanning products > > recognize emails with a pipe character "|" at the beginning of the > > address as both valid and part of the email address. I believe this is > > in line with the email standards. Exchange, othe the other hand simply > > ignores the character. So a message sent to me@mydom.com and > > |me@mydom.com are seen as two different addresses by the scanning > > systems and as a single address by Exchange. > > > > I have tried with minimal success to check for the pipe using sendmail > > rules. I have it stopped but it is stopping more than it should. I would > > like to stop it with MailScanner. I have tried what appears to be > > obvious to me but so far I have not hit upon the magic combination of > > options to make this work. Has anyone else encountered this situation > > and come up with a solution? > > > > Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. > > If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: > > http://www.benzedrine.cx/milter-regex.html > > It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. > > > IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e > LegitimateTo = header /^TO$/i /(\|\|\)/e > LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e > LegitimateMail = $LegitimateTo or $LegitimateFrom > discard not $LegitimateMail > discard $IllegitimateTo > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > I just read your response to Paul. Am I able to implement what I wrote above in "Reject Messages" ? Thanks Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:39:38 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:39:57 2009 Subject: disable recipent virus notifications In-Reply-To: <1241601780.2772.3.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> Message-ID: On 06/05/2009 10:23, Miguel Angel Nieto wrote: > Hi, > > How can I disable virus notifications to recipients? > > I want only to delete them :) > Silent Viruses = All-Viruses > I tried to disable "Deleted Virus Message Report" with no luck :( > > Thank you. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:40:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:41:12 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061257.17355.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <200905051629.28486.eli@orbsky.homelinux.org> <200905061257.17355.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> Message-ID: But as I keep saying, where is it going to automatically put an RPM that has no binary code in it at all and is therefore totally architecture-independent? On 06/05/2009 10:57, Eli Wapniarski wrote: > Hi Julian > > If this is getting annoynig please forgive me. > > Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. > > The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. > > My request would be to please indicate what problems would crop up with the procedure as outlined. > > Once again thanks for any insight you would be willing to provide. > > Sincerely > > Eli Wapniarski > > ----------------------------------------- > DISCOVERING DEFAULT BUILD ARCH > ------------------------------------------ > > With rpm there is a default build arch. You can discover what that is and isolate it by running. > > > rpm --showrc | awk '/^build arch/ {print $NF}' > > so.... > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > echo rpmBuildArch will produce > > x86_64 or i386 or i586 depending on the default value. > > > -------------------------------------------------------- > REBUILDING RPMs USING THE DEFAULT BUILD ARCH > -------------------------------------------------------- > > (I've tested this with your perl-IO package) > > I've installed the perl-IO SRPM > > after removing the BUILDARCH parameter from the perl-IO spec filed I ran > > rpmbuild -ba perl-IO.spec. > > The module rebuilt successfully. > > > ------------------------------------- > INSTALLING THE REBUILT MODULE > ------------------------------------- > > To install the module I ran > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm > > perl-IO was found and installed as expected. > > > Again, thanks for your patience. > > Eli Wapniarski > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:41:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:42:10 2009 Subject: Validating Email addresses In-Reply-To: <200905061259.54928.eli@orbsky.homelinux.org> References: <4A007D9F.7090403@tmcaz.com> <200905052310.41338.eli@orbsky.homelinux.org> <200905061259.54928.eli@orbsky.homelinux.org> <4A016967.8030203@ecs.soton.ac.uk> Message-ID: On 06/05/2009 10:59, Eli Wapniarski wrote: > On Tuesday 05 May 2009 23:10:41 Eli Wapniarski wrote: > >> On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: >> >>> We are getting a great deal of Spam bypassing both Postini and Mail >>> Scanner due to a discrepancy between how these two products define an >>> email address and the way Exchange does. The two scanning products >>> recognize emails with a pipe character "|" at the beginning of the >>> address as both valid and part of the email address. I believe this is >>> in line with the email standards. Exchange, othe the other hand simply >>> ignores the character. So a message sent to me@mydom.com and >>> |me@mydom.com are seen as two different addresses by the scanning >>> systems and as a single address by Exchange. >>> >>> I have tried with minimal success to check for the pipe using sendmail >>> rules. I have it stopped but it is stopping more than it should. I would >>> like to stop it with MailScanner. I have tried what appears to be >>> obvious to me but so far I have not hit upon the magic combination of >>> options to make this work. Has anyone else encountered this situation >>> and come up with a solution? >>> >>> >> Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. >> >> If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: >> >> http://www.benzedrine.cx/milter-regex.html >> >> It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. >> >> >> IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e >> LegitimateTo = header /^TO$/i /(\|\|\)/e >> LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e >> LegitimateMail = $LegitimateTo or $LegitimateFrom >> discard not $LegitimateMail >> discard $IllegitimateTo >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > I just read your response to Paul. Am I able to implement what I wrote above in "Reject Messages" ? > Yes, just turn it into a ruleset. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 12:00:15 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 12:00:38 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> Message-ID: <200905061400.15369.eli@orbsky.homelinux.org> Are you talking about the MailScanner rpm itself? If so what does it really matter? MailScanner, because it has no binary dependancies remains noarch. You aren't rebuilding mailscanner anyway and it installs where you already says its to be installed. No problem. If the environment variables for perl are set correctly then running the particular commands as is will find them which is what happens in any case. Eli On Wednesday 06 May 2009 13:40:53 Julian Field wrote: > But as I keep saying, where is it going to automatically put an RPM that > has no binary code in it at all and is therefore totally > architecture-independent? > > On 06/05/2009 10:57, Eli Wapniarski wrote: > > Hi Julian > > > > If this is getting annoynig please forgive me. > > > > Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. > > > > The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. > > > > My request would be to please indicate what problems would crop up with the procedure as outlined. > > > > Once again thanks for any insight you would be willing to provide. > > > > Sincerely > > > > Eli Wapniarski > > > > ----------------------------------------- > > DISCOVERING DEFAULT BUILD ARCH > > ------------------------------------------ > > > > With rpm there is a default build arch. You can discover what that is and isolate it by running. > > > > > > rpm --showrc | awk '/^build arch/ {print $NF}' > > > > so.... > > > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > echo rpmBuildArch will produce > > > > x86_64 or i386 or i586 depending on the default value. > > > > > > -------------------------------------------------------- > > REBUILDING RPMs USING THE DEFAULT BUILD ARCH > > -------------------------------------------------------- > > > > (I've tested this with your perl-IO package) > > > > I've installed the perl-IO SRPM > > > > after removing the BUILDARCH parameter from the perl-IO spec filed I ran > > > > rpmbuild -ba perl-IO.spec. > > > > The module rebuilt successfully. > > > > > > ------------------------------------- > > INSTALLING THE REBUILT MODULE > > ------------------------------------- > > > > To install the module I ran > > > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm > > > > perl-IO was found and installed as expected. > > > > > > Again, thanks for your patience. > > > > Eli Wapniarski > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 12:11:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 12:11:47 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061400.15369.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> <200905061400.15369.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: No, I'm talking about all the RPMs installed by install.sh that are required by MailScanner. Many of these are architecture-independent. If I don't give them a BuildArch and know the BuildArch that it is going to use, how can I possibly know which directory to find them in? I'm getting really bored with this conversation, sorry. We are clearly having a severe communication failure, you're just not understanding the cases I'm talking about over and over again. Jules. On 06/05/2009 12:00, Eli Wapniarski wrote: > Are you talking about the MailScanner rpm itself? If so what does it really matter? MailScanner, because it has no binary dependancies remains noarch. You aren't rebuilding mailscanner anyway and it installs where you already says its to be installed. No problem. If the environment variables for perl are set correctly then running the particular commands as is will find them which is what happens in any case. > > Eli > > On Wednesday 06 May 2009 13:40:53 Julian Field wrote: > >> But as I keep saying, where is it going to automatically put an RPM that >> has no binary code in it at all and is therefore totally >> architecture-independent? >> >> On 06/05/2009 10:57, Eli Wapniarski wrote: >> >>> Hi Julian >>> >>> If this is getting annoynig please forgive me. >>> >>> Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. >>> >>> The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. >>> >>> My request would be to please indicate what problems would crop up with the procedure as outlined. >>> >>> Once again thanks for any insight you would be willing to provide. >>> >>> Sincerely >>> >>> Eli Wapniarski >>> >>> ----------------------------------------- >>> DISCOVERING DEFAULT BUILD ARCH >>> ------------------------------------------ >>> >>> With rpm there is a default build arch. You can discover what that is and isolate it by running. >>> >>> >>> rpm --showrc | awk '/^build arch/ {print $NF}' >>> >>> so.... >>> >>> rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') >>> echo rpmBuildArch will produce >>> >>> x86_64 or i386 or i586 depending on the default value. >>> >>> >>> -------------------------------------------------------- >>> REBUILDING RPMs USING THE DEFAULT BUILD ARCH >>> -------------------------------------------------------- >>> >>> (I've tested this with your perl-IO package) >>> >>> I've installed the perl-IO SRPM >>> >>> after removing the BUILDARCH parameter from the perl-IO spec filed I ran >>> >>> rpmbuild -ba perl-IO.spec. >>> >>> The module rebuilt successfully. >>> >>> >>> ------------------------------------- >>> INSTALLING THE REBUILT MODULE >>> ------------------------------------- >>> >>> To install the module I ran >>> >>> rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') >>> rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm >>> >>> perl-IO was found and installed as expected. >>> >>> >>> Again, thanks for your patience. >>> >>> Eli Wapniarski >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at elasticmind.net Wed May 6 12:29:57 2009 From: lists at elasticmind.net (mog) Date: Wed May 6 12:30:51 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 Message-ID: <4A0174B5.3050207@elasticmind.net> Greetings everyone, I've just recently upgraded to MailScanner version MailScanner-4.75.11 using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is unable to process mail. When MailScanner tries to run it reports the following type of error: MailScanner[42585]: Could not use Custom Function code /usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it could not be "require"d. Make sure the last line is "1;" and the module is correct with perl -wc (Error: Insecure dependency in require while running with -T switch at /usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) The same error is reported for all of the following functions: ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, Ruleset-from-Function.pm. A helpful fellow suggested I check with some perl people to see what the -T switch of perl means, and then ask on the mailing list for some more information. Some perl people said the -T is a 'taint mode' designed to perform additional safety/sanity checks on the code, and apparently the Function modules are using, or "require"-ing, some user provided data; which is all in turn causing MailScanner to break on FreeBSD systems running perl versions higher than 5.8.8. This has the effect of preventing any FreeBSD servers running MailScanner from being able to be updated - kind of crippling them :( Unfortunately I don't know enough about perl or what MailScanner is doing with these functions in order to solve the problem and make MailScanner work on FreeBSD again. If anyone could please help with this it would be greatly appreciated. Thank you in advance for your time and consideration. Regards, Moggie. From eli at orbsky.homelinux.org Wed May 6 12:32:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 12:33:03 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: <200905061432.39368.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > No, I'm talking about all the RPMs installed by install.sh that are > required by MailScanner. Many of these are architecture-independent. If > I don't give them a BuildArch and know the BuildArch that it is going to > use, how can I possibly know which directory to find them in? > > I'm getting really bored with this conversation, sorry. We are clearly > having a severe communication failure, you're just not understanding the > cases I'm talking about over and over again. > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Johan at double-l.nl Wed May 6 12:40:50 2009 From: Johan at double-l.nl (Johan Hendriks) Date: Wed May 6 12:41:02 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 References: <4A0174B5.3050207@elasticmind.net> Message-ID: <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> >Greetings everyone, > >I've just recently upgraded to MailScanner version MailScanner-4.75.11 >using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is >unable to process mail. When MailScanner tries to run it reports the >following type of error: >MailScanner[42585]: Could not use Custom Function code >/usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it >could not be "require"d. Make sure the last line is "1;" and the module >is correct with perl -wc (Error: Insecure dependency in require while >running with -T switch at >/usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) > > >The same error is reported for all of the following functions: >ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, >LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, >Ruleset-from-Function.pm. >A helpful fellow suggested I check with some perl people to see what the >-T switch of perl means, and then ask on the mailing list for some more >information. Some perl people said the -T is a 'taint mode' designed to >perform additional safety/sanity checks on the code, and apparently the >Function modules are using, or "require"-ing, some user provided data; >which is all in turn causing MailScanner to break on FreeBSD systems >running perl versions higher than 5.8.8. This has the effect of >preventing any FreeBSD servers running MailScanner from being able to be >updated - kind of crippling them :( >Unfortunately I don't know enough about perl or what MailScanner is >doing with these functions in order to solve the problem and make >MailScanner work on FreeBSD again. If anyone could please help with this >it would be greatly appreciated. > >Thank you in advance for your time and consideration. > >Regards, >Moggie. You can do 2 things. 1 revert back to perl 5.8.8, it will all work like it should after going back to 5.8.8 2 Upgrade to 5.10.x see /usr/port/UPDATING how to upgrade your perl to 5.10 With perl 5.10 things will start to work again. I had the same issue, on my servers i am running MailScanner-4.75.11 with perl-5.10.x This is on 8.0 and 7.x systems, both i386 and amd64. I would go for option 2 Regards, Johan Hendriks Double L Automatisering No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.325 / Virus Database: 270.12.18/2096 - Release Date: 05/06/09 06:04:00 From correo at miguelangelnieto.net Wed May 6 12:08:58 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Wed May 6 12:44:36 2009 Subject: disable recipent virus notifications In-Reply-To: References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> Message-ID: <1241608138.2772.8.camel@miguel.irontec.com> Hi, El mi?, 06-05-2009 a las 11:39 +0100, Julian Field escribi?: > > On 06/05/2009 10:23, Miguel Angel Nieto wrote: > > Hi, > > > > How can I disable virus notifications to recipients? > > > > I want only to delete them :) > > > Silent Viruses = All-Viruses I have: # The default of "All-Viruses" means that no senders of viruses will be # notified (as the sender address is always forged these days anyway), # but anyone who sends a message that is blocked for other reasons will # still be notified. # # This can also be the filename of a ruleset. Silent Viruses = All-Viruses The comment says: "no senders of viruses will be notified". My problem is with my clients, the recipients. I dont want to tell them that they have received a Virus. Not the senders. Thank you. From lists at elasticmind.net Wed May 6 12:48:10 2009 From: lists at elasticmind.net (mog) Date: Wed May 6 12:49:02 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 In-Reply-To: <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> References: <4A0174B5.3050207@elasticmind.net> <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> Message-ID: <4A0178FA.9020601@elasticmind.net> Johan Hendriks wrote: >> Greetings everyone, >> >> I've just recently upgraded to MailScanner version MailScanner-4.75.11 >> using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is >> unable to process mail. When MailScanner tries to run it reports the >> following type of error: >> > > > >> MailScanner[42585]: Could not use Custom Function code >> /usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it >> could not be "require"d. Make sure the last line is "1;" and the module >> is correct with perl -wc (Error: Insecure dependency in require while >> running with -T switch at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) >> >> >> The same error is reported for all of the following functions: >> ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, >> LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, >> Ruleset-from-Function.pm. >> > > >> A helpful fellow suggested I check with some perl people to see what the >> -T switch of perl means, and then ask on the mailing list for some more >> information. Some perl people said the -T is a 'taint mode' designed to >> perform additional safety/sanity checks on the code, and apparently the >> Function modules are using, or "require"-ing, some user provided data; >> which is all in turn causing MailScanner to break on FreeBSD systems >> running perl versions higher than 5.8.8. This has the effect of >> preventing any FreeBSD servers running MailScanner from being able to be >> updated - kind of crippling them :( >> > > >> Unfortunately I don't know enough about perl or what MailScanner is >> doing with these functions in order to solve the problem and make >> MailScanner work on FreeBSD again. If anyone could please help with this >> it would be greatly appreciated. >> >> Thank you in advance for your time and consideration. >> >> Regards, >> Moggie. >> > > You can do 2 things. > 1 revert back to perl 5.8.8, it will all work like it should after going back to 5.8.8 > 2 Upgrade to 5.10.x see /usr/port/UPDATING how to upgrade your perl to 5.10 > With perl 5.10 things will start to work again. > > I had the same issue, on my servers i am running MailScanner-4.75.11 with perl-5.10.x > This is on 8.0 and 7.x systems, both i386 and amd64. > > I would go for option 2 > Regards, > Johan Hendriks > Double L Automatisering > Ahhh, cool thanks, I'll give that a go now. Yeah reverting back to 5.8.8 was necessary when the problem was first encountered, but it's not really an option for a long term solution. I'll upgrade to 5.10 and see how it goes. With thanks, mog From MailScanner at ecs.soton.ac.uk Wed May 6 14:06:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:06:39 2009 Subject: disable recipent virus notifications In-Reply-To: <1241608138.2772.8.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> <1241608138.2772.8.camel@miguel.irontec.com> <4A018B4C.3080200@ecs.soton.ac.uk> Message-ID: On 06/05/2009 12:08, Miguel Angel Nieto wrote: > Hi, > > El mi?, 06-05-2009 a las 11:39 +0100, Julian Field escribi?: > >> On 06/05/2009 10:23, Miguel Angel Nieto wrote: >> >>> Hi, >>> >>> How can I disable virus notifications to recipients? >>> >>> I want only to delete them :) >>> >>> >> Silent Viruses = All-Viruses >> > I have: > > # The default of "All-Viruses" means that no senders of viruses will be > # notified (as the sender address is always forged these days anyway), > # but anyone who sends a message that is blocked for other reasons will > # still be notified. > # > # This can also be the filename of a ruleset. > Silent Viruses = All-Viruses > > The comment says: "no senders of viruses will be notified". > > My problem is with my clients, the recipients. I dont want to tell them > that they have received a Virus. Not the senders. > From the docs above the "Silent Viruses" setting, # If a virus name is given here, then # 1) The sender will not be warned that he sent it # 2) No attempt at true disinfection will take place # (but it will still be "cleaned" by removing the nasty attachments # from the message) # 3) The recipient will not receive the message, # unless the "Still Deliver Silent Viruses" option is set So make sure you don't have "Still Deliver Silent Viruses" set. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 14:07:11 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:07:33 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061432.39368.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061432.39368.eli@orbsky.homelinux.org> <4A018B7F.1020703@ecs.soton.ac.uk> Message-ID: On 06/05/2009 12:32, Eli Wapniarski wrote: > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > >> No, I'm talking about all the RPMs installed by install.sh that are >> required by MailScanner. Many of these are architecture-independent. If >> I don't give them a BuildArch and know the BuildArch that it is going to >> use, how can I possibly know which directory to find them in? >> >> I'm getting really bored with this conversation, sorry. We are clearly >> having a severe communication failure, you're just not understanding the >> cases I'm talking about over and over again. >> >> > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. > Loads of them. Take File::Temp as a trivial example. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailbag at partnersolutions.ca Wed May 6 14:08:39 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed May 6 14:08:40 2009 Subject: disable recipent virus notifications In-Reply-To: <1241608138.2772.8.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com><4A0168EA.6050505@ecs.soton.ac.uk> <1241608138.2772.8.camel@miguel.irontec.com> Message-ID: <0A5EC380C825E440B3BB048CDE603A16593A@PSIMS002.pshosting.intranet> > My problem is with my clients, the recipients. I dont want to tell > them > that they have received a Virus. Not the senders. Make sure that also have "Still Deliver Silent Viruses = no". Cheers, -Joshua From eli at orbsky.homelinux.org Wed May 6 14:31:36 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 14:32:00 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: <200905061631.36677.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > No, I'm talking about all the RPMs installed by install.sh that are > required by MailScanner. Many of these are architecture-independent. If > I don't give them a BuildArch and know the BuildArch that it is going to > use, how can I possibly know which directory to find them in? Without the Buildarch parameter, you know where they will be installed because there are defaults. When you specify the Buildarch parameter in the spec file you are overriding the default installation path. x86_64 libraries by default will be installed in /usr/lib64 ix86 will by default be installed in /usr/lib These values are not dependant on binary dependancies the are default values. You do not need to know where they will be installed because the defaults will determine that for you. You do not need Buildarch in your specs. /usr/bin is still /usr/bin /bin is still /bin etc. These are the defaul values. The default values and macros can be found in folder /usr/lib/rpm You can see them all by issuing the command rpm --showrc There a heck of alot of them. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 14:47:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:47:56 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061631.36677.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061631.36677.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: On 06/05/2009 14:31, Eli Wapniarski wrote: > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > >> No, I'm talking about all the RPMs installed by install.sh that are >> required by MailScanner. Many of these are architecture-independent. If >> I don't give them a BuildArch and know the BuildArch that it is going to >> use, how can I possibly know which directory to find them in? >> > Sorry, I give up. > Without the Buildarch parameter, you know where they will be installed because there are defaults. > > When you specify the Buildarch parameter in the spec file you are overriding the default installation path. > > > > x86_64 libraries by default will be installed in /usr/lib64 > > ix86 will by default be installed in /usr/lib > > > These values are not dependant on binary dependancies the are default values. > > > You do not need to know where they will be installed because the defaults will determine that for you. > > > You do not need Buildarch in your specs. > > > /usr/bin is still /usr/bin > > /bin is still /bin > > etc. > > > These are the defaul values. The default values and macros can be found in folder /usr/lib/rpm > > > You can see them all by issuing the command > > rpm --showrc > > There a heck of alot of them. > > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 14:47:43 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 14:48:08 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A018B7F.1020703@ecs.soton.ac.uk> Message-ID: <200905061647.43989.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 16:07:11 Julian Field wrote: > > On 06/05/2009 12:32, Eli Wapniarski wrote: > > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > > > >> No, I'm talking about all the RPMs installed by install.sh that are > >> required by MailScanner. Many of these are architecture-independent. If > >> I don't give them a BuildArch and know the BuildArch that it is going to > >> use, how can I possibly know which directory to find them in? > >> > >> I'm getting really bored with this conversation, sorry. We are clearly > >> having a severe communication failure, you're just not understanding the > >> cases I'm talking about over and over again. > >> > >> > > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. > > > Loads of them. Take File::Temp as a trivial example. > OK... Let me work on it. I should get back to you sometime tomorrow if nothing gets in the way. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Wed May 6 15:18:51 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed May 6 15:19:26 2009 Subject: message-processing db notifications Message-ID: Julian: An observation, relatively minor, about the new message processing database... There is an associated hourly cron job 'processing_messages_alert' which sends notifications using the 'Notices To' setting of 'MailScanner.conf'. This happens even if the config file says 'Send Notices = no'. And that doesn't seem right. Historically, these notification settings were originally concerned with virus processing but are now, in effect, being deployed beyond that original scope. I can see two reasonably straightforward resolutions: 1. Adjust comments in MS.conf to include expanded scope. 2. Consider different sets of notification definitions for different classes of events: e.g. existing set 'as-is' for viruses; a new set for the message-db; (then another new set for the next feature, etc.). The first is very easy for you to implement, but imposes a "one size has to fit all" behaviour. The second allows a site to tailor different notification levels for different classes of events. (Might some sort of 'ruleset'-like capability assist?) P.S. We have now rolled out "4.76.24-3" on the majority of our gateways and it is going well. Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From jonas.lilja at sigma.se Wed May 6 15:34:12 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 15:34:24 2009 Subject: Perl problems on Fedora 9 Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. make: *** [manifypods] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. Maybe it did not build correctly? ------------------------------------ I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. Please give me a hint. Jonas PS - sorry for running MS on Fedora. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/79cb65bc/attachment.html From raymond at prolocation.net Wed May 6 15:37:41 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Wed May 6 15:37:49 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: Hi! > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib Try to instal Pod::Simple with cpan (for example) Bye, Raymond. From mrm at quantumcc.com Wed May 6 15:49:14 2009 From: mrm at quantumcc.com (Mike M) Date: Wed May 6 15:49:28 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: Message-ID: Mike M wrote: > After updating to 4.76.23 from 4.74 today I had some users complain > about not getting some messages. Here is a portion of the error they get: > > > ---------------------------------------------------------------------- > The original e-mail message, or an attachment it contained, was too > large and has been removed. > > > > At Tue May 5 13:15:51 2009 the content filters said: > MailScanner: Attachment is too small > > > --------- > > All of the messages I've looked at with this problem appear to have both > text and html versions. There's an example of a quarantined message > at: http://pastebin.com/dc6ed9a1 > > If it would be helpful to see the qf file just let me know. > > I have changed the min attachment size from 1 to 0 for now so that > hopefully these messages can go through, but I don't know what it is > about these html emails that is triggering the attachment size filter. > Oh and MailScanner --lint shows no errors. Any clues?? > CORRECTION: It is happening to just plain text messages as well. What should I be looking for to determine why Mailscanner is thinking messages have 0 byte attachments when I can't find anything in the qf or df files in the quarantine that look like any sort of attachment is included with the email? Does the fact that the error message states that the attachment is too large in one spot and too small in another indicate anything special that might point me in the right direction to troubleshoot? I've been using MailScanner for years and have never had a problem upgrading countless times before, but this is occuring on more then one server since I upgraded yesterday. From eli at orbsky.homelinux.org Wed May 6 18:13:34 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 18:14:01 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905062013.34296.eli@orbsky.homelinux.org> Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > > Please give me a hint. > > Jonas > > PS - sorry for running MS on Fedora. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Robert.Meurlin at se.fujitsu.com Wed May 6 18:24:04 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed May 6 18:24:40 2009 Subject: error: Failed dependencies Message-ID: Hi all, I get this error when I try to upgrade MailScanner (The version now is like 4.71) to 4.76.24-3: error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 But I have installed http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz so i dont now why I get this error? /thanks Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/807b91dd/attachment.html From shuttlebox at gmail.com Wed May 6 18:44:34 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 6 18:48:09 2009 Subject: error: Failed dependencies In-Reply-To: References: Message-ID: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter From shuttlebox at gmail.com Wed May 6 18:44:34 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 6 18:51:31 2009 Subject: error: Failed dependencies In-Reply-To: References: Message-ID: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter From Robert.Meurlin at se.fujitsu.com Wed May 6 19:25:47 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed May 6 19:26:44 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: So how do you recommend i do? I have made the same update on another mailgw (a twin to this one =)) and it worked there. thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jonas.lilja at sigma.se Wed May 6 20:09:21 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 20:09:44 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905062013.34296.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > > Please give me a hint. > > Jonas > > PS - sorry for running MS on Fedora. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From oliver at linux-kernel.at Wed May 6 20:35:59 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 6 20:36:30 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED Message-ID: <200905061936.n46JZxcB016576@mail.linux-kernel.at> Note: I've tried to bug Fedota Perl packager to update a few modules and was successfull! So, I wonder which packages need to be replaced by the MS install.sh!? There was also some thread about why not package it within the distribution.. Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. And finally. I can also imagine doing this for RHEL, using EPEL... It's just a "Do you want this?" Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? Keep me posted... -of ----- Urspr?ngliche Nachricht ----- Von: Jonas Lilja Gesendet: Mittwoch, 06. Mai 2009 21:09 An: MailScanner discussion Betreff: SV: Perl problems on Fedora 9 SOLVED Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work From MailScanner at ecs.soton.ac.uk Wed May 6 20:42:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:42:50 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On 06/05/2009 15:18, David Lee wrote: > > Julian: An observation, relatively minor, about the new message > processing database... > > There is an associated hourly cron job 'processing_messages_alert' > which sends notifications using the 'Notices To' setting of > 'MailScanner.conf'. > > This happens even if the config file says 'Send Notices = no'. And > that doesn't seem right. > > Historically, these notification settings were originally concerned > with virus processing but are now, in effect, being deployed beyond > that original scope. > > I can see two reasonably straightforward resolutions: > 1. Adjust comments in MS.conf to include expanded scope. > > 2. Consider different sets of notification definitions for different > classes of events: e.g. existing set 'as-is' for viruses; a new set > for the message-db; (then another new set for the next feature, > etc.). > > The first is very easy for you to implement, but imposes a "one size > has to fit all" behaviour. The second allows a site to tailor > different notification levels for different classes of events. (Might > some sort of 'ruleset'-like capability assist?) How about I just make it test to see if "Send Notices = yes" instead, and not send the message if it's set to "no"? > P.S. We have now rolled out "4.76.24-3" on the majority of our > gateways and it is going well. Thanks. Great, thanks for letting me know! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:44:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:44:49 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: I'll have to do a test with Fedora 9 and see how to resolve the problems, in case a similar solution is needed as for Fedora 10. But there can't be many people using Fedora 9 any more, it must be near end-of-life. Is it worth my while? Jules. On 06/05/2009 20:09, Jonas Lilja wrote: > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. >> >> Please give me a hint. >> >> Jonas >> >> PS - sorry for running MS on Fedora. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:46:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:47:21 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: On 06/05/2009 15:49, Mike M wrote: > Mike M wrote: >> After updating to 4.76.23 from 4.74 today I had some users complain >> about not getting some messages. Here is a portion of the error >> they get: >> >> >> ---------------------------------------------------------------------- >> The original e-mail message, or an attachment it contained, was too >> large and has been removed. >> >> >> >> At Tue May 5 13:15:51 2009 the content filters said: >> MailScanner: Attachment is too small >> >> >> --------- >> >> All of the messages I've looked at with this problem appear to have >> both text and html versions. There's an example of a quarantined >> message at: http://pastebin.com/dc6ed9a1 >> >> If it would be helpful to see the qf file just let me know. >> >> I have changed the min attachment size from 1 to 0 for now so that >> hopefully these messages can go through, but I don't know what it is >> about these html emails that is triggering the attachment size >> filter. Oh and MailScanner --lint shows no errors. Any clues?? >> > > CORRECTION: It is happening to just plain text messages as well. > What should I be looking for to determine why Mailscanner is thinking > messages have 0 byte attachments when I can't find anything in the qf > or df files in the quarantine that look like any sort of attachment is > included with the email? > > Does the fact that the error message states that the attachment is too > large in one spot and too small in another indicate anything special > that might point me in the right direction to troubleshoot? I've > been using MailScanner for years and have never had a problem > upgrading countless times before, but this is occuring on more then > one server since I upgraded yesterday. > I'll need to take a look at this, and try a 0-byte attachment and see what happens. To disable the tests, set Maximum Attachment Size = -1 Minimum Attachment Size = -1 Please read the docs carefully and ensure you are setting the values appropriately. What is the precise case that you think it is handling incorrectly? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:48:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:48:36 2009 Subject: error: Failed dependencies In-Reply-To: References: <4A01E975.4080709@ecs.soton.ac.uk> Message-ID: Check what version MailScanner thinks it is finding with "MailScanner -v". On 06/05/2009 18:24, Meurlin Robert wrote: > > Hi all, > > I get this error when I try to upgrade MailScanner (The version now is > like 4.71) to 4.76.24-3: > > error: Failed dependencies: > > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? > > **/thanks** > > **Rob*** > > *** > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:51:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:51:26 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905061936.n46JZxcB016576@mail.linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A01EA27.3060406@ecs.soton.ac.uk> Message-ID: I will happily help you out, provided I can see what the problems are, and if enough people are affected by the problem. I'm slightly loathed to spend lots of time solving packaging problems if only 3 people are still using Fedora 9 in the first place, I'm sure you understand :-) *If* I get time in the next day or two to install Fedora 9 and try to do a clean install, I'll see what I can do and put out a beta of the next version of MailScanner that will work for you folks. But no promises, I do have a day job to do as well, which is pretty busy right now! Cheers, Jules. On 06/05/2009 20:35, Oliver Falk wrote: > Note: > I've tried to bug Fedota Perl packager to update a few modules and was successfull! > So, I wonder which packages need to be replaced by the MS install.sh!? > There was also some thread about why not package it within the distribution.. > Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. > And finally. I can also imagine doing this for RHEL, using EPEL... > > It's just a "Do you want this?" > > Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) > > Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? > > Keep me posted... > > -of > > ----- Urspr?ngliche Nachricht ----- > Von: Jonas Lilja > Gesendet: Mittwoch, 06. Mai 2009 21:09 > An: MailScanner discussion > Betreff: SV: Perl problems on Fedora 9 SOLVED > > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work-- >> > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 21:02:06 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:02:28 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: <200905062302.06962.eli@orbsky.homelinux.org> I understand you are tired of this conversation. Me too :). So I will quit with this last one. I agree there is a failure of communication but it isn't due to a lack of understanding, but rather disbelief. Please read what I have to say one more time. A little more patience an I am outta your hair with this. I do realize that you are trying to be helpful. Please realize that I too am trying to be helpful. On Wednesday 06 May 2009 16:47:33 Julian Field wrote: > > On 06/05/2009 14:31, Eli Wapniarski wrote: > > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > > > >> No, I'm talking about all the RPMs installed by install.sh that are > >> required by MailScanner. Many of these are architecture-independent. If > >> I don't give them a BuildArch and know the BuildArch that it is going to > >> use, how can I possibly know which directory to find them in? Because there is a default Buildarch parameter already set in the rpm build environment. How can you discover what it is by running the following command in the shell and consquently in your bashscript. rpm --showrc | awk '/^build arch/ {print $NF}' Try to run it please in a console. Please.,, this isn't a question of a lack of understanding. It is a question of disbelief. Please believe what I'm writing to you here. If you don't specify Buildarch in your spec file the final rpm will be built in the folder defined by default Buildarch You define Buildarch as noarch and consequently the built rpms are placed in ~/rpmbuild/RPMS/noarch If you don't specify then it will be ~/rpmbuild/RPMS/x86_64 ~/rpmbuild/RPMS/i386 ~/rpmbuild/RPMS/i586 etc depending on the the default environment. How would install.sh know where to look. An example is defined below wih the perl-File-Temp-0.20-4. The example assumes a modified spec file with the Buildarch pararmeter removed from the file. And the rpm builds successfully which it does. On an x86_64 platform the final rpm is called. perl-File-Temp-0.20-4.x86_64.rpm example of the contents of the bash script would be DefaultRPMBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') rpm -Uvh ~/rpmbuild/RPMS/$DefaultRPMBuildArch/perl-File-Temp-4.$DefaultRPMBuildArch.rpm Please note the substitution of the variable $DefaultRPMBuildArch as it holds the value of the default Build Arch Thanks for your time an patience. Eli Wapniarski -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas.lilja at sigma.se Wed May 6 21:04:18 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 21:04:40 2009 Subject: SV: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> No, perhaps not, but if it's easy to do a system-check in the beginning of the install-script and if that check turns back Fedora 9 it would be nice if the script interrupt and says "Fedora 9 is not supported. Installation aborted". That would be a better solution than continuing with a lot of errors. But as you said - it must be a minor problem since Fedora 9 is at the end of life :-) Kind regards Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 6 maj 2009 21:44 Till: MailScanner discussion ?mne: Re: SV: Perl problems on Fedora 9 SOLVED I'll have to do a test with Fedora 9 and see how to resolve the problems, in case a similar solution is needed as for Fedora 10. But there can't be many people using Fedora 9 any more, it must be near end-of-life. Is it worth my while? Jules. On 06/05/2009 20:09, Jonas Lilja wrote: > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. >> >> Please give me a hint. >> >> Jonas >> >> PS - sorry for running MS on Fedora. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eli at orbsky.homelinux.org Wed May 6 21:08:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:09:13 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905061936.n46JZxcB016576@mail.linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> Message-ID: <200905062308.50542.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 22:35:59 Oliver Falk wrote: > Note: > I've tried to bug Fedota Perl packager to update a few modules and was successfull! > So, I wonder which packages need to be replaced by the MS install.sh!? > There was also some thread about why not package it within the distribution.. > Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. > And finally. I can also imagine doing this for RHEL, using EPEL... > > It's just a "Do you want this?" > > Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) > > Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? > > Keep me posted... > I would be willing to help as best as I can. There are problems with Fedora 10 as well, and I am assuming that it will carry over to Fedora 11 etc and consequently the next major revision of Redhat and Centos (ie. 5 to 6) and I think this is a great idea as it potentially save a lot of time ironing out packaging issues if more than one persion is working on it. Please understand that currently I have sometime on my hands. And of course like everyone else I have other obligations, but I am willing to help in anyway that I can. Sincerely Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 21:14:25 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 21:14:47 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905062302.06962.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> <200905062302.06962.eli@orbsky.homelinux.org> <4A01EFA1.8040501@ecs.soton.ac.uk> Message-ID: On 06/05/2009 21:02, Eli Wapniarski wrote: > I understand you are tired of this conversation. Me too :). So I will quit with this last one. I agree there is a failure of communication but it isn't due to a lack of understanding, but rather disbelief. > > Please read what I have to say one more time. A little more patience an I am outta your hair with this. > > I do realize that you are trying to be helpful. > > Please realize that I too am trying to be helpful. > > On Wednesday 06 May 2009 16:47:33 Julian Field wrote: > >> On 06/05/2009 14:31, Eli Wapniarski wrote: >> >>> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: >>> >>> >>>> No, I'm talking about all the RPMs installed by install.sh that are >>>> required by MailScanner. Many of these are architecture-independent. If >>>> I don't give them a BuildArch and know the BuildArch that it is going to >>>> use, how can I possibly know which directory to find them in? >>>> > Because there is a default Buildarch parameter already set in the rpm build environment. > > How can you discover what it is by running the following command in the shell and consquently in your bashscript. > > rpm --showrc | awk '/^build arch/ {print $NF}' > > Try to run it please in a console. Please.,, this isn't a question of a lack of understanding. It is a question of disbelief. > > Please believe what I'm writing to you here. > > If you don't specify Buildarch in your spec file the final rpm will be built in the folder defined by default Buildarch > > You define Buildarch as noarch and consequently the built rpms are placed in > > ~/rpmbuild/RPMS/noarch > > If you don't specify then it will be > > ~/rpmbuild/RPMS/x86_64 > ~/rpmbuild/RPMS/i386 > ~/rpmbuild/RPMS/i586 > > etc depending on the the default environment. How would install.sh know where to look. An example is defined below wih the perl-File-Temp-0.20-4. > > The example assumes a modified spec file with the Buildarch pararmeter removed from the file. And the rpm builds successfully which it does. On an x86_64 platform the final rpm is called. > > > perl-File-Temp-0.20-4.x86_64.rpm > which is wrong as it contains no architecture-dependent code and so should be in noarch. Which was my point all along :-) > > example of the contents of the bash script would be > > DefaultRPMBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > rpm -Uvh ~/rpmbuild/RPMS/$DefaultRPMBuildArch/perl-File-Temp-4.$DefaultRPMBuildArch.rpm > > > Please note the substitution of the variable $DefaultRPMBuildArch as it holds the value of the default Build Arch > > > > Thanks for your time an patience. > > Eli Wapniarski > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 21:16:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 21:16:42 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905062308.50542.eli@orbsky.homelinux.org> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: On 06/05/2009 21:08, Eli Wapniarski wrote: > On Wednesday 06 May 2009 22:35:59 Oliver Falk wrote: > >> Note: >> I've tried to bug Fedota Perl packager to update a few modules and was successfull! >> So, I wonder which packages need to be replaced by the MS install.sh!? >> There was also some thread about why not package it within the distribution.. >> Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. >> And finally. I can also imagine doing this for RHEL, using EPEL... >> >> It's just a "Do you want this?" >> >> Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) >> >> Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? >> >> Keep me posted... >> >> > I would be willing to help as best as I can. There are problems with Fedora 10 as well, and I am assuming that it will carry over to Fedora 11 etc and consequently the next major revision of Redhat and Centos (ie. 5 to 6) Not necessarily true at all, as the Perl build system in Fedora 10 is totally broken and this will be caught well before it makes it into RedHat Enterprise Linux 6. They can hardly miss it :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 21:27:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:28:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01EFA1.8040501@ecs.soton.ac.uk> Message-ID: <200905062327.50954.eli@orbsky.homelinux.org> > > perl-File-Temp-0.20-4.x86_64.rpm > > > which is wrong as it contains no architecture-dependent code and so > should be in noarch. > Which was my point all along :-) I just tried rebuilding the rpm as is and it rebuilds just fine. Just a suggestion. So for architecture dependant code maybe what I suggested and for architecture independant code keep it in noarch? Just a suggestion. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From craigwhite at azapple.com Wed May 6 21:30:30 2009 From: craigwhite at azapple.com (Craig White) Date: Wed May 6 21:30:47 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: <1241641830.2605.219.camel@lin-workstation.azapple.com> Fedora 9 will EOL at or around the end of June. I couldn't possibly suggest whether it is worth your time. Craig On Wed, 2009-05-06 at 20:44 +0100, Julian Field wrote: > I'll have to do a test with Fedora 9 and see how to resolve the > problems, in case a similar solution is needed as for Fedora 10. But > there can't be many people using Fedora 9 any more, it must be near > end-of-life. > > Is it worth my while? > > Jules. > > On 06/05/2009 20:09, Jonas Lilja wrote: > > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > > > Thanx guys > > > > Jonas > > > > -----Ursprungligt meddelande----- > > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > > Skickat: den 6 maj 2009 19:14 > > Till: mailscanner@lists.mailscanner.info > > ?mne: Re: Perl problems on Fedora 9 > > > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > > > Eli > > > > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > > > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > >> > >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > >> make: *** [manifypods] Error 2 > >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > >> > >> RPM build errors: > >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > >> > >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > >> Maybe it did not build correctly? > >> ------------------------------------ > >> > >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > >> > >> Please give me a hint. > >> > >> Jonas > >> > >> PS - sorry for running MS on Fedora. > >> > >> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Follow me at twitter.com/JulesFM > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.lemmons at tmcaz.com Wed May 6 22:13:12 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Wed May 6 22:13:29 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <4A015044.2010903@ecs.soton.ac.uk> Message-ID: <4A01FD68.10805@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:54 AM > On 05/05/2009 21:46, Scott Silva wrote: > >> on 5-5-2009 10:44 AM Paul Lemmons spake the following: >> >> >>> >>> >>> $ file 0000.dat >>> 0000.dat: DOS executable (device driver) for DOS >>> >>> $ file -i 0000.dat >>> 0000.dat: text/plain charset=iso-8859-1 >>> >>> When I look at the file itself, it appears to be a bunch of binary zeros. >>> >>> I have tried to to add the following line to the filetypes.rules file: >>> >>> allow - text\/plain - - >>> allow - text/plain - - >>> >>> with no success. >>> >>> >>> >> >> > > > *or else* > Use the MIME type of the 0000.dat file and put in a line allowing that > in the normal filetype.rules.conf, but read the stuff at the top of the > file on how to specify the MIME type of the file, and put the rule above > the line that denies executables. "file -i" which works out the MIME > type, often produces different results from "file" which is what is > normally used. The filetype.rules.conf file allows you to specify the > MIME type instead of the keywords to look for in the output of the > "file" command, read the docs. > > Jules > > The "*or else*" is what I had originally tried. If this should work then I have clearly done something wrong. The allow statements above do precede the deny statements. As you see I tried a pattern where the "/" was escaped and one without with no cheese down either hole. Here is a snippet from my filetypes.rules file: # makes the checked text check against the MIME type of the attachment # as determined by the output of the "file -i" command. allow - text/plain - - allow text - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/9812f2ae/smime.bin From paul.lemmons at tmcaz.com Wed May 6 22:16:41 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Wed May 6 22:16:56 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> <4A015140.1060302@ecs.soton.ac.uk> Message-ID: <4A01FE39.1070608@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:58 AM > On 05/05/2009 22:01, Rick Cooper wrote: > >> ----Original Message---- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul >> Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: >> mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files >> >> >> >>> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >>> it is getting rejected. It turns out that the .pptx file is really a zip >>> archive and within that archive there is a file named "0000.dat" which >>> is getting identified as a DOS executable. When I extract the file and >>> run the file command against it I get the following: >>> >>> $ file 0000.dat >>> 0000.dat: DOS executable (device driver) for DOS >>> >>> $ file -i 0000.dat >>> 0000.dat: text/plain charset=iso-8859-1 >>> >>> When I look at the file itself, it appears to be a bunch of binary zeros. >>> >>> I have tried to to add the following line to the filetypes.rules file: >>> >>> allow - text\/plain - - >>> allow - text/plain - - >>> >>> with no success. >>> >>> I also tried adding the following line to the filenames.rules file: >>> >>> allow \.dat$ - - >>> >>> with no success. >>> >>> And to save time on an obvious question or two, Yes, I am using tabs >>> between fields and Yes I am restarting MailScanner after an update. >>> >>> I am hoping that it is something very simple that I am missing. Any >>> assistance would be greatly appreciated. >>> >>> >> You are going to have to pass it in the flietype rules as well. And you >> should be able to handle this failry easily with the latest version of MS >> and you won't have to allow raw files of this type through. The latest >> version allows you to apply rules specific to files within archives, and I >> think even speficy the type of archive to unarchive for checks as well. >> >> > Correct. > But give the MIME type stuff a go as well, as "file -i" may produce a > very different answer for your 0000.dat file from the output of the > plain "file" command with no "-i". > > > Jules > > I am trying the file -i mime types first. I will upgrade MailScanner at some point but the testing involved with an upgrade makes it a second best choice If I can solve it more easily some other way. I am not getting the mime types to work at the moment but that is on another thread. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/ef1a9812/smime.bin From ssilva at sgvwater.com Wed May 6 22:24:51 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 6 22:25:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061631.36677.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: on 5-6-2009 6:47 AM Julian Field spake the following: > > > On 06/05/2009 14:31, Eli Wapniarski wrote: >> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: >> >>> No, I'm talking about all the RPMs installed by install.sh that are >>> required by MailScanner. Many of these are architecture-independent. If >>> I don't give them a BuildArch and know the BuildArch that it is going to >>> use, how can I possibly know which directory to find them in? >>> >> > Sorry, I give up. I understand what you are saying, so it isn't you Julian! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/48f03148/signature-0001.bin From ssilva at sgvwater.com Wed May 6 22:33:28 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 6 22:33:54 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: on 5-6-2009 11:25 AM Meurlin Robert spake the following: > So how do you recommend i do? > > I have made the same update on another mailgw (a twin to this one =)) and it worked there. > > thanks Just like gambling. Sometimes you win, sometimes you lose! Don't mix CPAN and package based systems. If your system uses a package manager, find a tool that will convert or createe said packages from CPAN. For rpm there is cpan2rpm and some others. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/d83a505d/signature.bin From oliver at linux-kernel.at Wed May 6 23:10:39 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 6 23:11:13 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED Message-ID: <200905062210.n46MAcOD003042@mail.linux-kernel.at> Note: I've tried to bug Fedota Perl packager to update a few modules and was successfull! So, I wonder which packages need to be replaced by the MS install.sh!? There was also some thread about why not package it within the distribution.. Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. And finally. I can also imagine doing this for RHEL, using EPEL... It's just a "Do you want this?" Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? Keep me posted... -of ----- Urspr?ngliche Nachricht ----- Von: Jonas Lilja Gesendet: Mittwoch, 06. Mai 2009 21:09 An: MailScanner discussion Betreff: SV: Perl problems on Fedora 9 SOLVED Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work From lists at rheel.co.nz Thu May 7 00:11:09 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 00:09:05 2009 Subject: possible error with config due to clam upgrade Message-ID: <4A02190D.7040706@rheel.co.nz> Hi all, I am running MailScanner version 4.72.5 on Centos 5.2 I recently attempted an upgrade to ClamAV 0.95.1 Now I am getting errors in the clamd.log as example: Warning: lstat() failed on: /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 I asked on the clam mail list and got the response "The error really just means "file not found", but the problem is related to MailScanner and how it is using clamav, you probably have a bad MailScanner configuration." Post upgrade I had to do the following in order to get it to start up. # rename the old binaries mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old # Create links to the new ones in /usr/local/bin ln -s /usr/bin/clamscan /usr/local/bin/clamscan ln -s /usr/bin/freshclam /usr/local/bin/freshclam ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan # There was a fourth new clam binary - /usr/bin/clamconf ln -s /usr/bin/clamconf /usr/local/bin/clamconf I was wondering if anyone new of any configuration options that might effect / cause these lstat failed warnings. Prior to the upgrade clam was running fine without warnings. Thanks Kate From ssilva at sgvwater.com Thu May 7 00:33:15 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 00:33:38 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <4A02190D.7040706@rheel.co.nz> References: <4A02190D.7040706@rheel.co.nz> Message-ID: on 5-6-2009 4:11 PM Lists spake the following: > Hi all, > > I am running MailScanner version 4.72.5 on Centos 5.2 > > I recently attempted an upgrade to ClamAV 0.95.1 > Now I am getting errors in the clamd.log > > as example: > Warning: lstat() failed on: > /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 > > I asked on the clam mail list and got the response > "The error really just means "file not found", but the problem is related > to MailScanner and how it is using clamav, you probably have a bad > MailScanner configuration." > > Post upgrade I had to do the following in order to get it to start up. > # rename the old binaries > mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old > mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old > mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old > > # Create links to the new ones in /usr/local/bin > ln -s /usr/bin/clamscan /usr/local/bin/clamscan > ln -s /usr/bin/freshclam /usr/local/bin/freshclam > ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan > > # There was a fourth new clam binary - /usr/bin/clamconf > ln -s /usr/bin/clamconf /usr/local/bin/clamconf > > I was wondering if anyone new of any configuration options that might > effect / cause these lstat failed warnings. > Prior to the upgrade clam was running fine without warnings. > Upgrading a source install over an RPM install can do this almost every time. If you have binaries in /usr/bin AND /usr/local/bin, you need to either stick with the RPM or the source, but not change back and forth. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/f04fc07b/signature.bin From seven at seven.dorksville.net Thu May 7 00:48:13 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Thu May 7 00:48:35 2009 Subject: possible error with config due to clam upgrade In-Reply-To: References: <4A02190D.7040706@rheel.co.nz> Message-ID: <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> > on 5-6-2009 4:11 PM Lists spake the following: >> Hi all, >> >> I am running MailScanner version 4.72.5 on Centos 5.2 >> >> I recently attempted an upgrade to ClamAV 0.95.1 >> Now I am getting errors in the clamd.log >> >> as example: >> Warning: lstat() failed on: >> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >> >> I asked on the clam mail list and got the response >> "The error really just means "file not found", but the problem is >> related >> to MailScanner and how it is using clamav, you probably have a bad >> MailScanner configuration." >> >> Post upgrade I had to do the following in order to get it to start up. >> # rename the old binaries >> mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old >> mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old >> mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old >> >> # Create links to the new ones in /usr/local/bin >> ln -s /usr/bin/clamscan /usr/local/bin/clamscan >> ln -s /usr/bin/freshclam /usr/local/bin/freshclam >> ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan >> >> # There was a fourth new clam binary - /usr/bin/clamconf >> ln -s /usr/bin/clamconf /usr/local/bin/clamconf >> >> I was wondering if anyone new of any configuration options that might >> effect / cause these lstat failed warnings. >> Prior to the upgrade clam was running fine without warnings. >> > Upgrading a source install over an RPM install can do this almost every > time. > If you have binaries in /usr/bin AND /usr/local/bin, you need to either > stick > with the RPM or the source, but not change back and forth. I had this same issue, I had to set the following options in MailScanner.conf Incoming Work User = clamav Incoming Work Group = clamav Cheers Anthony From mailbag at partnersolutions.ca Thu May 7 01:03:38 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Thu May 7 01:03:37 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <4A02190D.7040706@rheel.co.nz> References: <4A02190D.7040706@rheel.co.nz> Message-ID: <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> > as example: > Warning: lstat() failed on: > /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 This problem matches up with issues I was seeing as well. Upgrading to the latest MailScanner release will fix it, as the tnef processing has been updated to correct the permission errors. (see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for reference, and "16 Fixed permissions and ownership problems with data extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 from http://www.mailscanner.info/ChangeLog). Cheers, -Joshua From lists at rheel.co.nz Thu May 7 01:11:22 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 01:09:32 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> References: <4A02190D.7040706@rheel.co.nz> <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> Message-ID: <4A02272A.20608@rheel.co.nz> PSI Mailbag wrote: >> as example: >> Warning: lstat() failed on: >> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >> > > This problem matches up with issues I was seeing as well. Upgrading to > the latest MailScanner release will fix it, as the tnef processing has > been updated to correct the permission errors. > > (see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for > reference, and "16 Fixed permissions and ownership problems with data > extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 > from http://www.mailscanner.info/ChangeLog). > > Cheers, > -Joshua > Thanks Joshua, I will schedule an upgrade of MailScanner asap. Thanks again Kate From lists at rheel.co.nz Thu May 7 01:12:56 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 01:11:16 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> References: <4A02190D.7040706@rheel.co.nz> <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> Message-ID: <4A022788.4050104@rheel.co.nz> Anthony Giggins wrote: >> on 5-6-2009 4:11 PM Lists spake the following: >> >>> Hi all, >>> >>> I am running MailScanner version 4.72.5 on Centos 5.2 >>> >>> I recently attempted an upgrade to ClamAV 0.95.1 >>> Now I am getting errors in the clamd.log >>> >>> as example: >>> Warning: lstat() failed on: >>> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >>> >>> I asked on the clam mail list and got the response >>> "The error really just means "file not found", but the problem is >>> related >>> to MailScanner and how it is using clamav, you probably have a bad >>> MailScanner configuration." >>> >>> Post upgrade I had to do the following in order to get it to start up. >>> # rename the old binaries >>> mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old >>> mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old >>> mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old >>> >>> # Create links to the new ones in /usr/local/bin >>> ln -s /usr/bin/clamscan /usr/local/bin/clamscan >>> ln -s /usr/bin/freshclam /usr/local/bin/freshclam >>> ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan >>> >>> # There was a fourth new clam binary - /usr/bin/clamconf >>> ln -s /usr/bin/clamconf /usr/local/bin/clamconf >>> >>> I was wondering if anyone new of any configuration options that might >>> effect / cause these lstat failed warnings. >>> Prior to the upgrade clam was running fine without warnings. >>> >>> >> Upgrading a source install over an RPM install can do this almost every >> time. >> If you have binaries in /usr/bin AND /usr/local/bin, you need to either >> stick >> with the RPM or the source, but not change back and forth. >> > > I had this same issue, I had to set the following options in MailScanner.conf > > Incoming Work User = clamav > Incoming Work Group = clamav > > Cheers > > Anthony > > > Hi Anthony, Thanks for your reply - I have checked and I believe my settings for these options are correct. I am going to attempt an upgrade of MailScanner and see if it solves the issues. Regards, Kate From ajcartmell at fonant.com Thu May 7 08:10:26 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:10:17 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: > I'll have to do a test with Fedora 9 and see how to resolve the > problems, in case a similar solution is needed as for Fedora 10. But > there can't be many people using Fedora 9 any more, it must be near > end-of-life. > > Is it worth my while? Quite probably not, but I'm sure us Fedora users can manage to investigate and sort things. If it's an easy tweak to the install script then you could consider adding it. The beauty of open-source code :) It's not like Fedora is binary incompatible or anything - it's just working out which packages need installing in what order. Luckily Fedora has pretty up-to-date packages for a lot of Perl modules, all pre-compiled, so by making sure they're there (using yum from the standard repos) before installing MailScanner seems to work fine. I might just start a page on the wiki... Cheers! Anthony -- www.fonant.com - Quality web sites From oliver at linux-kernel.at Thu May 7 08:13:55 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:14:18 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A01EA27.3060406@ecs.soton.ac.uk> Message-ID: <4A028A33.7050309@linux-kernel.at> Hi Jules! Julian Field wrote: > I will happily help you out, provided I can see what the problems are, > and if enough people are affected by the problem. I'm slightly loathed > to spend lots of time solving packaging problems if only 3 people are > still using Fedora 9 in the first place, I'm sure you understand :-) > > *If* I get time in the next day or two to install Fedora 9 and try to do > a clean install, I'll see what I can do and put out a beta of the next > version of MailScanner that will work for you folks. > > But no promises, I do have a day job to do as well, which is pretty busy > right now! I don't see a reason to take a look at Fedora 9, as long as there isn't a large userbase! As already stated, F9 will EOL soon... Better go with F10 and F11. I still would like to know how large the Fedora + MS userbase is. Is it reasonable to get MS into Fedora!? Best, Oliver From ajcartmell at fonant.com Thu May 7 08:14:55 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:14:41 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: > Not necessarily true at all, as the Perl build system in Fedora 10 is > totally broken and this will be caught well before it makes it into > RedHat Enterprise Linux 6. They can hardly miss it :-) It might be, but it hasn't stopped me installing MailScanner on Fedora 10 :) It just needed the basic packages to be pre-installed from the Fedora repos (where someone has managed to build them OK) before letting MailScanner install any newer versions it needs. [FWIW I've just shut down a server (not owned by me) that had been running FC5 until this last week. Although it was way past EOL it was still running quite happily :) I have another server running FC6 that is also quite happy, but will be upgraded soon (needs new hardware too).] Cheers! Anthony -- www.fonant.com - Quality web sites From oliver at linux-kernel.at Thu May 7 08:30:44 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:32:22 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) Message-ID: <4A028E24.3050406@linux-kernel.at> Hi! I'll fork off a new thread with an appropriate subject - so maybe more people get involved. I've added people CC: who have replied to the last thread, so they don't get lost. However. The original threads are here: http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html So. Again my question. How large is the Fedora + MS userbase. Is it worth to create a SIG within Fedora for the same? Some people already said, that they are willing to help - I guess you're not a Fedora packager yet? Do you have a RH bugzilla account? Send me/us your +1 if you're interested in such a SIG, so we know (at least a part of) the userbase. If we reach the critical mass, then I'm going to undertake the action of creating such a SIG within Fedora :-) -of PS: Everybody who wants to contribute (in packaging), please follow this: http://fedoraproject.org/wiki/PackageMaintainers/Join :-) From oliver at linux-kernel.at Thu May 7 08:35:19 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:35:43 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: <4A028F37.8070709@linux-kernel.at> Anthony Cartmell wrote: >> Not necessarily true at all, as the Perl build system in Fedora 10 is >> totally broken and this will be caught well before it makes it into >> RedHat Enterprise Linux 6. They can hardly miss it :-) > > It might be, but it hasn't stopped me installing MailScanner on Fedora > 10 :) > > It just needed the basic packages to be pre-installed from the Fedora > repos (where someone has managed to build them OK) before letting > MailScanner install any newer versions it needs. > > [FWIW I've just shut down a server (not owned by me) that had been > running FC5 until this last week. Although it was way past EOL it was > still running quite happily :) I have another server running FC6 that is > also quite happy, but will be upgraded soon (needs new hardware too).] Well. I've also Fedora 9 and MS running... Since it's not only MS, but also Cyrus and Sympa and Webmail, I always fear a distribution upgrade. Not that I didn't manage any upgrade since FC4 and made it working in the end, but it - sometimes - costs really much time... -of From eli at orbsky.homelinux.org Thu May 7 08:41:46 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 08:42:11 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <4A028A33.7050309@linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A028A33.7050309@linux-kernel.at> Message-ID: <200905071041.47215.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:13:55 Oliver Falk wrote: > Hi Jules! > > Julian Field wrote: > > I will happily help you out, provided I can see what the problems are, > > and if enough people are affected by the problem. I'm slightly loathed > > to spend lots of time solving packaging problems if only 3 people are > > still using Fedora 9 in the first place, I'm sure you understand :-) > > > > *If* I get time in the next day or two to install Fedora 9 and try to do > > a clean install, I'll see what I can do and put out a beta of the next > > version of MailScanner that will work for you folks. > > > > But no promises, I do have a day job to do as well, which is pretty busy > > right now! > > I don't see a reason to take a look at Fedora 9, as long as there isn't > a large userbase! As already stated, F9 will EOL soon... > > Better go with F10 and F11. > > I still would like to know how large the Fedora + MS userbase is. Is it > reasonable to get MS into Fedora!? > How to tell how many Fedora users are using Mailscanner? Unknown. How popular is Fedora? A good indication can be found at: http://distrowatch.com/stats.php?section=popularity How many Sysadmins using Fedora are aware of Mailscanner? Unknown. Worthwhile to package Mailscanner in Fedora. Absolutely. By the way.... I'm working on modifying the specs for the packages as they relate to Fedora (at least release 10). So that: 1) the .rpmacro file that is generated at the beginning of the install is not required 2) skipped packages (ie documentation is included) 3) Those modules that are architecture dependant will be rebuilt and labled for the specific architecture. I'm doing it currently for pesonal curiosity's sake. If interested as to what I found. And what was required to get manual builds of the perl modules please let me know. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 08:50:06 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:49:54 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: > I might just start a page on the wiki... Just in case it's useful for anyone else: http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora Cheers! Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Thu May 7 08:58:57 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:58:57 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: > So. Again my question. How large is the Fedora + MS userbase. Probably not as large as it could be? > Is it worth to create a SIG within Fedora for the same? If MailScanner could be added to Fedora's repositories then I'm sure that a lot of people would be pleased. I think the main problem will be in finding manpower to keep up with the very-frequent MailScanner releases, updating and testing the Fedora packages each time. I suspect that using the MailScanner rpm tar files, with some fiddles if needed, is likely to be the easiest way to keep going unless we can get a lot of people to help. > Some people already said, that they are willing to help - I guess you're > not a Fedora packager yet? Do you have a RH bugzilla account? Nope, I'm mainly a web developer, with very limited knowledge of the details of packaging things. > Send me/us your +1 if you're interested in such a SIG, so we know (at > least a part of) the userbase. I might be interested, but have many other jobs to do. Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Thu May 7 09:03:20 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 09:03:06 2009 Subject: SV: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> Message-ID: > No, perhaps not, but if it's easy to do a system-check in the beginning > of the install-script and if that check turns back Fedora 9 it would be > nice if the script interrupt and says "Fedora 9 is not supported. > Installation aborted". That would be a better solution than continuing > with a lot of errors. But as you said - it must be a minor problem since > Fedora 9 is at the end of life :-) I disagree that it should abort the installation. It could possibly warn that Fedora isn't supported any more, but it should continue if required. The errors are very useful to tell me what needs fixing, MailScanner does still work on Fedora, and FC9 is still supported (and widely used). Cheers! Anthony -- www.fonant.com - Quality web sites From eli at orbsky.homelinux.org Thu May 7 09:04:54 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 09:05:18 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905071104.54392.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:50:06 Anthony Cartmell wrote: > > I might just start a page on the wiki... > > Just in case it's useful for anyone else: > > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > Cheers! > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Thu May 7 09:24:42 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu May 7 09:29:42 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On Wed, 6 May 2009, Julian Field wrote: > On 06/05/2009 15:18, David Lee wrote: >> >> [...] >> Historically, these notification settings were originally concerned with >> virus processing but are now, in effect, being deployed beyond that >> original scope. >> >> I can see two reasonably straightforward resolutions: >> 1. Adjust comments in MS.conf to include expanded scope. >> >> 2. Consider different sets of notification definitions for different >> classes of events: e.g. existing set 'as-is' for viruses; a new set >> for the message-db; (then another new set for the next feature, etc.). >> >> The first is very easy for you to implement, but imposes a "one size has to >> fit all" behaviour. The second allows a site to tailor different >> notification levels for different classes of events. (Might some sort of >> 'ruleset'-like capability assist?) > How about I just make it test to see if "Send Notices = yes" instead, and not > send the message if it's set to "no"? (Oops. I intended, but forgot, to type that into the "1. Adjust comments" part of my original email.) It might be worth letting this one simmer in background for a few days as we mull it over. For instance, we are a "Send Notices = no" site for viruses. But for other sorts of functionality, such as this new msg-db, we would like to be a "Send Notices = yes" site. And other sites might want other variants, such as "yes" in both cases but with different recipients. And then in a few months time, MS might get an additional new class of functionality (just as msg-db is new now) with other possible variants. Hence my idle wondering about something ruleset-like. (I was trying to avoid suggesting yet more options directly in MS.conf!) I'll try to give it some thought over the next few days. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From ajcartmell at fonant.com Thu May 7 09:39:53 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 09:39:41 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905071104.54392.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> Message-ID: >> Just in case it's useful for anyone else: >> >> http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). I've added perl-devel to the basic list. It may need perl-Test-Harness and perl-ExtUtils-ParseXS too, but I can't easily test that at the moment. I found that MailScanner's perl-ExtUtils-MakeMaker actually compiled fine, and is version 6.50-2 as opposed to Fedora's 6.36-68 Of course anyone can add to the list ;) Anthony -- www.fonant.com - Quality web sites From john at tradoc.fr Thu May 7 09:41:41 2009 From: john at tradoc.fr (John Wilcock) Date: Thu May 7 09:44:52 2009 Subject: getPERLLIB Message-ID: <4A029EC5.4040203@tradoc.fr> Hi Julian I'm in the process of updating my gentoo ebuild for 4.76.24, and note that there's one new file in the tarball: bin/getPERLLIB. Is this script actually used by MailScanner, or is it just there as a testing tool? (In other words, do I actually need to have the ebuild install it?) Also, I made the following request just before you went stable with 4.76, but you didn't reply on the list at the time and I assume it got lost in the noise... > Your update_bad_phishing_sites script stores its working data as a > subdirectory of the quarantine directory, which results in a spurious > "hi/ng/phis" date being reported in MailWatch's list of quarantine > directories, and also requires you to implement a workaround to stop > this subdirectory being deleted by the quarantine cleaning script. > Simply shifting to the SpamAssassin User State Directory instead > would avoid both these problems. Any chance of changing this for a future release? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Thu May 7 09:57:38 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 09:58:01 2009 Subject: getPERLLIB In-Reply-To: <4A029EC5.4040203@tradoc.fr> References: <4A029EC5.4040203@tradoc.fr> <4A02A282.5010006@ecs.soton.ac.uk> Message-ID: On 07/05/2009 09:41, John Wilcock wrote: > Hi Julian > > I'm in the process of updating my gentoo ebuild for 4.76.24, and note > that there's one new file in the tarball: bin/getPERLLIB. > Is this script actually used by MailScanner, or is it just there as a > testing tool? (In other words, do I actually need to have the ebuild > install it?) It's used by the install.sh. > > Also, I made the following request just before you went stable with > 4.76, but you didn't reply on the list at the time and I assume it got > lost in the noise... > >> Your update_bad_phishing_sites script stores its working data as a >> subdirectory of the quarantine directory, which results in a spurious >> "hi/ng/phis" date being reported in MailWatch's list of quarantine >> directories, and also requires you to implement a workaround to stop >> this subdirectory being deleted by the quarantine cleaning script. >> Simply shifting to the SpamAssassin User State Directory instead >> would avoid both these problems. > > Any chance of changing this for a future release? And if the SpamAssassin User State Directory is not defined? :) > > John. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Thu May 7 10:02:19 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 10:02:51 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> Message-ID: <200905071202.19394.eli@orbsky.homelinux.org> On Thursday 07 May 2009 11:39:53 Anthony Cartmell wrote: > >> Just in case it's useful for anyone else: > >> > >> http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > > > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). > > I've added perl-devel to the basic list. It may need perl-Test-Harness and > perl-ExtUtils-ParseXS too, but I can't easily test that at the moment. I just tried to uninstall these 2 packages and got rpm -e perl-ExtUtils-ParseXS perl-Test-Harness error: Failed dependencies: perl(ExtUtils::ParseXS) is needed by (installed) perl-Module-Install-0.77-1.fc10.noarch perl(ExtUtils::ParseXS) >= 1.02 is needed by (installed) perl-Module-Build-1:0.3200-68.fc10.x86_64 perl(ExtUtils::ParseXS) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 perl(Test::Harness) is needed by (installed) mod_perl-devel-2.0.4-7.x86_64 And while trying to run down the dependancy list for perl-Module-Build I ran into a whole lot of stuff. So.... I would assume that those packages are probably needed for any healthy perl build system and are probably installed by default. > I found that MailScanner's perl-ExtUtils-MakeMaker actually compiled fine, > and is version 6.50-2 as opposed to Fedora's 6.36-68 Cool. > Of course anyone can add to the list ;) > > Anthony > -- > www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 10:25:30 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 10:25:20 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905071202.19394.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> <200905071202.19394.eli@orbsky.homelinux.org> Message-ID: > I just tried to uninstall these 2 packages and got > > rpm -e perl-ExtUtils-ParseXS perl-Test-Harness > error: Failed dependencies: > perl(ExtUtils::ParseXS) is needed by (installed) > perl-Module-Install-0.77-1.fc10.noarch > perl(ExtUtils::ParseXS) >= 1.02 is needed by (installed) > perl-Module-Build-1:0.3200-68.fc10.x86_64 > perl(ExtUtils::ParseXS) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > perl(Test::Harness) is needed by (installed) > mod_perl-devel-2.0.4-7.x86_64 > > > And while trying to run down the dependancy list for perl-Module-Build I > ran into a whole lot of stuff. > > So.... I would assume that those packages are probably needed for any > healthy perl build system and are probably installed by default. Good testing idea! Almost certainly then they will be installed with perl-devel which is now included in the base list. Cheers! Anthony -- www.fonant.com - Quality web sites From john at tradoc.fr Thu May 7 10:36:01 2009 From: john at tradoc.fr (John Wilcock) Date: Thu May 7 10:39:11 2009 Subject: getPERLLIB In-Reply-To: References: <4A029EC5.4040203@tradoc.fr> <4A02A282.5010006@ecs.soton.ac.uk> Message-ID: <4A02AB81.3000001@tradoc.fr> Le 07/05/2009 10:57, Julian Field a ?crit : >> I'm in the process of updating my gentoo ebuild for 4.76.24, and note >> that there's one new file in the tarball: bin/getPERLLIB. >> Is this script actually used by MailScanner, or is it just there as a >> testing tool? (In other words, do I actually need to have the ebuild >> install it?) > It's used by the install.sh. OK, so I don't need it on gentoo then. Thanks. >> Also, I made the following request just before you went stable with >> 4.76, but you didn't reply on the list at the time and I assume it got >> lost in the noise... >> >>> Your update_bad_phishing_sites script stores its working data as a >>> subdirectory of the quarantine directory, which results in a spurious >>> "hi/ng/phis" date being reported in MailWatch's list of quarantine >>> directories, and also requires you to implement a workaround to stop >>> this subdirectory being deleted by the quarantine cleaning script. >>> Simply shifting to the SpamAssassin User State Directory instead >>> would avoid both these problems. >> >> Any chance of changing this for a future release? > And if the SpamAssassin User State Directory is not defined? :) You could always fall back to the default value of /var/spool/MailScanner/spamassassin, just like you currently fall back to /var/spool/MailScanner/quarantine :-) John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From eli at orbsky.homelinux.org Thu May 7 11:33:49 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 11:34:14 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905071333.49760.eli@orbsky.homelinux.org> To paraphrase... Here is my report of the bad, the ugly and the good. ---------- THE BAD ---------- Two packages will not rebuild at all due to testing errors. They are perl-Compress-Zlib-1.41-2.src.rpm and perl-Storable-2.16-3.src.rpm. The output is included below. Please note Regarding perl-Compress-Zlib-1.41: A similar problem has been discussed with version 1.42 and may be related. This discussion can be found at: http://www.nntp.perl.org/group/perl.perl5.porters/2007/05/msg124890.html perl-Compress-Zlib-1.41-2.src.rpm Test Summary Report ------------------- t/02zlib.t (Wstat: 0 Tests: 239 Failed: 12) Failed tests: 35-37, 43-45, 51-53, 60, 62, 64 t/03examples.t (Wstat: 0 Tests: 16 Failed: 1) Failed test: 6 Files=6, Tests=305, 1 wallclock secs ( 0.10 usr 0.02 sys + 0.77 cusr 0.16 csys = 1.05 CPU) Result: FAIL Failed 2/6 test programs. 13/305 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.B48Mge (%build) perl-Storable-2.16-3.src.rpm t/utf8hash.t .......... 1/148 # Failed test (t/utf8hash.t at line 63) # '?' # ne # '?' Character in 'C' format wrapped in pack at t/utf8hash.t line 60. Character in 'C' format wrapped in pack at t/utf8hash.t line 65. # Failed test (t/utf8hash.t at line 77) # got: '3' # expected: '4' # Failed test (t/utf8hash.t at line 63) # '?' # ne # '?' Character in 'C' format wrapped in pack at t/utf8hash.t line 60. Character in 'C' format wrapped in pack at t/utf8hash.t line 65. # Failed test (t/utf8hash.t at line 77) # got: '3' # expected: '4' # Looks like you planned 148 tests but only ran 142. t/utf8hash.t .......... Dubious, test returned 10 (wstat 2560, 0xa00) Failed 10/148 subtests t/weak.t .............. ok Test Summary Report ------------------- t/code.t (Wstat: 0 Tests: 59 Failed: 2) Failed tests: 42-43 t/utf8hash.t (Wstat: 2560 Tests: 142 Failed: 4) Failed tests: 1, 5, 72, 76 Non-zero exit status: 10 Parse errors: Bad plan. You planned 148 tests but ran 142. Files=32, Tests=2326, 4 wallclock secs ( 0.58 usr 0.11 sys + 2.38 cusr 0.45 csys = 3.52 CPU) Result: FAIL Failed 2/32 test programs. 6/2326 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.ErIIWG (%build) ----------- THE UGLY ----------- A minor issue with a third package; perl-Net-DNS-0.65-1.src.rpm is that will stop to ask if you want to perform connectivity tests to a live external DNS server if it detects a live internet connection. The following packages will not build due to architecture dependant libraries. But will build correctly if the Buildarch parameter is commented out or removed (This is true for Fedora 10 at least - I am unable to confirm one way or another if this is true for other RPM based distros). These packages include: perl-DBD-SQLite-1.21-1.src.rpm perl-DBI-1.607-1.src.rpm perl-Digest-MD5-2.36-3.src.rpm perl-Digest-SHA1-2.11-2.src.rpm perl-Filesys-Df-0.90-2.src.rpm perl-IO-1.2301-4.src.rpm perl-Net-DNS-0.65-1.src.rpm perl-Sys-Syslog-0.27-1.src.rpm perl-Time-HiRes-1.9707-3.src.rpm Of course, I am unable to confirm one way or the other if perl-Compress-Zlib-1.41-2.src.rpm or perl-Storable-2.16-3.src.rpm due to the testing problem ------------ THE GOOD ------------ All other packages will rebuild as expected. ----------------------------------------------- ONE FINAL NOTE FOR COMPLETION'S SAKE ----------------------------------------------- If rebuilding the RPMs manually and there is the .rpmacro that install.sh generates is not in place then none of the SRPM's will rebuild with the SPEC files as is. The reason being is that rebuilding the modules include documentation and other files that, while found by the rpm build process are not included in the install process while rebuilding. I am assuming that this is due to the fact that different distros use different macros to denote default locations in the file system (don't you just love politics). In any case. If rebuiliding the srpms manually you will either have to modify the specs, or manually create .rpmacro file manually in the home folder of the user which rebuilds the packages nd place the line %_unpackaged_files_terminate_build 0 in the file. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ravennaita at gmail.com Thu May 7 12:06:14 2009 From: ravennaita at gmail.com (Raven Naita) Date: Thu May 7 12:06:23 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> Message-ID: <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> Hello?Everyone, - im a newbie - using mailscanner v 4.76 goal to acchive: - create second signature?like inline.sig.txt/html to be added on top of the?message - and to use date variables in it (format mmddyy h:m:s utc) been googling out?and edditing some pm file in lib directory, but cudn't manage to get it work yet.. is it possible ? appreciate an ideas regards RN From MailScanner at ecs.soton.ac.uk Thu May 7 12:19:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 12:19:39 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> <4A02C3B9.5060209@ecs.soton.ac.uk> Message-ID: On 07/05/2009 12:06, Raven Naita wrote: > Hello Everyone, > > - im a newbie > - using mailscanner v 4.76 > > goal to acchive: > - create second signature like inline.sig.txt/html to be added on top > of the message > - and to use date variables in it (format mmddyy h:m:s utc) > > been googling out and edditing some pm file in lib directory, but > cudn't manage to get it work yet.. > > is it possible ? appreciate an ideas > You can get the signature added at the top of the file by putting the token "_SIGNATURE_" at the top of each message. You can't use date variables currently, but there's nothing to stop a cron job on your MailScanner server changing the signature file every few minutes :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Thu May 7 13:44:32 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 13:44:56 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905071544.32678.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:58:57 Anthony Cartmell wrote: I am a packager at Fedora. Like I said, I would be wiling to contribute as best I can Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Robert.Meurlin at se.fujitsu.com Thu May 7 15:04:30 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Thu May 7 15:06:17 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and I can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu May 7 15:45:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 15:46:15 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A02F41F.8050802@ecs.soton.ac.uk> Message-ID: It doesn't think you've got perl installed at all! :-( On 07/05/2009 3:04 PM, Meurlin Robert wrote: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl>= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > > Rob > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: den 6 maj 2009 19:45 > To: MailScanner discussion > Subject: Re: error: Failed dependencies > > On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert > wrote: > >> error: Failed dependencies: >> >> perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 >> >> >> >> But I have installed >> http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz >> so i dont now why I get this error? >> > > It looks for a package, you used CPAN. You shouldn't mix the two. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at quantumcc.com Thu May 7 16:06:27 2009 From: mrm at quantumcc.com (Mike M) Date: Thu May 7 16:06:49 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: Julian Field wrote: >> > I'll need to take a look at this, and try a 0-byte attachment and see > what happens. > To disable the tests, set > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > > Please read the docs carefully and ensure you are setting the values > appropriately. > What is the precise case that you think it is handling incorrectly? > > Jules > I don't think testing it with a 0 byte attachment will help much, because a 0 byte attachment *should* get blocked when the min size is set to 1. The problem I'm having on 3 separate servers since upgrading to 4.76 is that it's blocking on the attachment rule even when there is no attachment. I'm not exactly sure how to proceed because one part of the error message says the attachment is too large, and another part says it's too small. Regardless there is no attachment so those errors are just unintentional red herrings. I have looked at numerous messages in the quarantine and cannot find anything that gives away why it thinks they have attachments to begin with. Like I said, I have been using MS for a number of years, have done numerous upgrades, have had the min attachment size setting at the default of 1 byte since it was available and have never had a problem before upgrading to 4.76. I just upgraded another server last night and made sure it wasn't having this problem before the upgrade, and as soon as I started MS after the upgrade it started having the same problem. I can provide more from the quarantine at pastbin.com if the original data I posted is not enough. Oh, and again: MailScanner --lint says no errors. With all of the perl updates and other changes, going back to 4.74 where things were working fine is probably out of the question? From ravennaita at gmail.com Thu May 7 17:52:05 2009 From: ravennaita at gmail.com (Ravenna Naita) Date: Thu May 7 17:52:13 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> <4A02C3B9.5060209@ecs.soton.ac.uk> <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> Message-ID: <13fcb7240905070952i32bb7995s1134ba3849e74999@mail.gmail.com> hi jules, thanks for "_SIGNATURE_" token i did try this earlier, it works but then i will not be able to put any disclaimer on the bottom of the msg. that's why need another signature for mailscanner to append on top of the msg for quick picture, the first inline.sig will be placed on top of msg i.e: *Company LLC* *12str Ndo* *Tel +xxs Fax +sxxx * ** *Ref.No: $d* *Date: $datenumber (that's why i asked if this variables can be add in inline sig, can you give me a hint on where in MS conf to modify ?)* the second inline.sig will be placed on the bottom of msg: *Company Disclaimer* *---* *This e-mail and any attachments are believed to be free from viruses but it is your responsibility to carry out all necessary virus checks. We Company LLC accepts no liability for any damage caused by any virus that might become available during internet transmission of this e-mail.* * * any guidance or hint please *or else can just shoot me with simple "NO, MS IS NOT THE RIGHT ONE TO DO THIS JOB"* regards RN On Thu, May 7, 2009 at 6:19 PM, Julian Field wrote: > > > On 07/05/2009 12:06, Raven Naita wrote: > >> Hello Everyone, >> >> - im a newbie >> - using mailscanner v 4.76 >> >> goal to acchive: >> - create second signature like inline.sig.txt/html to be added on top >> of the message >> - and to use date variables in it (format mmddyy h:m:s utc) >> >> been googling out and edditing some pm file in lib directory, but >> cudn't manage to get it work yet.. >> >> is it possible ? appreciate an ideas >> >> > You can get the signature added at the top of the file by putting the token > "_SIGNATURE_" at the top of each message. > You can't use date variables currently, but there's nothing to stop a cron > job on your MailScanner server changing the signature file every few minutes > :-) > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/99c4d1df/attachment.html From Robert.Meurlin at se.fujitsu.com Thu May 7 11:41:16 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Thu May 7 18:38:26 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Thu May 7 19:54:28 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu May 7 19:54:46 2009 Subject: Create second inline.sig.txt/html to be placed top of message Message-ID: <1213490F1F316842A544A850422BFA9629F7F9E3@BHLSBS.bhl.local> Surely it shouldn't be too hard to look at jules code and add a second _signature_ type tag in? Just need to read the other sig in. ________________________________ From: Ravenna Naita Sent: 07 May 2009 18:02 To: MailScanner discussion Subject: Re: Create second inline.sig.txt/html to be placed top of message hi jules, thanks for "_SIGNATURE_" token i did try this earlier, it works but then i will not be able to put any disclaimer on the bottom of the msg. that's why need another signature for mailscanner to append on top of the msg for quick picture, the first inline.sig will be placed on top of msg i.e: Company LLC 12str Ndo Tel +xxs Fax +sxxx Ref.No: $d Date: $datenumber (that's why i asked if this variables can be add in inline sig, can you give me a hint on where in MS conf to modify ?) the second inline.sig will be placed on the bottom of msg: Company Disclaimer --- This e-mail and any attachments are believed to be free from viruses but it is your responsibility to carry out all necessary virus checks. We Company LLC accepts no liability for any damage caused by any virus that might become available during internet transmission of this e-mail. any guidance or hint please or else can just shoot me with simple "NO, MS IS NOT THE RIGHT ONE TO DO THIS JOB" regards RN On Thu, May 7, 2009 at 6:19 PM, Julian Field > wrote: On 07/05/2009 12:06, Raven Naita wrote: Hello Everyone, - im a newbie - using mailscanner v 4.76 goal to acchive: - create second signature like inline.sig.txt/html to be added on top of the message - and to use date variables in it (format mmddyy h:m:s utc) been googling out and edditing some pm file in lib directory, but cudn't manage to get it work yet.. is it possible ? appreciate an ideas You can get the signature added at the top of the file by putting the token "_SIGNATURE_" at the top of each message. You can't use date variables currently, but there's nothing to stop a cron job on your MailScanner server changing the signature file every few minutes :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/9213e2fc/attachment.html From ssilva at sgvwater.com Thu May 7 20:21:38 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:22:05 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/2a68affc/signature.bin From ssilva at sgvwater.com Thu May 7 20:27:08 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:27:35 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: on 5-7-2009 12:14 AM Anthony Cartmell spake the following: >> Not necessarily true at all, as the Perl build system in Fedora 10 is >> totally broken and this will be caught well before it makes it into >> RedHat Enterprise Linux 6. They can hardly miss it :-) > > It might be, but it hasn't stopped me installing MailScanner on Fedora > 10 :) > > It just needed the basic packages to be pre-installed from the Fedora > repos (where someone has managed to build them OK) before letting > MailScanner install any newer versions it needs. > > [FWIW I've just shut down a server (not owned by me) that had been > running FC5 until this last week. Although it was way past EOL it was > still running quite happily :) I have another server running FC6 that is > also quite happy, but will be upgraded soon (needs new hardware too).] > Just because an old distro is happy doesn't mean it is secure. Once you are EOL, you have to try and find and fix all the security holes yourself. If a system is locked down behind a firewall you might be OK, but if it is internet facing, you are just playing russian roulette. You just haven't hit the loaded chamber yet! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/5052ac42/signature.bin From ssilva at sgvwater.com Thu May 7 20:31:27 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:35:11 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: on 5-7-2009 12:58 AM Anthony Cartmell spake the following: >> So. Again my question. How large is the Fedora + MS userbase. > > Probably not as large as it could be? > >> Is it worth to create a SIG within Fedora for the same? > > If MailScanner could be added to Fedora's repositories then I'm sure > that a lot of people would be pleased. > > I think the main problem will be in finding manpower to keep up with the > very-frequent MailScanner releases, updating and testing the Fedora > packages each time. I suspect that using the MailScanner rpm tar files, > with some fiddles if needed, is likely to be the easiest way to keep > going unless we can get a lot of people to help. > >> Some people already said, that they are willing to help - I guess >> you're not a Fedora packager yet? Do you have a RH bugzilla account? > > Nope, I'm mainly a web developer, with very limited knowledge of the > details of packaging things. > >> Send me/us your +1 if you're interested in such a SIG, so we know (at >> least a part of) the userbase. > > I might be interested, but have many other jobs to do. > > Anthony If Fedora has all the needed modules in repo, then all you would really need is a custom spec file with the proper requires in it. Yum install MailScanner would then bring in the deps and then you need to edit a sane config. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/efdda46e/signature.bin From david at gnsa.us Thu May 7 20:51:54 2009 From: david at gnsa.us (David Nalley) Date: Thu May 7 20:52:23 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: On Thu, May 7, 2009 at 3:30 AM, Oliver Falk wrote: > Hi! > > I'll fork off a new thread with an appropriate subject - so maybe more > people get involved. > > I've added people CC: who have replied to the last thread, so they don't get > lost. > > However. > > The original threads are here: > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html > > So. Again my question. How large is the Fedora + MS userbase. Is it worth to > create a SIG within Fedora for the same? > > Some people already said, that they are willing to help - I guess you're not > a Fedora packager yet? Do you have a RH bugzilla account? > > Send me/us your +1 if you're interested in such a SIG, so we know (at least > a part of) the userbase. > > If we reach the critical mass, then I'm going to undertake the action of > creating such a SIG within Fedora :-) > > -of > > PS: Everybody who wants to contribute (in packaging), please follow this: > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I am already a Fedora packager and certainly interested in working towards the goal of having MailScanner in the default repos. From gafaith at asdm.net Thu May 7 21:22:27 2009 From: gafaith at asdm.net (Gary Faith) Date: Thu May 7 21:22:45 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: <4A030AC30200002D0000650C@sparky.asdm.net> Sorry to jump in the middle of this but I think it might be relevant. This morning, I just downloaded the Suse version of MailScaner 4.76.24-3 and I am sure that Perl 5.8.8 installed. I ran install.sh fast. When I attempted to start MailScanner, I got errors pertaining to perl-HTML-Tagset so I did another install.sh this time without using the fast. I monitored the output of the install process and verified that these errors were logged. Attempting to build and install perl-HTML-Tagset-3.03-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-HTML-Tagset-3.03-2.noarch Installing perl-HTML-Tagset-3.03-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-HTML-Tagset-3.03-2.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-TNEF-0.17-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-Convert-TNEF-0.17-2.noarch Installing perl-Convert-TNEF-0.17-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-Convert-TNEF-0.17-2.noarch.rpm. Maybe it did not build correctly? I downloaded from the SLES SP2 DVD and installed perl-HTML-Tagset-3.20-2.1.x86_64.rpm. Restarted MailScanner and it works fine. I found an x86_64 SLES rpm for perl-Convert-TNEF on the DVD also. One problem I still have is in perl-Storable. It fails to install with this error: t/weak................Weak references are not implemented in the version of perl at t/weak.t line 28 BEGIN failed--compilation aborted at t/weak.t line 33. dubious Test returned status 255 (wstat 65280, 0xff00) Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/weak.t 255 65280 ?? ?? ?? 2 tests skipped. Failed 1/32 test scripts. 0/2204 subtests failed. Files=32, Tests=2204, 2 wallclock secs ( 1.23 cusr + 0.27 csys = 1.50 CPU) Failed 1/32 test programs. 0/2204 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.99024 (%build) Gary Faith >>> Scott Silva 5/7/2009 3:21 PM >>> on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/2748039d/attachment.html From eli at orbsky.homelinux.org Thu May 7 21:29:07 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 21:29:32 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905072329.08117.eli@orbsky.homelinux.org> On Thursday 07 May 2009 22:31:27 Scott Silva wrote: > on 5-7-2009 12:58 AM Anthony Cartmell spake the following: > >> So. Again my question. How large is the Fedora + MS userbase. > > > > Probably not as large as it could be? > > > >> Is it worth to create a SIG within Fedora for the same? > > > > If MailScanner could be added to Fedora's repositories then I'm sure > > that a lot of people would be pleased. > > > > I think the main problem will be in finding manpower to keep up with the > > very-frequent MailScanner releases, updating and testing the Fedora > > packages each time. I suspect that using the MailScanner rpm tar files, > > with some fiddles if needed, is likely to be the easiest way to keep > > going unless we can get a lot of people to help. > > > >> Some people already said, that they are willing to help - I guess > >> you're not a Fedora packager yet? Do you have a RH bugzilla account? > > > > Nope, I'm mainly a web developer, with very limited knowledge of the > > details of packaging things. > > > >> Send me/us your +1 if you're interested in such a SIG, so we know (at > >> least a part of) the userbase. > > > > I might be interested, but have many other jobs to do. > > > > Anthony > If Fedora has all the needed modules in repo, then all you would really need > is a custom spec file with the proper requires in it. Yum install MailScanner > would then bring in the deps and then you need to edit a sane config. > > That really is the trick and there does seem to be some problems with a few perl modules. We would probably need to get one or more of the perl packagers on board to help sort out the issues. Really, there are 2 modules that will not compile and one that requires some interaction during the build process which I'm sure could be worked out with the right expertise. Please see my post: http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091510.html Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 21:43:16 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 21:43:07 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: > Just because an old distro is happy doesn't mean it is secure. Once you > are > EOL, you have to try and find and fix all the security holes yourself. > If a > system is locked down behind a firewall you might be OK, but if it is > internet > facing, you are just playing russian roulette. You just haven't hit the > loaded > chamber yet! I know. But by "happy" I did mean "un-hacked", which, given the constant script-kiddie attacks an internet server suffers, must say something about the security remaining. Cheers! Anthony -- www.fonant.com - Quality web sites From Kevin_Miller at ci.juneau.ak.us Thu May 7 21:44:47 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu May 7 21:45:08 2009 Subject: error: Failed dependencies In-Reply-To: <4A030AC30200002D0000650C@sparky.asdm.net> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A030AC30200002D0000650C@sparky.asdm.net> Message-ID: <4A09477D575C2C4B86497161427DD94C0D153E2AE0@city-exchange07> Same issue the other day. I added the tagset perl package in YaST and then it did fine. Before installing MailScanner, I add the following packages: sendmail, sendmail-devel, mysql, php5-mysql, gcc, zlib, zlib-devel, gmp, curl, python, python-devel, unzip, bzip2, bzip2-devel, apache2, apach2-modphp5, apach2-prefork, php5-session, bind (DNS), perl-libwww-perl, perl-Digest-HMAC, perl-net-DNS, perl-convert-tnef, php5-gd Note that the apache & php stuff is for MailWatch, not MailScanner. One of the packages in the list isn't on SLES, but was on earlier versions of openSUSE. May still be - just haven't installed MailScanner on a recent version of openSUSE. IIRC, it was bzip2-devel, but I don't remember for sure. Sometimes I'd have to check the "Provides" box in YAST as the perl module will be in a bundle with a different name. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: Thursday, May 07, 2009 12:22 PM To: mailscanner@lists.mailscanner.info Subject: Re: error: Failed dependencies Sorry to jump in the middle of this but I think it might be relevant. This morning, I just downloaded the Suse version of MailScaner 4.76.24-3 and I am sure that Perl 5.8.8 installed. I ran install.sh fast. When I attempted to start MailScanner, I got errors pertaining to perl-HTML-Tagset so I did another install.sh this time without using the fast. I monitored the output of the install process and verified that these errors were logged. Attempting to build and install perl-HTML-Tagset-3.03-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-HTML-Tagset-3.03-2.noarch Installing perl-HTML-Tagset-3.03-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-HTML-Tagset-3.03-2.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-TNEF-0.17-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-Convert-TNEF-0.17-2.noarch Installing perl-Convert-TNEF-0.17-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-Convert-TNEF-0.17-2.noarch.rpm. Maybe it did not build correctly? I downloaded from the SLES SP2 DVD and installed perl-HTML-Tagset-3.20-2.1.x86_64.rpm. Restarted MailScanner and it works fine. I found an x86_64 SLES rpm for perl-Convert-TNEF on the DVD also. One problem I still have is in perl-Storable. It fails to install with this error: t/weak................Weak references are not implemented in the version of perl at t/weak.t line 28 BEGIN failed--compilation aborted at t/weak.t line 33. dubious Test returned status 255 (wstat 65280, 0xff00) Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/weak.t 255 65280 ?? ?? ?? 2 tests skipped. Failed 1/32 test scripts. 0/2204 subtests failed. Files=32, Tests=2204, 2 wallclock secs ( 1.23 cusr + 0.27 csys = 1.50 CPU) Failed 1/32 test programs. 0/2204 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.99024 (%build) Gary Faith >>> Scott Silva 5/7/2009 3:21 PM >>> on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? From Carl.Andrews at crackerbarrel.com Thu May 7 22:29:33 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 7 22:29:46 2009 Subject: Interesting article - Image spam returns with a vengeance - Network World Message-ID: http://www.networkworld.com/news/2009/050609-image-spam-returns-with-a.html?nlhtsec=ts_050709&nladname=050709securityal From gafaith at asdm.net Fri May 8 00:12:52 2009 From: gafaith at asdm.net (Gary Faith) Date: Fri May 8 00:13:05 2009 Subject: MailScanner status shows Dead but it isn't Message-ID: <4A0332B40200002D00006522@sparky.asdm.net> After running into an issue upgrading to 4.76 on SLES 10 SP2 x86_64 and getting it figured out and working, I figured I would use check the MailScanner status. I know MailScanner is working because I can tail the mail log and see it processing but when I run rcMailScanner status, I get this (I added echo's, after I found it showing dead, in the init script). Checking for service MailScanner: Sendmail: running Sendmail Incoming: running Sendmail Outgoing: running MailScanner: dead If I run /usr/sbin/check_MailScanner, I get this: /etc/init.d # check_MailScanner MailScanner running with pid 3584 15152 15535 15870 15894 16020 -rw------- 1 root root 5 Apr 13 14:04 MailScanner.pid and mscan:/var/run # ps ax | grep MailScanner 3584 ? Ss 0:01 MailScanner: starting child 15152 ? S 0:20 MailScanner: waiting for messages 15535 ? S 0:16 MailScanner: waiting for messages 15870 ? S 0:17 MailScanner: waiting for messages 15894 ? S 0:16 MailScanner: waiting for messages 16020 ? S 0:18 MailScanner: waiting for messages So, why is rcMailScanner status showing MailScanner as dead ? Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/a0c888c6/attachment-0001.html From mrm at quantumcc.com Fri May 8 15:50:34 2009 From: mrm at quantumcc.com (Mike M) Date: Fri May 8 15:50:54 2009 Subject: Perl after 4.76 Message-ID: How can I get a list of all of the required Perl modules and also make sure all of them are installed and working *properly* after installing 4.76? -Mike From gmourani at prival.ca Fri May 8 16:00:41 2009 From: gmourani at prival.ca (Gerhard Mourani) Date: Fri May 8 16:01:14 2009 Subject: File extension ADX Message-ID: <1241794841.12788.15.camel@gmourani-laptop> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: email_logo Type: image/jpeg Size: 2072 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090508/f5e625bf/email_logo.jpe From david at gnsa.us Fri May 8 16:45:28 2009 From: david at gnsa.us (David Nalley) Date: Fri May 8 16:45:57 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: On Thu, May 7, 2009 at 3:30 AM, Oliver Falk wrote: > Hi! > > I'll fork off a new thread with an appropriate subject - so maybe more > people get involved. > > I've added people CC: who have replied to the last thread, so they don't get > lost. > > However. > > The original threads are here: > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html > > So. Again my question. How large is the Fedora + MS userbase. Is it worth to > create a SIG within Fedora for the same? > > Some people already said, that they are willing to help - I guess you're not > a Fedora packager yet? Do you have a RH bugzilla account? > > Send me/us your +1 if you're interested in such a SIG, so we know (at least > a part of) the userbase. > > If we reach the critical mass, then I'm going to undertake the action of > creating such a SIG within Fedora :-) > > -of > > PS: Everybody who wants to contribute (in packaging), please follow this: > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I figure we need to outline what work is needed to make this happen - and have setup a wiki page to identify those things: https://fedoraproject.org/wiki/MailScanner_in_Fedora Feel free to edit, change, add, etc. From naolson at gmail.com Sat May 9 10:57:51 2009 From: naolson at gmail.com (Nathan Olson) Date: Sat May 9 10:58:01 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Why in the world would you want to run a production service on a distribution used specifically for testing? CentOS - for those who can't afford the RHEL license. From nick at inticon.net.au Sat May 9 11:19:19 2009 From: nick at inticon.net.au (Nick Brown) Date: Sat May 9 11:19:33 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: <4A0558A7.4010009@inticon.net.au> Nathan Olson wrote: > Why in the world would you want to run a production service on a > distribution used specifically for testing? > CentOS - for those who can't afford the RHEL license. > This Post - for those who want to read pointless crap. Apparently. From ajcartmell at fonant.com Sat May 9 15:31:42 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Sat May 9 15:31:27 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: Nathan Olson wrote: > Why in the world would you want to run a production service on a > distribution used specifically for testing? Eh? Fedora is a production-ready distro (so long as you avoid the beta releases, of course!) and is designed and run as such. But there's no point in arguing about distros, we've done that and you aren't going to change any minds :) There are a lot of people using Fedora on servers, as I have from when it was called RedHat Linux. Even if you think we're all mad, I think it's a Good Idea to make it easy for them to make use of MailScanner: both to reduce spam and because they might buy Julian's book :) You also get to benefit because we make sure MailScanner works with recent Perl versions, on the OS that RHEL is based on. Cheers! Anthony -- www.fonant.com - Quality web sites From mark at msapiro.net Sat May 9 15:43:13 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat May 9 15:43:28 2009 Subject: Perl after 4.76 In-Reply-To: References: Message-ID: <20090509144313.GA1236@msapiro> On Fri, May 08, 2009 at 09:50:34AM -0500, Mike M wrote: > How can I get a list of all of the required Perl modules and also make > sure all of them are installed and working *properly* after installing > 4.76? MailScanner -v This won't directly answer the "working properly" issue, but if you are relying on an rpm based install using the install.sh script, modules that don't pass the tests in the rpm won't be installed. Also, the very beginning of the install.sh script has a list of Perl modules and versions. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From eli at orbsky.homelinux.org Sat May 9 18:19:46 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 9 18:20:14 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: <200905092019.47102.eli@orbsky.homelinux.org> Hear... Hear....; Eli On Saturday 09 May 2009 17:31:42 Anthony Cartmell wrote: > Nathan Olson wrote: > > Why in the world would you want to run a production service on a > > distribution used specifically for testing? > > Eh? Fedora is a production-ready distro (so long as you avoid the beta > releases, of course!) and is designed and run as such. But there's no > point in arguing about distros, we've done that and you aren't going to > change any minds :) > > There are a lot of people using Fedora on servers, as I have from when it > was called RedHat Linux. Even if you think we're all mad, I think it's a > Good Idea to make it easy for them to make use of MailScanner: both to > reduce spam and because they might buy Julian's book :) You also get to > benefit because we make sure MailScanner works with recent Perl versions, > on the OS that RHEL is based on. > > Cheers! > > Anthony > -- > www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Sat May 9 21:02:57 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 9 21:03:20 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905092302.57728.eli@orbsky.homelinux.org> On Friday 08 May 2009 18:45:28 David Nalley wrote: > > PS: Everybody who wants to contribute (in packaging), please follow this: > > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) I should find some time tommorrow to start woking on the documentation here. Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Sat May 9 21:30:01 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Sat May 9 21:30:09 2009 Subject: Mailwatch Message-ID: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is available somewhere? I noticed it's quite old and might not be usable with PHP5 and MySQL5? Thanks. From mikael at syska.dk Sat May 9 23:41:38 2009 From: mikael at syska.dk (Mikael Syska) Date: Sat May 9 23:41:47 2009 Subject: Mailwatch In-Reply-To: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: <6beca9db0905091541u6686b2bse506ea95b35c395d@mail.gmail.com> Hi, On Sat, May 9, 2009 at 10:30 PM, Lj?snet wrote: > Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > available somewhere? No, 1.0.4 is the latest ... but there are some working on releasing a 1.0.5 with all the contribs included. > > I noticed it's quite old and might not be usable with PHP5 and MySQL5? We are runing it with mysql 5 but php4 with no problems ... other than it can be slow sometimes cause our DB it quite big. > Thanks. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > mvh Mikael Syska From david at gnsa.us Sun May 10 02:44:34 2009 From: david at gnsa.us (David Nalley) Date: Sun May 10 02:45:03 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <200905092302.57728.eli@orbsky.homelinux.org> References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: > On Friday 08 May 2009 18:45:28 David Nalley wrote: >> > PS: Everybody who wants to contribute (in packaging), please follow this: >> > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > > I should find some time tommorrow to start woking on the documentation here. > > Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. > > Eli > I'll create a resource request for a mailing list with infra tonight. From david at gnsa.us Sun May 10 02:51:35 2009 From: david at gnsa.us (David Nalley) Date: Sun May 10 02:52:08 2009 Subject: Mailwatch In-Reply-To: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: > Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > available somewhere? There is a 2.0 pre-alpha release floating around somewhere - uses postgres instead of mysql. > > I noticed it's quite old and might not be usable with PHP5 and MySQL5? 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. From paul.hutchings at mira.co.uk Sun May 10 10:44:01 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 10 10:44:19 2009 Subject: "Problem Messages" - what's happening? Message-ID: Hmm OK seeing a few of the below in my Postmaster inbox. Doing a grep of the logs shows this: May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing message 8BE611FCC8.A5E8C May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat May 9 17:13:54 relay MailScanner[8261]: Making attempt 3 at processing message 8BE611FCC8.A5E8C May 9 17:13:55 relay MailScanner[8261]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8261/8BE611FCC8.A5E8C/winmail.dat May 9 17:17:01 relay MailScanner[8475]: Making attempt 4 at processing message 8BE611FCC8.A5E8C May 9 17:17:01 relay MailScanner[8475]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8475/8BE611FCC8.A5E8C/winmail.dat May 9 17:21:50 relay MailScanner[8653]: Making attempt 5 at processing message 8BE611FCC8.A5E8C May 9 17:21:50 relay MailScanner[8653]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8653/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:27 relay MailScanner[9274]: Making attempt 6 at processing message 8BE611FCC8.A5E8C May 9 17:27:27 relay MailScanner[9274]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9274/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message 8BE611FCC8.A5E8C as it has been attempted too many times May 9 17:27:30 relay MailScanner[9522]: Quarantined message 8BE611FCC8.A5E8C as it caused MailScanner to crash several times May 9 17:27:30 relay MailScanner[9522]: Saved entire message to /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C Using 4.76.24 on CentOS 5.3. Not sure where to begin on this one - basic background is we have MailScanner in production and have done for years and I've not seen this before, seems to only affect a single message out of the thousands in/out we deal with. Any help would be much appreciated. Cheers, Paul -- Paul Hutchings -----Original Message----- From: MailScanner [mailto:postmaster@domain] Sent: 10 May 2009 10:02 To: Postmaster Subject: Problem Messages Archive: Number of messages: 2 Tries Message Last Tried ===== ======= ========== 6 8BE611FCC8.A5E8C Sat May 9 17:31:57 2009 6 9651A1FCCB.A556B Sat May 9 17:25:57 2009 -- MailScanner -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From nick at inticon.net.au Sun May 10 11:17:41 2009 From: nick at inticon.net.au (Nick Brown) Date: Sun May 10 11:17:57 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: <4A06A9C5.2010901@inticon.net.au> Paul Hutchings wrote: > Hmm OK seeing a few of the below in my Postmaster inbox. > Odd. Have not had a chance to look into it as yet but we started seeing these ~12 hours ago for the first time also. Nick. From mikael at syska.dk Sun May 10 13:18:53 2009 From: mikael at syska.dk (Mikael Syska) Date: Sun May 10 13:19:09 2009 Subject: Mailwatch In-Reply-To: References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >> available somewhere? > > There is a 2.0 pre-alpha release floating around somewhere - uses > postgres instead of mysql. As I understand it ... 2.0 wont be free ... you have to buy it. The Alpha version is buggy and I would not use it for any production servers. >> >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? > > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mark at msapiro.net Sun May 10 15:46:00 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 10 15:46:14 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: <20090510144600.GA4040@msapiro> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: > Hmm OK seeing a few of the below in my Postmaster inbox. > > Doing a grep of the logs shows this: > > May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: > message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> > May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing > message 8BE611FCC8.A5E8C > May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat [...] > May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message > 8BE611FCC8.A5E8C as it has been attempted too many times > May 9 17:27:30 relay MailScanner[9522]: Quarantined message > 8BE611FCC8.A5E8C as it caused MailScanner to crash several times > May 9 17:27:30 relay MailScanner[9522]: Saved entire message to > /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C I suspect the problem is the TNEF decoder is timing out trying to decode the TNEF (winmail.dat) part of the message. The part is likely corrupt. You could verify this by retrieving the message from the quarantine, saving the winmail.dat attachment and then trying to expand it with /usr/bin/tnef which is the default decoder. Also see . -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.hutchings at mira.co.uk Sun May 10 17:19:29 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 10 17:19:56 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: OK well having looked at them they're junk anyway so I deleted them from the quarantine folder yet I'm still being emailed telling me about "Problem Messages" that were last tried yesterday - how do I stop the nagging emails please? -- Paul Hutchings -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 10 May 2009 10:44 To: MailScanner discussion Subject: "Problem Messages" - what's happening? Hmm OK seeing a few of the below in my Postmaster inbox. Doing a grep of the logs shows this: May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing message 8BE611FCC8.A5E8C May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat May 9 17:13:54 relay MailScanner[8261]: Making attempt 3 at processing message 8BE611FCC8.A5E8C May 9 17:13:55 relay MailScanner[8261]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8261/8BE611FCC8.A5E8C/winmail.dat May 9 17:17:01 relay MailScanner[8475]: Making attempt 4 at processing message 8BE611FCC8.A5E8C May 9 17:17:01 relay MailScanner[8475]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8475/8BE611FCC8.A5E8C/winmail.dat May 9 17:21:50 relay MailScanner[8653]: Making attempt 5 at processing message 8BE611FCC8.A5E8C May 9 17:21:50 relay MailScanner[8653]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8653/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:27 relay MailScanner[9274]: Making attempt 6 at processing message 8BE611FCC8.A5E8C May 9 17:27:27 relay MailScanner[9274]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9274/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message 8BE611FCC8.A5E8C as it has been attempted too many times May 9 17:27:30 relay MailScanner[9522]: Quarantined message 8BE611FCC8.A5E8C as it caused MailScanner to crash several times May 9 17:27:30 relay MailScanner[9522]: Saved entire message to /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C Using 4.76.24 on CentOS 5.3. Not sure where to begin on this one - basic background is we have MailScanner in production and have done for years and I've not seen this before, seems to only affect a single message out of the thousands in/out we deal with. Any help would be much appreciated. Cheers, Paul -- Paul Hutchings -----Original Message----- From: MailScanner [mailto:postmaster@domain] Sent: 10 May 2009 10:02 To: Postmaster Subject: Problem Messages Archive: Number of messages: 2 Tries Message Last Tried ===== ======= ========== 6 8BE611FCC8.A5E8C Sat May 9 17:31:57 2009 6 9651A1FCCB.A556B Sat May 9 17:25:57 2009 -- MailScanner -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From alex at skynet-srl.com Sun May 10 17:32:35 2009 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Sun May 10 17:35:46 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <200905101100.n4AB02lf017410@safir.blacknight.ie> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> Message-ID: <4A0701A3.2040608@skynet-srl.com> > Nathan Olson wrote: >> Why in the world would you want to run a production service on a >> distribution used specifically for testing? > > Eh? Fedora is a production-ready distro (so long as you avoid the beta > releases, of course!) and is designed and run as such. But there's no > point in arguing about distros, we've done that and you aren't going > to change any minds :) > > There are a lot of people using Fedora on servers, as I have from when > it was called RedHat Linux. Even if you think we're all mad, I think > it's a Good Idea to make it easy for them to make use of MailScanner: > both to reduce spam and because they might buy Julian's book :) You > also get to benefit because we make sure MailScanner works with recent > Perl versions, on the OS that RHEL is based on. > > Cheers! > > Anthony I've been using Fedora since it was Red Hat 9 I've been running run more than 10 mailservers using postfix+mysql+MailScanner+mailwatch in a clustered environment, and I never had any kind of problem MailScanner has always worked very fine and installed OK until the latest relase, when it seems to remove pieces it needs. I'm pretty sure that Fedora is a VERY important platform, and Jules will, as usual, support it. Than you Jules for all your efforts Alessandrfo Bianchi From alex at skynet-srl.com Sun May 10 17:37:42 2009 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Sun May 10 17:40:56 2009 Subject: Tiny image only spam [OT] In-Reply-To: <200905101100.n4AB02lf017410@safir.blacknight.ie> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> Message-ID: <4A0702D6.8060202@skynet-srl.com> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- *SkyNet SRL* P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com . ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/8908d3a6/attachment.html From eli at orbsky.homelinux.org Sun May 10 20:57:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sun May 10 20:58:25 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0702D6.8060202@skynet-srl.com> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> Message-ID: <200905102257.39999.eli@orbsky.homelinux.org> On Sunday 10 May 2009 19:37:42 Alessandro Bianchi wrote: > In the last days I'm getting a lot of image only spam. > > It contains no links and no text at all > > The size of the image is different every time, and it advertizes > pharmacy inviting users to visit funny sites with always different names > like www.8654.org and similar. > > I've palayed around spamassassin rules with some luck (somettimes I > catch sometimes I don't). > > Has anyone else seen something similar? > > Any ideas about how to stop it? > Unless somebody know how to block mail based on subject lines in Mailscanner, the only thing that I can suggest is to install a milter like milter-regex and start creating simple filters based on the subject. Hopefully your distro will have milter-regex available however if not it can be found at: http://www.benzedrine.cx/milter-regex.html Cheers. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Sun May 10 22:09:46 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun May 10 22:33:27 2009 Subject: Additional header info turned of in 4-77-1-2 Message-ID: <20090510210945.GB13040@doctor.nl2k.ab.ca> How do you turn it back on? From gafaith at asdm.net Mon May 11 04:21:05 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 11 04:21:21 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0702D6.8060202@skynet-srl.com> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> Message-ID: <4A0761610200002D0000656E@sparky.asdm.net> I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com. ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/2ba8d36b/attachment.html From gafaith at asdm.net Mon May 11 04:21:54 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 11 04:22:05 2009 Subject: MailScanner status shows Dead but it isn't In-Reply-To: <4A0332B40200002D00006522@sparky.asdm.net> References: <4A0332B40200002D00006522@sparky.asdm.net> Message-ID: <4A0761920200002D00006573@sparky.asdm.net> Anyone ? >>> "Gary Faith" 5/7/2009 7:12 PM >>> After running into an issue upgrading to 4.76 on SLES 10 SP2 x86_64 and getting it figured out and working, I figured I would use check the MailScanner status. I know MailScanner is working because I can tail the mail log and see it processing but when I run rcMailScanner status, I get this (I added echo's, after I found it showing dead, in the init script). Checking for service MailScanner: Sendmail: running Sendmail Incoming: running Sendmail Outgoing: running MailScanner: dead If I run /usr/sbin/check_MailScanner, I get this: /etc/init.d # check_MailScanner MailScanner running with pid 3584 15152 15535 15870 15894 16020 -rw------- 1 root root 5 Apr 13 14:04 MailScanner.pid and mscan:/var/run # ps ax | grep MailScanner 3584 ? Ss 0:01 MailScanner: starting child 15152 ? S 0:20 MailScanner: waiting for messages 15535 ? S 0:16 MailScanner: waiting for messages 15870 ? S 0:17 MailScanner: waiting for messages 15894 ? S 0:16 MailScanner: waiting for messages 16020 ? S 0:18 MailScanner: waiting for messages So, why is rcMailScanner status showing MailScanner as dead ? Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/8cb72c4b/attachment.html From J.Ede at birchenallhowden.co.uk Mon May 11 07:54:37 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon May 11 07:55:05 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0761610200002D0000656E@sparky.asdm.net> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> <4A0761610200002D0000656E@sparky.asdm.net> Message-ID: <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> Fuzzy OCR does the job, but bear in mind there is a significant overhead with using it. We stopped using it as it was significantly increasing the load on our servers and other measures were working better. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: 11 May 2009 04:21 To: mailscanner@lists.mailscanner.info Subject: Re: Tiny image only spam [OT] I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com. ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/2b064358/attachment.html From Robert.Meurlin at se.fujitsu.com Mon May 11 08:31:21 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon May 11 08:32:32 2009 Subject: SV: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: Sorry dubble post =) I haven't solve it but has made a way trough it by just have sendmail running on it and forward it (smarthost) to a new mailgw that have mailscanner-4.76.24-3. Thanks for the tip will look at it.. Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Meurlin Robert Skickat: den 7 maj 2009 12:41 Till: MailScanner discussion ?mne: RE: error: Failed dependencies I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Mon May 11 09:44:27 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 09:44:53 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: <20090510144600.GA4040@msapiro> References: <20090510144600.GA4040@msapiro> Message-ID: On Sun, 10 May 2009, Mark Sapiro wrote: > On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >> Hmm OK seeing a few of the below in my Postmaster inbox. >> >> Doing a grep of the logs shows this: >> >> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >> message 8BE611FCC8.A5E8C >> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat > [...] >> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >> 8BE611FCC8.A5E8C as it has been attempted too many times >> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C > > > I suspect the problem is the TNEF decoder is timing out trying to > decode the TNEF (winmail.dat) part of the message. The part is likely > corrupt. > > You could verify this by retrieving the message from the quarantine, > saving the winmail.dat attachment and then trying to expand it with > /usr/bin/tnef which is the default decoder. To confirm the problem and possible workaround: I, too, have just started seeing a tiny number of such instances. It recurred even of quiet machines. But I don't think it is the timeout (at least, nor directly). In my "MailScanner.conf" we have historically had: TNEF Expander = internal Quick fix: When I switched this to use the "/usr/bin/tnef" version, the emails (rescued from quarantine and replaced into the MS inbound queue) seemed to go through OK. I got the correct setting from a ".rpmnew" file which seems to be: TNEF Expander = /usr/bin/tnef --maxsize=100000000 A little deeper: When I ran them through MS in debug mode (with TNEF setting "internal") I got: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 2 messages. Can't call method "path" on an undefined value at /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. Not the "Can't call ..." line. The MS run took less than four seconds. I had initially suspected TNEF timeout, but it seems to be something different, related to the "internal" setting of "TNEF Expander". That 'Can't call method "path"...' doesn't appear in the "maillog" file (which, in retrospect, is a pity, because that would have been a more obvious clue to follow). Anyway: summary: 1. Problem seems to coincide with "TNEF Expander = internal". For end-users, using "/usr/bin/tnef ..." seems to be a workaround for the moment. 2. For those who sometimes look a little deeper in the "why", MS in '-debug' mode seems to indicate a perl coding error which doesn't get shown in the 'maillog' file. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From prandal at herefordshire.gov.uk Mon May 11 10:00:28 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 11 10:00:55 2009 Subject: Tiny image only spam [OT] In-Reply-To: <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> References: <200905101100.n4AB02lf017410@safir.blacknight.ie><4A0702D6.8060202@skynet-srl.com><4A0761610200002D0000656E@sparky.asdm.net> <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA06B91B89@HC-MBX02.herefordshire.gov.uk> These rules were posted to the spamassassin-users mailing list by John Hardin a few days ago header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i meta MIME_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __ANY_IMAGE_ATTACH && !__ANY_TEXT_ATTACH) score MIME_IMAGE_ONLY 2.00 describe MIME_IMAGE_ONLY Image body part but no text body parts Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 11 May 2009 07:55 To: MailScanner discussion Subject: RE: Tiny image only spam [OT] Fuzzy OCR does the job, but bear in mind there is a significant overhead with using it. We stopped using it as it was significantly increasing the load on our servers and other measures were working better. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: 11 May 2009 04:21 To: mailscanner@lists.mailscanner.info Subject: Re: Tiny image only spam [OT] I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com . ( Rif. D.L. 196/200 ) From Robert.Meurlin at se.fujitsu.com Mon May 11 10:05:10 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon May 11 10:16:07 2009 Subject: SV: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A02F41F.8050802@ecs.soton.ac.uk> Message-ID: Hi Julian, I was wondering if you have any script to clean/delete the mailq from a specific email address? Have got 4000 email from a system that had some problems over the weekend and all mail from that is in the que. Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 7 maj 2009 16:46 Till: MailScanner discussion ?mne: Re: error: Failed dependencies It doesn't think you've got perl installed at all! :-( On 07/05/2009 3:04 PM, Meurlin Robert wrote: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl>= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > > Rob > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: den 6 maj 2009 19:45 > To: MailScanner discussion > Subject: Re: error: Failed dependencies > > On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert > wrote: > >> error: Failed dependencies: >> >> perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 >> >> >> >> But I have installed >> http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz >> so i dont now why I get this error? >> > > It looks for a package, you used CPAN. You shouldn't mix the two. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 11 10:28:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 10:29:17 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: On 11/05/2009 09:44, David Lee wrote: > On Sun, 10 May 2009, Mark Sapiro wrote: > >> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>> Hmm OK seeing a few of the below in my Postmaster inbox. >>> >>> Doing a grep of the logs shows this: >>> >>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >>> message 8BE611FCC8.A5E8C >>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >> [...] >>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>> 8BE611FCC8.A5E8C as it has been attempted too many times >>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >> >> >> I suspect the problem is the TNEF decoder is timing out trying to >> decode the TNEF (winmail.dat) part of the message. The part is likely >> corrupt. >> >> You could verify this by retrieving the message from the quarantine, >> saving the winmail.dat attachment and then trying to expand it with >> /usr/bin/tnef which is the default decoder. > > To confirm the problem and possible workaround: I, too, have just > started seeing a tiny number of such instances. It recurred even of > quiet machines. But I don't think it is the timeout (at least, nor > directly). > > In my "MailScanner.conf" we have historically had: > TNEF Expander = internal > > Quick fix: When I switched this to use the "/usr/bin/tnef" version, > the emails (rescued from quarantine and replaced into the MS inbound > queue) seemed to go through OK. I got the correct setting from a > ".rpmnew" file which seems to be: > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > A little deeper: When I ran them through MS in debug mode (with TNEF > setting "internal") I got: > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 2 messages. > Can't call method "path" on an undefined value at > /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. > > Not the "Can't call ..." line. > > The MS run took less than four seconds. I had initially suspected > TNEF timeout, but it seems to be something different, related to the > "internal" setting of "TNEF Expander". > > That 'Can't call method "path"...' doesn't appear in the "maillog" > file (which, in retrospect, is a pity, because that would have been a > more obvious clue to follow). > > Anyway: summary: > > 1. Problem seems to coincide with "TNEF Expander = internal". For > end-users, using "/usr/bin/tnef ..." seems to be a workaround for the > moment. > > 2. For those who sometimes look a little deeper in the "why", MS in > '-debug' mode seems to indicate a perl coding error which doesn't get > shown in the 'maillog' file. > > Hope that helps. > Please can you send me a copy of the message that triggered the fault? Zip up the raw queue file and mail it to me at mailscanner@ecs.soton.ac.uk please. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Mon May 11 10:35:40 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 10:35:54 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: <910ee2ac0905110235q115ff9b6p64e2239f577fea8e@mail.gmail.com> I managed to get it up and running on my FreeBSD box. I however could not get the Blacklist/Whitelist feature to work, no matter that I tried to blacklist it still went though. On Sun, May 10, 2009 at 12:18 PM, Mikael Syska wrote: > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >>> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >>> available somewhere? >> >> There is a 2.0 pre-alpha release floating around somewhere - uses >> postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. > >>> >>> I noticed it's quite old and might not be usable with PHP5 and MySQL5? >> >> 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From paul.hutchings at mira.co.uk Mon May 11 11:13:53 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon May 11 11:14:08 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: Thanks, I think that's gone to you now - I'm still receiving the "Problem Messages" reminder/summary despite having deleted them - how do I stop this? -- Paul Hutchings -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 11 May 2009 10:29 To: MailScanner discussion Subject: Re: "Problem Messages" - what's happening? On 11/05/2009 09:44, David Lee wrote: > On Sun, 10 May 2009, Mark Sapiro wrote: > >> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>> Hmm OK seeing a few of the below in my Postmaster inbox. >>> >>> Doing a grep of the logs shows this: >>> >>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >>> message 8BE611FCC8.A5E8C >>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >> [...] >>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>> 8BE611FCC8.A5E8C as it has been attempted too many times >>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >> >> >> I suspect the problem is the TNEF decoder is timing out trying to >> decode the TNEF (winmail.dat) part of the message. The part is likely >> corrupt. >> >> You could verify this by retrieving the message from the quarantine, >> saving the winmail.dat attachment and then trying to expand it with >> /usr/bin/tnef which is the default decoder. > > To confirm the problem and possible workaround: I, too, have just > started seeing a tiny number of such instances. It recurred even of > quiet machines. But I don't think it is the timeout (at least, nor > directly). > > In my "MailScanner.conf" we have historically had: > TNEF Expander = internal > > Quick fix: When I switched this to use the "/usr/bin/tnef" version, > the emails (rescued from quarantine and replaced into the MS inbound > queue) seemed to go through OK. I got the correct setting from a > ".rpmnew" file which seems to be: > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > A little deeper: When I ran them through MS in debug mode (with TNEF > setting "internal") I got: > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 2 messages. > Can't call method "path" on an undefined value at > /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. > > Not the "Can't call ..." line. > > The MS run took less than four seconds. I had initially suspected > TNEF timeout, but it seems to be something different, related to the > "internal" setting of "TNEF Expander". > > That 'Can't call method "path"...' doesn't appear in the "maillog" > file (which, in retrospect, is a pity, because that would have been a > more obvious clue to follow). > > Anyway: summary: > > 1. Problem seems to coincide with "TNEF Expander = internal". For > end-users, using "/usr/bin/tnef ..." seems to be a workaround for the > moment. > > 2. For those who sometimes look a little deeper in the "why", MS in > '-debug' mode seems to indicate a perl coding error which doesn't get > shown in the 'maillog' file. > > Hope that helps. > Please can you send me a copy of the message that triggered the fault? Zip up the raw queue file and mail it to me at mailscanner@ecs.soton.ac.uk please. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From t.d.lee at durham.ac.uk Mon May 11 12:09:07 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 12:09:32 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: On Mon, 11 May 2009, Paul Hutchings wrote: > Thanks, I think that's gone to you now - I'm still receiving the > "Problem Messages" reminder/summary despite having deleted them - how do > I stop this? Paul: 1. If you do have a couple of samples that you could send direct to Julian (not to the list) as he describes, that would be useful. I don't now have any to hand. (I'm re-setting things in the hopes of catching a few more.) 2. For the continued notifications you probably need to try something like the following: Stop MailScanner; Check all MS processes have stopped; Rename or remove the "Processing Attempts Database"; Start MailScanner. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From maxsec at gmail.com Mon May 11 12:36:32 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon May 11 12:36:41 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> Just like 1.x there will be a commercial version of MailWatch (defender MX from fsl.com). Steve has no plans to pull the open-source/free mailwatch from what I know of... 2009/5/10 Mikael Syska > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: > > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: > >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > >> available somewhere? > > > > There is a 2.0 pre-alpha release floating around somewhere - uses > > postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. > > >> > >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? > > > > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily > used. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/5c296114/attachment.html From john at tradoc.fr Mon May 11 14:57:04 2009 From: john at tradoc.fr (John Wilcock) Date: Mon May 11 14:57:19 2009 Subject: SPF Scoring In-Reply-To: References: Message-ID: <4A082EB0.7090203@tradoc.fr> Le 11/05/2009 14:22, Robert Dunkley a ?crit : > I might be misunderstanding what needs to be done to enable SPF but I > would like domains failing SPF check for disallow and discourage to get > scores of 10 and 6 respectively but I can't seem to get any SPF scoring > to work. I added the following to /etc/mail/spamassassin/mailscanner.cf: > > #SPF Fail Check > score SPF_FAIL 10.0 > score SPF_SOFTFAIL 6.0 > > > MailScanner -v shows these versions: > 3.002005 Mail::SpamAssassin > v2.005 Mail::SPF > 1.999001 Mail::SPF::Query > > Any ideas on why this might not be working? Have you uncommented the loadplugin Mail::SpamAssassin::Plugin::SPF line in init.pre (or another .pre file)? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From Andrew.Chester at ukuvuma.co.za Mon May 11 15:19:00 2009 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Mon May 11 15:19:13 2009 Subject: Andrew Chester is out of the office. Message-ID: I will be out of the office starting 2009/05/07 and will not return until 2009/05/13. I will respond to your message when I return. In case of emergency, please contact Ryan Bell on 0733182598, or Dawid Van Heerden on 0827707919. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From t.d.lee at durham.ac.uk Mon May 11 15:39:24 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 15:39:50 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On Thu, 7 May 2009, David Lee wrote: > [...] > For instance, we are a "Send Notices = no" site for viruses. But for other > sorts of functionality, such as this new msg-db, we would like to be a "Send > Notices = yes" site. And other sites might want other variants, such as > "yes" in both cases but with different recipients. And then in a few months > time, MS might get an additional new class of functionality (just as msg-db > is new now) with other possible variants. > > Hence my idle wondering about something ruleset-like. (I was trying to avoid > suggesting yet more options directly in MS.conf!) > [...] Can the existing settings: Send Notices = ... Notices To = ... with their ruleset possibilities achieve the differential sending (or not sending) of class-based (e.g. "virus", "msg-db", ...) notifications to different recipients? It would end up with something (logically at least) like: Send Notices = yes Notices To = rules/notices.to.rules [notices.to.rules] viruses nobody@black.hole msg-db email-admin@my.site or (the equivalent): Send Notices = rules/send.notices.rules Notices To = rules/notices.to.rules [send.notices.rules] viruses no * yes [notices.to.rules] msg-db email-admin@my.site or some other specification and/or implementation to similar effect. Such a scheme would be extensible to other classes (analogous to "virus" class (long-established) and "msg-db" class (new at 4.76)) that come along later. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From painethom at gmail.com Mon May 11 16:22:55 2009 From: painethom at gmail.com (Thom Paine) Date: Mon May 11 16:23:03 2009 Subject: Spam Reduction on a New Server Message-ID: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> I just deplyed a new CentOS 5.3 server that run mail where I work. Spam had been steadily increasing over the past few weeks and it was due for new hardware anyways so I have the conversion all done. I installed the latest mailscanner and the sa and the clamd files and things are working well. I haven't installed any rbl's as some of my older ones fomr the old server are likely outdated. Does anyone have a list of a couple that are working well? I'm still getting some spam thru and likely need to tune things a bit. My old server I was using milters a bit. Any recommendations I should implement? I don't want to make alot of changes all at once, but one at a time until I have it working really well. Thanks. -- -=/>Thom From ljosnet at gmail.com Mon May 11 16:27:55 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 16:28:04 2009 Subject: Mailwatch In-Reply-To: <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> Message-ID: <910ee2ac0905110827k187adfdwf4e8d01c8cd1fcc4@mail.gmail.com> Does anyone know how I can make the status work in Mailwatch/FreeBSD? Currently this is my status although everything is running. I'm guessing it's a matter of editing file(s) but I cant find the correct ones. MailScanner: NO 0 proc(s) Sendmail: NO 0 proc(s) Inbound: 0 Outbound: 0 On Mon, May 11, 2009 at 11:36 AM, Martin Hepworth wrote: > Just like 1.x there will be a commercial version of MailWatch (defender MX > from fsl.com). Steve has no plans to pull the open-source/free mailwatch > from what I know of... > > 2009/5/10 Mikael Syska >> >> On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >> >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >> >> available somewhere? >> > >> > There is a 2.0 pre-alpha release floating around somewhere - uses >> > postgres instead of mysql. >> >> As I understand it ... 2.0 wont be free ... you have to buy it. The >> Alpha version is buggy and I would not use it for any production >> servers. >> >> >> >> >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? >> > >> > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily >> > used. >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ljosnet at gmail.com Mon May 11 16:29:51 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 16:30:00 2009 Subject: Spam Reduction on a New Server In-Reply-To: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> References: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> Message-ID: <910ee2ac0905110829o5d8aae5etb94ec2331fe96bf8@mail.gmail.com> zen.spamhaus.org On Mon, May 11, 2009 at 3:22 PM, Thom Paine wrote: > I just deplyed a new CentOS 5.3 server that run mail where I work. > Spam had been steadily increasing over the past few weeks and it was > due for new hardware anyways so I have the conversion all done. > > I installed the latest mailscanner and the sa and the clamd files and > things are working well. > > I haven't installed any rbl's as some of my older ones fomr the old > server are likely outdated. > > Does anyone have a list of a couple that are working well? I'm still > getting some spam thru and likely need to tune things a bit. My old > server I was using milters a bit. > > Any recommendations I should implement? I don't want to make alot of > changes all at once, but one at a time until I have it working really > well. > > Thanks. > -- > -=/>Thom > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From david at gnsa.us Mon May 11 17:03:16 2009 From: david at gnsa.us (David Nalley) Date: Mon May 11 17:03:45 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: On Sun, May 10, 2009 at 8:18 AM, Mikael Syska wrote: > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >>> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >>> available somewhere? >> >> There is a 2.0 pre-alpha release floating around somewhere - uses >> postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. Yes this is my understanding as well. IIRC Steve's reasoning was that there wasn't much community involvement with development of v1. I also see this changing and the community rolling together a 1.0.5 version. Perhaps if significant effort was leveraged to push bugfixes back upstream to Steve this would change. From MailScanner at ecs.soton.ac.uk Mon May 11 18:26:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 18:27:09 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> <4A085FD7.7080202@ecs.soton.ac.uk> Message-ID: I have just published 4.77.2 which will solve this problem. It does more error checking. On 11/05/2009 10:28, Julian Field wrote: > > > On 11/05/2009 09:44, David Lee wrote: >> On Sun, 10 May 2009, Mark Sapiro wrote: >> >>> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>>> Hmm OK seeing a few of the below in my Postmaster inbox. >>>> >>>> Doing a grep of the logs shows this: >>>> >>>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at >>>> processing >>>> message 8BE611FCC8.A5E8C >>>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >>> [...] >>>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>>> 8BE611FCC8.A5E8C as it has been attempted too many times >>>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >>> >>> >>> I suspect the problem is the TNEF decoder is timing out trying to >>> decode the TNEF (winmail.dat) part of the message. The part is likely >>> corrupt. >>> >>> You could verify this by retrieving the message from the quarantine, >>> saving the winmail.dat attachment and then trying to expand it with >>> /usr/bin/tnef which is the default decoder. >> >> To confirm the problem and possible workaround: I, too, have just >> started seeing a tiny number of such instances. It recurred even of >> quiet machines. But I don't think it is the timeout (at least, nor >> directly). >> >> In my "MailScanner.conf" we have historically had: >> TNEF Expander = internal >> >> Quick fix: When I switched this to use the "/usr/bin/tnef" version, >> the emails (rescued from quarantine and replaced into the MS inbound >> queue) seemed to go through OK. I got the correct setting from a >> ".rpmnew" file which seems to be: >> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >> >> >> A little deeper: When I ran them through MS in debug mode (with TNEF >> setting "internal") I got: >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Have a batch of 2 messages. >> Can't call method "path" on an undefined value at >> /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. >> >> Not the "Can't call ..." line. >> >> The MS run took less than four seconds. I had initially suspected >> TNEF timeout, but it seems to be something different, related to the >> "internal" setting of "TNEF Expander". >> >> That 'Can't call method "path"...' doesn't appear in the "maillog" >> file (which, in retrospect, is a pity, because that would have been a >> more obvious clue to follow). >> >> Anyway: summary: >> >> 1. Problem seems to coincide with "TNEF Expander = internal". For >> end-users, using "/usr/bin/tnef ..." seems to be a workaround for the >> moment. >> >> 2. For those who sometimes look a little deeper in the "why", MS in >> '-debug' mode seems to indicate a perl coding error which doesn't get >> shown in the 'maillog' file. >> >> Hope that helps. >> > Please can you send me a copy of the message that triggered the fault? > Zip up the raw queue file and mail it to me at > mailscanner@ecs.soton.ac.uk please. > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at medicine.wisc.edu Mon May 11 18:44:14 2009 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon May 11 18:44:34 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> > Julian Field wrote: > >>> >> I'll need to take a look at this, and try a 0-byte attachment and see >> what happens. >> To disable the tests, set >> Maximum Attachment Size = -1 >> Minimum Attachment Size = -1 >> >> Please read the docs carefully and ensure you are setting the values >> appropriately. >> What is the precise case that you think it is handling incorrectly? >> >> Jules >> > > I don't think testing it with a 0 byte attachment will help much, > because a 0 byte attachment *should* get blocked when the min size is > set to 1. The problem I'm having on 3 separate servers since upgrading > to 4.76 is that it's blocking on the attachment rule even when there is > no attachment. I'm not exactly sure how to proceed because one part of > the error message says the attachment is too large, and another part > says it's too small. Regardless there is no attachment so those errors > are just unintentional red herrings. I have looked at numerous messages > in the quarantine and cannot find anything that gives away why it thinks > they have attachments to begin with. > > Like I said, I have been using MS for a number of years, have done > numerous upgrades, have had the min attachment size setting at the > default of 1 byte since it was available and have never had a problem > before upgrading to 4.76. I just upgraded another server last night > and made sure it wasn't having this problem before the upgrade, and as > soon as I started MS after the upgrade it started having the same > problem. I can provide more from the quarantine at pastbin.com if the > original data I posted is not enough. > > Oh, and again: MailScanner --lint says no errors. > > > Latest Update: This problem really seems to me like a bug in 4.76.24-3. I can reproduce this attachement size problem on every 4.76.24-3 system I can get my hands on with a specific df/qf file combo that has NO attachment associated with it. I've tried 3 more completely different systems with very different configs and it always fails. If I stick this same df/qf file pair into the mqueue.in on any 4.74 or 4.75 system, it processes them correctly. I have posted a culprit df file at: http://pastebin.com/m216927c Even after trying to sanitize the user's real info, this very file will still cause an attachment size error. If you look at the file, you can see that there is nothing in it telling the system that there is an attachment associated with the email, yet mailscanner still trips on it saying that the attachment size is both too big and too small. The problem seems to be related to whitespace in the original file, because if I paste the text from that very pastebin back into a new df file, and then send it through mqueue.in, it will process correctly. If you would like me to send an actual problematic df/qf file pair so you can reproduce this yourself, I would be more then willing to do so. Mike From MailScanner at ecs.soton.ac.uk Mon May 11 19:15:31 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 19:15:53 2009 Subject: Too Large or Too small or neither????? In-Reply-To: <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086B43.6050403@ecs.soton.ac.uk> Message-ID: On 11/05/2009 18:44, Michael Masse wrote: >> Julian Field wrote: >> >> >>>> >>> I'll need to take a look at this, and try a 0-byte attachment and see >>> what happens. >>> To disable the tests, set >>> Maximum Attachment Size = -1 >>> Minimum Attachment Size = -1 >>> >>> Please read the docs carefully and ensure you are setting the values >>> appropriately. >>> What is the precise case that you think it is handling incorrectly? >>> >>> Jules >>> >>> >> I don't think testing it with a 0 byte attachment will help much, >> because a 0 byte attachment *should* get blocked when the min size is >> set to 1. The problem I'm having on 3 separate servers since upgrading >> to 4.76 is that it's blocking on the attachment rule even when there is >> no attachment. I'm not exactly sure how to proceed because one part of >> the error message says the attachment is too large, and another part >> says it's too small. Regardless there is no attachment so those errors >> are just unintentional red herrings. I have looked at numerous messages >> in the quarantine and cannot find anything that gives away why it thinks >> they have attachments to begin with. >> >> Like I said, I have been using MS for a number of years, have done >> numerous upgrades, have had the min attachment size setting at the >> default of 1 byte since it was available and have never had a problem >> before upgrading to 4.76. I just upgraded another server last night >> and made sure it wasn't having this problem before the upgrade, and as >> soon as I started MS after the upgrade it started having the same >> problem. I can provide more from the quarantine at pastbin.com if the >> original data I posted is not enough. >> >> Oh, and again: MailScanner --lint says no errors. >> >> >> >> > Latest Update: > > This problem really seems to me like a bug in 4.76.24-3. I can reproduce this attachement size problem on every 4.76.24-3 system I can get my hands on with a specific df/qf file combo that has NO attachment associated with it. I've tried 3 more completely different systems with very different configs and it always fails. If I stick this same df/qf file pair into the mqueue.in on any 4.74 or 4.75 system, it processes them correctly. > > I have posted a culprit df file at: > http://pastebin.com/m216927c > > Even after trying to sanitize the user's real info, this very file will still cause an attachment size error. If you look at the file, you can see that there is nothing in it telling the system that there is an attachment associated with the email, yet mailscanner still trips on it saying that the attachment size is both too big and too small. > > The problem seems to be related to whitespace in the original file, because if I paste the text from that very pastebin back into a new df file, and then send it through mqueue.in, it will process correctly. > > If you would like me to send an actual problematic df/qf file pair so you can reproduce this yourself, I would be more then willing to do so. Please zip up a qf+df pair and mail it to me off-list at mailscanner@ecs.soton.ac.uk. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Mon May 11 19:20:27 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 19:20:47 2009 Subject: MailScanner 4.77.1-2 Child silently dies Message-ID: I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in the child process silently dying on every message, even simple text/plain messages. The child starts a batch May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 messages, 2984 bytes and the next MailScanner log message is a new child starting May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus Scanner version 4.77.1 starting... Eventually, on restart we see for example May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at processing message 1FFC16900C6.A2B03 and on the next restart May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message 1FFC16900C6.A2B03 as it has been attempted too many times May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message 1FFC16900C6.A2B03 as it caused MailScanner to crash several times May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 MTA is Postfix. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Denis.Beauchemin at USherbrooke.ca Mon May 11 19:43:20 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 11 19:43:37 2009 Subject: File extension ADX In-Reply-To: <1241794841.12788.15.camel@gmourani-laptop> References: <1241794841.12788.15.camel@gmourani-laptop> Message-ID: <4A0871C8.7050503@USherbrooke.ca> Gerhard Mourani a ?crit : > Hello, I want to allow file extension -> IMPORT.ADX to MailScanner. > I've edited -> 'filename.rules.conf' and added -> allow \.adx$ - - > without success. When the attachment gets blocked, this is the message > I receive -> Report: No programs allowed (IMPORT.ADX). > > Running the "file" command on the attachement returns the following > result: > file > /var/spool/MailScanner/quarantine/20090507/1680C2AFF0.C72B7/IMPORT.ADX > /var/spool/MailScanner/quarantine/20090507/1680C2AFF0.C72B7/IMPORT.ADX: > VMS Alpha executable > > According to guys on the MailScanner IRC Chanel, this happen because > it's getting blocked not by 'filename.rules.conf' but by > 'filetype.rules.conf' based on the results of the 'file' command and > the recommendation to fix the problem is to add a new mime type to get > file to report it as another file type. > > Check the 'filetype.rules.conf' file itself. It supposedly has info on > how to use/modify it in the comments at the beginning but > unfortunately I don't see nothing and don't know which kind of line to > add inside this file (filetype.rules.conf) to make file extension with > ADX to be allowed. > > My question is: Can soneone here know the line/syntax to add inside > 'filetype.rules.conf' to make MailScanner allow *.ADX file extension > to pass? Gerhard, Add the following to filetype.rules.conf: allowVMS Alpha executable-- Replace by a real TAB character and then reload MS. Or you could modify "Allow Filetypes =" in MailScanner.conf. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4583724c/smime.bin From paul.lemmons at tmcaz.com Mon May 11 19:58:28 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 19:58:41 2009 Subject: Blocking by character set Message-ID: <4A087554.4090806@tmcaz.com> Is there any way to recognize a particular character set in a message and block based on it. We are a non-international company and 100% of the email containing non-English characters is spam. I would like to use that to my advantage and simply block mail containing (to us) foreign character sets. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/20a1bf45/smime.bin From MailScanner at ecs.soton.ac.uk Mon May 11 20:02:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 20:03:52 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: References: <4A08765A.1040304@ecs.soton.ac.uk> Message-ID: Please do a MailScanner --debug and tell me what it shows you. On 11/05/2009 19:20, Mark Sapiro wrote: > I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in > the child process silently dying on every message, even simple > text/plain messages. > > The child starts a batch > > May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 > messages, 2984 bytes > > and the next MailScanner log message is a new child starting > > May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus > Scanner version 4.77.1 starting... > > Eventually, on restart we see for example > > May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at > processing message 1FFC16900C6.A2B03 > > and on the next restart > > May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message > 1FFC16900C6.A2B03 as it has been attempted too many times > May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message > 1FFC16900C6.A2B03 as it caused MailScanner to crash several times > May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to > /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 > > MTA is Postfix. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 11 20:06:50 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 11 20:07:05 2009 Subject: Blocking by character set In-Reply-To: <4A087554.4090806@tmcaz.com> References: <4A087554.4090806@tmcaz.com> Message-ID: <4A08774A.7050507@USherbrooke.ca> Paul Lemmons a ?crit : > Is there any way to recognize a particular character set in a message > and block based on it. We are a non-international company and 100% of > the email containing non-English characters is spam. I would like to > use that to my advantage and simply block mail containing (to us) > foreign character sets. Paul, Maybe this SA option could do the trick (from man Mail::SpamAssassin::Conf): ok_locales xx [ yy zz ... ] (default: all) This option is used to specify which locales are considered OK for incoming mail. Mail using the character sets that are allowed by this option will not be marked as possibly being spam in a foreign language. If you receive lots of spam in foreign languages, and never get any non-spam in these languages, this may help. Note that all ISO-8859-* character sets, and Windows code page character sets, are always permitted by default. Set this to all to allow all character sets. This is the default. The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and CHARSET_FARAWAY_HEADERS are triggered based on how this is set. Examples: ok_locales all (allow all locales) ok_locales en (only allow English) ok_locales en ja zh (allow English, Japanese, and Chinese) Note: if there are multiple ok_locales lines, only the last one is used. Select the locales to allow from the list below: en - Western character sets in general ja - Japanese character sets ko - Korean character sets ru - Cyrillic character sets th - Thai character sets zh - Chinese (both simplified and traditional) character sets normalize_charset ( 0 | 1) (default: 0) Whether to detect character sets and normalize message content to Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 or later, and Perl 5.8.5 or later. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Mon May 11 20:15:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 20:15:24 2009 Subject: Blocking by character set In-Reply-To: <4A087554.4090806@tmcaz.com> References: <4A087554.4090806@tmcaz.com> <4A087937.5060806@ecs.soton.ac.uk> Message-ID: SpamAssassin can do this, look for ok_locales in the documentation for it. On 11/05/2009 19:58, Paul Lemmons wrote: > Is there any way to recognize a particular character set in a message > and block based on it. We are a non-international company and 100% of > the email containing non-English characters is spam. I would like to > use that to my advantage and simply block mail containing (to us) > foreign character sets. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpirie at rma.edu Mon May 11 20:15:08 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Mon May 11 20:15:40 2009 Subject: Blocking by character set In-Reply-To: <4A08774A.7050507@USherbrooke.ca> References: <4A087554.4090806@tmcaz.com> <4A08774A.7050507@USherbrooke.ca> Message-ID: <4A08793C.3070707@rma.edu> Denis Beauchemin wrote: > Paul Lemmons a ?crit : >> Is there any way to recognize a particular character set in a message >> and block based on it. We are a non-international company and 100% of >> the email containing non-English characters is spam. I would like to >> use that to my advantage and simply block mail containing (to us) >> foreign character sets. > Paul, > > Maybe this SA option could do the trick (from man > Mail::SpamAssassin::Conf): > ok_locales xx [ yy zz ... ] (default: all) > This option is used to specify which locales are considered OK for > incoming mail. Mail using the character sets that are allowed by this > option will not be marked as possibly being spam in a foreign language. > > If you receive lots of spam in foreign languages, and never get any > non-spam in these languages, this may help. Note that all ISO-8859-* > character sets, and Windows code page character sets, are always > permitted by default. > > Set this to all to allow all character sets. This is the default. > > The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and > CHARSET_FARAWAY_HEADERS are triggered based on how this is set. > > Examples: > > ok_locales all (allow all locales) > ok_locales en (only allow English) > ok_locales en ja zh (allow English, Japanese, and Chinese) > > Note: if there are multiple ok_locales lines, only the last one is > used. > > Select the locales to allow from the list below: > > en - Western character sets in general > ja - Japanese character sets > ko - Korean character sets > ru - Cyrillic character sets > th - Thai character sets > zh - Chinese (both simplified and traditional) character sets > > normalize_charset ( 0 | 1) (default: 0) > Whether to detect character sets and normalize message content to > Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 > or later, and Perl 5.8.5 or later. > > Denis > Another possible option is the TextCat plugin included with spamassassin. Brendan From mark at msapiro.net Mon May 11 20:59:12 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 20:59:33 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: Message-ID: Julian Field wrote: >Please do a MailScanner --debug and tell me what it shows you. > [root@sbh16 ~]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. max message size is '200k continue 200k' Undefined subroutine &MailScanner::Unzip::UnpackZipMembers called at /usr/lib/MailScanner/MailScanner/Message.pm line 2461. [root@sbh16 ~]# cd /etc/MailScanner/ [root@sbh16 MailScanner]# Note that /usr/lib/MailScanner/MailScanner/Unzip.pm exists and does define sub UnpackZipMembers >On 11/05/2009 19:20, Mark Sapiro wrote: >> I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in >> the child process silently dying on every message, even simple >> text/plain messages. >> >> The child starts a batch >> >> May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 >> messages, 2984 bytes >> >> and the next MailScanner log message is a new child starting >> >> May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus >> Scanner version 4.77.1 starting... >> >> Eventually, on restart we see for example >> >> May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at >> processing message 1FFC16900C6.A2B03 >> >> and on the next restart >> >> May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message >> 1FFC16900C6.A2B03 as it has been attempted too many times >> May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message >> 1FFC16900C6.A2B03 as it caused MailScanner to crash several times >> May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to >> /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 >> >> MTA is Postfix. >> >> > >Jules -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.lemmons at tmcaz.com Mon May 11 21:03:17 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 21:03:32 2009 Subject: Validating Email addresses In-Reply-To: References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> Message-ID: <4A088485.3050307@tmcaz.com> -------- Original Message -------- Subject: Validating Email addresses From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:57 AM > On 05/05/2009 18:55, Paul Lemmons wrote: > >> We are getting a great deal of Spam bypassing both Postini and Mail >> Scanner due to a discrepancy between how these two products define an >> email address and the way Exchange does. The two scanning products >> recognize emails with a pipe character "|" at the beginning of the >> address as both valid and part of the email address. I believe this is >> in line with the email standards. Exchange, othe the other hand simply >> ignores the character. So a message sent to me@mydom.com and >> |me@mydom.com are seen as two different addresses by the scanning >> systems and as a single address by Exchange. >> > Set "Reject Messages" to point to a ruleset, and have a ruleset that > looks roughly like this: > FromOrTo: /^\|/ yes > FromOrTo: default no > and MailScanner will reject messages coming from or going to an address > starting with a pipe character. > Simple as that. > Remember to "service MailScanner reload" after changing the ruleset and > MailScanner.conf file. > > > Jules > > I have tried this and now I am getting a new message in my log.... MailScanner[5583]: Cannot match against destination IP address when resolving configuration option "rejectmessage" # cat reject-messages.conf FromOrTo: /^\|/ yes FromOrTo: default no Any thoughts? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/d99525c8/smime-0001.bin From MailScanner at ecs.soton.ac.uk Mon May 11 21:12:02 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 21:12:29 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: References: <4A088692.9020902@ecs.soton.ac.uk> Message-ID: On 11/05/2009 20:59, Mark Sapiro wrote: > Julian Field wrote: > > >> Please do a MailScanner --debug and tell me what it shows you. >> >> > > [root@sbh16 ~]# MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > max message size is '200k continue 200k' > Undefined subroutine&MailScanner::Unzip::UnpackZipMembers called at > /usr/lib/MailScanner/MailScanner/Message.pm line 2461. > [root@sbh16 ~]# cd /etc/MailScanner/ > [root@sbh16 MailScanner]# > > > Note that /usr/lib/MailScanner/MailScanner/Unzip.pm exists and does > define sub UnpackZipMembers > All fixed. Try MailScanner 4.77.3 which I am just uploading now. Sorry about that. This new feature is switched off by default now too. > > >> On 11/05/2009 19:20, Mark Sapiro wrote: >> >>> I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in >>> the child process silently dying on every message, even simple >>> text/plain messages. >>> >>> The child starts a batch >>> >>> May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 >>> messages, 2984 bytes >>> >>> and the next MailScanner log message is a new child starting >>> >>> May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus >>> Scanner version 4.77.1 starting... >>> >>> Eventually, on restart we see for example >>> >>> May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at >>> processing message 1FFC16900C6.A2B03 >>> >>> and on the next restart >>> >>> May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message >>> 1FFC16900C6.A2B03 as it has been attempted too many times >>> May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message >>> 1FFC16900C6.A2B03 as it caused MailScanner to crash several times >>> May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 >>> >>> MTA is Postfix. >>> >>> >>> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 11 21:14:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 21:14:37 2009 Subject: Validating Email addresses In-Reply-To: <4A088485.3050307@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> <4A088485.3050307@tmcaz.com> <4A088716.4030804@ecs.soton.ac.uk> Message-ID: On 11/05/2009 21:03, Paul Lemmons wrote: > -------- Original Message -------- > Subject: Validating Email addresses > From: Julian Field > To: MailScanner discussion > Date: 05/06/2009 01:57 AM >> On 05/05/2009 18:55, Paul Lemmons wrote: >>> We are getting a great deal of Spam bypassing both Postini and Mail >>> Scanner due to a discrepancy between how these two products define >>> an email address and the way Exchange does. The two scanning >>> products recognize emails with a pipe character "|" at the beginning >>> of the address as both valid and part of the email address. I >>> believe this is in line with the email standards. Exchange, othe the >>> other hand simply ignores the character. So a message sent to >>> me@mydom.com and |me@mydom.com are seen as two different addresses >>> by the scanning systems and as a single address by Exchange. >> Set "Reject Messages" to point to a ruleset, and have a ruleset that >> looks roughly like this: >> FromOrTo: /^\|/ yes >> FromOrTo: default no >> and MailScanner will reject messages coming from or going to an >> address starting with a pipe character. >> Simple as that. >> Remember to "service MailScanner reload" after changing the ruleset >> and MailScanner.conf file. >> >> >> Jules >> > I have tried this and now I am getting a new message in my log.... > > MailScanner[5583]: Cannot match against destination IP address when > resolving configuration option "rejectmessage" > > > # cat reject-messages.conf > FromOrTo: /^\|/ yes > FromOrTo: default no > > Any thoughts? As your regexp doesn't contain any alphabetic characters, its heuristic code for deducing the pattern type is going wrong. If you change it to something like "/^\|[a-z0-9]/" then it is more likely to work. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.lemmons at tmcaz.com Mon May 11 22:12:00 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 22:12:15 2009 Subject: Validating Email addresses In-Reply-To: References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> <4A088485.3050307@tmcaz.com> <4A088716.4030804@ecs.soton.ac.uk> Message-ID: <4A0894A0.6030408@tmcaz.com> -------- Original Message -------- Subject: Validating Email addresses From: Julian Field To: MailScanner discussion Date: 05/11/2009 01:14 PM > On 11/05/2009 21:03, Paul Lemmons wrote: > >> -------- Original Message -------- >> Subject: Validating Email addresses >> From: Julian Field >> To: MailScanner discussion >> Date: 05/06/2009 01:57 AM >> >>> On 05/05/2009 18:55, Paul Lemmons wrote: >>> >>>> We are getting a great deal of Spam bypassing both Postini and Mail >>>> Scanner due to a discrepancy between how these two products define >>>> an email address and the way Exchange does. The two scanning >>>> products recognize emails with a pipe character "|" at the beginning >>>> of the address as both valid and part of the email address. I >>>> believe this is in line with the email standards. Exchange, othe the >>>> other hand simply ignores the character. So a message sent to >>>> me@mydom.com and |me@mydom.com are seen as two different addresses >>>> by the scanning systems and as a single address by Exchange. >>>> >>> Set "Reject Messages" to point to a ruleset, and have a ruleset that >>> looks roughly like this: >>> FromOrTo: /^\|/ yes >>> FromOrTo: default no >>> and MailScanner will reject messages coming from or going to an >>> address starting with a pipe character. >>> Simple as that. >>> Remember to "service MailScanner reload" after changing the ruleset >>> and MailScanner.conf file. >>> >>> >>> Jules >>> >>> >> I have tried this and now I am getting a new message in my log.... >> >> MailScanner[5583]: Cannot match against destination IP address when >> resolving configuration option "rejectmessage" >> >> >> # cat reject-messages.conf >> FromOrTo: /^\|/ yes >> FromOrTo: default no >> >> Any thoughts? >> > As your regexp doesn't contain any alphabetic characters, its heuristic > code for deducing the pattern type is going wrong. If you change it to > something like "/^\|[a-z0-9]/" then it is more likely to work. > > Jules > > The good news is that I have eliminated the error message. The bad news is that it does not filter the "pipe mail". # cat reject-messages.conf FromOrTo: /^\|[a-z0-9]/ yes FromOrTo: default no Here is what I see in the syslog: May 11 13:52:54 remus sendmail[812]: NOQUEUE: connect from exprod6mx247.postini.com [64.18.1.147] May 11 13:52:54 remus sendmail[812]: AUTH: available mech=PLAIN ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: Milter: no active filter May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 220 remus.tmcaz.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 11 May 2009 13:52:54 -0700 May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- HELO psmtp.com May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 remus.myisp.com Hello exprod6mx247.postini.com [64.18.1.147], pleased to meet you May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- MAIL FROM: May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.0 ... Sender ok May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- RCPT TO:< test.user@myisp.com> May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.5 < test.user@myisp.com>... Recipient ok May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- DATA May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 354 Enter mail, end with "." on a line by itself May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: from=, size=1774, class=0, nrcpts=1, msgid=<5caea7060905111352r2fedeb42m84c767f19 e191f68@mail.gmail.com>, proto=SMTP, daemon=MTA, relay=exprod6mx247.postini.com [64.18.1.147] May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 050 < test.user@myisp.com>... queued May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: to=< test.user@myisp.com>, delay=00:00:00, mailer=relay, pri=31774, stat=queued May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.0.0 n4BKqsbn000812 Message accepted for delivery May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: <-- QUIT May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: --- 221 2.0.0 remus.myisp.com closing connection I don't know if this is important but I find it interesting that the pipe (|) appears to have been replaced with a space above. The message was sent to |test.user@myisp.com (email address and domain altered for public discussion) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4c43325f/smime.bin From mark at msapiro.net Mon May 11 23:15:45 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 23:16:17 2009 Subject: MailScanner 4.77.3 fails to scan some messages Message-ID: In MailScanner.conf I have Scan Messages = %rules-dir%/scan.messages.rules and also Read IP Address From Received Header = no and in %rules-dir%/scan.messages.rules I have amongst others From: 127.0.0.1 no This appears to skip scanning of unintended messages. I have attached two sets of partially sanitized message headers - scanned.txt and unscanned.txt. These messages were massaged by me from an original and then resent through the MailScanner server. MailScanner skipped scanning the 'unscanned.txt' message. The essential difference between these is in the unscanned message, the third (from the top) Received: header is present and reads Received: from albatross.python.org (localhost.localdomain [127.0.0.1]) by mail.python.org (Postfix) with ESMTP id 602F0C33B for ; Mon, 11 May 2009 20:48:20 +0200 (CEST) Note that this header is separated from the following (earlier) Received: headers by X-Spam-Status: and X-Spam-Evidence: headers added by an intermediate server. The only thing interesting about this header is it contains IP 127.0.0.1, but my understanding of Read IP Address From Received Header = no is that MailScanner shouldn't be looking at IP addresses in Received: headers at all. Now I see the above analysis is probably wrong. I just received another unscanned message. Headers are attached as scanned2.txt and unscanned2.txt. Here again, I was able to get the message to be scanned by removing a Received: header, but the header I removed doesn't have any 'special' IP address in it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 67AC1690235 for ; Mon, 11 May 2009 14:28:33 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI0ZN-0002NO-0O for Mark@ms2.msapiro.net; Mon, 11 May 2009 14:28:35 -0700 X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'problem,': 0.05; 'python': 0.06; 'mailman': 0.06; 'interface.': 0.07; '(#1,': 0.16; '(apple': 0.16; '2.3': 0.16; '[gcc': 0.16; 'category,': 0.16; 'darwin': 0.16; 'from:addr:dave': 0.16; 'main()': 0.16; 'skip:" 40': 0.16; 'skip:/ 50': 0.16; 'skip:[ 20': 0.16; 'sorry,': 0.16; 'subject:Delete': 0.16; 'greatly': 0.18; '(most': 0.21; 'skip:_ 10': 0.22; 'thanks': 0.23; 'dave': 0.26; 'last):': 0.26; 'sep': 0.26; 'skip:" 30': 0.26; 'traceback': 0.26; 'tried': 0.27; 'thanks!': 0.28; 'skip:f 30': 0.28; 'version': 0.29; 'appreciated.': 0.30; 'causes': 0.33; 'to:addr:mailman-users': 0.33; 'variable': 0.34; 'names': 0.34; 'list': 0.35; 'file': 0.36; 'when': 0.38; 'skip:/ 10': 0.39; 'call': 0.60; 'identify': 0.61; 'email': 0.63; 'subject:List': 0.63; 'below': 0.65; 'webmaster': 0.93 Received: from localhost.localdomain (HELO mail.python.org) (127.0.0.1) by albatross.python.org with SMTP; 11 May 2009 20:48:20 +0200 X-policyd-weight: using cached result; rate: -8.5 X-Greylist: delayed 399 seconds by postgrey-1.31 at albatross; Mon, 11 May 2009 20:48:19 CEST Received: from smtpauth02.prod.mesa1.secureserver.net (smtpauth02.prod.mesa1.secureserver.net [64.202.165.182]) by mail.python.org (Postfix) with SMTP for ; Mon, 11 May 2009 20:48:19 +0200 (CEST) Received: (qmail 26652 invoked from network); 11 May 2009 18:41:38 -0000 Received: from unknown (69.245.40.115) by smtpauth02.prod.mesa1.secureserver.net (64.202.165.182) with ESMTP; 11 May 2009 18:41:37 -0000 Mime-Version: 1.0 (Apple Message framework v753) Message-Id: <44D4029D-1B71-4C3F-A1E6-D2707D2DD707@dpss.bz> To: mailman-users@python.org From: Xxxx Xxxxx Date: Mon, 11 May 2009 13:41:29 -0500 X-Mailer: Apple Mail (2.753) Subject: [Mailman-Users] Can't Delete List Member X-BeenThere: mailman-users@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Mailman mailing list management users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: mailman-users-bounces@python.org Errors-To: mailman-users-bounces@python.org X-GPC-MailScanner-ID: 67AC1690235.ADF94 X-GPC-MailScanner: Found to be clean X-GPC-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=-0.752, required 5, autolearn=not spam, BAYES_00 -0.75, SPF_HELO_PASS -0.00, SPF_PASS -0.00) X-GPC-MailScanner-From: mark@msapiro.net X-Spam-Status: No -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id D4929690235 for ; Mon, 11 May 2009 14:26:49 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI0WR-0002NO-AP for Mark@ms2.msapiro.net; Mon, 11 May 2009 14:26:51 -0700 Received: from albatross.python.org (localhost.localdomain [127.0.0.1]) by mail.python.org (Postfix) with ESMTP id 602F0C33B for ; Mon, 11 May 2009 20:48:20 +0200 (CEST) X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'problem,': 0.05; 'python': 0.06; 'mailman': 0.06; 'interface.': 0.07; '(#1,': 0.16; '(apple': 0.16; '2.3': 0.16; '[gcc': 0.16; 'category,': 0.16; 'darwin': 0.16; 'from:addr:dave': 0.16; 'main()': 0.16; 'skip:" 40': 0.16; 'skip:/ 50': 0.16; 'skip:[ 20': 0.16; 'sorry,': 0.16; 'subject:Delete': 0.16; 'greatly': 0.18; '(most': 0.21; 'skip:_ 10': 0.22; 'thanks': 0.23; 'dave': 0.26; 'last):': 0.26; 'sep': 0.26; 'skip:" 30': 0.26; 'traceback': 0.26; 'tried': 0.27; 'thanks!': 0.28; 'skip:f 30': 0.28; 'version': 0.29; 'appreciated.': 0.30; 'causes': 0.33; 'to:addr:mailman-users': 0.33; 'variable': 0.34; 'names': 0.34; 'list': 0.35; 'file': 0.36; 'when': 0.38; 'skip:/ 10': 0.39; 'call': 0.60; 'identify': 0.61; 'email': 0.63; 'subject:List': 0.63; 'below': 0.65; 'webmaster': 0.93 Received: from localhost.localdomain (HELO mail.python.org) (127.0.0.1) by albatross.python.org with SMTP; 11 May 2009 20:48:20 +0200 X-policyd-weight: using cached result; rate: -8.5 X-Greylist: delayed 399 seconds by postgrey-1.31 at albatross; Mon, 11 May 2009 20:48:19 CEST Received: from smtpauth02.prod.mesa1.secureserver.net (smtpauth02.prod.mesa1.secureserver.net [64.202.165.182]) by mail.python.org (Postfix) with SMTP for ; Mon, 11 May 2009 20:48:19 +0200 (CEST) Received: (qmail 26652 invoked from network); 11 May 2009 18:41:38 -0000 Received: from unknown (69.245.40.115) by smtpauth02.prod.mesa1.secureserver.net (64.202.165.182) with ESMTP; 11 May 2009 18:41:37 -0000 Mime-Version: 1.0 (Apple Message framework v753) Message-Id: <44D4029D-1B71-4C3F-A1E6-D2707D2DD707@dpss.bz> To: mailman-users@python.org From: Xxxx Xxxxx Date: Mon, 11 May 2009 13:41:29 -0500 X-Mailer: Apple Mail (2.753) Subject: [Mailman-Users] Can't Delete List Member X-BeenThere: mailman-users@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Mailman mailing list management users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: mailman-users-bounces@python.org Errors-To: mailman-users-bounces@python.org -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 053BF690235 for ; Mon, 11 May 2009 15:05:53 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI2PU-0002TC-F2 for Mark@ms2.msapiro.net; Mon, 11 May 2009 15:05:54 -0700 Received: from web81602.mail.mud.yahoo.com (web81602.mail.mud.yahoo.com [68.142.199.154]) by sbh16.songbird.com (Postfix) with SMTP id 17584690235 for ; Mon, 11 May 2009 14:57:18 -0700 (PDT) Received: (qmail 35713 invoked by uid 60001); 11 May 2009 21:57:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1242079037; bh=T52UCMjqSGnpxc4pLAXOV/8U148vJm/LHkP+F45mHeg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xbP2zkluyfhD2mABz99IX0dsaWDssjF6ao+MdH83afbap5Aw+Tl3JcCbvadB2Zc+MqBteoONBXYpi8E2ZGnqG1QQm1KlcUTEHOCiK+wwGuIj+hiPbWJE+osezQ0giCsLwyryFO93VI0BxPOaMyoSI3gzO8nPVWFMiHw91Pb8+3M= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Hz3qwiFDzLpEu6zE4LbUQdzATLHHf1wW4Lv9MhqPiFXRooradxfVJrV3ePBUY+q0e5t+leOh3IQtE5lPaeX6GcsEmqSwpDeUHKbpsDUKrPH3/MoOkzLOrEPUJN1tbDPASoMppaBTu0+WwCwNHiyJ9iiIHlOqx4pgX10FPL/SYlw=; Message-ID: <761365.34416.qm@web81602.mail.mud.yahoo.com> X-YMail-OSG: vSmdbCMVM1mwE4Rs.lqgSytUNdf8MVREcFFRtq2R8cT6PmgJaMOD65DMVvEaKe0Uu0IjyaYCGlYT4VaV7xWixYkEHu8lvuvs8D0jZcmAHAZqfT.28PwX9QMxpiJdzYq7dCFyfy6NO2dHWLFziJE18.FOrdCVKuPrIvj0RjQII20YVTbXA737Fl_yQIlEZJF5AseP3W9yXZlA0rB9fEXycbHNSTp3Z8_6cj7_upYUZ2tppQUdh7NfiAB9Y6LQ4GAXDjES9CfLBu2qB6t5xOU8Nq1S0pbcgvAiamNo2_CC3XgPLKN3CcuEvU8XEodawAYURjShUE9hQUER8BnLYXiYAQUwKnKAHKxNliSE X-Mailer: YahooMailWebService/0.7.289.1 Date: Mon, 11 May 2009 14:57:17 -0700 (PDT) From: Xxxxxxx Xxxxxx To: Xxxxxxx Xxxxxxx In-Reply-To: <220C80D066AB437185E5D5961A51DF6B@JeffsGQ> MIME-Version: 1.0 Cc: gpc-century@grizz.org Subject: Re: [GPC-Century] Century First Aid X-BeenThere: gpc-century@grizz.org X-Mailman-Version: 2.2.0a0 Precedence: list Reply-To: patrick_garner@sbcglobal.net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: gpc-century-bounces+mark=msapiro.net@grizz.org Errors-To: gpc-century-bounces+mark=msapiro.net@grizz.org X-GPC-MailScanner-ID: 053BF690235.AE31E X-GPC-MailScanner: Found to be clean X-GPC-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=-0.25, required 5, BAYES_00 -0.75, BOTNET_SERVERWORDS 0.50) X-GPC-MailScanner-From: mark@msapiro.net X-Spam-Status: No -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 0799B690235 for ; Mon, 11 May 2009 15:01:38 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI2IR-0000L4-GQ for Mark@ms2.msapiro.net; Mon, 11 May 2009 15:01:39 -0700 Received: from web81602.mail.mud.yahoo.com (web81602.mail.mud.yahoo.com [68.142.199.154]) by sbh16.songbird.com (Postfix) with SMTP id 17584690235 for ; Mon, 11 May 2009 14:57:18 -0700 (PDT) Received: (qmail 35713 invoked by uid 60001); 11 May 2009 21:57:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1242079037; bh=T52UCMjqSGnpxc4pLAXOV/8U148vJm/LHkP+F45mHeg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xbP2zkluyfhD2mABz99IX0dsaWDssjF6ao+MdH83afbap5Aw+Tl3JcCbvadB2Zc+MqBteoONBXYpi8E2ZGnqG1QQm1KlcUTEHOCiK+wwGuIj+hiPbWJE+osezQ0giCsLwyryFO93VI0BxPOaMyoSI3gzO8nPVWFMiHw91Pb8+3M= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Hz3qwiFDzLpEu6zE4LbUQdzATLHHf1wW4Lv9MhqPiFXRooradxfVJrV3ePBUY+q0e5t+leOh3IQtE5lPaeX6GcsEmqSwpDeUHKbpsDUKrPH3/MoOkzLOrEPUJN1tbDPASoMppaBTu0+WwCwNHiyJ9iiIHlOqx4pgX10FPL/SYlw=; Message-ID: <761365.34416.qm@web81602.mail.mud.yahoo.com> X-YMail-OSG: vSmdbCMVM1mwE4Rs.lqgSytUNdf8MVREcFFRtq2R8cT6PmgJaMOD65DMVvEaKe0Uu0IjyaYCGlYT4VaV7xWixYkEHu8lvuvs8D0jZcmAHAZqfT.28PwX9QMxpiJdzYq7dCFyfy6NO2dHWLFziJE18.FOrdCVKuPrIvj0RjQII20YVTbXA737Fl_yQIlEZJF5AseP3W9yXZlA0rB9fEXycbHNSTp3Z8_6cj7_upYUZ2tppQUdh7NfiAB9Y6LQ4GAXDjES9CfLBu2qB6t5xOU8Nq1S0pbcgvAiamNo2_CC3XgPLKN3CcuEvU8XEodawAYURjShUE9hQUER8BnLYXiYAQUwKnKAHKxNliSE Received: from [71.131.24.84] by web81602.mail.mud.yahoo.com via HTTP; Mon, 11 May 2009 14:57:17 PDT X-Mailer: YahooMailWebService/0.7.289.1 Date: Mon, 11 May 2009 14:57:17 -0700 (PDT) From: Xxxxxxx Xxxxxx To: Xxxxxxx Xxxxxxx In-Reply-To: <220C80D066AB437185E5D5961A51DF6B@JeffsGQ> MIME-Version: 1.0 Cc: gpc-century@grizz.org Subject: Re: [GPC-Century] Century First Aid X-BeenThere: gpc-century@grizz.org X-Mailman-Version: 2.2.0a0 Precedence: list Reply-To: patrick_garner@sbcglobal.net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: gpc-century-bounces+mark=msapiro.net@grizz.org Errors-To: gpc-century-bounces+mark=msapiro.net@grizz.org From mark at msapiro.net Mon May 11 23:32:41 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 23:33:07 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: Message-ID: Mark Sapiro wrote: [...] >Now I see the above analysis is probably wrong. I just received another >unscanned message. Headers are attached as scanned2.txt and >unscanned2.txt. Here again, I was able to get the message to be >scanned by removing a Received: header, but the header I removed >doesn't have any 'special' IP address in it. Further information. I replaced Postfix.pm with the one from 4.76.24 and the problem is gone. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Tue May 12 09:21:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:21:24 2009 Subject: Too Large or Too small or neither????? In-Reply-To: <4A08342A.7CBE.00FC.3@medicine.wisc.edu> References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086C04.5000602@ecs.soton.ac.uk><4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A08342A.7CBE.00FC.3@medicine.wisc.edu> <4A09316F.3010306@ecs.soton.ac.uk> Message-ID: Look in /usr/lib/MailScanner/MailScanner/SweepContent.pm. At or near line 308 you should find a line that looks like this: next if $safename =~ /^msg[-\d]+\.(txt|html)$/; Change this to say next if $safename =~ /^.msg[-\d]+\.(txt|html)$/; and the problem will be fixed. Thanks for reporting it! Note that to disable size checks, both the maximum and minimum should be set to -1. Cheers, Jules. On 11/05/2009 20:20, Michael Masse wrote: > Here are the queue files. Thank you for looking into this. > > -Mike > > > >>>> On 5/11/2009 at 1:18 PM, in message >>>> > @ecs.soton.ac.uk>, Julian Field wrote: > >> The df file is only half the story, and is useless without its >> corresponding qf file. >> Please zip up a qf+df pair that shows this problem, and email me the zip >> file. >> >> On 11/05/2009 18:44, Michael Masse wrote: >> >>>> Julian Field wrote: >>>> >>>> >>>> >>>>>> >>>>>> >>>>> I'll need to take a look at this, and try a 0-byte attachment and see >>>>> what happens. >>>>> To disable the tests, set >>>>> Maximum Attachment Size = -1 >>>>> Minimum Attachment Size = -1 >>>>> >>>>> Please read the docs carefully and ensure you are setting the values >>>>> appropriately. >>>>> What is the precise case that you think it is handling incorrectly? >>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>> I don't think testing it with a 0 byte attachment will help much, >>>> because a 0 byte attachment *should* get blocked when the min size is >>>> set to 1. The problem I'm having on 3 separate servers since upgrading >>>> to 4.76 is that it's blocking on the attachment rule even when there is >>>> no attachment. I'm not exactly sure how to proceed because one part of >>>> the error message says the attachment is too large, and another part >>>> says it's too small. Regardless there is no attachment so those errors >>>> are just unintentional red herrings. I have looked at numerous messages >>>> in the quarantine and cannot find anything that gives away why it thinks >>>> they have attachments to begin with. >>>> >>>> Like I said, I have been using MS for a number of years, have done >>>> numerous upgrades, have had the min attachment size setting at the >>>> default of 1 byte since it was available and have never had a problem >>>> before upgrading to 4.76. I just upgraded another server last night >>>> and made sure it wasn't having this problem before the upgrade, and as >>>> soon as I started MS after the upgrade it started having the same >>>> problem. I can provide more from the quarantine at pastbin.com if the >>>> original data I posted is not enough. >>>> >>>> Oh, and again: MailScanner --lint says no errors. >>>> >>>> >>>> >>>> >>>> >>> Latest Update: >>> >>> This problem really seems to me like a bug in 4.76.24-3. I can reproduce >>> >> this attachement size problem on every 4.76.24-3 system I can get my hands on >> with a specific df/qf file combo that has NO attachment associated with it. >> I've tried 3 more completely different systems with very different configs >> and it always fails. If I stick this same df/qf file pair into the >> mqueue.in on any 4.74 or 4.75 system, it processes them correctly. >> >>> I have posted a culprit df file at: >>> http://pastebin.com/m216927c >>> >>> Even after trying to sanitize the user's real info, this very file will >>> >> still cause an attachment size error. If you look at the file, you can see >> that there is nothing in it telling the system that there is an attachment >> associated with the email, yet mailscanner still trips on it saying that the >> attachment size is both too big and too small. >> >>> The problem seems to be related to whitespace in the original file, because >>> >> if I paste the text from that very pastebin back into a new df file, and then >> send it through mqueue.in, it will process correctly. >> >>> If you would like me to send an actual problematic df/qf file pair so you >>> >> can reproduce this yourself, I would be more then willing to do so. >> >>> Mike >>> >>> >>> >>> >>> >>> >>> >> Jules >> > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 12 09:31:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:31:37 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0933D5.1080107@ecs.soton.ac.uk> Message-ID: On 11/05/2009 23:32, Mark Sapiro wrote: > Mark Sapiro wrote: > > [...] > >> Now I see the above analysis is probably wrong. I just received another >> unscanned message. Headers are attached as scanned2.txt and >> unscanned2.txt. Here again, I was able to get the message to be >> scanned by removing a Received: header, but the header I removed >> doesn't have any 'special' IP address in it. >> > > Further information. I replaced Postfix.pm with the one from 4.76.24 > and the problem is gone. > Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have just released. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 12 09:31:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:31:54 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086B43.6050403@ecs.soton.ac.uk> <4A0933E7.7090702@ecs.soton.ac.uk> Message-ID: Fixed in 4.77.4 which I have just released. On 11/05/2009 19:15, Julian Field wrote: > > > On 11/05/2009 18:44, Michael Masse wrote: >>> Julian Field wrote: >>> >>>> I'll need to take a look at this, and try a 0-byte attachment and see >>>> what happens. >>>> To disable the tests, set >>>> Maximum Attachment Size = -1 >>>> Minimum Attachment Size = -1 >>>> >>>> Please read the docs carefully and ensure you are setting the values >>>> appropriately. >>>> What is the precise case that you think it is handling incorrectly? >>>> >>>> Jules >>>> >>> I don't think testing it with a 0 byte attachment will help much, >>> because a 0 byte attachment *should* get blocked when the min size is >>> set to 1. The problem I'm having on 3 separate servers since >>> upgrading >>> to 4.76 is that it's blocking on the attachment rule even when there is >>> no attachment. I'm not exactly sure how to proceed because one >>> part of >>> the error message says the attachment is too large, and another part >>> says it's too small. Regardless there is no attachment so those errors >>> are just unintentional red herrings. I have looked at numerous >>> messages >>> in the quarantine and cannot find anything that gives away why it >>> thinks >>> they have attachments to begin with. >>> >>> Like I said, I have been using MS for a number of years, have done >>> numerous upgrades, have had the min attachment size setting at the >>> default of 1 byte since it was available and have never had a problem >>> before upgrading to 4.76. I just upgraded another server last night >>> and made sure it wasn't having this problem before the upgrade, and as >>> soon as I started MS after the upgrade it started having the same >>> problem. I can provide more from the quarantine at pastbin.com if the >>> original data I posted is not enough. >>> >>> Oh, and again: MailScanner --lint says no errors. >>> >>> >>> >> Latest Update: >> >> This problem really seems to me like a bug in 4.76.24-3. I can >> reproduce this attachement size problem on every 4.76.24-3 system I >> can get my hands on with a specific df/qf file combo that has NO >> attachment associated with it. I've tried 3 more completely >> different systems with very different configs and it always fails. >> If I stick this same df/qf file pair into the mqueue.in on any 4.74 >> or 4.75 system, it processes them correctly. >> >> I have posted a culprit df file at: >> http://pastebin.com/m216927c >> >> Even after trying to sanitize the user's real info, this very file >> will still cause an attachment size error. If you look at the file, >> you can see that there is nothing in it telling the system that there >> is an attachment associated with the email, yet mailscanner still >> trips on it saying that the attachment size is both too big and too >> small. >> >> The problem seems to be related to whitespace in the original file, >> because if I paste the text from that very pastebin back into a new >> df file, and then send it through mqueue.in, it will process correctly. >> >> If you would like me to send an actual problematic df/qf file pair so >> you can reproduce this yourself, I would be more then willing to do so. > Please zip up a qf+df pair and mail it to me off-list at > mailscanner@ecs.soton.ac.uk. > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Tue May 12 11:22:48 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue May 12 11:22:57 2009 Subject: EmailBL plugin released Message-ID: <4A094DF8.40106@alexb.ch> X-post from Spammassin Users List - may be of interest _________________ From: Henrik K Hi, EmailBL plugin is now available for testing. Small test zone has been running for a while, it contains trapped addresses from some of the most popular freemail domains. http://sa.hege.li/EmailBL.pm (see inside for documentation) http://sa.hege.li/EmailBL.cf (contains the test zone) http://sa.hege.li/emailbl_lemfreemail.cf (needed for the test zone) Remember that the zone with this name WILL disappear after a month or so. Your feedback will contribute in whether it will be discarded or enhanced for wider use. Cheers, Henrik From MailScanner at ecs.soton.ac.uk Tue May 12 11:27:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 11:27:42 2009 Subject: 4.76.25 bug-fix release References: <4A094F0C.5050301@ecs.soton.ac.uk> Message-ID: To resolve the issues that have appeared since 4.76.24 on 1st May, I have just released a bug-fixed 4.76.25 which resolves the TNEF issue and the attachment-too-big-and-too-small issue that have appeared since its release. Note that 4.75 is still available as well, if you want it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Tue May 12 12:50:51 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Tue May 12 12:51:22 2009 Subject: 4.76.25 bug-fix release In-Reply-To: References: <4A094F0C.5050301@ecs.soton.ac.uk> Message-ID: <625385e30905120450w19effe7ckf1f5b2286670140d@mail.gmail.com> On Tue, May 12, 2009 at 12:27 PM, Julian Field wrote: > To resolve the issues that have appeared since 4.76.24 on 1st May, I have > just released a bug-fixed 4.76.25 which resolves the TNEF issue and the > attachment-too-big-and-too-small issue that have appeared since its release. I have an update for Solaris ready at http://mirror.opencsw.org/testing.html for immediate use. mailscanner-4.76.25.1,REV=2009.05.12-SunOS5.8-all-CSW.pkg.gz It will take some time (~12 hours) for it to spread to the normal mirrors. -- /peter From david at gnsa.us Tue May 12 14:39:27 2009 From: david at gnsa.us (David Nalley) Date: Tue May 12 14:39:55 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: On Sat, May 9, 2009 at 9:44 PM, David Nalley wrote: > On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: >> On Friday 08 May 2009 18:45:28 David Nalley wrote: >>> > PS: Everybody who wants to contribute (in packaging), please follow this: >>> > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) >> >> I should find some time tommorrow to start woking on the documentation here. >> >> Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. >> >> Eli >> > > I'll create a resource request for a mailing list with infra tonight. > Here is the mailing list: https://admin.fedoraproject.org/mailman/listinfo/mailscanner-sig From e.mink at remote.nl Tue May 12 16:04:14 2009 From: e.mink at remote.nl (Eric Mink) Date: Tue May 12 16:04:21 2009 Subject: Spam problem Message-ID: Hello, A question about MailScanner-4.65.3-1 Is there a way to block url`s in mails? We have lot`s of spam coming in with urls like Http://docs.google.com There is a option for safe sites (phishing.safe.sites.conf) but none to block specific url`s? http://pastebin.com/d66e3e2af Thanks in advanced! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/f62c65ed/attachment.html From marco.barbero at gmail.com Tue May 12 16:59:55 2009 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue May 12 17:00:04 2009 Subject: some childrens are stuck on 'compressing attachment' Message-ID: Hi Mailscanner 4.70.7 Postfix 2.5.5 I experienced a strange issue: all my children stuck on 'compressing attachment' so mailscanner stop to process queue. Mailscanner was not able to restart children every 'time' set on Mailscanner.conf. So I had to kill processes and restart mailscanner. Debug mode (spamassassin and mailscanner) didn't show any problem. I have other installations like this but never suffered a similar issue. Any hints? At the moment I'm thinking about a workaround: kill mailscanner every 30 minutes and restart it. Is there any risk about mail and or bayes corruption? Thanks in advance From maxsec at gmail.com Tue May 12 17:14:52 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 12 17:15:01 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: References: Message-ID: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Turn off the compress attachments facility while you work it out?? 2009/5/12 Marco Barbero > Hi > Mailscanner 4.70.7 > Postfix 2.5.5 > > I experienced a strange issue: all my children stuck on 'compressing > attachment' so mailscanner stop to process queue. > Mailscanner was not able to restart children every 'time' set on > Mailscanner.conf. So I had to kill processes and restart mailscanner. > Debug mode (spamassassin and mailscanner) didn't show any problem. I > have other installations like this but never suffered a similar issue. > Any hints? > At the moment I'm thinking about a workaround: kill mailscanner every > 30 minutes and restart it. Is there any risk about mail and or bayes > corruption? > Thanks in advance > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/bc8f4d2d/attachment.html From marco.barbero at gmail.com Tue May 12 17:44:37 2009 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue May 12 17:44:46 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> References: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Message-ID: 2009/5/12 Martin Hepworth : > Turn off the compress attachments?facility?while you work it out?? If you are refferring to 'Zip Attachments' I have it set to 'no'. > > 2009/5/12 Marco Barbero >> >> Hi >> Mailscanner 4.70.7 >> Postfix 2.5.5 >> >> I experienced a strange issue: ?all my children stuck on 'compressing >> attachment' so mailscanner stop to process queue. >> Mailscanner was not able to restart children every 'time' set on >> Mailscanner.conf. ?So I had to kill processes and restart mailscanner. >> Debug mode (spamassassin and mailscanner) didn't show any problem. ?I >> have other installations like this but never suffered a similar issue. >> ?Any hints? >> At the moment I'm thinking about a workaround: ?kill mailscanner every >> 30 minutes and restart it. ?Is there any risk about mail and or bayes >> corruption? >> Thanks in advance >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Tue May 12 20:34:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 20:34:39 2009 Subject: Spam problem In-Reply-To: References: <4A09CF3C.7010704@ecs.soton.ac.uk> Message-ID: On 12/05/2009 16:04, Eric Mink wrote: > > Hello, > > A question about MailScanner-4.65.3-1 > > Is there a way to block url`s in mails? We have lot`s of spam coming > in with urls like Http://docs.google.com > > There is a option for safe sites (phishing.safe.sites.conf) but none > to block specific url`s? > There is a phishing.bad.sites.conf which might do what you are after. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Carl.Andrews at crackerbarrel.com Tue May 12 20:44:37 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue May 12 20:45:03 2009 Subject: How are you catching these spam Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Anawaty.png Type: image/png Size: 10924 bytes Desc: Anawaty.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/44660f54/Anawaty.png -------------- next part -------------- A non-text attachment was scrubbed... Name: Kara.png Type: image/png Size: 10680 bytes Desc: Kara.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/44660f54/Kara.png From Kevin_Miller at ci.juneau.ak.us Tue May 12 21:08:23 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 12 21:08:40 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A09477D575C2C4B86497161427DD94C0D153E2AFF@city-exchange07> I'm using imageinfo.cf (http://www.rulesemporium.com/plugins.htm) which helps. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Tuesday, May 12, 2009 11:45 AM To: MailScanner discussion Subject: How are you catching these spam The two attached png's are samples of what we are getting as spam. The message has a random subject and the attachment name apears to be random with nothing in the body of the message. I have tried ocrtext-sa32.pm and FuzzyOCR.pm but when I run one of these through 'gocr' I get: (PICTURE)(PICTURE)(PICTURE)(PICTURE) Yl__J l',_N l_l_ I_' _.31-31.NET _(PICTURE) Eile Edit _iew F*vorites *ools _elp b8ac_ - _,, - _ _ 0 I _search gFavor: Q Thanks for your time, Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/53af5bf2/attachment.html From Carl.Andrews at crackerbarrel.com Tue May 12 22:04:57 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue May 12 22:05:09 2009 Subject: How are you catching these spam In-Reply-To: <4A09477D575C2C4B86497161427DD94C0D153E2AFF@city-exchange07> Message-ID: Thanks! ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Tuesday, May 12, 2009 3:08 PM To: 'MailScanner discussion' Subject: RE: How are you catching these spam I'm using imageinfo.cf (http://www.rulesemporium.com/plugins.htm) which helps. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Tuesday, May 12, 2009 11:45 AM To: MailScanner discussion Subject: How are you catching these spam The two attached png's are samples of what we are getting as spam. The message has a random subject and the attachment name apears to be random with nothing in the body of the message. I have tried ocrtext-sa32.pm and FuzzyOCR.pm but when I run one of these through 'gocr' I get: (PICTURE)(PICTURE)(PICTURE)(PICTURE) Yl__J l',_N l_l_ I_' _.31-31.NET _(PICTURE) Eile Edit _iew F*vorites *ools _elp b8ac_ - _,, - _ _ 0 I _search gFavor: Q Thanks for your time, Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/48b4d087/attachment.html From mi6 at orcon.net.nz Wed May 13 02:05:08 2009 From: mi6 at orcon.net.nz (Charlie) Date: Wed May 13 02:05:16 2009 Subject: removal of my email address from past posts Message-ID: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Hi, I have a huge favour to ask: I am currently receiving a lot of spam, so am trying to remove my email address from being seen online. It is only seen at a couple of websites: this one, and another one that mirrors this one (and says that I need to get it removed from this one before they can remove it from their one). So, I was wondering if someone could please remove all of the email addresses that are visible from this page on this site: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html It would be really appreciated! From mark at msapiro.net Wed May 13 05:14:32 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 13 05:14:49 2009 Subject: Issue with "Add Text Of Doc" feature Message-ID: I have been experimenting with the "Add Text Of Doc" feature. The issue I have come across is the output of antiword is in my case UTF-8 encoded (in the absense of a specific mapping provided to antiword, it's locale dependent), but the plain text attachment added by MailScanner doesn't specify a charset in its Content-Type. It would be nice if you could grok the encoding from the system locale and specify it, or barring that, provide a config option to set it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From john at tradoc.fr Wed May 13 08:11:17 2009 From: john at tradoc.fr (John Wilcock) Date: Wed May 13 08:11:30 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: <4A0A7295.2000609@tradoc.fr> Le 13/05/2009 03:05, Charlie a ?crit : > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. It is only seen at a couple of websites: Shutting the stable door after the horse has bolted... Now that "they" have got your address in their lists, removing it from sites will do little or no good. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From steveb_clamav at sanesecurity.com Wed May 13 09:01:42 2009 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed May 13 09:02:50 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <46675.93.97.28.110.1242201702.squirrel@saturn.dataflame.net> > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be random > with nothing in the body of the message. Slightly off-topic, but these are being caught with Sanesecurity signature, Sanesecurity.Spam.ldb.14 (spam.ldb database) Example stats: http://comms.oucs.ox.ac.uk/images/stats/relay/virus-month.png Cheers, Steve Sanesecurity From kse at hovmark.dk Wed May 13 09:10:03 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Wed May 13 09:10:16 2009 Subject: spamaction highscore rules. Message-ID: <1242202203.1013.30.camel@kse> So, i embarassed myself to my company yesterday. I managed to write a highscore rule that passed on all spam mails, that it should be dropping. But nevermind that. My problem is, i have two domains. eurocargoservices.de eurocargoservices.dk The .de company wants to receive all spam mails. They receive alot of mails from China and russia, which normally get tagged as spam (Since i took over the filter it now work quite well though, ignoring them). However, som spam mails are sent with both the .de and .dk domain in the 'to' header. And when the .de domain is in the recipient, the rule that delivers mail to .de takes action, and the spam is delivered to the .dk. It seems "Use Default Rules With Multiple Recipients = yes" does not work. These are the rules: To: @eurocargoservices.de deliver FromOrTo: default forward isspam@localhost Live long and prosper, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/457ecdd5/attachment.html From maxsec at gmail.com Wed May 13 09:59:10 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 13 09:59:19 2009 Subject: spamaction highscore rules. In-Reply-To: <1242202203.1013.30.camel@kse> References: <1242202203.1013.30.camel@kse> Message-ID: <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> Best way to avoid this situation is split the email up into individual recipients and then the rules on forwarding will work fine. The problem is if the 'to' contains multiple recipients and gives conflicting actions eg deliver and not-deliver which one should it obey???? MailScanner can't get which one is correct so uses the Envelope-To: as the overriding value. How to split the emails up is dependant on the MTA you use but sendmail, Exim and Postfix are covered in the wiki ( http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta ) -- Martin Hepworth Oxford, UK 2009/5/13 Kasper Sacharias Eenberg > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/dccb69af/attachment.html From ajcartmell at fonant.com Wed May 13 12:22:22 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed May 13 12:22:35 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be random > with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Wed May 13 12:24:04 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed May 13 12:24:18 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. If you're on the spammers' lists then it's probably too late... the page will be in Google's cache, etc, etc. My email address is very public (I want people to contact me!) but MailScanner keeps the spam out :) Anthony -- www.fonant.com - Quality web sites From housey at sme-ecom.co.uk Wed May 13 12:32:04 2009 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed May 13 12:32:50 2009 Subject: More than one Custom Function Message-ID: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> Hi I have a mailscanner set up that uses the Always Looked Up Last directive to call a custom function I wrote that logs to a postgres database. I want to try to get it to now to ALSO log to a mysql database using mailwatch. Is it possible to run 2 CustomFunctions from the same directive? I seem to recall seeing something in the wiki but can't locate anything. Paul From alvaro at hostalia.com Wed May 13 12:53:23 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Wed May 13 12:53:34 2009 Subject: Delete with MailScanner based on header Message-ID: <4A0AB4B3.9070506@hostalia.com> Hello, I'm using a plugin in SA that does an "eval:check_msg()" and adds a header with add_header. In that header there is information about the scanned mail (if it's spam or a virus). I see that isn't any option in MailScanner's configuration to do an action based on a header added by SA, something like "SpamAssassin Rule Actions", so I've thought to do a custom function for MailScanner to do it. The idea is see if this header has "virus" as value, and if this occurs, delete the message. Is this possible? Where are SA's headers stored (I see that $message->{headers} are original ones only)? Thanks! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From oliver at linux-kernel.at Wed May 13 14:03:52 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 13 14:04:06 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: <4A0AC538.6040307@linux-kernel.at> David Nalley wrote: > On Sat, May 9, 2009 at 9:44 PM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: >>> On Friday 08 May 2009 18:45:28 David Nalley wrote: >>>>> PS: Everybody who wants to contribute (in packaging), please follow this: >>>>> http://fedoraproject.org/wiki/PackageMaintainers/Join :-) >>> I should find some time tommorrow to start woking on the documentation here. >>> >>> Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. >>> >>> Eli >>> >> I'll create a resource request for a mailing list with infra tonight. >> > > Here is the mailing list: > https://admin.fedoraproject.org/mailman/listinfo/mailscanner-sig Sorry for being quiet the last few days... I'm/we're currently in the middle of our office relocation and if I'm not packing my stuff, I'm attending some meetings. :-/ So. I'll look into this again next week! Sorry, -of From Carl.Andrews at crackerbarrel.com Wed May 13 14:45:11 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 14:45:26 2009 Subject: How are you catching these spam In-Reply-To: <46675.93.97.28.110.1242201702.squirrel@saturn.dataflame.net> Message-ID: Silly question but I have them installed and they are updating frequently. If I run 'clamscan *.png' should it report one of these as outside of a email message? Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Basford Sent: Wednesday, May 13, 2009 3:02 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. Slightly off-topic, but these are being caught with Sanesecurity signature, Sanesecurity.Spam.ldb.14 (spam.ldb database) Example stats: http://comms.oucs.ox.ac.uk/images/stats/relay/virus-month.png Cheers, Steve Sanesecurity -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steveb_clamav at sanesecurity.com Wed May 13 14:51:00 2009 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed May 13 14:52:13 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> > Silly question but I have them installed and they are updating > frequently. If I run 'clamscan *.png' should it report one of these as > outside of a email message? In short... No, it won't find anything, when just scanning the .png file... Cheers, Steve Sanesecurity From pumzika at gmail.com Wed May 13 15:02:31 2009 From: pumzika at gmail.com (Steve Barnes) Date: Wed May 13 15:02:41 2009 Subject: Using --debug and --debug-sa with Postfix Message-ID: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> Hi I'm trying to understand how to use --debug and --debug-sa with Postfix as the MTA to observe the processing of a single message. Having stoppped all MailScanner processes, I run: /opt/MailScanner/bin/MailScanner --debug --debug-sa I get lots of debug output on screen, with no discernable errors, which eventually stops at: "Building a message batch to scan..." Now at this point, I thought I could get away with doing: cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED /var/spool/postfix/hold And MS would come back to life and begin processing the message, but it doesn't. It just remains sat at "Building a message batch to scan..." MS runs as user Postfix, and the permissions on the file before and after cp are: -rw-rw---- 1 postfix mail What am I missing here? Does "Quarantine Whole Messages As Queue Files" have any bearing on what I'm trying to do? Thank you Steve PS, I'm using: MS 4.76.24, Perl 5.10.0, SA 3.2.5, FreeBSD 7.2, Postfix 2.5.6 and MailWatch 1.0.4. From Carl.Andrews at crackerbarrel.com Wed May 13 15:03:33 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:03:51 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Is there a spamassassin plugin I need to enable for this to work? I placed this in a file in /etc/mail/spamassassin and when I run spamassassin -D --lint I see that it is loading the file but 'spamassassin -t < spammy_email_message' does not return a spam report with MIME_PNG_IMAGE_ONLY. I updated the score line to be "score MIME_PNG_IMAGE_ONLY 4.01" but that did not get any hits either. Thanks again!!! Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell Sent: Wednesday, May 13, 2009 6:22 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Wed May 13 15:07:10 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:07:20 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Found it. When I pasted the code into the cf, vi commented every line since I started off with a comment. I missed one of the lines when I uncommented it. Thanks, Carl -----Original Message----- From: Andrews Carl 448 Sent: Wednesday, May 13, 2009 9:04 AM To: 'MailScanner discussion' Subject: RE: How are you catching these spam Is there a spamassassin plugin I need to enable for this to work? I placed this in a file in /etc/mail/spamassassin and when I run spamassassin -D --lint I see that it is loading the file but 'spamassassin -t < spammy_email_message' does not return a spam report with MIME_PNG_IMAGE_ONLY. I updated the score line to be "score MIME_PNG_IMAGE_ONLY 4.01" but that did not get any hits either. Thanks again!!! Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell Sent: Wednesday, May 13, 2009 6:22 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Wed May 13 15:27:09 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:27:21 2009 Subject: How are you catching these spam In-Reply-To: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> Message-ID: Silly me. Yep, I get a hit when I scan the enitre message file but there are no records in the log file for email that shows any hits to Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. What have I goofed up so that from the 'clamscan MESSAGE' will work but not when MailScanner runs it? I have sanesecurity files in /var/cache/sanesecurity and /usr/local/share/clamav. I am using clamd, should I switch to clamav or clamavmodule? Thanks again, Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Basford Sent: Wednesday, May 13, 2009 8:51 AM To: MailScanner discussion Subject: RE: How are you catching these spam > Silly question but I have them installed and they are updating > frequently. If I run 'clamscan *.png' should it report one of these as > outside of a email message? In short... No, it won't find anything, when just scanning the .png file... Cheers, Steve Sanesecurity -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Wed May 13 15:44:37 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 13 15:44:46 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0ADCD5.8080503@alexb.ch> On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work but > not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? Is MailScanner feeding it enough of the message or maybe a chunk of it? Check your settings. Alex From Carl.Andrews at crackerbarrel.com Wed May 13 16:12:22 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 16:12:32 2009 Subject: How are you catching these spam In-Reply-To: <4A0ADCD5.8080503@alexb.ch> Message-ID: It should be getting all of it, here is all of the uncommented clam options. I just switched to clamavmodule and it did not catch sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message file with clam it does. Virus Scanners = clamavmodule Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Massage Scan = yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Wednesday, May 13, 2009 9:45 AM To: MailScanner discussion Subject: Re: How are you catching these spam On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work > but not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? Is MailScanner feeding it enough of the message or maybe a chunk of it? Check your settings. Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at tippingmar.com Wed May 13 19:46:44 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Wed May 13 19:47:21 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0B1594.7070608@tippingmar.com> Andrews Carl 448 wrote: > It should be getting all of it, here is all of the uncommented clam > options. I just switched to clamavmodule and it did not catch > sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message > file with clam it does. > > Virus Scanners = clamavmodule > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = # /var/lock/subsys/clamd > Clamd Use Threads = no > ClamAV Full Massage Scan = yes > > Current wisdom is that you should stick with Clamd. Is the value for Clamd Socket correct? It must match the one in /etc/clamd.conf. On my system it is /tmp/clamd.socket Mark Nienberg From Carl.Andrews at crackerbarrel.com Wed May 13 21:21:52 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 21:22:10 2009 Subject: How are you catching these spam In-Reply-To: <4A0B1594.7070608@tippingmar.com> Message-ID: Ok. Yep, one config pointed to /tmp/clamd.socket but another pointed to /tmp/clamd so I changed them both to /tmp/clamd and that is where it is placed. Using clamd (which I will switch back to) I am getting hits on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and possibly others. I have searched the system and I only see the sanesecurity files in the two places I think they are supposed to be. Could I have done something to make clamd and clamscan react differently to the same file? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 1:47 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > It should be getting all of it, here is all of the uncommented clam > options. I just switched to clamavmodule and it did not catch > sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message > file with clam it does. > > Virus Scanners = clamavmodule > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = > 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd > Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd > Use Threads = no ClamAV Full Massage Scan = yes > > Current wisdom is that you should stick with Clamd. Is the value for Clamd Socket correct? It must match the one in /etc/clamd.conf. On my system it is /tmp/clamd.socket Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at tippingmar.com Wed May 13 22:21:41 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Wed May 13 22:22:05 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0B39E5.2080700@tippingmar.com> Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it is > placed. Using clamd (which I will switch back to) I am getting hits on > other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and possibly > others. I have searched the system and I only see the sanesecurity files > in the two places I think they are supposed to be. Could I have done > something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg From MailScanner at ecs.soton.ac.uk Wed May 13 23:16:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:16:45 2009 Subject: More than one Custom Function In-Reply-To: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> Message-ID: On 13/05/2009 12:32, Paul Houselander wrote: > Hi > > I have a mailscanner set up that uses the Always Looked Up Last directive to > call a custom function I wrote that logs to a postgres database. > > I want to try to get it to now to ALSO log to a mysql database using > mailwatch. > > Is it possible to run 2 CustomFunctions from the same directive? > Why not just write a Custom Function that calls both bits of code? Just pass all the parameters to both functions, simple as that. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:18:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:19:11 2009 Subject: Delete with MailScanner based on header In-Reply-To: <4A0AB4B3.9070506@hostalia.com> References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> Message-ID: On 13/05/2009 12:53, Alvaro Mar?n wrote: > Hello, > > I'm using a plugin in SA that does an "eval:check_msg()" and adds a header > with add_header. In that header there is information about the scanned > mail (if it's spam > or a virus). > > I see that isn't any option in MailScanner's configuration to do an > action based on a header added by SA, something like "SpamAssassin Rule > Actions", so I've thought to do a custom function for MailScanner to do it. > The idea is see if this header has "virus" as value, and if this occurs, > delete the message. Is this possible? > Where are SA's headers stored (I see that $message->{headers} are > original ones only)? > MailScanner does not allow SpamAssassin to modify the message. However, you can have a SA rule and then have a "header" action in the SpamAssassin Rule Actions setup. SpamAssassin is the wrong tool for determining if a message is a virus. Maybe you want to use the "generic" virus scanner that MailScanner allows you to implement yourself? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:23:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:23:23 2009 Subject: Using --debug and --debug-sa with Postfix In-Reply-To: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> References: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> <4A0B4847.1060905@ecs.soton.ac.uk> Message-ID: On 13/05/2009 15:02, Steve Barnes wrote: > Hi > > I'm trying to understand how to use --debug and --debug-sa with > Postfix as the MTA to observe the processing of a single message. > > Having stoppped all MailScanner processes, I run: > > /opt/MailScanner/bin/MailScanner --debug --debug-sa > > I get lots of debug output on screen, with no discernable errors, > which eventually stops at: > > "Building a message batch to scan..." > > Now at this point, I thought I could get away with doing: > > cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED > /var/spool/postfix/hold > For starters the filename MailScanner is expecting doesn't have the ".A78ED" on the end. > And MS would come back to life and begin processing the message, but > it doesn't. It just remains sat at "Building a message batch to > scan..." > > MS runs as user Postfix, and the permissions on the file before and > after cp are: > > -rw-rw---- 1 postfix mail > > What am I missing here? You may well be hitting the "processing-messages" database. If you let it pick up the message in a batch once and then kill it before it processes the message, it will eventually stop collecting that message file. Delete /var/spool/MailScanner/incoming/*db before running MailScanner each time, and make sure the filename is correct as above. Then it will pick up the message. > Does "Quarantine Whole Messages As Queue > Files" have any bearing on what I'm trying to do? > No, you want that. Just remove the dot and everything after that, as what you have now is not a valid Postfix queue filename, but one with extra entropy added by MailScanner to ensure the filenames are distinct. Without Postfix can use the same filename twice within a relatively short time period on some systems. > Thank you > > Steve > > PS, I'm using: > > MS 4.76.24, > Perl 5.10.0, > SA 3.2.5, > FreeBSD 7.2, > Postfix 2.5.6 and > MailWatch 1.0.4. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:29:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:29:22 2009 Subject: How are you catching these spam In-Reply-To: <4A0ADCD5.8080503@alexb.ch> References: <4A0ADCD5.8080503@alexb.ch> <4A0B49AC.2030808@ecs.soton.ac.uk> Message-ID: On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work but >> not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed May 13 23:47:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 13 23:48:25 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: on 5-12-2009 6:05 PM Charlie spake the following: > Hi, > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. It is only seen at a couple of websites: > this one, and another one that mirrors this one (and says that I need to > get it removed from this one before they can remove it from their one). > So, I was wondering if someone could please remove all of the email > addresses that are visible from this page on this site: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html > > It would be really appreciated! > > E-mail and news archives are forever! You will never get it all out. Easier to just change your address and use the old one as a spamtrap. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/9a9150fe/signature.bin From MailScanner at ecs.soton.ac.uk Thu May 14 00:11:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 14 00:12:01 2009 Subject: removal of my email address from past posts In-Reply-To: References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> <4A0B53AF.8050004@ecs.soton.ac.uk> Message-ID: On 13/05/2009 23:47, Scott Silva wrote: > on 5-12-2009 6:05 PM Charlie spake the following: > >> Hi, >> I have a huge favour to ask: >> I am currently receiving a lot of spam, so am trying to remove my email >> address from being seen online. It is only seen at a couple of websites: >> this one, and another one that mirrors this one (and says that I need to >> get it removed from this one before they can remove it from their one). >> So, I was wondering if someone could please remove all of the email >> addresses that are visible from this page on this site: >> http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html >> >> It would be really appreciated! >> >> >> > E-mail and news archives are forever! You will never get it all out. > Precisely. You cannot delete stuff from the internet. Don't bother trying. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu May 14 05:57:52 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 14 05:58:01 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: References: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Message-ID: <223f97700905132157p6d562f28rf0900a9d4ef7c445@mail.gmail.com> 2009/5/12 Marco Barbero : > 2009/5/12 Martin Hepworth : >> Turn off the compress attachments?facility?while you work it out?? > > If you are refferring to 'Zip Attachments' ?I have it set to 'no'. > This all reminds me of some old error... Can't really remember what (was it the message explode bug == messages wiith zips containing likenamed zips? Perhaps, perhaps not.... someone else might have a better memory than I.... Or trawl the ml archive, I'm almost certain you'll find something relevant:-). Anyway, I'm pretty cerrtain that if you upgrade from your (oldish) version, the problem would be solved...;) > >> >> 2009/5/12 Marco Barbero >>> >>> Hi >>> Mailscanner 4.70.7 >>> Postfix 2.5.5 >>> >>> I experienced a strange issue: ?all my children stuck on 'compressing >>> attachment' so mailscanner stop to process queue. >>> Mailscanner was not able to restart children every 'time' set on >>> Mailscanner.conf. ?So I had to kill processes and restart mailscanner. >>> Debug mode (spamassassin and mailscanner) didn't show any problem. ?I >>> have other installations like this but never suffered a similar issue. >>> ?Any hints? >>> At the moment I'm thinking about a workaround: ?kill mailscanner every >>> 30 minutes and restart it. ?Is there any risk about mail and or bayes >>> corruption? >>> Thanks in advance >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu May 14 06:07:18 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 14 06:07:27 2009 Subject: Using --debug and --debug-sa with Postfix In-Reply-To: References: <4A0B4847.1060905@ecs.soton.ac.uk> <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> Message-ID: <223f97700905132207p1880152na258adeb55f197ca@mail.gmail.com> 2009/5/14 Julian Field : > > > On 13/05/2009 15:02, Steve Barnes wrote: >> >> Hi >> >> I'm trying to understand how to use --debug and --debug-sa with >> Postfix as the MTA to observe the processing of a single message. >> >> Having stoppped all MailScanner processes, I run: >> >> /opt/MailScanner/bin/MailScanner --debug --debug-sa >> >> I get lots of debug output on screen, with no discernable errors, >> which eventually stops at: >> >> "Building a message batch to scan..." >> >> Now at this point, I thought I could get away with doing: >> >> cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED >> /var/spool/postfix/hold >> > > For starters the filename MailScanner is expecting doesn't have the ".A78ED" > on the end. >> >> And MS would come back to life and begin processing the message, but >> it doesn't. It just remains sat at "Building a message batch to >> scan..." >> >> MS runs as user Postfix, and the permissions on the file before and >> after cp are: >> >> -rw-rw---- ?1 postfix ?mail chmod 0700 /path/to/queue/file All this (should be) in the wiki article on how to release quarantined messages. >> >> What am I missing here? > > You may well be hitting the "processing-messages" database. If you let it > pick up the message in a batch once and then kill it before it processes the > message, it will eventually stop collecting that message file. Delete > /var/spool/MailScanner/incoming/*db before running MailScanner each time, > and make sure the filename is correct as above. Then it will pick up the > message. >> >> ?Does "Quarantine Whole Messages As Queue >> Files" have any bearing on what I'm trying to do? >> > > No, you want that. Just remove the dot and everything after that, as what Well... if it is set to "no", then you don't have a queue file;-)... Then the spam quarantine is just the RFC822 message file named as the queuef file (with entropy), and he would need use a sendmail-command method of reintroducing the message... But you knew that Jules;-):-). > you have now is not a valid Postfix queue filename, but one with extra > entropy added by MailScanner to ensure the filenames are distinct. Without > Postfix can use the same filename twice within a relatively short time > period on some systems. Quite true. >> Thank you >> >> Steve >> >> PS, I'm using: >> >> MS 4.76.24, >> Perl 5.10.0, >> SA 3.2.5, >> FreeBSD 7.2, >> Postfix 2.5.6 and >> MailWatch 1.0.4. >> > > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From housey at sme-ecom.co.uk Thu May 14 08:57:06 2009 From: housey at sme-ecom.co.uk (Paul) Date: Thu May 14 08:58:01 2009 Subject: More than one Custom Function In-Reply-To: References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> Message-ID: <4A0BCED2.7020307@sme-ecom.co.uk> Julian Field wrote: > > > On 13/05/2009 12:32, Paul Houselander wrote: >> Hi >> >> I have a mailscanner set up that uses the Always Looked Up Last >> directive to >> call a custom function I wrote that logs to a postgres database. >> >> I want to try to get it to now to ALSO log to a mysql database using >> mailwatch. >> >> Is it possible to run 2 CustomFunctions from the same directive? >> > Why not just write a Custom Function that calls both bits of code? > Just pass all the parameters to both functions, simple as that. > > Jules > Hi Jules I did think about doing that, it was just I recalled someone writing a wrapper that allowed you to call 2 custom functions? I may well have drembt it as cant find anything via the wiki or searching through the archives! Paul From alvaro at hostalia.com Thu May 14 10:18:47 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Thu May 14 10:18:53 2009 Subject: Delete with MailScanner based on header In-Reply-To: References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> Message-ID: <4A0BE1F7.3070303@hostalia.com> Hi Jules, I'm using Cloudmark's plugin for SA. In SA, I configure: ifplugin Mail::SpamAssassin::Plugin::CMAE full CMAE_1 eval:check_msg() describe CMAE_1 Cloudmark CMAE detected spam score CMAE_1 5 add_header all CMAE-Analysis _CMAETAG_ endif that has a score of 5 if the message is cataloged like spam and adds a header like this: X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 The problem is that if the plugin detects a virus in the message, this header changes to: X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 xcat=Virus/CMU_7796_20090511 adding that "xcat" field. I want to delete messages with "xcat=Virus" and other messages, mark them with {Spam?}. If I could see in a MailScanner plugin this header that SA returns, I would be able to mark it to delete in case that has "xcat=Virus". Is it possible? Thanks! Julian Field escribi?: > > > On 13/05/2009 12:53, Alvaro Mar?n wrote: >> Hello, >> >> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >> header >> with add_header. In that header there is information about the scanned >> mail (if it's spam >> or a virus). >> >> I see that isn't any option in MailScanner's configuration to do an >> action based on a header added by SA, something like "SpamAssassin Rule >> Actions", so I've thought to do a custom function for MailScanner to >> do it. >> The idea is see if this header has "virus" as value, and if this occurs, >> delete the message. Is this possible? >> Where are SA's headers stored (I see that $message->{headers} are >> original ones only)? >> > MailScanner does not allow SpamAssassin to modify the message. However, > you can have a SA rule and then have a "header" action in the > SpamAssassin Rule Actions setup. > > SpamAssassin is the wrong tool for determining if a message is a virus. > Maybe you want to use the "generic" virus scanner that MailScanner > allows you to implement yourself? > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From MailScanner at ecs.soton.ac.uk Thu May 14 10:34:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 14 10:34:24 2009 Subject: Delete with MailScanner based on header In-Reply-To: <4A0BE1F7.3070303@hostalia.com> References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> <4A0BE1F7.3070303@hostalia.com> <4A0BE58D.6050801@ecs.soton.ac.uk> Message-ID: MailScanner doesn't allow SpamAssassin to modify the message, that would destroy the entire MIME structure and everything. It should be returning a rule hit for their plugin, not just adding a header. On 14/05/2009 10:18, Alvaro Mar?n wrote: > Hi Jules, > > I'm using Cloudmark's plugin for SA. In SA, I configure: > > ifplugin Mail::SpamAssassin::Plugin::CMAE > full CMAE_1 eval:check_msg() > describe CMAE_1 Cloudmark CMAE detected spam > score CMAE_1 5 > add_header all CMAE-Analysis _CMAETAG_ > endif > > that has a score of 5 if the message is cataloged like spam and adds a > header like this: > > X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 > p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 > > The problem is that if the plugin detects a virus in the message, this > header changes to: > > X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 > p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 > xcat=Virus/CMU_7796_20090511 > > adding that "xcat" field. > > I want to delete messages with "xcat=Virus" and other messages, mark > them with {Spam?}. > If I could see in a MailScanner plugin this header that SA returns, I > would be able to mark it to delete in case that has "xcat=Virus". Is it > possible? > > Thanks! > > > Julian Field escribi?: > >> >> On 13/05/2009 12:53, Alvaro Mar?n wrote: >> >>> Hello, >>> >>> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >>> header >>> with add_header. In that header there is information about the scanned >>> mail (if it's spam >>> or a virus). >>> >>> I see that isn't any option in MailScanner's configuration to do an >>> action based on a header added by SA, something like "SpamAssassin Rule >>> Actions", so I've thought to do a custom function for MailScanner to >>> do it. >>> The idea is see if this header has "virus" as value, and if this occurs, >>> delete the message. Is this possible? >>> Where are SA's headers stored (I see that $message->{headers} are >>> original ones only)? >>> >>> >> MailScanner does not allow SpamAssassin to modify the message. However, >> you can have a SA rule and then have a "header" action in the >> SpamAssassin Rule Actions setup. >> >> SpamAssassin is the wrong tool for determining if a message is a virus. >> Maybe you want to use the "generic" virus scanner that MailScanner >> allows you to implement yourself? >> >> Jules >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu May 14 12:42:57 2009 From: rcooper at dwford.com (Rick Cooper) Date: Thu May 14 12:43:14 2009 Subject: How are you catching these spam In-Reply-To: References: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> Message-ID: <8942A5D9A8F644A1A5ABF948D2AC9F9F@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Wednesday, May 13, 2009 10:27 AM To: MailScanner discussion Subject: RE: How are you catching these spam > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work but > not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? > > Thanks again, > Carl > [...] Make sure the entire message is being scanned, for instance in MailScanner.conf ClamAV Full Message Scan = yes It sounds suspiciously like clamd is not getting the entire message. Also make sure the clamd.conf line #ScanMail yes Is not set to no, the default is to scan mail. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu May 14 12:56:29 2009 From: rcooper at dwford.com (Rick Cooper) Date: Thu May 14 12:56:41 2009 Subject: More than one Custom Function In-Reply-To: <4A0BCED2.7020307@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> Message-ID: <23AEE393E2224410B6228743C96815DD@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Sent: Thursday, May 14, 2009 3:57 AM To: MailScanner discussion Subject: Re: More than one Custom Function > Julian Field wrote: >> >> >> On 13/05/2009 12:32, Paul Houselander wrote: >>> Hi >>> >>> I have a mailscanner set up that uses the Always Looked Up Last >>> directive to call a custom function I wrote that logs to a postgres >>> database. >>> >>> I want to try to get it to now to ALSO log to a mysql database using >>> mailwatch. >>> >>> Is it possible to run 2 CustomFunctions from the same directive? >>> >> Why not just write a Custom Function that calls both bits of code? >> Just pass all the parameters to both functions, simple as that. >> >> Jules >> > Hi Jules > > I did think about doing that, it was just I recalled someone writing a > wrapper that allowed you to call 2 custom functions? I may well have > drembt it as cant find anything via the wiki or searching through the > archives! I do this with a function called wrapper (not real unique) In MailScanner.conf # If you want to use it, read CustomConfig.pm. Always Looked Up Last = &Wrapper In CustomConfig.pm sub InitWrapper { InitExtendedLogger(); InitMailWatchLogging(); } sub Wrapper { my($msg) = @_; ExtendedLogger($msg); MailWatchLogging($msg); } sub EndWrapper { EndExtendedLogger(); EndMailWatchLogging(); } The sub Wrapper calls the functions, the InitWrapper calls the other Init functions and EndWrapper calls the other End functions Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Thu May 14 13:45:07 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 14 13:45:17 2009 Subject: Mail delay at MailScanner Message-ID: Hi All, I am using MailScanner with postfix and mail flow is normal till these days and now i am finding the mail delay's regularly , When i went through the log and found mails are going in hold after that a long delay and reque of the mail is happening and mail will sent successfully. here is the log smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], sasl_method=LOGIN, sasl_username=username@domain.com Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header Received: from usename (unknown [192.168.10.156])??(Authenticated sender: ,username>@)??by smtp.domain.com (Postfix) with ESMTP id B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; from= to= proto=ESMTP helo= Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: message-id=<003f01c9c7c0$5786f380$0694da80$@com> Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to 6E0A36130112 Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 to SQL Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to MailWatch SQL Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to 6E0A36130112 Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< user@domain.com>, size=495880, nrcpt=1 (queue active) Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=, relay=192.168.1.2[192.168.1.1]:25, *delay=16269, delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 qp 3538) Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed there is no problem in network since it is in private LAN. This is happening more frequently now a days, Also I checked on the receiving server i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD ,mailq etc .. at that point of time nothing found abnormal. Details : MailScanner --> Version installed (4.74.16) SpamAssassin version 3.2.5 running on Perl version 5.8.8 Postfix mail_version = 2.3.3 What would be the problem?? Is any one facing the same issue?? Thanks in advance. Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/b45d3dfd/attachment.html From alex at rtpty.com Thu May 14 16:27:32 2009 From: alex at rtpty.com (Alex Neuman) Date: Thu May 14 16:27:42 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> On Thu, May 14, 2009 at 7:45 AM, shyam hirurkar wrote: > Hi All, > > there is no problem in network since it is in private LAN. This is > happening more frequently now a days, Also I checked on the receiving server > i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD > ,mailq etc .. at that point of time nothing found abnormal. > While I can't personally help you since I'm not using Postfix, I can contribute something from my experience. Statements like "there is no problem in network since it is in private LAN" can sometimes come back and bite you in the rear. You shouldn't assume anything "works" because "it looks like it's working" or "it shouldn't be a problem". Usually these assumptions make you waste time and resources while you find that the problem is where you were "sure it couldn't happen". Question everything. Even if it's documented - conditions might have changed in unpredictable ways, so you may have to verify every process - like playing hopscotch from point to point in whatever process you're troubleshooting, but from both ends. You checked load and mailq, but you could tell us what "etc." means; you could also describe what "check" means for you - as well as what "nothing found abnormal" means for you. Good luck! > Shyam > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/680229b0/attachment.html From Carl.Andrews at crackerbarrel.com Thu May 14 17:12:11 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:12:23 2009 Subject: How are you catching these spam In-Reply-To: <4A0B39E5.2080700@tippingmar.com> Message-ID: Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 4:22 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it > is placed. Using clamd (which I will switch back to) I am getting hits > on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and > possibly others. I have searched the system and I only see the > sanesecurity files in the two places I think they are supposed to be. > Could I have done something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Thu May 14 17:16:32 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:16:44 2009 Subject: How are you catching these spam In-Reply-To: <4A0B39E5.2080700@tippingmar.com> Message-ID: Both clamdscan and clamscan found Sanesecurity.Spam.ldb.14.UNOFFICIAL FOUND. Very strange. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 4:22 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it > is placed. Using clamd (which I will switch back to) I am getting hits > on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and > possibly others. I have searched the system and I only see the > sanesecurity files in the two places I think they are supposed to be. > Could I have done something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Thu May 14 17:19:35 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu May 14 17:20:02 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: Message-ID: Julian Field wrote: > >On 11/05/2009 23:32, Mark Sapiro wrote: >> Mark Sapiro wrote: >> >> [...] >> >>> Now I see the above analysis is probably wrong. I just received another >>> unscanned message. Headers are attached as scanned2.txt and >>> unscanned2.txt. Here again, I was able to get the message to be >>> scanned by removing a Received: header, but the header I removed >>> doesn't have any 'special' IP address in it. >>> >> >> Further information. I replaced Postfix.pm with the one from 4.76.24 >> and the problem is gone. >> >Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have >just released. The fix in 4.77.4 goes too far. With that fix, my scan messages rules like # localhost From: 127.0.0.1 no # sbh16.songbird.com From: 72.52.113.16 no are not effective, and all messages are scanned. Note I have Read IP Address From Received Header = no in MailScanner.conf -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Carl.Andrews at crackerbarrel.com Thu May 14 17:28:28 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:28:36 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: That was my problem. I had "Massage" instead of "Message" -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 13, 2009 5:29 PM To: MailScanner discussion Subject: Re: How are you catching these spam On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work >> but not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.freegard at fsl.com Thu May 14 17:28:37 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu May 14 17:28:47 2009 Subject: How are you catching these spam In-Reply-To: References: <4A0B39E5.2080700@tippingmar.com> Message-ID: <4A0C46B5.9080007@fsl.com> Andrews Carl 448 wrote: > Both clamdscan and clamscan found Sanesecurity.Spam.ldb.14.UNOFFICIAL > FOUND. > > Very strange. > Do you have the sanesecurity.ftm file in your ClamAV database directory?? - this file is required so that ClamAV detects the input as mail messages when the whole message is input from MailScanner to ClamD. Regards, Steve. From Carl.Andrews at crackerbarrel.com Thu May 14 17:29:01 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:29:10 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Thanks. That was it. I had typed Message incorrectly, I had "Massage". :-< -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 13, 2009 5:29 PM To: MailScanner discussion Subject: Re: How are you catching these spam On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work >> but not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Thu May 14 17:41:14 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu May 14 17:41:30 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: Message-ID: Mark Sapiro wrote: >I have been experimenting with the "Add Text Of Doc" feature. The issue >I have come across is the output of antiword is in my case UTF-8 >encoded (in the absense of a specific mapping provided to antiword, >it's locale dependent), but the plain text attachment added by >MailScanner doesn't specify a charset in its Content-Type. > >It would be nice if you could grok the encoding from the system locale >and specify it, or barring that, provide a config option to set it. Please note, in case it wasn't clear, the current behavior is a real problem. UTF-8 encoded data are being sent in a text/plain part with implicit charset us-ascii resulting in data being displayed in MUAs like the following: Lani Waller Presents ???A Steelheader???s Way??? ???A Steelheader???s Way??? is a presentation on the principles, tactics, techniques and philosophy of trophy steelhead fishing based on Lani???s new book of the same title. This personal look will include the ???common elements of the endeavor??? ... -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ssilva at sgvwater.com Thu May 14 18:06:37 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 14 18:07:08 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: on 5-14-2009 9:28 AM Andrews Carl 448 spake the following: > That was my problem. > I had "Massage" instead of "Message" > I wish I had a "Massage" instead of a "Message" right now ;-P OK, I'm done... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/690fbfd7/signature.bin From housey at sme-ecom.co.uk Thu May 14 18:28:07 2009 From: housey at sme-ecom.co.uk (Paul) Date: Thu May 14 18:28:55 2009 Subject: More than one Custom Function In-Reply-To: <23AEE393E2224410B6228743C96815DD@SAHOMELT> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> Message-ID: <4A0C54A7.8060609@sme-ecom.co.uk> Julian Field wrote: >>> On 13/05/2009 12:32, Paul Houselander wrote: >>> >>>> Hi >>>> >>>> I have a mailscanner set up that uses the Always Looked Up Last >>>> directive to call a custom function I wrote that logs to a postgres >>>> database. >>>> >>>> I want to try to get it to now to ALSO log to a mysql database using >>>> mailwatch. >>>> >>>> Is it possible to run 2 CustomFunctions from the same directive? >>>> >>>> >>> Why not just write a Custom Function that calls both bits of code? >>> Just pass all the parameters to both functions, simple as that. >>> >>> Jules >>> >>> >> Hi Jules >> >> I did think about doing that, it was just I recalled someone writing a >> wrapper that allowed you to call 2 custom functions? I may well have >> drembt it as cant find anything via the wiki or searching through the >> archives! >> > > I do this with a function called wrapper (not real unique) > > In MailScanner.conf > > # If you want to use it, read CustomConfig.pm. > Always Looked Up Last = &Wrapper > > > In CustomConfig.pm > > sub InitWrapper { > InitExtendedLogger(); > InitMailWatchLogging(); > } > > sub Wrapper { > my($msg) = @_; > ExtendedLogger($msg); > MailWatchLogging($msg); > } > > sub EndWrapper { > EndExtendedLogger(); > EndMailWatchLogging(); > } > > The sub Wrapper calls the functions, the InitWrapper calls the other Init > functions and EndWrapper calls the other End functions > > Rick > Thanks Rick thats works like a treat - logging to both mysql and postgres! I just realised another issue I have, the postgres set up has to use Quarantine Whole Messages As Queue Files = yes as when it releases a message it just copies the qf and df file to the mqueue. Mailwatch requires Quarantine Whole Messages As Queue Files = no without changing to much code does anyone know how I can run with both? i.e. quarantine files as both qf df and also as one file? Cheers Paul From shyamph at gmail.com Fri May 15 04:54:46 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Fri May 15 04:54:59 2009 Subject: Mail delay at MailScanner In-Reply-To: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> References: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> Message-ID: Hi Alex, Thanks for the inputs. 1. I checked the network connectivity --> Ping,telnet to port 25 --> getting response properly .i.e time=0.118 ms in ping and telnet response is really fast. --> This is from both ends 2. etc --> I meant is other than load or mailq like response from the smtp service from remote end and reverse way, ping,telnet. 3. Check --> SA debug ,Mail Scanner Debug (Commands are understood) 4. Abnormal --> Meant unusual activity refer point 1,2,3 Let me know any further inputs required from my end. Hope some one may help on this. Thanks in advance Shyam On Thu, May 14, 2009 at 8:57 PM, Alex Neuman wrote: > > > On Thu, May 14, 2009 at 7:45 AM, shyam hirurkar wrote: > >> Hi All, >> >> there is no problem in network since it is in private LAN. This is >> happening more frequently now a days, Also I checked on the receiving server >> i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD >> ,mailq etc .. at that point of time nothing found abnormal. >> > > While I can't personally help you since I'm not using Postfix, I can > contribute something from my experience. Statements like "there is no > problem in network since it is in private LAN" can sometimes come back and > bite you in the rear. You shouldn't assume anything "works" because "it > looks like it's working" or "it shouldn't be a problem". Usually these > assumptions make you waste time and resources while you find that the > problem is where you were "sure it couldn't happen". > > Question everything. Even if it's documented - conditions might have > changed in unpredictable ways, so you may have to verify every process - > like playing hopscotch from point to point in whatever process you're > troubleshooting, but from both ends. You checked load and mailq, but you > could tell us what "etc." means; you could also describe what "check" means > for you - as well as what "nothing found abnormal" means for you. > > Good luck! > > >> Shyam >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/19c9070c/attachment.html From eli at orbsky.homelinux.org Fri May 15 05:48:18 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 15 05:48:45 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: <200905150748.19458.eli@orbsky.homelinux.org> >From the looks of things it looks like greylisting has been implemented on the receiving end. Which is a good thing and highly recommended. You should check this. If this indeed is the case and mail coming from your server is of a top priority for the receiving end then without a doubt an exception can be configured at the other end. Eli On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > Hi All, > > I am using MailScanner with postfix and mail flow is normal till these days > and now i am finding the mail delay's regularly , > > When i went through the log and found mails are going in hold after that a > long delay and reque of the mail is happening and mail will sent > successfully. > here is the log > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > sasl_method=LOGIN, sasl_username=username@domain.com > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; > from= to= proto=ESMTP helo= > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > 6E0A36130112 > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 to > SQL > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > MailWatch SQL > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > 6E0A36130112 > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > user@domain.com>, size=495880, nrcpt=1 (queue active) > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=, > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 qp > 3538) > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kse at hovmark.dk Fri May 15 07:34:01 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 07:33:55 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> Message-ID: <1242369241.15720.7.camel@kse> Thanks for the help. But i'm afraid this server is already way overloaded, and that this might kill it. Are there any alternatives to this? Any rules i can write? Adding "To: @eurocargoservices.dk delete" does not work, as you say. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The > problem is if the 'to' contains multiple recipients and gives > conflicting actions eg deliver and not-deliver which one should it > obey???? MailScanner can't get which one is correct so uses the > Envelope-To: as the overriding value. > > > > How to split the emails up is dependant on the MTA you use but > sendmail, Exim and Postfix are covered in the wiki > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > -- > Martin Hepworth > Oxford, UK > > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam > mails, that it should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive > alot of mails from China and russia, which normally get tagged > as spam (Since i took over the filter it now work quite well > though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk > domain in the 'to' header. > And when the .de domain is in the recipient, the rule that > delivers mail to .de takes action, and the spam is delivered > to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" > does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > > ______________________________________________________________ > > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/b2903c6c/attachment.html From maxsec at gmail.com Fri May 15 08:47:38 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 15 08:47:50 2009 Subject: spamaction highscore rules. In-Reply-To: <1242369241.15720.7.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> Message-ID: <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> Kasper I presume you do things like drop unknown users at the MTA? This can reduce the load by well over 50%. Also have a look in the wiki about performance tuning MailScanner - local caching nameserver, using only a few RBL's etc etc. -- Martin 2009/5/15 Kasper Sacharias Eenberg > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that this might > kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not work, as > you say. > > > With regards, > ------------------------------ > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The problem is > if the 'to' contains multiple recipients and gives conflicting actions eg > deliver and not-deliver which one should it obey???? MailScanner can't get > which one is correct so uses the Envelope-To: as the overriding value. > > > > How to split the emails up is dependant on the MTA you use but sendmail, > Exim and Postfix are covered in the wiki ( > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > -- > Martin Hepworth > Oxford, UK > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/ce042518/attachment.html From kse at hovmark.dk Fri May 15 09:31:38 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 09:31:31 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> Message-ID: <1242376298.15720.23.camel@kse> Unfortunately, we do not, completely that is. I implemented some user checking. But we have many mailservers running. Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. It's a pain gathering from that many servers. It's on my todo list though. I'll prioritize it up. The main problem however, might be that the server only has 1GB of ram, for some reason or other. The other spamfilters have better hardware, but this is used as our primary, until i set up replication of rules and such. And add more filters. Tuning has been done on all servers. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > Kasper > > > > I presume you do things like drop unknown users at the MTA? This can > reduce the load by well over 50%. Also have a look in the wiki about > performance tuning MailScanner - local caching nameserver, using only > a few RBL's etc etc. > > > -- > Martin > > > 2009/5/15 Kasper Sacharias Eenberg > > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that > this might kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not > work, as you say. > > > With regards, > > > > ______________________________________________________________ > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > > > > Best way to avoid this situation is split the email up into > > individual recipients and then the rules on forwarding will > > work fine. The problem is if the 'to' contains multiple > > recipients and gives conflicting actions eg deliver and > > not-deliver which one should it obey???? MailScanner can't > > get which one is correct so uses the Envelope-To: as the > > overriding value. > > > > > > How to split the emails up is dependant on the MTA you use > > but sendmail, Exim and Postfix are covered in the wiki > > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > > -- > > Martin Hepworth > > Oxford, UK > > > > 2009/5/13 Kasper Sacharias Eenberg > > > > So, i embarassed myself to my company yesterday. > > > > I managed to write a highscore rule that passed on > > all spam mails, that it should be dropping. > > But nevermind that. > > > > > > My problem is, i have two domains. > > eurocargoservices.de > > eurocargoservices.dk > > > > The .de company wants to receive all spam mails. > > They receive alot of mails from China and russia, > > which normally get tagged as spam (Since i took over > > the filter it now work quite well though, ignoring > > them). > > > > > > However, som spam mails are sent with both the .de > > and .dk domain in the 'to' header. > > And when the .de domain is in the recipient, the > > rule that delivers mail to .de takes action, and the > > spam is delivered to the .dk. > > > > It seems "Use Default Rules With Multiple Recipients > > = yes" does not work. > > > > These are the rules: > > To: @eurocargoservices.de deliver > > FromOrTo: default forward > > isspam@localhost > > > > > > Live long and prosper, > > > > ____________________________________________________ > > > > > > > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > -- > Martin Hepworth > Oxford, UK > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/807f4397/attachment-0001.html From maxsec at gmail.com Fri May 15 09:42:11 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 15 09:42:21 2009 Subject: spamaction highscore rules. In-Reply-To: <1242376298.15720.23.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> Message-ID: <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> Kasper You should be able to do a lookup on the fly (look-a-head). How you do this depends on the MTA but there are lots of info on this in the wiki. 1GB ram won't help - be careful on the number of children and batch size, with 1GB ram you'll need to keep that down. maybe 2 children and 20 as the batch size. -- Martin Hepworth Oxford, UK 2009/5/15 Kasper Sacharias Eenberg > Unfortunately, we do not, completely that is. > > I implemented some user checking. But we have many mailservers running. > Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. > It's a pain gathering from that many servers. > It's on my todo list though. > I'll prioritize it up. > > The main problem however, might be that the server only has 1GB of ram, for > some reason or other. > The other spamfilters have better hardware, but this is used as our > primary, until i set up replication of rules and such. And add more filters. > > Tuning has been done on all servers. > > > With regards, > ------------------------------ > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > > Kasper > > > > I presume you do things like drop unknown users at the MTA? This can > reduce the load by well over 50%. Also have a look in the wiki about > performance tuning MailScanner - local caching nameserver, using only a few > RBL's etc etc. > > > > -- > > Martin > > 2009/5/15 Kasper Sacharias Eenberg > > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that this might > kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not work, as > you say. > > > With regards, > > > ------------------------------ > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The problem is > if the 'to' contains multiple recipients and gives conflicting actions eg > deliver and not-deliver which one should it obey???? MailScanner can't get > which one is correct so uses the Envelope-To: as the overriding value. > > > How to split the emails up is dependant on the MTA you use but sendmail, > Exim and Postfix are covered in the wiki ( > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta > ) > > > -- > Martin Hepworth > Oxford, UK > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Martin Hepworth > Oxford, UK > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/3f9e0a7b/attachment.html From kse at hovmark.dk Fri May 15 09:49:25 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 09:49:17 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> Message-ID: <1242377366.15720.26.camel@kse> The children and batch size are about what you said. That's awesome, thank you Martin. You've been good help. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 09:42 +0100, Martin Hepworth wrote: > Kasper > > > > You should be able to do a lookup on the fly (look-a-head). How you do > this depends on the MTA but there are lots of info on this in the > wiki. > > > 1GB ram won't help - be careful on the number of children and batch > size, with 1GB ram you'll need to keep that down. maybe 2 children and > 20 as the batch size. > > > -- > Martin Hepworth > Oxford, UK > > > 2009/5/15 Kasper Sacharias Eenberg > > Unfortunately, we do not, completely that is. > > I implemented some user checking. But we have many mailservers > running. Lotus Domino, Microsoft Exchange, Zarafa and simply > postfix/dovecot. > It's a pain gathering from that many servers. > It's on my todo list though. > I'll prioritize it up. > > The main problem however, might be that the server only has > 1GB of ram, for some reason or other. > The other spamfilters have better hardware, but this is used > as our primary, until i set up replication of rules and such. > And add more filters. > > Tuning has been done on all servers. > > > > > With regards, > > ______________________________________________________________ > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > > > Kasper > > > > > > I presume you do things like drop unknown users at the MTA? > > This can reduce the load by well over 50%. Also have a look > > in the wiki about performance tuning MailScanner - local > > caching nameserver, using only a few RBL's etc etc. > > > > > > -- > > Martin > > > > 2009/5/15 Kasper Sacharias Eenberg > > > > Thanks for the help. > > > > But i'm afraid this server is already way > > overloaded, and that this might kill it. > > Are there any alternatives to this? Any rules i can > > write? > > > > Adding "To: @eurocargoservices.dk > > delete" does not work, as you say. > > > > > > With regards, > > > > > > ____________________________________________________ > > > > > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth > > wrote: > > > > > > > > > > > Best way to avoid this situation is split the > > > email up into individual recipients and then the > > > rules on forwarding will work fine. The problem is > > > if the 'to' contains multiple recipients and gives > > > conflicting actions eg deliver and not-deliver > > > which one should it obey???? MailScanner can't get > > > which one is correct so uses the Envelope-To: as > > > the overriding value. > > > > > > > > > How to split the emails up is dependant on the MTA > > > you use but sendmail, Exim and Postfix are covered > > > in the wiki > > > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > > > > > -- > > > Martin Hepworth > > > Oxford, UK > > > > > > 2009/5/13 Kasper Sacharias Eenberg > > > > > > > > > So, i embarassed myself to my company > > > yesterday. > > > > > > I managed to write a highscore rule that > > > passed on all spam mails, that it should > > > be dropping. > > > But nevermind that. > > > > > > > > > My problem is, i have two domains. > > > eurocargoservices.de > > > eurocargoservices.dk > > > > > > The .de company wants to receive all spam > > > mails. They receive alot of mails from > > > China and russia, which normally get > > > tagged as spam (Since i took over the > > > filter it now work quite well though, > > > ignoring them). > > > > > > > > > However, som spam mails are sent with both > > > the .de and .dk domain in the 'to' header. > > > And when the .de domain is in the > > > recipient, the rule that delivers mail > > > to .de takes action, and the spam is > > > delivered to the .dk. > > > > > > It seems "Use Default Rules With Multiple > > > Recipients = yes" does not work. > > > > > > These are the rules: > > > To: @eurocargoservices.de > > > deliver > > > FromOrTo: default forward > > > isspam@localhost > > > > > > > > > Live long and prosper, > > > > > > __________________________________________ > > > > > > > > > > > > > > > > > > Kasper Eenberg > > > > > > HOVMARK DATA > > > Ravnevej 13 > > > dk-6705 Esbjerg ? > > > tlf: +45 76 12 59 04 > > > mobil: +45 40 70 69 63 > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the > > > book off the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > -- > > Martin Hepworth > > Oxford, UK > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/f84c4c9e/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 15 10:12:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:13:09 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0D3210.1050800@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:19, Mark Sapiro wrote: > Julian Field wrote: > >> On 11/05/2009 23:32, Mark Sapiro wrote: >> >>> Mark Sapiro wrote: >>> >>> [...] >>> >>> >>>> Now I see the above analysis is probably wrong. I just received another >>>> unscanned message. Headers are attached as scanned2.txt and >>>> unscanned2.txt. Here again, I was able to get the message to be >>>> scanned by removing a Received: header, but the header I removed >>>> doesn't have any 'special' IP address in it. >>>> >>>> >>> Further information. I replaced Postfix.pm with the one from 4.76.24 >>> and the problem is gone. >>> >>> >> Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have >> just released. >> > > The fix in 4.77.4 goes too far. With that fix, my scan messages rules > like > > # localhost > From: 127.0.0.1 no > # sbh16.songbird.com > From: 72.52.113.16 no > > are not effective, and all messages are scanned. > > Note I have > > Read IP Address From Received Header = no > > in MailScanner.conf > I've re-written the relevant chunk of code to make it a whole lot simpler. Please try the attached (unzipped) in /usr/lib/MailScanner/MailScanner. Don't forget to restart MailScanner after inserting the file! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.zip Type: application/x-zip-compressed Size: 18680 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/a059173f/Postfix.pm.bin From MailScanner at ecs.soton.ac.uk Fri May 15 10:14:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:14:47 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D3274.2050705@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:41, Mark Sapiro wrote: > Mark Sapiro wrote: > > >> I have been experimenting with the "Add Text Of Doc" feature. The issue >> I have come across is the output of antiword is in my case UTF-8 >> encoded (in the absense of a specific mapping provided to antiword, >> it's locale dependent), but the plain text attachment added by >> MailScanner doesn't specify a charset in its Content-Type. >> >> It would be nice if you could grok That word doesn't appear in my Oxford dictionary... >> the encoding from the system locale >> and specify it, or barring that, provide a config option to set it. >> Any idea how to get it from the Locale? Otherwise I'll just have to let you set it. > > Please note, in case it wasn't clear, the current behavior is a real > problem. UTF-8 encoded data are being sent in a text/plain part with > implicit charset us-ascii resulting in data being displayed in MUAs > like the following: > > Lani Waller Presents > “A Steelheader’s Way” > > “A Steelheader’s Way” is a presentation on the principles, > tactics, > techniques and philosophy of trophy steelhead fishing based on Lani’s > new > book of the same title. This personal look will include the “common > elements of the endeavor” ... > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 10:15:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:15:32 2009 Subject: More than one Custom Function In-Reply-To: <4A0C54A7.8060609@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> <4A0D32A2.8060205@ecs.soton.ac.uk> Message-ID: On 14/05/2009 18:28, Paul wrote: > Julian Field wrote: >>>> On 13/05/2009 12:32, Paul Houselander wrote: >>>>> Hi >>>>> >>>>> I have a mailscanner set up that uses the Always Looked Up Last >>>>> directive to call a custom function I wrote that logs to a postgres >>>>> database. >>>>> I want to try to get it to now to ALSO log to a mysql database using >>>>> mailwatch. >>>>> Is it possible to run 2 CustomFunctions from the same directive? >>>>> >>>> Why not just write a Custom Function that calls both bits of code? >>>> Just pass all the parameters to both functions, simple as that. >>>> >>>> Jules >>>> >>> Hi Jules >>> >>> I did think about doing that, it was just I recalled someone writing a >>> wrapper that allowed you to call 2 custom functions? I may well have >>> drembt it as cant find anything via the wiki or searching through the >>> archives! >> >> I do this with a function called wrapper (not real unique) >> >> In MailScanner.conf >> >> # If you want to use it, read CustomConfig.pm. >> Always Looked Up Last = &Wrapper >> >> >> In CustomConfig.pm >> >> sub InitWrapper { >> InitExtendedLogger(); >> InitMailWatchLogging(); >> } >> >> sub Wrapper { >> my($msg) = @_; >> ExtendedLogger($msg); >> MailWatchLogging($msg); >> } >> >> sub EndWrapper { >> EndExtendedLogger(); >> EndMailWatchLogging(); >> } >> >> The sub Wrapper calls the functions, the InitWrapper calls the other >> Init >> functions and EndWrapper calls the other End functions >> >> Rick > Thanks Rick thats works like a treat - logging to both mysql and > postgres! > > I just realised another issue I have, the postgres set up has to use > > Quarantine Whole Messages As Queue Files = yes > > as when it releases a message it just copies the qf and df file to the > mqueue. > > Mailwatch requires > > Quarantine Whole Messages As Queue Files = no > > without changing to much code does anyone know how I can run with > both? i.e. quarantine files as both qf df and also as one file? You have the source... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 10:25:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:25:24 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:41, Mark Sapiro wrote: > Mark Sapiro wrote: > > >> I have been experimenting with the "Add Text Of Doc" feature. The issue >> I have come across is the output of antiword is in my case UTF-8 >> encoded (in the absense of a specific mapping provided to antiword, >> it's locale dependent), but the plain text attachment added by >> MailScanner doesn't specify a charset in its Content-Type. >> I currently set it to a text/plain with 8bit encoding. What options do you want me to provide that would solve your problem? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Fri May 15 10:52:58 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Fri May 15 11:17:29 2009 Subject: Delete with MailScanner based on header In-Reply-To: References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> <4A0BE1F7.3070303@hostalia.com> <4A0BE58D.6050801@ecs.soton.ac.uk> Message-ID: <4A0D3B7A.10907@hostalia.com> Ops, that's true Julian. The header is added only if I run spamassassin from console, not when is executed by MailScanner. Sorry for that, I'll think in other solution. Julian Field escribi?: > MailScanner doesn't allow SpamAssassin to modify the message, that would > destroy the entire MIME structure and everything. It should be returning > a rule hit for their plugin, not just adding a header. > > On 14/05/2009 10:18, Alvaro Mar?n wrote: >> Hi Jules, >> >> I'm using Cloudmark's plugin for SA. In SA, I configure: >> >> ifplugin Mail::SpamAssassin::Plugin::CMAE >> full CMAE_1 eval:check_msg() >> describe CMAE_1 Cloudmark CMAE detected spam >> score CMAE_1 5 >> add_header all CMAE-Analysis _CMAETAG_ >> endif >> >> that has a score of 5 if the message is cataloged like spam and adds a >> header like this: >> >> X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 >> p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 >> >> The problem is that if the plugin detects a virus in the message, this >> header changes to: >> >> X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 >> p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 >> xcat=Virus/CMU_7796_20090511 >> >> adding that "xcat" field. >> >> I want to delete messages with "xcat=Virus" and other messages, mark >> them with {Spam?}. >> If I could see in a MailScanner plugin this header that SA returns, I >> would be able to mark it to delete in case that has "xcat=Virus". Is it >> possible? >> >> Thanks! >> >> >> Julian Field escribi?: >> >>> >>> On 13/05/2009 12:53, Alvaro Mar?n wrote: >>> >>>> Hello, >>>> >>>> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >>>> header >>>> with add_header. In that header there is information about the scanned >>>> mail (if it's spam >>>> or a virus). >>>> >>>> I see that isn't any option in MailScanner's configuration to do an >>>> action based on a header added by SA, something like "SpamAssassin Rule >>>> Actions", so I've thought to do a custom function for MailScanner to >>>> do it. >>>> The idea is see if this header has "virus" as value, and if this >>>> occurs, >>>> delete the message. Is this possible? >>>> Where are SA's headers stored (I see that $message->{headers} are >>>> original ones only)? >>>> >>>> >>> MailScanner does not allow SpamAssassin to modify the message. However, >>> you can have a SA rule and then have a "header" action in the >>> SpamAssassin Rule Actions setup. >>> >>> SpamAssassin is the wrong tool for determining if a message is a virus. >>> Maybe you want to use the "generic" virus scanner that MailScanner >>> allows you to implement yourself? >>> >>> Jules >>> >>> >> >> > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From jonas at vrt.dk Fri May 15 11:54:29 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri May 15 11:54:44 2009 Subject: spamaction highscore rules. In-Reply-To: <1242376298.15720.23.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> Message-ID: <006101c9d54b$85c08520$91418f60$@dk> Hi Kasper It really isn?t hard at all to do user checking. Instead of collecting the list of valid users via ldap or some sort of export or other tedious methods. You can simply do callout from your mta. Meaning your relay server (mailscanner) checks with the receiving smtp server if it wants to accept the mail address. Of course this requires that your customers mail servers reject unknown users, but unless they use wildcard mail addresses this is no problem at all. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kasper Sacharias Eenberg Sent: 15. maj 2009 10:32 To: MailScanner discussion Subject: Re: spamaction highscore rules. Unfortunately, we do not, completely that is. I implemented some user checking. But we have many mailservers running. Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. It's a pain gathering from that many servers. It's on my todo list though. I'll prioritize it up. The main problem however, might be that the server only has 1GB of ram, for some reason or other. The other spamfilters have better hardware, but this is used as our primary, until i set up replication of rules and such. And add more filters. Tuning has been done on all servers. With regards, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: Kasper I presume you do things like drop unknown users at the MTA? This can reduce the load by well over 50%. Also have a look in the wiki about performance tuning MailScanner - local caching nameserver, using only a few RBL's etc etc. -- Martin 2009/5/15 Kasper Sacharias Eenberg Thanks for the help. But i'm afraid this server is already way overloaded, and that this might kill it. Are there any alternatives to this? Any rules i can write? Adding "To: @eurocargoservices.dk delete" does not work, as you say. With regards, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: Best way to avoid this situation is split the email up into individual recipients and then the rules on forwarding will work fine. The problem is if the 'to' contains multiple recipients and gives conflicting actions eg deliver and not-deliver which one should it obey???? MailScanner can't get which one is correct so uses the Envelope-To: as the overriding value. How to split the emails up is dependant on the MTA you use but sendmail, Exim and Postfix are covered in the wiki (http://wiki.mailscanner.info/doku.php?id= &idx=documentation:configuration:mta) -- Martin Hepworth Oxford, UK 2009/5/13 Kasper Sacharias Eenberg So, i embarassed myself to my company yesterday. I managed to write a highscore rule that passed on all spam mails, that it should be dropping. But nevermind that. My problem is, i have two domains. eurocargoservices.de eurocargoservices.dk The .de company wants to receive all spam mails. They receive alot of mails from China and russia, which normally get tagged as spam (Since i took over the filter it now work quite well though, ignoring them). However, som spam mails are sent with both the .de and .dk domain in the 'to' header. And when the .de domain is in the recipient, the rule that delivers mail to .de takes action, and the spam is delivered to the .dk. It seems "Use Default Rules With Multiple Recipients = yes" does not work. These are the rules: To: @eurocargoservices.de deliver FromOrTo: default forward isspam@localhost Live long and prosper, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/527adb99/attachment-0001.html From ajcartmell at fonant.com Fri May 15 12:03:04 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 12:03:11 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: > I currently set it to a text/plain with 8bit encoding. What options do > you want me to provide that would solve your problem? Add Text Of Doc Charset = if set to something like "utf-8", would result in the attachment having: Content-type: text/plain; charset="utf-8" That would work for me, anyway, and would allow people to set it up to work for whatever character set they want the text to be in. The alternative would be to always use UTF-8 and call antiword with " -m UTF-8.txt" so that it outputs UTF-8 characters. Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Fri May 15 12:07:54 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 12:08:01 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D3274.2050705@ecs.soton.ac.uk> Message-ID: > Any idea how to get it from the Locale? Otherwise I'll just have to let > you set it. From the docs: Antiword uses the environment variables ''LC_ALL'', ''LC_CTYPE'' and ''LANG'' (in that order) to get the current locale and uses this information to select the default mapping file. My value for LANG is en_US.UTF-8, so Antiword must parse that to extract the UTF-8 bit to choose UTF-8.txt as its mapping file. So probably easier to let the user set it? I'm not using this yet, but will be shortly. I have silly local councils sending replies to emails, that I want to read by machine, as Word RTF format attachments... :( Cheers! Anthony -- www.fonant.com - Quality web sites From MailScanner at ecs.soton.ac.uk Fri May 15 12:13:11 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 12:13:30 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D4E47.8000200@ecs.soton.ac.uk> Message-ID: On 15/05/2009 12:03, Anthony Cartmell wrote: >> I currently set it to a text/plain with 8bit encoding. What options >> do you want me to provide that would solve your problem? > The alternative would be to always use UTF-8 and call antiword with " > -m UTF-8.txt" so that it outputs UTF-8 characters. How about I do that instead? It would save yet another configuration option that no-one (except you) would understand or use. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 12:28:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 12:28:56 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> Message-ID: On 15/05/2009 12:03, Anthony Cartmell wrote: >> I currently set it to a text/plain with 8bit encoding. What options >> do you want me to provide that would solve your problem? > > Add Text Of Doc Charset = > > if set to something like "utf-8", would result in the attachment having: > > Content-type: text/plain; charset="utf-8" > > That would work for me, anyway, and would allow people to set it up to > work for whatever character set they want the text to be in. > > The alternative would be to always use UTF-8 and call antiword with " > -m UTF-8.txt" so that it outputs UTF-8 characters. You can make it always generate utf-8 by editing Antiword.pm and changing the text around line 200 to say this: $parententity->attach( Type => "text/plain", Charset => "utf-8", Encoding => "8bit", Disposition => "attachment", Filename => $attachfile, Path => "$dir/$unpackfile"); (note the "Charset" setting). Then just edit the setting in MailScanner.conf to say Antiword = /usr/bin/antiword -f -m UTF-8.txt and that's all you need to do. If you find this works okay, that's what will go in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Fri May 15 12:38:30 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Fri May 15 12:38:39 2009 Subject: Mail delay at MailScanner In-Reply-To: <200905150748.19458.eli@orbsky.homelinux.org> References: <200905150748.19458.eli@orbsky.homelinux.org> Message-ID: Hi Eli, Yes I am using grey listing. But i am not sure that is causing this because smtp check are happening fast and sending it to hold (which is mailscanner queue) and Maiscanner is taking time to process the message. Thanks in Advance. Shyam On Fri, May 15, 2009 at 10:18 AM, Eli Wapniarski wrote: > >From the looks of things it looks like greylisting has been implemented on > the receiving end. Which is a good thing and highly recommended. You should > check this. If this indeed is the case and mail coming from your server is > of a top priority for the receiving end then without a doubt an exception > can be configured at the other end. > > Eli > > On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > > Hi All, > > > > I am using MailScanner with postfix and mail flow is normal till these > days > > and now i am finding the mail delay's regularly , > > > > When i went through the log and found mails are going in hold after that > a > > long delay and reque of the mail is happening and mail will sent > > successfully. > > here is the log > > > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > > sasl_method=LOGIN, sasl_username=username@domain.com > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > > B5AD361300F7??for ; Tue, 2 from > unknown[192.168.1.1]; > > from= to= proto=ESMTP helo= > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > 6E0A36130112 > > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 > to > > SQL > > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > > MailWatch SQL > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > 6E0A36130112 > > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > > user@domain.com>, size=495880, nrcpt=1 (queue active) > > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=< > user@domain.com>, > > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 > qp > > 3538) > > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/9b8e5bf4/attachment.html From housey at sme-ecom.co.uk Fri May 15 14:39:27 2009 From: housey at sme-ecom.co.uk (Paul) Date: Fri May 15 14:40:13 2009 Subject: More than one Custom Function In-Reply-To: <4A0C54A7.8060609@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> Message-ID: <4A0D708F.3070000@sme-ecom.co.uk> > Thanks Rick thats works like a treat - logging to both mysql and > postgres! > > I just realised another issue I have, the postgres set up has to use > > Quarantine Whole Messages As Queue Files = yes > > as when it releases a message it just copies the qf and df file to the > mqueue. > > Mailwatch requires > > Quarantine Whole Messages As Queue Files = no > > without changing to much code does anyone know how I can run with > both? i.e. quarantine files as both qf df and also as one file? > > Cheers > > Paul > > Hi Julien I think you replied to this to say you have the source, i seem to have deleted your reply sorry! I use sendmail and I have altered the CopyEntireMessage subroutine in SMDiskStore.pm (bit I changed is noted by >>>>>) sub CopyEntireMessage { my $this = shift; my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; #my $hfile = $message->{headerspath}; #my $dfile = $this->{dpath}; #my $hpath = $this->{hpath}; # if (MailScanner::Config::Value('storeentireasdfqf')) { # Don't need cp or cat any more! Yay :-) #system($global::cp . " \"$hpath\" \"$dfile\" \"$targetdir\""); >>>>> my $target = new IO::File "$targetdir/$targetfile", "w"; >>>>> MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") >>>>> if not defined $target; >>>>> $this->WriteEntireMessage($message, $target); return $this->CopyToDir($targetdir, $targetfile, $uid, $gid, $changeowner); } else { #system($global::cat . " \"$hfile\" \"$dfile\" > \"$targetdir/$targetfile\""); my $target = new IO::File "$targetdir/$targetfile", "w"; MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") if not defined $target; $this->WriteEntireMessage($message, $target); return ($targetdir . '/' . $targetfile); } } All I did was copy the code minus the return from the else part of the routine. It seems to be working but I just wondered if you can think of anything else I may have broke by doing this? I only want to run it in tandom whilst I phase out the old system I have. Thanks Paul From ajcartmell at fonant.com Fri May 15 14:51:50 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 14:51:58 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> Message-ID: > You can make it always generate utf-8 by editing Antiword.pm and > changing the text around line 200 to say this: > $parententity->attach( Type => "text/plain", > Charset => "utf-8", > Encoding => "8bit", > Disposition => "attachment", > Filename => $attachfile, > Path => "$dir/$unpackfile"); > > (note the "Charset" setting). Then just edit the setting in > MailScanner.conf to say > Antiword = /usr/bin/antiword -f -m UTF-8.txt > > and that's all you need to do. If you find this works okay, that's what > will go in the next release. That would work, but the problem is that the "Charset" setting in $parententity->attach has to match the charset output from Antiword, set with the -m flag or defaulted from the LANG environment variables. If someone set Antiword = /usr/bin/antiword -f -m 8859-1.txt (or if they set Antiword = /usr/bin/antiword -f and had iso-8859-1 as their default character set) then the attachment headers would be specifying the wrong character set, resulting in corrupted text display. So if you hard-code the "utf-8" into the attachment headers in Antiword.pm, then you should probably also hard-code the "-m UTF-8.txt" into the calling of the antiword command. so line 120 in Antiword.pm would become: my $cmd = "$antiword -m UTF-8.txt '$dir/$docname' > '$dir/$unpackfile'"; to partner with line 200: Charset => "utf-8", Then the question is whether antiword always comes with UTF-8.txt, which I think it probably does. Choosing UTF-8 should be safe as it covers pretty-much any character, is the default for XML and modern Apache HTML, etc. HTH, Anthony -- www.fonant.com - Quality web sites From mikes at hartwellcorp.com Fri May 15 14:47:15 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 15:02:46 2009 Subject: "Can't set UID 8" errors Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> I'm having trouble with MailScanner halting its message processing periodically. When this happens and the hourly check to make sure it's still running takes place I get the following: /etc/cron.hourly/check_MailScanner: Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line 1479. Failed. This was happening with version 4.76.12-1 and also with version 4.76.25-1 after I upgraded to see if that would help (it has not). -- Michael St. Laurent IT Department Hartwell Corporation -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 15:08:36 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 15:08:58 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> <4A0D7764.1080008@ecs.soton.ac.uk> Message-ID: On 15/05/2009 14:51, Anthony Cartmell wrote: >> You can make it always generate utf-8 by editing Antiword.pm and >> changing the text around line 200 to say this: >> $parententity->attach( Type => "text/plain", >> Charset => "utf-8", >> Encoding => "8bit", >> Disposition => "attachment", >> Filename => $attachfile, >> Path => "$dir/$unpackfile"); >> >> (note the "Charset" setting). Then just edit the setting in >> MailScanner.conf to say >> Antiword = /usr/bin/antiword -f -m UTF-8.txt >> >> and that's all you need to do. If you find this works okay, that's >> what will go in the next release. > > That would work, but the problem is that the "Charset" setting in > $parententity->attach has to match the charset output from Antiword, > set with the -m flag or defaulted from the LANG environment variables. > > If someone set > > Antiword = /usr/bin/antiword -f -m 8859-1.txt > > (or if they set > Antiword = /usr/bin/antiword -f > and had iso-8859-1 as their default character set) > > then the attachment headers would be specifying the wrong character > set, resulting in corrupted text display. > > So if you hard-code the "utf-8" into the attachment headers in > Antiword.pm, then you should probably also hard-code the "-m > UTF-8.txt" into the calling of the antiword command. > > so line 120 in Antiword.pm would become: > > my $cmd = "$antiword -m UTF-8.txt '$dir/$docname' > '$dir/$unpackfile'"; > > to partner with line 200: > > Charset => "utf-8", > > Then the question is whether antiword always comes with UTF-8.txt, > which I think it probably does. Choosing UTF-8 should be safe as it > covers pretty-much any character, is the default for XML and modern > Apache HTML, etc. All done. It will be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 15:10:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 15:10:39 2009 Subject: More than one Custom Function In-Reply-To: <4A0D708F.3070000@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> <4A0D708F.3070000@sme-ecom.co.uk> <4A0D77CE.5090509@ecs.soton.ac.uk> Message-ID: On 15/05/2009 14:39, Paul wrote: > >> Thanks Rick thats works like a treat - logging to both mysql and >> postgres! >> >> I just realised another issue I have, the postgres set up has to use >> >> Quarantine Whole Messages As Queue Files = yes >> >> as when it releases a message it just copies the qf and df file to >> the mqueue. >> >> Mailwatch requires >> >> Quarantine Whole Messages As Queue Files = no >> >> without changing to much code does anyone know how I can run with >> both? i.e. quarantine files as both qf df and also as one file? >> >> Cheers >> >> Paul >> >> > > Hi Julien > > I think you replied to this to say you have the source, i seem to have > deleted your reply sorry! > > I use sendmail and I have altered the CopyEntireMessage subroutine in > SMDiskStore.pm (bit I changed is noted by >>>>>) > > sub CopyEntireMessage { > my $this = shift; > my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; > > #my $hfile = $message->{headerspath}; > #my $dfile = $this->{dpath}; > #my $hpath = $this->{hpath}; > # > if (MailScanner::Config::Value('storeentireasdfqf')) { > # Don't need cp or cat any more! Yay :-) > #system($global::cp . " \"$hpath\" \"$dfile\" \"$targetdir\""); > >>>>> my $target = new IO::File "$targetdir/$targetfile", "w"; > >>>>> MailScanner::Log::DieLog("writing to $targetdir/$targetfile: > $!") > >>>>> if not defined $target; > >>>>> $this->WriteEntireMessage($message, $target); > return $this->CopyToDir($targetdir, $targetfile, $uid, $gid, > $changeowner); > } else { > #system($global::cat . " \"$hfile\" \"$dfile\" > > \"$targetdir/$targetfile\""); > my $target = new IO::File "$targetdir/$targetfile", "w"; > MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") > if not defined $target; > $this->WriteEntireMessage($message, $target); > return ($targetdir . '/' . $targetfile); > } > } > > All I did was copy the code minus the return from the else part of the > routine. > > It seems to be working but I just wondered if you can think of > anything else I may have broke by doing this? I only want to run it in > tandom whilst I phase out the old system I have. I think that should work okay. They both rewind the file as needed anyway, so that shouldn't be a problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 15:20:53 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 15:21:03 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: <20090515142053.GA3848@msapiro> On Fri, May 15, 2009 at 10:25:04AM +0100, Julian Field wrote: > > > On 14/05/2009 17:41, Mark Sapiro wrote: > >Mark Sapiro wrote: > > > > > >>I have been experimenting with the "Add Text Of Doc" feature. The issue > >>I have come across is the output of antiword is in my case UTF-8 > >>encoded (in the absense of a specific mapping provided to antiword, > >>it's locale dependent), but the plain text attachment added by > >>MailScanner doesn't specify a charset in its Content-Type. > >> > I currently set it to a text/plain with 8bit encoding. What options do > you want me to provide that would solve your problem? I want the Content-Type: to include a charset= parameter. The output of antiword is in the charset of the system locale. Ideally you would use that as the value of the charset= parameter. Barring that, you could add a config setting Add Text Of Doc Charset = utf-8 Note that it would be fine with me if you just hard coded charset=utf-8, but that wouldn't work for everyone. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mikes at hartwellcorp.com Fri May 15 15:53:33 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 15:54:14 2009 Subject: "Can't set UID 8" errors References: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689C3@hcex.hartwellcorp.com> > I'm having trouble with MailScanner halting its message processing > periodically. When this happens and the hourly check to make sure it's > still running takes place I get the following: > > /etc/cron.hourly/check_MailScanner: > > Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line > 1479. > Failed. > > > This was happening with version 4.76.12-1 and also with version > 4.76.25-1 after I upgraded to see if that would help (it has not). I am also seeing entries such as the following in the /var/log/messages file: May 15 06:49:38 hcfw1 MailScanner: Process did not exit cleanly, returned 11 wit h signal 0 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 16:06:13 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 16:06:22 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0D3210.1050800@ecs.soton.ac.uk> Message-ID: <20090515150613.GB3848@msapiro> On Fri, May 15, 2009 at 10:12:48AM +0100, Julian Field wrote: > > > On 14/05/2009 17:19, Mark Sapiro wrote: > >Julian Field wrote: > > > >>On 11/05/2009 23:32, Mark Sapiro wrote: > >> > >>>Mark Sapiro wrote: > >>> > >>>[...] > >>> > >>> > >>>>Now I see the above analysis is probably wrong. I just received another > >>>>unscanned message. Headers are attached as scanned2.txt and > >>>>unscanned2.txt. Here again, I was able to get the message to be > >>>>scanned by removing a Received: header, but the header I removed > >>>>doesn't have any 'special' IP address in it. > >>>> > >>>> > >>>Further information. I replaced Postfix.pm with the one from 4.76.24 > >>>and the problem is gone. > >>> > >>> > >>Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have > >>just released. > >> > > > >The fix in 4.77.4 goes too far. With that fix, my scan messages rules > >like > > > ># localhost > >From: 127.0.0.1 no > ># sbh16.songbird.com > >From: 72.52.113.16 no > > > >are not effective, and all messages are scanned. > > > >Note I have > > > >Read IP Address From Received Header = no > > > >in MailScanner.conf > > > I've re-written the relevant chunk of code to make it a whole lot > simpler. Please try the attached (unzipped) in > /usr/lib/MailScanner/MailScanner. Don't forget to restart MailScanner > after inserting the file! I have installed the Postfix.pm from the attached zip and so far it seems to be working. I.e., I tested a few mails and they were all scanned or not as expected. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ajcartmell at fonant.com Fri May 15 16:48:46 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 16:48:53 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> <4A0D7764.1080008@ecs.soton.ac.uk> Message-ID: > All done. It will be in the next release. Luvverly, thanks! I like responsive developers :) Anthony -- www.fonant.com - Quality web sites From eli at orbsky.homelinux.org Fri May 15 17:59:20 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 15 17:59:42 2009 Subject: Mail delay at MailScanner In-Reply-To: References: <200905150748.19458.eli@orbsky.homelinux.org> Message-ID: <200905151959.20942.eli@orbsky.homelinux.org> Looking at MailScanner's configuration there is an option there Max Normal Queue Size The speed of your mail delivery. If you could check how many messages are sitting in your queue then maybe we can get to the bottom of it. If I understand the explanation correctly and the delay is not being caused by misconfigured greylisting then I would think you've got alot of ping ponging. This can be dealt with, but it would take some work. Eli On Friday 15 May 2009 14:38:30 shyam hirurkar wrote: > Hi Eli, > > Yes I am using grey listing. But i am not sure that is causing this because > smtp check are happening fast and sending it to hold (which is mailscanner > queue) and Maiscanner is taking time to process the message. > > Thanks in Advance. > Shyam > > On Fri, May 15, 2009 at 10:18 AM, Eli Wapniarski > wrote: > > > >From the looks of things it looks like greylisting has been implemented on > > the receiving end. Which is a good thing and highly recommended. You should > > check this. If this indeed is the case and mail coming from your server is > > of a top priority for the receiving end then without a doubt an exception > > can be configured at the other end. > > > > Eli > > > > On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > > > Hi All, > > > > > > I am using MailScanner with postfix and mail flow is normal till these > > days > > > and now i am finding the mail delay's regularly , > > > > > > When i went through the log and found mails are going in hold after that > > a > > > long delay and reque of the mail is happening and mail will sent > > > successfully. > > > here is the log > > > > > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > > > sasl_method=LOGIN, sasl_username=username@domain.com > > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > > > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > > > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > > > B5AD361300F7??for ; Tue, 2 from > > unknown[192.168.1.1]; > > > from= to= proto=ESMTP helo= > > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > > > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > > 6E0A36130112 > > > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 > > to > > > SQL > > > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > > > MailWatch SQL > > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > > 6E0A36130112 > > > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > > > user@domain.com>, size=495880, nrcpt=1 (queue active) > > > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=< > > user@domain.com>, > > > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > > > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 > > qp > > > 3538) > > > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikes at hartwellcorp.com Fri May 15 18:35:59 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 18:36:32 2009 Subject: "Can't set UID 8" errors References: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> <3BF93070B3D1B047BA7ABF612958950D057689C3@hcex.hartwellcorp.com> Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689F9@hcex.hartwellcorp.com> > > I'm having trouble with MailScanner halting its message processing > > periodically. When this happens and the hourly check to make sure > it's > > still running takes place I get the following: > > > > /etc/cron.hourly/check_MailScanner: > > > > Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line > > 1479. > > Failed. > > > > > > This was happening with version 4.76.12-1 and also with version > > 4.76.25-1 after I upgraded to see if that would help (it has not). > > I am also seeing entries such as the following in the /var/log/messages > file: > > May 15 06:49:38 hcfw1 MailScanner: Process did not exit cleanly, > returned 11 with signal 0 Am I looking at the same issue as the dead child process thread? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 19:52:23 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 19:52:35 2009 Subject: OT - Issue with "Add Text Of Doc" feature In-Reply-To: Message-ID: Julian Field wrote: > >On 14/05/2009 17:41, Mark Sapiro wrote: >> Mark Sapiro wrote: >> >>> It would be nice if you could grok >That word doesn't appear in my Oxford dictionary... >>> the encoding from the system locale >>> and specify it, or barring that, provide a config option to set it. It's a reference from Robert Heinlein's 1961 novel _Stranger in a Strange Land_. See for example which, interestingly, claims it is in the Oxford English Dictionary. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gdoris at rogers.com Fri May 15 20:41:00 2009 From: gdoris at rogers.com (Gerry Doris) Date: Fri May 15 20:40:49 2009 Subject: US Military Looking for Email Spam Solution Message-ID: <4A0DC54C.8050307@rogers.com> http://tech.slashdot.org/article.pl?sid=09/05/15/1633204&from=rss From jaearick at colby.edu Fri May 15 21:01:05 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 15 21:01:51 2009 Subject: US Military Looking for Email Spam Solution In-Reply-To: <4A0DC54C.8050307@rogers.com> References: <4A0DC54C.8050307@rogers.com> Message-ID: Gerry, To quote Lyndon Johnson... "Power? The only power I have is nuclear power, and I can't use that!" Sounds similar here... On Fri, 15 May 2009, Gerry Doris wrote: > Date: Fri, 15 May 2009 15:41:00 -0400 > From: Gerry Doris > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: US Military Looking for Email Spam Solution > > http://tech.slashdot.org/article.pl?sid=09/05/15/1633204&from=rss > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailscanner at barendse.to Sat May 16 11:46:57 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sat May 16 11:47:29 2009 Subject: Bug in install-Clam-0.95.1-SA-3.2.5 ? Message-ID: My SpamAssassin stopped working, when doing : spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf it just hangs after : [5501] dbg: dns: no ipv6 [5501] dbg: dns: is Net::DNS::Resolver available? yes [5501] dbg: dns: Net::DNS version: 0.65 So i tried updating the SA package. However when i run ./install.sh on a CentOS 4.7 box Mail-ClamAV-0.22 doesn't build, it uses the wrong path for a start. I untarred the tarball to /tmp/install-Clam-0.95.1-SA-3.2.5 which means that Mail-ClamAV is here : /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 but as per the output below it expects it to be /tmp/Mail-ClamAV-0.22 Simply copying the folder to /tmp didn't help. I'm running CentOS 4.7 with clamav 0.95.1 /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/tmp/Mail-ClamAV-0.22 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c ClamAV.xs:33: error: field `limits' has incomplete type ClamAV.xs: In function `clamav_perl__scanfd': ClamAV.xs:206: error: too many arguments to function `cl_scandesc' ClamAV.xs: In function `clamav_perl__scanfile': ClamAV.xs:247: error: too many arguments to function `cl_scanfile' ClamAV.xs: In function `clamav_perl_constant': ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) ClamAV.xs:298: error: (Each undeclared identifier is reported only once ClamAV.xs:298: error: for each function it appears in.) ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this function) ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this function) ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this function) ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this function) ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this function) ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this function) ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 175 BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 534. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 From MailScanner at ecs.soton.ac.uk Sat May 16 13:37:15 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 16 13:37:29 2009 Subject: OT - Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0EB37B.3020008@ecs.soton.ac.uk> Message-ID: On 15/05/2009 19:52, Mark Sapiro wrote: > Julian Field wrote: > >> On 14/05/2009 17:41, Mark Sapiro wrote: >> >>> Mark Sapiro wrote: >>> >>> >>>> It would be nice if you could grok >>>> >> That word doesn't appear in my Oxford dictionary... >> >>>> the encoding from the system locale >>>> and specify it, or barring that, provide a config option to set it. >>>> > > It's a reference from Robert Heinlein's 1961 novel _Stranger in a > Strange Land_. See for example > which, interestingly, claims it is in the Oxford English Dictionary. > You're absolutely right, it is in the Oxford English Dictionary, 11th Edition Revised. However, listed in the etymology of the word is "1960s: invented word". So I reserve the right not to use it :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sat May 16 19:07:24 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat May 16 19:07:39 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >I am using MailScanner with postfix and mail flow is normal till these days >and now i am finding the mail delay's regularly , > >When i went through the log and found mails are going in hold after that a >long delay and reque of the mail is happening and mail will sent >successfully. > here is the log > >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], >sasl_method=LOGIN, sasl_username=username@domain.com >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: >,username>@)??by smtp.domain.com (Postfix) with ESMTP id >B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; >from= to= proto=ESMTP helo= What are the MailScanner log entries between here and the Requeue at 15:16:48? >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: >message-id=<003f01c9c7c0$5786f380$0694da80$@com> >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to >6E0A36130112 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Sun May 17 09:13:59 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 09:14:19 2009 Subject: Mail-ClamAV-0.22 won't build Message-ID: My yesterdays' mail was more a Mail-ClamAV bug rather than install-clamav-spamassassin problem. When trying to compile the package : [root Mail-ClamAV-0.22]# perl Makefile.PL ; make ; make test ; make install i get this as output on the make command : Starting Build Compile Stage Starting "perl Makefile.PL" Stage Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c ClamAV.xs:33: error: field `limits' has incomplete type ClamAV.xs: In function `clamav_perl__scanfd': ClamAV.xs:206: error: too many arguments to function `cl_scandesc' ClamAV.xs: In function `clamav_perl__scanfile': ClamAV.xs:247: error: too many arguments to function `cl_scanfile' ClamAV.xs: In function `clamav_perl_constant': ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) ClamAV.xs:298: error: (Each undeclared identifier is reported only once ClamAV.xs:298: error: for each function it appears in.) ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this function) ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this function) ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this function) ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this function) ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this function) ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this function) ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 175 BEGIN failed--compilation aborted at /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 534. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 I checked if the patch included is the tarball was applied, so from /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 i tried : [root Mail-ClamAV-0.22]# patch -p0 < ../Mail-ClamAV-0.22.patch patching file ./t/Mail-ClamAV.t Reversed (or previously applied) patch detected! Assume -R? [n] so i just left things as they are. Google revealed that there are newer packages of Mail-ClamAV available however i guess there is a reason for including 0.22 in the mailscanner package rather than the latest version so i'm hesitating to go down that path. Any hints / pointers / tips on how to get Mail-ClamAV-0.22 to compile? Thanks! From MailScanner at ecs.soton.ac.uk Sun May 17 11:06:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 17 11:07:10 2009 Subject: Mail-ClamAV-0.22 won't build In-Reply-To: References: <4A0FE1B8.9010802@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just upgraded the ClamAV+SpamAssassin package to include Mail::ClamAV 0.29 for you. On 17/05/2009 09:13, Remco Barendse wrote: > My yesterdays' mail was more a Mail-ClamAV bug rather than > install-clamav-spamassassin problem. > > When trying to compile the package : > [root Mail-ClamAV-0.22]# perl Makefile.PL ; make ; make test ; make > install > > i get this as output on the make command : > Starting Build Compile Stage > Starting "perl Makefile.PL" Stage > Writing Makefile for Mail::ClamAV > Finished "perl Makefile.PL" Stage > > Starting "make" Stage > make[1]: Entering directory > `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' > > /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap > /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv > ClamAV.xsc ClamAV.c > gcc -c -I/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 > -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe > -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 > -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" > -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c > ClamAV.xs:33: error: field `limits' has incomplete type > ClamAV.xs: In function `clamav_perl__scanfd': > ClamAV.xs:206: error: too many arguments to function `cl_scandesc' > ClamAV.xs: In function `clamav_perl__scanfile': > ClamAV.xs:247: error: too many arguments to function `cl_scanfile' > ClamAV.xs: In function `clamav_perl_constant': > ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) > ClamAV.xs:298: error: (Each undeclared identifier is reported only once > ClamAV.xs:298: error: for each function it appears in.) > ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) > ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) > ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) > ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) > ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this > function) > ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) > ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this > function) > ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this > function) > ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) > ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) > ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) > ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this > function) > ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this > function) > ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) > ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this > function) > ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) > ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) > ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this > function) > make[1]: *** [ClamAV.o] Error 1 > make[1]: Leaving directory > `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' > > > A problem was encountered while attempting to compile and install your > Inline > C code. The command that failed was: > make > > The build directory was: > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV > > > To debug the problem, cd to the build directory, and inspect the > output files. > > at > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm > line 175 > BEGIN failed--compilation aborted at > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm > line 534. > Compilation failed in require. > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 25 > > > > I checked if the patch included is the tarball was applied, so from > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 > > i tried : > [root Mail-ClamAV-0.22]# patch -p0 < ../Mail-ClamAV-0.22.patch > patching file ./t/Mail-ClamAV.t > Reversed (or previously applied) patch detected! Assume -R? [n] > > so i just left things as they are. > > Google revealed that there are newer packages of Mail-ClamAV available > however i guess there is a reason for including 0.22 in the > mailscanner package rather than the latest version so i'm hesitating > to go down that path. > > Any hints / pointers / tips on how to get Mail-ClamAV-0.22 to compile? > > Thanks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKD+G5EfZZRxQVtlQRAtkhAJwMDk+S0qrp2ao644jh9Ev4oh49pQCfX3Jl urY5/CqttMh1lMOWOo8Uw9w= =9Lbi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Sun May 17 12:20:41 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 12:21:00 2009 Subject: Mail-ClamAV-0.22 won't build In-Reply-To: References: <4A0FE1B8.9010802@ecs.soton.ac.uk> Message-ID: Great, this one builds fine, thanks!! On Sun, 17 May 2009, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just upgraded the ClamAV+SpamAssassin package to include > Mail::ClamAV 0.29 for you. > From mailscanner at barendse.to Sun May 17 12:38:50 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 12:39:12 2009 Subject: SpamAssassin 3.2.5 problem? Message-ID: Hi list! I am trying to verify my installation of SpamAssassin because i still get lots of spam. As i understood the way to test old versions of SA is this: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf which runs fine and doesn't generate any errors. However when i try : spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf [8595] dbg: logger: adding facilities: all [8595] dbg: logger: logging level is DBG [8595] dbg: generic: SpamAssassin version 3.2.5 [8595] dbg: config: score set 0 chosen. [8595] dbg: util: running in taint mode? yes [8595] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [8595] dbg: util: PATH included '/usr/kerberos/sbin', keeping [8595] dbg: util: PATH included '/usr/kerberos/bin', keeping [8595] dbg: util: PATH included '/usr/local/sbin', keeping [8595] dbg: util: PATH included '/usr/local/bin', keeping [8595] dbg: util: PATH included '/sbin', keeping [8595] dbg: util: PATH included '/bin', keeping [8595] dbg: util: PATH included '/usr/sbin', keeping [8595] dbg: util: PATH included '/usr/bin', keeping [8595] dbg: util: PATH included '/usr/X11R6/bin', keeping [8595] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [8595] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [8595] dbg: dns: no ipv6 [8595] dbg: dns: is Net::DNS::Resolver available? yes [8595] dbg: dns: Net::DNS version: 0.65 and here it seems to hang endlessly, whereas --lint continues there with : [8614] dbg: dns: Net::DNS version: 0.65 [8614] dbg: diag: perl platform: 5.008008 linux [8614] dbg: diag: module installed: Digest::SHA1, version 2.11 I have no idea where to look for the problem if even debug mode hangs From steve.freegard at fsl.com Sun May 17 14:24:15 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun May 17 14:24:26 2009 Subject: SpamAssassin 3.2.5 problem? In-Reply-To: References: Message-ID: <4A100FFF.6090407@fsl.com> Remco Barendse wrote: > Hi list! > > I am trying to verify my installation of SpamAssassin because i still > get lots of spam. > > As i understood the way to test old versions of SA is this: > spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf > which runs fine and doesn't generate any errors. > > However when i try : > spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf > [8595] dbg: logger: adding facilities: all > [8595] dbg: logger: logging level is DBG > [8595] dbg: generic: SpamAssassin version 3.2.5 > [8595] dbg: config: score set 0 chosen. > [8595] dbg: util: running in taint mode? yes > [8595] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [8595] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [8595] dbg: util: PATH included '/usr/kerberos/bin', keeping > [8595] dbg: util: PATH included '/usr/local/sbin', keeping > [8595] dbg: util: PATH included '/usr/local/bin', keeping > [8595] dbg: util: PATH included '/sbin', keeping > [8595] dbg: util: PATH included '/bin', keeping > [8595] dbg: util: PATH included '/usr/sbin', keeping > [8595] dbg: util: PATH included '/usr/bin', keeping > [8595] dbg: util: PATH included '/usr/X11R6/bin', keeping > [8595] dbg: util: PATH included '/root/bin', which doesn't exist, dropping > [8595] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > [8595] dbg: dns: no ipv6 > [8595] dbg: dns: is Net::DNS::Resolver available? yes > [8595] dbg: dns: Net::DNS version: 0.65 > > and here it seems to hang endlessly, whereas --lint continues there with : That's user error - it hangs because it's waiting for the message on STDIN: spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf < /path/to/test/message or /dev/null Regards, Steve. From ljosnet at gmail.com Sun May 17 16:17:20 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Sun May 17 16:17:29 2009 Subject: Blocking by character set In-Reply-To: <4A08793C.3070707@rma.edu> References: <4A087554.4090806@tmcaz.com> <4A08774A.7050507@USherbrooke.ca> <4A08793C.3070707@rma.edu> Message-ID: <910ee2ac0905170817m18906a41qfa9aa22beeced364@mail.gmail.com> If you use sendmail: LOCAL_CONFIG dnl # dnl regex map for character sets (not case-sensitive) KCharsetKorean regex -a@MATCH charset=.*(euc-kr|korean|ks.*c|koi8|iso-2022-kr|KS_C_5601-1987) KCharsetChinese regex -a@MATCH charset=.*(big5|Chinese|cn|gb|koi8|iso-2022-jp|EUC-TW) dnl # LOCAL_RULESETS dnl # ################################################################## # Local ruleset - Check Content-Type: # ################################################################## dnl Reject based on Content-Type header HContent-Type: $>CheckContentType D{NoKoreanMsg}Korean not spoken here. D{NoChineseMsg}Chinese not spoken here. SCheckContentType R$* $: $(CharsetKorean $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoKoreanMsg} R$* $: $(CharsetChinese $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoChineseMsg} On Mon, May 11, 2009 at 7:15 PM, Brendan Pirie wrote: > Denis Beauchemin wrote: >> >> Paul Lemmons a ?crit : >>> >>> Is there any way to recognize a particular character set in a message and >>> block based on it. We are a non-international company and 100% of the email >>> containing non-English characters is spam. I would like to use that to my >>> advantage and simply block mail containing (to us) foreign character sets. >> >> Paul, >> >> Maybe this SA option could do the trick (from man >> Mail::SpamAssassin::Conf): >> ok_locales xx [ yy zz ... ] (default: all) >> ? This option is used to specify which locales are considered OK for >> incoming mail. Mail using the character sets that are allowed by this option >> will not be marked as possibly being spam in a foreign language. >> >> ? If you receive lots of spam in foreign languages, and never get any >> non-spam in these languages, this may help. Note that all ISO-8859-* >> character sets, and Windows code page character sets, are always permitted >> by default. >> >> ? Set this to all to allow all character sets. This is the default. >> >> ? The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and >> CHARSET_FARAWAY_HEADERS are triggered based on how this is set. >> >> ? Examples: >> >> ? ? ok_locales all ? ? ? ? (allow all locales) >> ? ? ok_locales en ? ? ? ? ?(only allow English) >> ? ? ok_locales en ja zh ? ?(allow English, Japanese, and Chinese) >> >> ? Note: if there are multiple ok_locales lines, only the last one is used. >> >> ? Select the locales to allow from the list below: >> >> en - Western character sets in general >> ja - Japanese character sets >> ko - Korean character sets >> ru - Cyrillic character sets >> th - Thai character sets >> zh - Chinese (both simplified and traditional) character sets >> >> normalize_charset ( 0 | 1) (default: 0) >> ? Whether to detect character sets and normalize message content to >> Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 or >> later, and Perl 5.8.5 or later. >> >> Denis >> > > Another possible option is the TextCat plugin included with spamassassin. > > Brendan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at barendse.to Sun May 17 20:25:37 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 20:25:54 2009 Subject: Using archive rule for spam gathering? Message-ID: On my quest to fight spam i would like to feed sa-learn with more guaranteed positives. I have some mail servers that relay e-mail for a domain for which those servers never locally receive mail. Under that domain however there are several addresses that are not active anymore for some years but still do get lots and lots o spam. Is using an archive rule a good idea to 'snatch' these mails from the flow and send them to my local spam box? I would use a rule like this : Fromorto: gimmesome@vaag.nu spam@barendse.to I would prefer delivering it to the spam box immediately (similar like using a .forward rule but this obviously doesn't work when mail is not delivered locally. Will using the archive rule create an endless loop resulting in storm of more and more e-mails or is there another (better) way? Is there anything other i need to consider? Should i white or blacklist something? Thanks! From shyamph at gmail.com Mon May 18 08:40:45 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Mon May 18 08:40:54 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: Hi , Between the actual time and and the re-queue time there are lot mails delivered, Sorry I can not take the log as it is huge or give me some time i will paste. mailq was 60. Thanks in advance Shyam On Sat, May 16, 2009 at 11:37 PM, Mark Sapiro wrote: > shyam hirurkar wrote: > > > >I am using MailScanner with postfix and mail flow is normal till these > days > >and now i am finding the mail delay's regularly , > > > >When i went through the log and found mails are going in hold after that a > >long delay and reque of the mail is happening and mail will sent > >successfully. > > here is the log > > > >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > >sasl_method=LOGIN, sasl_username=username@domain.com > >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > >,username>@)??by smtp.domain.com (Postfix) with ESMTP id > >B5AD361300F7??for ; Tue, 2 from > unknown[192.168.1.1]; > >from= to= proto=ESMTP helo= > > > What are the MailScanner log entries between here and the Requeue at > 15:16:48? > > > >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > >message-id=<003f01c9c7c0$5786f380$0694da80$@com> > >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > >6E0A36130112 > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/717bdcc9/attachment.html From nelsonduvall at gmail.com Mon May 18 10:28:04 2009 From: nelsonduvall at gmail.com (Nelson Vale) Date: Mon May 18 10:28:13 2009 Subject: Warning Is Attachment Message-ID: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> Hi all, I've got MailScanner 4.58.9 running on my system and I'am having some trouble with the "Warning Is Attachment" option, because no matter the value in it I always receive warnings as attachments. Is there anything I can do to fix this? Tanks in advance for any help Nelson Vale My configuration is as follows: %org-name% = MailScanner %org-long-name% = MailScanner %web-site% = www.mailscanner.info %etc-dir% = /usr/lib/mailscanner/etc %report-dir% = /usr/lib/mailscanner/etc/reports/en %rules-dir% = /usr/lib/mailscanner/etc/rules %mcp-dir% = /usr/lib/mailscanner/etc/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 10 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = no Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 5 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/lib/sav Sophos Lib Dir = /usr/lib Monitors For Sophos Updates = /usr/lib/sav/*ides.zip ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = no ###########Log IFrame Tags = no Allow Form Tags = no Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = no Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = us-ascii Archive Mail = Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\ nwww.mailscanner.info Notices From = MailScanner Notices To = nelsonduvall@gmail.com Local Postmaster = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = A0 A1 A2 A3 A4 Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 5 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = no Max SpamAssassin Size = 40k Required SpamAssassin Score = 5 High SpamAssassin Score = 20 SpamAssassin Auto Whitelist = yes #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Always Include SpamAssassin Report = no SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = # /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/mailscanner/lib/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/c553b3a7/attachment.html From J.Ede at birchenallhowden.co.uk Mon May 18 10:53:38 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon May 18 10:54:10 2009 Subject: Warning Is Attachment In-Reply-To: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> References: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> Message-ID: <1213490F1F316842A544A850422BFA96500989E0@BHLSBS.bhl.local> Hi, 4.58 is ancient (Feb 2007?). I suspect the general response will be to upgrade to the lastest version. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nelson Vale Sent: 18 May 2009 10:28 To: mailscanner@lists.mailscanner.info Subject: Warning Is Attachment Hi all, I've got MailScanner 4.58.9 running on my system and I'am having some trouble with the "Warning Is Attachment" option, because no matter the value in it I always receive warnings as attachments. Is there anything I can do to fix this? Tanks in advance for any help Nelson Vale My configuration is as follows: %org-name% = MailScanner %org-long-name% = MailScanner %web-site% = www.mailscanner.info %etc-dir% = /usr/lib/mailscanner/etc %report-dir% = /usr/lib/mailscanner/etc/reports/en %rules-dir% = /usr/lib/mailscanner/etc/rules %mcp-dir% = /usr/lib/mailscanner/etc/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 10 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = no Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 5 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/lib/sav Sophos Lib Dir = /usr/lib Monitors For Sophos Updates = /usr/lib/sav/*ides.zip ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = no ###########Log IFrame Tags = no Allow Form Tags = no Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = no Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = us-ascii Archive Mail = Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = nelsonduvall@gmail.com Local Postmaster = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = A0 A1 A2 A3 A4 Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 5 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = no Max SpamAssassin Size = 40k Required SpamAssassin Score = 5 High SpamAssassin Score = 20 SpamAssassin Auto Whitelist = yes #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Always Include SpamAssassin Report = no SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = # /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/mailscanner/lib/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/87bbf556/attachment.html From mikael at syska.dk Mon May 18 11:40:39 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 11:41:02 2009 Subject: Some messages dont get scanned ... how to debug it? Message-ID: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Hi list, I have some problems with my MailScanner installation. OS: FreeBSD 7.0 MailScanner: MailScanner-4.75.11 SpamAssassin: SpamAssassin-3.2.5 Some mails dont get tagged as spam ... but if I run: spamassassin -t < email Most if not all messages get a score over 30 ... so its not all the time the messages dont get scanned. How did it start: Updated sa-rules official rules Installed FuzzyOcr witch is disabled now ... I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this would maybe solve the problem, but no luck ... So ... how do I start debugging it ... I'm lost here. Since its not all messages that dont get scanned. mvh From MailScanner at ecs.soton.ac.uk Mon May 18 11:54:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 18 11:55:20 2009 Subject: Warning Is Attachment In-Reply-To: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> References: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> <4A113E78.8020904@ecs.soton.ac.uk> Message-ID: This appears this way in Outlook due to faulty inline-file handling in Outlook. On 18/05/2009 10:28, Nelson Vale wrote: > Hi all, > > I've got MailScanner 4.58.9 running on my system and I'am having some > trouble with the "Warning Is Attachment" option, because no matter the > value in it I always receive warnings as attachments. > > Is there anything I can do to fix this? > > > Tanks in advance for any help > > > Nelson Vale > > > > My configuration is as follows: > > %org-name% = MailScanner > %org-long-name% = MailScanner > %web-site% = www.mailscanner.info > %etc-dir% = /usr/lib/mailscanner/etc > %report-dir% = /usr/lib/mailscanner/etc/reports/en > %rules-dir% = /usr/lib/mailscanner/etc/rules > %mcp-dir% = /usr/lib/mailscanner/etc/mcp > Max Children = 5 > Run As User = > Run As Group = > Queue Scan Interval = 10 > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = sendmail > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 800 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = no > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 5 > Find Archives By Content = yes > Virus Scanning = yes > Virus Scanners = clamav > Virus Scanner Timeout = 300 > Deliver Disinfected Files = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = yes > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/lib/sav > Sophos Lib Dir = /usr/lib > Monitors For Sophos Updates = /usr/lib/sav/*ides.zip > ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = no > ###########Log IFrame Tags = no > Allow Form Tags = no > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > Allow Object Codebase Tags = no > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.rules.conf > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = > %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > Stored Bad Content Message Report = > %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet > E-Mail Service Provider for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = yes > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Modify Subject = no # end > Scanned Subject Text = {Scanned} > Virus Modify Subject = yes > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = yes > High Scoring Spam Subject Text = {Spam?} > Warning Is Attachment = no > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = us-ascii > Archive Mail = > Send Notices = no > Notices Include Full Headers = no > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus > Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = nelsonduvall@gmail.com > Local Postmaster = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = A0 A1 A2 A3 A4 > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 5 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Max Spam Check Size = 150000 > Use SpamAssassin = no > Max SpamAssassin Size = 40k > Required SpamAssassin Score = 5 > High SpamAssassin Score = 20 > SpamAssassin Auto Whitelist = yes > #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > Always Include SpamAssassin Report = no > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = no > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = # /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Local State Dir = # /var/lib/spamassassin > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = start > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.58.9 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = no > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = > /usr/lib/mailscanner/lib/MailScanner/CustomFunctions > Lock Type = > Minimum Code Status = supported Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Mon May 18 12:08:00 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 18 12:08:19 2009 Subject: Virus slipped through this morning Message-ID: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> Hello, just wanted to check if anyone here had this one coming through today, it seems neither MailScanner og clamav catched it. Fortunately nod32 blocked it on my computer. http://pastebin.com/m5c3f87bd Inside this zip file is a .exe virus. :) From ms-list at alexb.ch Mon May 18 12:16:57 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon May 18 12:17:11 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <4A1143A9.30503@alexb.ch> On 5/18/2009 12:40 PM, Mikael Syska wrote: > Hi list, > > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 > > Some mails dont get tagged as spam ... but if I run: > spamassassin -t < email > > Most if not all messages get a score over 30 ... so its not all the > time the messages dont get scanned. > > How did it start: > Updated sa-rules official rules > Installed FuzzyOcr witch is disabled now ... > > I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this > would maybe solve the problem, but no luck ... > > So ... how do I start debugging it ... I'm lost here. Since its not > all messages that dont get scanned. Is there a pattern in the msg size? Alex From cobalt-users1 at fishnet.co.uk Mon May 18 12:22:43 2009 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Mon May 18 12:23:09 2009 Subject: OT: (Fwd) Evasion with OLE2 Fragmentation Message-ID: <4A115313.13953.1A33707E@cobalt-users1.fishnet.co.uk> Hi, I saw this on the Security Focus PenTest list and thought it may be relevant here. It describes a technique to evade Virus Scanners using MS Office Documents. Regards Ian -- ------- Forwarded message follows ------- Date sent: Fri, 15 May 2009 08:40:27 -0500 To: pen-test@securityfocus.com Subject: Evasion with OLE2 Fragmentation From: "H D Moore" Date forwarded: Fri, 15 May 2009 21:37:44 -0600 (MDT) Something to keep in mind when using Office doc exploits during penetration tests: - http://www.breakingpointsystems.com/community/blog/evasion-with-ole2-fragmentation (links active within in the article itself) -- At BreakingPoint, we provide comprehensive coverage of Microsoft Tuesday patches. This Tuesday was no different and we released StrikePacks 45799 and 45800 to cover MS09-017 (the PowerPoint vulnerabilities). In addition to writing exploits for these flaws, we also research application-specific evasion methods. In the case of file format flaws, we support evasion at every level, including techniques like IP fragmentation, alternate MIME encodings, HTTP compression, and data randomization within the files themselves. While working on Strike coverage for MS09-017, we discovered a simple way to bypass mainstream anti-virus and IPS signatures for malicious Office documents. This post talks about the method we used and some of our test results against popular anti-virus products. Microsoft Office documents have been abused by security researchers and malware writers for many years. In 1999, Melissa, one of the first email viruses, used Visual Basic macros to send itself to all addresses in the victim's address book. Since then, macro security has been greatly improved, and attackers have moved on to exploiting parsing flaws in the Office software itself. This month, Microsoft released patches to address 14 vulnerabilities in the PowerPoint document parsers. Unlike traditional network attacks, file format flaws are notoriously difficult for IPS vendors to identify accurately. To remedy this, the anti-virus industry has added file format exploit detection into both desktop and network gateway scanning products. Office documents are some of the most convoluted file formats in wide-spread use. The basic structure of these files is based on the Compound Document Format (OLE2 Structured Storage). This format is essentially a block-based filesystem with specific files and directories for each type and version of Office document. The actual "file" entries within these documents are also proprietary and change based on the version and features of the Office software used to create them. In order to detect a file format exploit, the parsing software needs to understand OLE2, locate the correct entry containing the document contents, and parse through that content to locate the specific structure that triggers the exploit. This process is CPU intensive and requires the parsing software to have a deep understanding of the version-specific Office document data inside of the OLE2 container. Creating software to do this correctly is expensive and time consuming, so the easy solution is to ignore the document format entirely and just scan for exploit-specific signatures. This is what most anti-virus and IPS products do today. Just like most block-based filesystems, the OLE2 format is susceptible to fragmentation. When the Office software wants to write data, it tries to consume any available free blocks before allocating new ones. The OLE2 format has two different block tables; one for small entries (normally set to be less than 4096 bytes), and another for larger contiguous segments. Although fragmentation can occur during normal editing of an Office document, it is rare for documents to be heavily fragmented. It turns out that there is an excellent OLE library for Ruby, written by a developer who goes by aquasync. This library makes it easy to create and modify Compound Document files. With a little bit of scripting, we were able to create a tool (available below) to force heavy fragmentation of Office documents. Out first test of this tool used a Melissa variant as the base document. Uploading the raw Melissa Word document to VirusTotal.com resulted in 39 out of 40 AV products recognizing the document as malicious. After running this file through the refragmenter script, the results were only 10 out of 40. This is horrible coverage for a file that had the exact same OLE2 contents as the original sample, albeit in a different block order. Any product able to parse OLE2 streams correctly should be able to identify this file just as accurately as the non-fragmented version. Once we modifed the script to use 64 byte writes instead of 512, we only see detection in 7 out of 40 products. Keep in mind that this malware was originally released in 1999! Melissa may not be the best choice for testing modern anti-virus capabilities. Instead, lets look at a live sample of the Microsoft Word exploit for CVE-2007-0515 (MS07-014). The original, unmodified version of this document is detected by 25 out of 40 anti-virus products. Using the refragmenter script with 64 byte writes, only 1 out of 40 products detected the file as malicious, and this detection was for a different vulnerability (MS06-060). IPS and IDS developers have a great excuse for poor Office document coverage - this type of analysis is difficult and processor intensive. However, this is precisely the area where anti-virus products are supposed to succeed. Its embarrassing that so many products fail to detect known threats that have the exact same byte stream, just reordered using a mechanism that occurs in real documents. In our testing, the only public tool that can accurately identify fragmented Office documents is Office Cat, written by Lurene Grenier of the Sourcefire VRT. This tool uses the Windows OLE API to parse each stream, regardless of fragmentation, and scans deep into the document format to detect individual exploits. All BreakingPoint Strikes that target Office document flaws have been updated to support the OLE::RefragmentData option, which performs an operation similar to the refragmenter Ruby script below. The refragmenter script can be downloaded from: http://www.breakingpointsystems.com/community/files/refragmenter.rb This script depends on the ruby-ole library, which can be found online at http://code.google.com/p/ruby-ole/ For more information about Office document flaws and exploitation methods, we recommend Bruce Dang's Black Hat USA 2008 presentation Methods for Understanding Targeted Attacks with Office Documents (http://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html). -HD ------- End of forwarded message ------- -------------- next part -------------- A non-text attachment was scrubbed... Name: WPM$33C5.PM$ Type: application/octet-stream Size: 7013 bytes Desc: Mail message body Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/ca92612d/WPM33C5.obj From maxsec at gmail.com Mon May 18 13:14:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon May 18 13:14:51 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> In the messages that aren't being trapped, are the X-MailScanner headers present? 2009/5/18 Mikael Syska > Hi list, > > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 > > Some mails dont get tagged as spam ... but if I run: > spamassassin -t < email > > Most if not all messages get a score over 30 ... so its not all the > time the messages dont get scanned. > > How did it start: > Updated sa-rules official rules > Installed FuzzyOcr witch is disabled now ... > > I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this > would maybe solve the problem, but no luck ... > > So ... how do I start debugging it ... I'm lost here. Since its not > all messages that dont get scanned. > > mvh > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/0c1e400d/attachment.html From campbell at cnpapers.com Mon May 18 19:30:59 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Mon May 18 19:31:18 2009 Subject: OT sendmail wildcard aliases Message-ID: <4A11A963.1010008@cnpapers.com> I've done a little research on my own, but am not understanding what all I've read. I've got a request to set up all email that goes to userXX@mydomain.com to go to user@mydomain.com. (The XX is a random number between 00-99. How would this be done and in which table should I place it if it's do-able? Thanks Steve Campbell From bpirie at rma.edu Mon May 18 20:16:39 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Mon May 18 20:16:58 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11A963.1010008@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> Message-ID: <4A11B417.7060908@rma.edu> Sounds like a job for virtusertable. Steve Campbell wrote: > I've done a little research on my own, but am not understanding what > all I've read. I've got a request to set up all email that goes to > userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > number between 00-99. > > How would this be done and in which table should I place it if it's > do-able? > > Thanks > > Steve Campbell > > > From campbell at cnpapers.com Mon May 18 20:19:33 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Mon May 18 20:19:47 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11A963.1010008@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> Message-ID: <4A11B4C5.9040507@cnpapers.com> Steve Campbell wrote: > I've done a little research on my own, but am not understanding what > all I've read. I've got a request to set up all email that goes to > userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > number between 00-99. > > How would this be done and in which table should I place it if it's > do-able? > > Thanks > > Steve Campbell To make this simpler for the group of people here, is there a way to do this in MailScanner (hadn't thought of that during the first post)? I don't want to whitelist them, so putting them in spam.whitelist .rules is not an optionl. Does MS have a generic place to put things like this for this situation? Creating the rulesets, etc for sendmail seems overkill, but might work better. Something maybe like To: user[0-9][0-9] /@mydomain.com user@mydomain.com Not sure that's the proper syntax, and I don't think it would cover user4 either, but where might I put this to still get just the redirection? Thanks. steve > > > From mikael at syska.dk Mon May 18 21:04:00 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 21:04:10 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <4A1143A9.30503@alexb.ch> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> Message-ID: <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Hi On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: > On 5/18/2009 12:40 PM, Mikael Syska wrote: >> >> Hi list, >> >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 >> >> Some mails dont get tagged as spam ... but if I run: >> spamassassin -t < email >> >> Most if not all messages get a score over 30 ... so its not all the >> time the messages dont get scanned. >> >> How did it start: >> Updated sa-rules official rules >> Installed FuzzyOcr witch is disabled now ... >> >> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >> would maybe solve the problem, but no luck ... >> >> So ... how do I start debugging it ... I'm lost here. Since its not >> all messages that dont get scanned. > > Is there a pattern in the msg size? There are not any patern in the size ... as most spam we get are below 10 kbyte ... so are the size of all the spam mails that are not tagged with anything ... not even BAYES :-s > > Alex > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ka at pacific.net Mon May 18 21:09:30 2009 From: ka at pacific.net (Ken A) Date: Mon May 18 21:09:51 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11B4C5.9040507@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> Message-ID: <4A11C07A.9060305@pacific.net> Steve Campbell wrote: > > > Steve Campbell wrote: >> I've done a little research on my own, but am not understanding what >> all I've read. I've got a request to set up all email that goes to >> userXX@mydomain.com to go to user@mydomain.com. (The XX is a random >> number between 00-99. >> >> How would this be done and in which table should I place it if it's >> do-able? Could you approach it using user+detail addressing? ie: user+[00-99]@domain.com ? Then you wouldn't have to do anything. :-) Ken >> >> Thanks >> >> Steve Campbell > > To make this simpler for the group of people here, is there a way to do > this in MailScanner (hadn't thought of that during the first post)? I > don't want to whitelist them, so putting them in spam.whitelist .rules > is not an optionl. Does MS have a generic place to put things like this > for this situation? Creating the rulesets, etc for sendmail seems > overkill, but might work better. > > Something maybe like > > To: user[0-9][0-9] /@mydomain.com user@mydomain.com > > Not sure that's the proper syntax, and I don't think it would cover > user4 either, but where might I put this to still get just the redirection? > > Thanks. > > steve > >> >> >> > -- Ken Anderson Pacific Internet - http://www.pacific.net From mikael at syska.dk Mon May 18 21:12:48 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 21:13:02 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> Message-ID: <6beca9db0905181312u373e2463vc47c511a61cdcd64@mail.gmail.com> Hi, ( The problem is kind a solved ... removed all rules from: saupdates.openprotect.com sought.rules.yerp.org only using: updates.spamassassin.org disabled FuzzyOcr ... now I will try and enable them one by one ... and see what might cause the problem ... Hate to do spam debugging on demand :-) *hehe* No, the mails does not contain any X-MailScanner headers as I can see from the mailwatch interface. Or ... the spamassassin get a error/fault and MailScanner just passes the messege through the system ... but its random, scanning them from the command line does not trigger any errors I will post a few headers of the ones that does not get scanned... maybe there are a pattern I dont see: ( out domain names are masked out with xxx.xx ) Received: from pbmakefk (81.203.175.46.dyn.user.ono.com [81.203.175.46]) by spam02.xxx.xx (Postfix) with ESMTP id 2E8F419457E; Mon, 18 May 2009 12:34:34 +0200 (CEST) Date: Mon, 18 May 2009 02:39:44 -0700 To: From: "Olinda Viki" Message-ID: <1242639584.4739@jathomas.com> Subject: 2009 Latest Models Best Quality Rep1icaWatches from $200, nRolex, Breitling, Chanel, Cartier, Omega and more. hicx j65 Sender: X-Sender: Reply-To: "Olinda Viki" Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit Received: from c5850-2.222.sinor.ru (unknown [90.189.167.222]) by spam02.xxx.xx (Postfix) with ESMTP id A2143194540 for ; Mon, 18 May 2009 12:34:22 +0200 (CEST) From: "Petet Danilo" To: ionelcostelloshinbone@xxx.xx Subject: Watched that site? Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20090518103422.A2143194540@spam02.xxx.xx> Date: Mon, 18 May 2009 12:34:22 +0200 (CEST) Received: from vs186.mirohost.net (vs186.mirohost.net [193.178.144.55]) by spam02.xxx.xx(Postfix) with SMTP id CA3D019452D for ; Mon, 18 May 2009 12:33:34 +0200 (CEST) X-Priority: 3 (Normal) Date: Mon, 18 May 2009 13:33:35 +0300 Message-ID: <01C9D7A4.547E7A1E@vs186.mirohost.net> From: To: Subject: There's nothing so good for a Pobble's toes! Reply-To: X-Mailer: Sendmail Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit On Mon, May 18, 2009 at 2:14 PM, Martin Hepworth wrote: > In the messages that aren't being trapped, are the X-MailScanner headers > present? > > 2009/5/18 Mikael Syska >> >> Hi list, >> >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 >> >> Some mails dont get tagged as spam ... but if I run: >> spamassassin -t < email >> >> Most if not all messages get a score over 30 ... so its not all the >> time the messages dont get scanned. >> >> How did it start: >> Updated sa-rules official rules >> Installed FuzzyOcr witch is disabled now ... >> >> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >> would maybe solve the problem, but no luck ... >> >> So ... how do I start debugging it ... I'm lost here. Since its not >> all messages that dont get scanned. >> >> mvh >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ssilva at sgvwater.com Mon May 18 22:36:12 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 18 22:40:13 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Message-ID: on 5-18-2009 1:04 PM Mikael Syska spake the following: > Hi > > On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: >> On 5/18/2009 12:40 PM, Mikael Syska wrote: >>> Hi list, >>> >>> I have some problems with my MailScanner installation. >>> >>> OS: FreeBSD 7.0 >>> MailScanner: MailScanner-4.75.11 >>> SpamAssassin: SpamAssassin-3.2.5 >>> >>> Some mails dont get tagged as spam ... but if I run: >>> spamassassin -t < email >>> >>> Most if not all messages get a score over 30 ... so its not all the >>> time the messages dont get scanned. >>> >>> How did it start: >>> Updated sa-rules official rules >>> Installed FuzzyOcr witch is disabled now ... >>> >>> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >>> would maybe solve the problem, but no luck ... >>> >>> So ... how do I start debugging it ... I'm lost here. Since its not >>> all messages that dont get scanned. >> Is there a pattern in the msg size? > > There are not any patern in the size ... as most spam we get are below > 10 kbyte ... so are the size of all the spam mails that are not tagged > with anything ... not even BAYES :-s > Any "spamassassin timed out..." messages in the logs? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/877d92f1/signature.bin From ajcartmell at fonant.com Mon May 18 22:48:52 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon May 18 22:49:07 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11C07A.9060305@pacific.net> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: > Could you approach it using user+detail addressing? > ie: user+[00-99]@domain.com ? > Then you wouldn't have to do anything. :-) +1 This is what I do for my web application that needs many unique addresses delivered to a single mailbox. Cheers! Anthony -- www.fonant.com - Quality web sites From csags0 at prodigy.net.mx Mon May 18 23:43:27 2009 From: csags0 at prodigy.net.mx (Jorge Arenas) Date: Mon May 18 23:43:40 2009 Subject: jpg file quarantined like program References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: Hi: I hope someone can help me, MailScanner is stopping jpg files because filetype found a program in the file Logs: May 18 08:05:40 MailScanner[26740]: Filetype Checks: No executables (n4ID5VeT032705 166245Delfines.jpg) May 18 08:05:40 MailScanner[26740]: Other Checks: Found 1 problems May 18 08:05:40 MailScanner[26740]: Virus and Content Scanning: Starting May 18 08:05:44 MailScanner[26740]: Virus Scanning completed at 161379 bytes per second May 18 08:05:44 MailScanner[26740]: Saved entire message to /var/spool/MailScanner/quarantine/20090518/n4ID5VeT032705 May 18 08:05:44 MailScanner[26740]: Saved infected "166245Delfines.jpg" to /var/spool/MailScanner/quarantine/20090518/n4ID5VeT032705 I believe MS uses file to determine the type so, I execute: # file 166245Delfines.jpg 166245Delfines.jpg: JPEG image data, JFIF standard 1.01, comment: " " I do not know why MS detect an Executable in this type of file can anyone help me thanks in advance Jorge Arenas From hvdkooij at vanderkooij.org Tue May 19 00:12:44 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 19 00:12:54 2009 Subject: Virus slipped through this morning In-Reply-To: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> Message-ID: <4A11EB6C.3000100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lj?snet wrote: > Hello, just wanted to check if anyone here had this one coming through > today, it seems neither MailScanner og clamav catched it. > > Fortunately nod32 blocked it on my computer. > > http://pastebin.com/m5c3f87bd > > Inside this zip file is a .exe virus. :) There is nothing usefull there. Where is the ZIP file? I like to see if I can test it against a bunch of scanners. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO =1Hbe -----END PGP SIGNATURE----- From mikael at syska.dk Tue May 19 00:17:33 2009 From: mikael at syska.dk (Mikael Syska) Date: Tue May 19 00:17:41 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Message-ID: <6beca9db0905181617qd8fda83jce78f830fa3c7c73@mail.gmail.com> On Mon, May 18, 2009 at 11:36 PM, Scott Silva wrote: > on 5-18-2009 1:04 PM Mikael Syska spake the following: >> Hi >> >> On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: >>> On 5/18/2009 12:40 PM, Mikael Syska wrote: >>>> Hi list, >>>> >>>> I have some problems with my MailScanner installation. >>>> >>>> OS: FreeBSD 7.0 >>>> MailScanner: MailScanner-4.75.11 >>>> SpamAssassin: SpamAssassin-3.2.5 >>>> >>>> Some mails dont get tagged as spam ... but if I run: >>>> spamassassin -t < email >>>> >>>> Most if not all messages get a score over 30 ... so its not all the >>>> time the messages dont get scanned. >>>> >>>> How did it start: >>>> Updated sa-rules official rules >>>> Installed FuzzyOcr witch is disabled now ... >>>> >>>> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >>>> would maybe solve the problem, but no luck ... >>>> >>>> So ... how do I start debugging it ... I'm lost here. Since its not >>>> all messages that dont get scanned. >>> Is there a pattern in the msg size? >> >> There are not any patern in the size ... as most spam we get are below >> 10 kbyte ... so are the size of all the spam mails that are not tagged >> with anything ... not even BAYES :-s >> > Any "spamassassin timed out..." messages in the logs? Not that I can see ... I guess "timeout" from spamassassin should show up in the logs per default without turning DEBUG on for either MS or SA ... I saw some: May 18 09:52:04 spam02 MailScanner[1220]: Disabled RBL DSBL as reached 7/10 timeouts But ... it just disables that RBL list ... it was DSBL and I know its dead now ... 2 month ago, but now its gone. But this have not been the problem. So ... I'm still trying to figure out what went wrong ... :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ljosnet at gmail.com Tue May 19 00:23:47 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Tue May 19 00:24:08 2009 Subject: Virus slipped through this morning In-Reply-To: <4A11EB6C.3000100@vanderkooij.org> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org> Message-ID: <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> www.efnet.is/Info08.zip On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Lj?snet wrote: >> Hello, just wanted to check if anyone here had this one coming through >> today, it seems neither MailScanner og clamav catched it. >> >> Fortunately nod32 blocked it on my computer. >> >> http://pastebin.com/m5c3f87bd >> >> Inside this zip file is a .exe virus. :) > > There is nothing usefull there. Where is the ZIP file? I like to see if > I can test it against a bunch of scanners. > > Hugo > > > - -- > hvdkooij@vanderkooij.org ? ? ? ? ? ? ? http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > ? ? ? ?A: Yes. > ? ? ? ?>Q: Are you sure? > ? ? ? ?>>A: Because it reverses the logical flow of conversation. > ? ? ? ?>>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi > Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO > =1Hbe > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Tue May 19 01:01:22 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Tue May 19 01:01:41 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11C07A.9060305@pacific.net> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: <1242691282.4a11f6d29dc24@perdition.cnpapers.net> Quoting Ken A : > Steve Campbell wrote: > > > > > > Steve Campbell wrote: > >> I've done a little research on my own, but am not understanding what > >> all I've read. I've got a request to set up all email that goes to > >> userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > >> number between 00-99. > >> > >> How would this be done and in which table should I place it if it's > >> do-able? > > Could you approach it using user+detail addressing? > ie: user+[00-99]@domain.com ? > Then you wouldn't have to do anything. :-) > Ken > > >> > >> Thanks > >> > >> Steve Campbell > > > > To make this simpler for the group of people here, is there a way to do > > this in MailScanner (hadn't thought of that during the first post)? I > > don't want to whitelist them, so putting them in spam.whitelist .rules > > is not an optionl. Does MS have a generic place to put things like this > > for this situation? Creating the rulesets, etc for sendmail seems > > overkill, but might work better. > > > > Something maybe like > > > > To: user[0-9][0-9] /@mydomain.com user@mydomain.com > > > > Not sure that's the proper syntax, and I don't think it would cover > > user4 either, but where might I put this to still get just the > redirection? > > > > Thanks. > > > > steve > > > >> > >> > >> > > > > > -- > Ken Anderson > Pacific Internet - http://www.pacific.net > -- Ken, Yeah, I thought about that. I'm not designing the system that will generate these addresses. If I can convince them to use the "+number" stuff, it'd be a piece of cake. Thanks for the tip. steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From ms-list at alexb.ch Tue May 19 05:58:38 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue May 19 05:58:48 2009 Subject: Virus slipped through this morning In-Reply-To: <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org> <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> Message-ID: <4A123C7E.8080407@alexb.ch> On 5/19/2009 1:23 AM, Lj?snet wrote: > www.efnet.is/Info08.zip clamdscan Info08.zip /tmp/virus/Info08.zip: Broken.Executable FOUND > On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Lj?snet wrote: >>> Hello, just wanted to check if anyone here had this one coming through >>> today, it seems neither MailScanner og clamav catched it. >>> >>> Fortunately nod32 blocked it on my computer. >>> >>> http://pastebin.com/m5c3f87bd >>> >>> Inside this zip file is a .exe virus. :) >> There is nothing usefull there. Where is the ZIP file? I like to see if >> I can test it against a bunch of scanners. >> >> Hugo >> >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi >> Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO >> =1Hbe >> -----END PGP SIGNATURE----- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From hvdkooij at vanderkooij.org Tue May 19 06:44:52 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 19 06:45:01 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <4A124754.6080603@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 Just curious if the MTA isn' t considered rather vital informmation any more. After all your MTA might just bypasing the lot. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkoSR1IACgkQBvzDRVjxmYH3hQCfaQ8p4vO27gfJU15/iW37nj9t 3foAn1ff8S3TO0dGGW52C1b0PTV2gd4y =onct -----END PGP SIGNATURE----- From shyamph at gmail.com Tue May 19 08:21:14 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Tue May 19 08:21:24 2009 Subject: skippedastoobig MailScanner Message-ID: Hi All, I am using the MailScanner+postfix+clamav Details about installed versions. MailScanner Version : 4.55.3 SpamAssassin version 3.2.4 running on Perl version 5.8.5 Every thing is working fine and scanning are happening smoothly, All of sudden some mails are not scanning and when i see in the mailwatch "skippedastoobig " and the message size is within the specified limit i.e 60KB. Is there any thing else need to be done at MailScanner configuration or I am not able to debug this issue. Thanks in advance. Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/f3d8ceb7/attachment.html From mikael at syska.dk Tue May 19 09:58:35 2009 From: mikael at syska.dk (Mikael Syska) Date: Tue May 19 09:58:44 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <4A124754.6080603@vanderkooij.org> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A124754.6080603@vanderkooij.org> Message-ID: <6beca9db0905190158l297d7dbbuc86801c79f5f54fa@mail.gmail.com> Hi On Tue, May 19, 2009 at 7:44 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mikael Syska wrote: > >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 > > Just curious if the MTA isn' t considered rather vital informmation any > more. After all your MTA might just bypasing the lot. Well ... I dont thinks its bypassing the MS as I can see the mail in mailwatch ... then I guess it is handed over to MS from my MTA ( Postfix ) mvh > Hugo. > > - -- > hvdkooij@vanderkooij.org ? ? ? ? ? ? ? http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > ? ? ? ?A: Yes. > ? ? ? ?>Q: Are you sure? > ? ? ? ?>>A: Because it reverses the logical flow of conversation. > ? ? ? ?>>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkoSR1IACgkQBvzDRVjxmYH3hQCfaQ8p4vO27gfJU15/iW37nj9t > 3foAn1ff8S3TO0dGGW52C1b0PTV2gd4y > =onct > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rcooper at dwford.com Tue May 19 15:51:21 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 19 15:51:36 2009 Subject: Virus slipped through this morning In-Reply-To: <4A123C7E.8080407@alexb.ch> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org><910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> <4A123C7E.8080407@alexb.ch> Message-ID: <58228B5605A149AFAF0AF53C703CBD85@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Tuesday, May 19, 2009 12:59 AM To: MailScanner discussion Subject: Re: Virus slipped through this morning > On 5/19/2009 1:23 AM, Lj?snet wrote: >> www.efnet.is/Info08.zip > > clamdscan Info08.zip > /tmp/virus/Info08.zip: Broken.Executable FOUND Detect Broken Executables is not on by default so it has to be enabled in clamd.conf But that virus is now detected thanks to the nice fellow at SaneSecurity as Sanesecurity.Malware.8871.UNOFFICIAL > > > >> On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij >> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Lj?snet wrote: >>>> Hello, just wanted to check if anyone here had this one coming through >>>> today, it seems neither MailScanner og clamav catched it. >>>> >>>> Fortunately nod32 blocked it on my computer. >>>> >>>> http://pastebin.com/m5c3f87bd >>>> >>>> Inside this zip file is a .exe virus. :) >>> There is nothing usefull there. Where is the ZIP file? I like to see if >>> I can test it against a bunch of scanners. >>> >>> Hugo >>> >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN >>> PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) >>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >>> >>> iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi >>> Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO >>> =1Hbe >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gafaith at asdm.net Tue May 19 15:54:24 2009 From: gafaith at asdm.net (Gary Faith) Date: Tue May 19 15:54:41 2009 Subject: Disable scanning for a client that connects via SMTP-AUTH Message-ID: <4A128FE00200002D000066D2@sparky.asdm.net> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/6fe1fda5/attachment.html From ssilva at sgvwater.com Tue May 19 18:22:25 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 19 18:22:43 2009 Subject: skippedastoobig MailScanner In-Reply-To: References: Message-ID: on 5-19-2009 12:21 AM shyam hirurkar spake the following: > Hi All, > > I am using the MailScanner+postfix+clamav > > Details about installed versions. > MailScanner Version : 4.55.3 > SpamAssassin version 3.2.4 > ?running on Perl version 5.8.5 > > Every thing is working fine and scanning are happening smoothly, All of > sudden some mails are not scanning and when i see in the mailwatch > "skippedastoobig " and the message size is within the specified limit > i.e 60KB. > > Is there any thing else need to be done at MailScanner configuration or > I am not able to debug this issue. > You must be running Debian, or you wouldn't have such an ancient version of MailScanner. Much improvement has been done with the interaction between mailscanner and postfix in the last 3 or 4 years since that version came out. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/683e9194/signature.bin From hilario at soliton.com.br Tue May 19 21:37:02 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Tue May 19 21:39:38 2009 Subject: Bug Report: Remove These Headers Message-ID: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Hello, This was supposed to be a support request, but as I made many tests, I decide to post it as bug report: If it is something I've made by mistake, please explain. If you set Remove These Headers = %rules-dir%/remove.headers.rules And includes the following rules, it just does not work: # Begin of remove.headers.rules file. # These used to work before Version 4.75.11-1 but does not work any more: To: *@soliton.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: # These causes NO ERROR but DO NOT WORK to: hilario@soliton.com.br Confirm-Reading-To: To: *@soliton.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: To: *@soliton.com.br (Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:) To: *@soliton.com.br /(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:)/ # These causes errors when you reload configurations. To:\s*@soliton.com.br\s(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:) To:\s*@soliton.com.br\s/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ To:\s*@soliton.com.br\s/(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:)/ To:\shilario@soliton.com.br\s/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ # End of rules file Please let me know if you have a work around. And, if you are going to work on the code to fix this, let me add a wish list: When we send emails with receipt request to mail accounts outside our server and with copies to accounts inside our servers, it cleans the headers to every email. I wish we could selectively clear headers only to emails to our own accounts and not to outside accounts. If we send separate emails to outside and to inside accounts, it works. This problem occurs only when a single email is sent to both inside and outside accounts at once. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: hilario@soliton.com.br The SSD Drives Inc. (formerly Eurotherm Drives), Eurotherm Controls, Action Instruments, Montalvo, Koyo and Sharp distributors in Brazil www.soliton.com.br www.eurotherm.com.br www.actionio.com.br www.montalvo.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/dcc8386f/attachment.html From alex at rtpty.com Tue May 19 21:52:56 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 19 21:53:06 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <200905192039.n4JKdSbS030810@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Message-ID: <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> Do you have the proper settings in place to separate recipients when more than one recipient "hits"? If you don't separate "those whom the rules apply to" and "those whom the rules don't apply to" (hope the grammar police don't kill me for that one) then, if I recall correctly, the "don't" part "wins". On Tue, May 19, 2009 at 3:37 PM, Hilario Fochi Silveira < hilario@soliton.com.br> wrote: > > If we send separate emails to outside and to inside accounts, it works. > This problem occurs only when a single email is sent to both inside and > outside accounts at once. > > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/816bdccd/attachment.html From submit at zuka.net Tue May 19 23:11:05 2009 From: submit at zuka.net (Dave Filchak) Date: Tue May 19 23:11:50 2009 Subject: cannot send or receive mail Message-ID: <4A132E79.4090404@zuka.net> Hi folks, Today a problem arose in my mail setup that I am trying to track down. I can no longer send or receive emails. I think it has something to do with mysql but I have had little luck so far. Here is my systems specs: 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML And before you say it, I know the OS is old but we had an application running on this machine that did not allow us to update. I think we could now so maybe I should do that. But let me finish describing the issue. Today I started getting these in my logs: May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix (80) May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line 116 May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm I get: Useless use of hash element in void context at /usr/lib/MailScanner/MailScanner/Config.pm line 892. Use of implicit split to @_ is deprecated at /usr/lib/MailScanner/MailScanner/Config.pm line 2085. /usr/lib/MailScanner/MailScanner/Config.pm syntax OK and more logs: May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking to service rewrite: Connection reset by peer May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to service rewrite: Success The mysql.sock file does exist at this location with appropriate ownership and permissions. I have tried recreating it as well. Upon restart of MailScanner, it seems to start but MailWatch seems to be dead. However, I can still not send or receive emails. Anyone see anything that might give me a hint? Dave From ssilva at sgvwater.com Tue May 19 23:28:14 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 19 23:28:37 2009 Subject: cannot send or receive mail In-Reply-To: <4A132E79.4090404@zuka.net> References: <4A132E79.4090404@zuka.net> Message-ID: on 5-19-2009 3:11 PM Dave Filchak spake the following: > Hi folks, > > Today a problem arose in my mail setup that I am trying to track down. I > can no longer send or receive emails. > > I think it has something to do with mysql but I have had little luck so > far. Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 > GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an application > running on this machine that did not allow us to update. I think we > could now so maybe I should do that. But let me finish describing the > issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix > (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm > line 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could not be > "eval"ed. Make sure the module is correct with perl -wc at > /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: > connect to mysql server localhost: Can't connect to local MySQL server > through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: > connect to mysql server localhost: Can't connect to local MySQL server > through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem > talking to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking > to service rewrite: Success > > The mysql.sock file does exist at this location with appropriate > ownership and permissions. I have tried recreating it as well. > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > If you stop mysql, does the socket file go away? If not you have a dead socket file. Delete it and restart mysql and see if it comes back. Otherwise it sounds like one of the databases might be corrupt. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/34f13db8/signature.bin From hilario at soliton.com.br Tue May 19 23:34:36 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Tue May 19 23:36:44 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> Message-ID: <200905192236.n4JMaa2j002569@safir.blacknight.ie> Before the bug, what I had was a remove.headers.rules file with instructions like the ones bellow for each domain: # For each domain: From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: # And again, for each domain: To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: MDRcpt-To: MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL: When I created those rules a year ago, I thought that as the "From" rules do not exclude the receipt requests headers, it should allow our hosted domains to request receive receipt, but silently remove those headers on reception. It works (worked before the bug) for every emails received as well as all emails sent UNLESS the sent email also has a copy to some of the domains we host. In that case all headers are removed on the OUTGOING emails as well. But that we did not wanted ! But my biggest problem is that the file does not work anymore at all. As far as I can tell it is a bug or incompatibility introduced in version 4.75.11-1 Regards, Hil?rio P.S. Is this the correct place to report MailScanner bugs? At 17:52 2009-05-19, you wrote: >Do you have the proper settings in place to >separate recipients when more than one recipient >"hits"? If you don't separate "those whom the >rules apply to" and "those whom the rules don't >apply to" (hope the grammar police don't kill me >for that one) then, if I recall correctly, the "don't" part "wins". > >On Tue, May 19, 2009 at 3:37 PM, Hilario Fochi >Silveira <hilario@soliton.com.br> wrote: >If we send separate emails to outside and to >inside accounts, it works. This problem occurs >only when a single email is sent to both inside and outside accounts at once. > > > >-- >Alex Neuman van der Hans >Reliant Technologies >+507 6781-9505 >+507 202-1525 >alex@rtpty.com >Skype: alexneuman >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/05ffb79d/attachment.html From alex at rtpty.com Tue May 19 23:52:17 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 19 23:52:27 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <200905192236.n4JMaa2j002569@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> <200905192236.n4JMaa2j002569@safir.blacknight.ie> Message-ID: <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.com> On Tue, May 19, 2009 at 5:34 PM, Hilario Fochi Silveira < hilario@soliton.com.br> wrote: > > P.S. Is this the correct place to report MailScanner bugs? > It *is* - you just have to provide enough information to corroborate that, in fact, it's a bug; otherwise people have to guess what the problem is. Most of the time problems like the one you describe are due to misunderstanding the configuration files, lack of "tab" characters in some config files, or something like that - not bugs per se. Please don't take it the wrong way, but look into * http://tinyurl.com/questionformat in regards to ways you can phrase your questions so that people will be more inclined to help. I'm not saying you're asking the wrong way, I'm just saying you could ask for help in a slightly different way and have a better chance of getting help. * -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/d8f1c905/attachment.html From submit at zuka.net Wed May 20 01:31:39 2009 From: submit at zuka.net (Dave Filchak) Date: Wed May 20 01:32:14 2009 Subject: apparently not sending or receiving emails Message-ID: <4A134F6B.9030602@zuka.net> Hi folks, Today a problem arose in my mail setup that I am trying to track down. I can no longer send or receive emails. I think it has something to do with mysql but I have had little luck so far. Mysql is running and I can log in and select and search tables. But, as you will see below, the logs indicate that there are issues connecting through the mysql.sock. You will also note that the path it is trying to connect to is /var/run/mysql.sock while the actual location is at /var/run/mysqld/mysql.sock Here is my systems specs: 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML And before you say it, I know the OS is old but we had an application running on this machine that did not allow us to update. I think we could now so maybe I should do that. But let me finish describing the issue. Today I started getting these in my logs: May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix (80) May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line 116 May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm I get: Useless use of hash element in void context at /usr/lib/MailScanner/MailScanner/Config.pm line 892. Use of implicit split to @_ is deprecated at /usr/lib/MailScanner/MailScanner/Config.pm line 2085. /usr/lib/MailScanner/MailScanner/Config.pm syntax OK and more logs: May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking to service rewrite: Connection reset by peer May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to service rewrite: Success Upon restart of MailScanner, it seems to start but MailWatch seems to be dead. However, I can still not send or receive emails. Anyone see anything that might give me a hint? Dave From hilario at soliton.com.br Wed May 20 01:54:18 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Wed May 20 01:59:07 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.co m> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> <200905192236.n4JMaa2j002569@safir.blacknight.ie> <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.com> Message-ID: <200905200059.n4K0wwrr008029@safir.blacknight.ie> Hi, It is a long time since I first read http://tinyurl.com/questionformat and http://wiki.mailscanner.info/posting . Probably I had forgotten something. I did my homework and just finished reading both pages again (spent an hour and half on that cause I'm not fluent in English). I'm going to post it again in a new format, and I hope this won't be felt as more noise on the list. That is not my intention. If I make any mistake, please pinpoint it and I'll try to learn as fast as possible. Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. At 19:52 2009-05-19, Alex Neuman wrote: >On Tue, May 19, 2009 at 5:34 PM, Hilario Fochi Silveira ><hilario@soliton.com.br> wrote: >P.S. Is this the correct place to report MailScanner bugs? > > >It *is* - you just have to provide enough information to corroborate >that, in fact, it's a bug; otherwise people have to guess what the >problem is. Most of the time problems like the one you describe are >due to misunderstanding the configuration files, lack of "tab" >characters in some config files, or something like that - not bugs per se. > >Please don't take it the wrong way, but look into >MailScanner has detected definite >fraud in the website at "tinyurl.com". Do not trust this website: >http://tinyurl.com/questionformat in regards to ways you can phrase >your questions so that people will be more inclined to help. I'm not >saying you're asking the wrong way, I'm just saying you could ask >for help in a slightly different way and have a better chance of getting help. > > >-- >Alex Neuman van der Hans >Reliant Technologies >+507 6781-9505 >+507 202-1525 >alex@rtpty.com >Skype: alexneuman >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/e5205df2/attachment.html From hilario at soliton.com.br Wed May 20 02:58:44 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Wed May 20 02:59:15 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905192039.n4JKdSbS030810@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Message-ID: <200905200159.n4K1x67u010236@safir.blacknight.ie> Hello, Installation details: RHEL5.3 with cPanel and MailScanner Front End (configserver.com) MailScanner is running ok for more than one year. Our server uses the "Remove These Headers = %rules-dir%/remove.headers.rules" setting to eliminate inbound return receipts requests while allowing outbound receipts headers to stay intact. Two weeks ago after upgrading to version MailScanner - v4.76.24 we begun to notice that some inbound emails were asking for return receipts. We played a lot with the rules file without success and as a temporary solution, we replaced the per domain rules file with the the following single line instruction: Remove These Headers = /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ This solution is working, we have no receipts at all both inbound and outbound, but we wish to regain the fine granularity control we once had. The original rules file uses spaces to separate the headers. The typical per domain lines we had in the remove.headers.rules file were: # For each domain: From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: MDRcpt-To: MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL: Those instructions used worked ok with previous MailScanner versions. During the tests we have done with these files, we noticed that Mailscanner does not complain (it does not report errors in the log file) with the above described lines, but it also does not remove the required headers. We tried a variety of combination of regex construction substituting the spaces with \s and also using the | but none of the tried combinations worked. We will appreciate any hint provided on how to build a working per domain regex in the remove headers file using the new Mailscanner version regex rules. Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/3f71b366/attachment.html From dave.filchak at senecac.on.ca Wed May 20 05:03:43 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Wed May 20 05:04:15 2009 Subject: cannot send or receive mail References: <4A132E79.4090404@zuka.net> Message-ID: <4A13811F.3030505@senecac.on.ca> Scott Silva responded: > > > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > > dead. However, I can still not send or receive emails. > > > > Anyone see anything that might give me a hint? > > > > Dave > > > If you stop mysql, does the socket file go away? > If not you have a dead socket file. Delete it and restart mysql and > see if it > comes back. > > Otherwise it sounds like one of the databases might be corrupt. > Scott, when I stop mysql the socket file goes away and comes back when I start it again. So, you mentioned a corrupt database. How would I test for this? Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From mailbag at partnersolutions.ca Wed May 20 05:07:26 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed May 20 05:07:32 2009 Subject: Possible config option to skip filename/filettype checks for the message body? Message-ID: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> Hey Jules + List, What do you guys/gals think about a config option to bypass the filename/filetype checks on the message body? Very frequently, I get messages being blocked because "file" (and even when used in the mime only option) detects regular chatter as being a file that shouldn't be sent: [root@psimf001 0114C74652C.B6E83]# file -i msg-27860-603.txt msg-27860-603.txt: video/quicktime [root@psimf001 0114C74652C.B6E83]# head -1 msg-27860-603.txt Re: skipping ropes - would you want singles or the extra long ones for Is it feasible to find a way to bypass the checks on the extracted message body content? I've stripped down my magic file of a lot of the more common FP's, but lately I seem to be hitting new ones every other week. In my mind I see a config option that would allow you to bypass the "file" results from the content extracted from the message body (msg-*.txt), while still allowing it to properly run against regular attachments. Thoughts? Cheers, -Joshua From maxsec at gmail.com Wed May 20 08:54:30 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 20 08:54:40 2009 Subject: apparently not sending or receiving emails In-Reply-To: <4A134F6B.9030602@zuka.net> References: <4A134F6B.9030602@zuka.net> Message-ID: <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> 2009/5/20 Dave Filchak > Hi folks, > > Today a problem arose in my mail setup that I am trying to track down. I > can no longer send or receive emails. > > I think it has something to do with mysql but I have had little luck so > far. > > Mysql is running and I can log in and select and search tables. But, as you > will see below, the logs indicate that there are issues connecting through > the mysql.sock. You will also note that the path it is trying to connect to > is /var/run/mysql.sock while the actual location is at > /var/run/mysqld/mysql.sock > > Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 > GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an application > running on this machine that did not allow us to update. I think we could > now so maybe I should do that. But let me finish describing the issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix > (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line > 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. > Make sure the module is correct with perl -wc at > /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect > to mysql server localhost: Can't connect to local MySQL server through > socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect > to mysql server localhost: Can't connect to local MySQL server through > socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking > to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to > service rewrite: Success > > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Dave anything in the mysql logs? Can you connect to mysql on the command line - ie is mysql actually running? -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/b30baf18/attachment-0001.html From paul.hutchings at mira.co.uk Wed May 20 08:57:28 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 08:57:43 2009 Subject: Mailscanner's stopped signing messages? Message-ID: As subject - it used to and other than a recent upgrade I don't believe I've changed anything. How can I debug this on a production box to find out why it's not doing it please? Mailscanner.conf contains: Sign Clean Messages = %rules-dir%/signature.rules And [root@relay log]# cat /etc/MailScanner/rules/signature.rules # Only sign outbound mail From: someaddress@us co.uk no From: 193.35.217.x yes From: *@ us co.uk and From: 193.35.217.x yes FromOrTo: default no Cheers, Paul From shyamph at gmail.com Wed May 20 09:03:18 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 20 09:03:28 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: Hi All, Any other possibilities for the delay in MailScanner. How do i check how many mails are there in HOLD state of MailScanner. Thanks in Advance. Shyam On Mon, May 18, 2009 at 1:10 PM, shyam hirurkar wrote: > Hi , > > Between the actual time and and the re-queue time there are lot mails > delivered, Sorry I can not take the log as it is huge or give me some time i > will paste. > > mailq was 60. > > Thanks in advance > > Shyam > > > > On Sat, May 16, 2009 at 11:37 PM, Mark Sapiro wrote: > >> shyam hirurkar wrote: >> > >> >I am using MailScanner with postfix and mail flow is normal till these >> days >> >and now i am finding the mail delay's regularly , >> > >> >When i went through the log and found mails are going in hold after that >> a >> >long delay and reque of the mail is happening and mail will sent >> >successfully. >> > here is the log >> > >> >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], >> >sasl_method=LOGIN, sasl_username=username@domain.com >> >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header >> >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: >> >,username>@)??by smtp.domain.com (Postfix) with ESMTP id >> >B5AD361300F7??for ; Tue, 2 from >> unknown[192.168.1.1]; >> >from= to= proto=ESMTP helo= >> >> >> What are the MailScanner log entries between here and the Requeue at >> 15:16:48? >> >> >> >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: >> >message-id=<003f01c9c7c0$5786f380$0694da80$@com> >> >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to >> >6E0A36130112 >> >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/8dc0f19d/attachment.html From garry at glendown.de Wed May 20 12:05:30 2009 From: garry at glendown.de (Garry) Date: Wed May 20 12:06:38 2009 Subject: OT: Mail Archiving Message-ID: <4A13E3FA.5070100@glendown.de> Hi, We were thinking about setting up mail archiving for business email - has anybody here had any (positive) experiences with any products? (F/OSS preferred) If it would integrate with MailScanner it would definitely be a plus ... Tnx, -garry From ms-list at alexb.ch Wed May 20 12:21:06 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 20 12:21:15 2009 Subject: OT: Mail Archiving In-Reply-To: <4A13E3FA.5070100@glendown.de> References: <4A13E3FA.5070100@glendown.de> Message-ID: <4A13E7A2.2000708@alexb.ch> On 5/20/2009 1:05 PM, Garry wrote: > Hi, > > We were thinking about setting up mail archiving for business email - > has anybody here had any (positive) experiences with any products? > (F/OSS preferred) If it would integrate with MailScanner it would > definitely be a plus ... can recommend MailArchiva http://www.mailarchiva.com/ From simon.walter at hp-factory.de Wed May 20 13:35:43 2009 From: simon.walter at hp-factory.de (Simon Walter) Date: Wed May 20 13:36:02 2009 Subject: Bug#529358: mailscanner: MailScanner dies an ugly death when using perl 5.10.0-22 In-Reply-To: <20090518202114.18810.13764.reportbug@mailkeeper> References: <20090518202114.18810.13764.reportbug@mailkeeper> Message-ID: <20090520143543.5671d3ae@hp-factory.de> Hello, > # dpkg -l perl > ii perl 5.10.0-22 > # dpkg -l mailscanner > ii mailscanner 4.74.16-1 > > Afterwards, debugging mailscanner showed it dying with the error > message "Insecure dependency in chown while running with the -T > switch in /usr/share/MailScanner//MailScanner/Message.pm on line > 2407". It appears to be while calling the perl chown function to set > the permissions on an exploded message in the "incoming" work > directory. I have noticed this bug[1] myself some days ago while trying to package 4.76.25-1. I have fixed this bug, but have not tested the bugfix yet. Your solution[3] to this problem is not every generic. Users would have to edit /etc/ini.d/mailscanner depending on the mailserver they are using. There is also a problem when using clamavd, it crash and complains about missing permission for lstat on the unpacked mail, no matter how I configure "Incoming Work User/Group/Permission". I currently don't have the time to track down the problem, find a solution and test the -T patch. If anyone else has some spare time, feel free to help out. I have uploaded the current state to mentors[2]. I have added mailscanner-ml to CC because there are probably other debian-users out there... -- Regards Simon Walter [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+529358 [2] http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=mailscanner [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+529358#10 From dcurtis at sbschools.net Wed May 20 13:42:44 2009 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed May 20 13:45:59 2009 Subject: OT: Mail Archiving In-Reply-To: <4A13E7A2.2000708@alexb.ch> References: <4A13E3FA.5070100@glendown.de> <4A13E7A2.2000708@alexb.ch> Message-ID: <24AAD26C88B9534093235DD9C02F4D170368BD44@exchangesrvr.sbschools.net> I would second that. We have been using it for quite a while now. It started pretty shaky, but it became stable very quickly. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Wednesday, May 20, 2009 7:21 AM To: MailScanner discussion Subject: Re: OT: Mail Archiving On 5/20/2009 1:05 PM, Garry wrote: > Hi, > > We were thinking about setting up mail archiving for business email - > has anybody here had any (positive) experiences with any products? > (F/OSS preferred) If it would integrate with MailScanner it would > definitely be a plus ... can recommend MailArchiva http://www.mailarchiva.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From submit at zuka.net Wed May 20 15:19:31 2009 From: submit at zuka.net (Dave Filchak) Date: Wed May 20 15:19:59 2009 Subject: apparently not sending or receiving emails In-Reply-To: <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> References: <4A134F6B.9030602@zuka.net> <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> Message-ID: <4A141173.3070307@zuka.net> Martin Hepworth wrote: > > > 2009/5/20 Dave Filchak > > > Hi folks, > > Today a problem arose in my mail setup that I am trying to track > down. I can no longer send or receive emails. > > I think it has something to do with mysql but I have had little > luck so far. > > Mysql is running and I can log in and select and search tables. > But, as you will see below, the logs indicate that there are > issues connecting through the mysql.sock. You will also note that > the path it is trying to connect to is /var/run/mysql.sock while > the actual location is at /var/run/mysqld/mysql.sock > > Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 > x86_64 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an > application running on this machine that did not allow us to > update. I think we could now so maybe I should do that. But let me > finish describing the issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to > postfix (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise > database connection: Can't connect to local MySQL server through > socket '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm > line 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise > database connection: Can't connect to local MySQL server through > socket '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom > Function code MailScanner::CustomConfig::InitMailWatchLogging, it > could not be "eval"ed. Make sure the module is correct with perl > -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc > /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: > connect to mysql server localhost: Can't connect to local MySQL > server through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: > connect to mysql server localhost: Can't connect to local MySQL > server through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: > premature end-of-input on private/rewrite socket while reading > input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input > attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem > talking to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem > talking to service rewrite: Success > > > Upon restart of MailScanner, it seems to start but MailWatch seems > to be dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Dave > > anything in the mysql logs? Can you connect to mysql on the command > line - ie is mysql actually running? > > -- > Martin Hepworth > Oxford, UK Martin, Yes, mysql was running but it turns out it was a problem with the mysql.sock file. I am still scratching my head over this one but the mail system used to look for this file at /var/run/mysqld/mysql.sock However, my ISP had a huge problem with their UPS backup generators and power went down rather abruptly yesterday. When the server came up, it was looking for this file at /var/run/mysql.sock. And, for the life of me, I could not get it to look for it in the original location. So, I finally gave up and moved the location to /var/run/ However, I had to set the permissions of that directory to allow write access for the world ... possibly not a good thing. Is there a stand location for this and what permissions are normal. At any rate .. I do have mail flowing again but would love to know why the location shifted. Probably a misconfiguration somewhere. Dave From mark at msapiro.net Wed May 20 16:25:18 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 20 16:25:32 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >Between the actual time and and the re-queue time there are lot mails >delivered, Sorry I can not take the log as it is huge or give me some time i >will paste. If all these mails are similarly delayed, it sounds like some kind of backlog. >mailq was 60. However, only 60 messages in the queue should clear quickly unless you are being bombarded continuously with mail and MailScanner doesn't process FIFO (I don't know if it does or not. Careful analysis of the maillog should tell you what's happening. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.hutchings at mira.co.uk Wed May 20 16:36:14 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 16:36:35 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: Message-ID: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: From: *@us co.uk yes And restarting MailScanner (I did a restart without changing anything) has made it work. Has something changed with regard to the values that can be used in rules (the IP address of the server hasn't changed!)? Cheers, Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 08:57 To: MailScanner discussion Subject: Mailscanner's stopped signing messages? As subject - it used to and other than a recent upgrade I don't believe I've changed anything. How can I debug this on a production box to find out why it's not doing it please? Mailscanner.conf contains: Sign Clean Messages = %rules-dir%/signature.rules And [root@relay log]# cat /etc/MailScanner/rules/signature.rules # Only sign outbound mail From: someaddress@us co.uk no From: 193.35.217.x yes From: *@ us co.uk and From: 193.35.217.x yes FromOrTo: default no Cheers, Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From mark at msapiro.net Wed May 20 16:38:59 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 20 16:39:11 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >How do i check how many mails are there in HOLD state of MailScanner. ls /var/spool/postfix/hold | wc -l or mailq | grep ! -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alex at rtpty.com Wed May 20 16:43:18 2009 From: alex at rtpty.com (Alex Neuman) Date: Wed May 20 16:43:28 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: Message-ID: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/7c7a5764/attachment.html From paul.hutchings at mira.co.uk Wed May 20 16:55:45 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 16:56:00 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/9815a198/attachment.html From paul.hutchings at mira.co.uk Wed May 20 17:05:19 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 17:05:33 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Sorry I should clarify - I didn't literally have a "x" at the end, habit I guess even though the IP is in the headers of this email J From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 16:56 To: MailScanner discussion Subject: RE: Mailscanner's stopped signing messages? Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/5bbbfc1e/attachment.html From ssilva at sgvwater.com Wed May 20 17:47:46 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 17:48:10 2009 Subject: cannot send or receive mail In-Reply-To: <4A13811F.3030505@senecac.on.ca> References: <4A132E79.4090404@zuka.net> <4A13811F.3030505@senecac.on.ca> Message-ID: on 5-19-2009 9:03 PM Dave Filchak spake the following: > Scott Silva responded: > >> > >> > Upon restart of MailScanner, it seems to start but MailWatch seems >> to be >> > dead. However, I can still not send or receive emails. >> > >> > Anyone see anything that might give me a hint? >> > >> > Dave >> > >> If you stop mysql, does the socket file go away? >> If not you have a dead socket file. Delete it and restart mysql and >> see if it >> comes back. >> >> Otherwise it sounds like one of the databases might be corrupt. >> > Scott, when I stop mysql the socket file goes away and comes back when I > start it again. So, you mentioned a corrupt database. How would I test > for this? > > Dave > http://dev.mysql.com/doc/refman/5.1/en/repair.html Gives some details for Mysql 5.1. If you have an older version, navigate to the same place in the older docs. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/4023c86f/signature.bin From ssilva at sgvwater.com Wed May 20 17:59:13 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 17:59:38 2009 Subject: apparently not sending or receiving emails In-Reply-To: <4A141173.3070307@zuka.net> References: <4A134F6B.9030602@zuka.net> <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> <4A141173.3070307@zuka.net> Message-ID: on 5-20-2009 7:19 AM Dave Filchak spake the following: > Martin Hepworth wrote: >> >> >> 2009/5/20 Dave Filchak > >> >> Hi folks, >> >> Today a problem arose in my mail setup that I am trying to track >> down. I can no longer send or receive emails. >> >> I think it has something to do with mysql but I have had little >> luck so far. >> >> Mysql is running and I can log in and select and search tables. >> But, as you will see below, the logs indicate that there are >> issues connecting through the mysql.sock. You will also note that >> the path it is trying to connect to is /var/run/mysql.sock while >> the actual location is at /var/run/mysqld/mysql.sock >> >> Here is my systems specs: >> >> 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 >> x86_64 GNU/Linux >> This is CentOS release 4.3 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.74.15 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.22 bignum >> 1.03 Carp >> 1.41 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.20 File::Temp >> 0.78 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.04 Mail::Header >> 1.87 Math::BigInt >> 0.20 Math::BigRat >> 3.05 MIME::Base64 >> 5.427 MIME::Decoder >> 5.427 MIME::Decoder::UU >> 5.427 MIME::Head >> 5.427 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.427 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.13 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.9707 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.22 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> 0.31 Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> >> And before you say it, I know the OS is old but we had an >> application running on this machine that did not allow us to >> update. I think we could now so maybe I should do that. But let me >> finish describing the issue. >> >> Today I started getting these in my logs: >> >> May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to >> postfix (80) >> May 19 08:29:12 rosewood MailScanner: Unable to initialise >> database connection: Can't connect to local MySQL server through >> socket '/var/run/mysql.sock' (2) at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm >> line 116 >> May 19 08:29:12 rosewood MailScanner: Unable to initialise >> database connection: Can't connect to local MySQL server through >> socket '/var/run/mysql.sock' (2) at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 >> May 19 08:29:12 rosewood MailScanner: Could not use Custom >> Function code MailScanner::CustomConfig::InitMailWatchLogging, it >> could not be "eval"ed. Make sure the module is correct with perl >> -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 >> >> When I run perl -wc perl -wc >> /usr/lib/MailScanner/MailScanner/Config.pm >> >> I get: >> >> Useless use of hash element in void context at >> /usr/lib/MailScanner/MailScanner/Config.pm line 892. >> Use of implicit split to @_ is deprecated at >> /usr/lib/MailScanner/MailScanner/Config.pm line 2085. >> /usr/lib/MailScanner/MailScanner/Config.pm syntax OK >> >> >> and more logs: >> >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: >> connect to mysql server localhost: Can't connect to local MySQL >> server through socket '/var/run/mysql.so >> ck' (2) >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: >> connect to mysql server localhost: Can't connect to local MySQL >> server through socket '/var/run/mysql.so >> ck' (2) >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: >> premature end-of-input on private/rewrite socket while reading >> input attribute name >> May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature >> end-of-input on private/rewrite socket while reading input >> attribute name >> May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem >> talking to service rewrite: Connection reset by peer >> May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem >> talking to service rewrite: Success >> >> >> Upon restart of MailScanner, it seems to start but MailWatch seems >> to be dead. However, I can still not send or receive emails. >> >> Anyone see anything that might give me a hint? >> >> Dave >> >> >> >> >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Dave >> >> anything in the mysql logs? Can you connect to mysql on the command >> line - ie is mysql actually running? >> >> -- >> Martin Hepworth >> Oxford, UK > Martin, > > Yes, mysql was running but it turns out it was a problem with the > mysql.sock file. I am still scratching my head over this one but the > mail system used to look for this file at /var/run/mysqld/mysql.sock > However, my ISP had a huge problem with their UPS backup generators and > power went down rather abruptly yesterday. When the server came up, it > was looking for this file at /var/run/mysql.sock. And, for the life of > me, I could not get it to look for it in the original location. So, I > finally gave up and moved the location to /var/run/ However, I had to > set the permissions of that directory to allow write access for the > world ... possibly not a good thing. Is there a stand location for this > and what permissions are normal. > > At any rate .. I do have mail flowing again but would love to know why > the location shifted. Probably a misconfiguration somewhere. > > Dave The actual location is set in the my.cnf file, but I am not sure where MailScanner and mailwatch might be finding this at. Maybe there are 2 copies of my.cnf on the system, and MailScanner is picking up the wrong one. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/edbafa8e/signature.bin From ssilva at sgvwater.com Wed May 20 18:22:16 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 18:22:41 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: on 5-20-2009 8:43 AM Alex Neuman spake the following: > Are you sure the syntax isn't supposed to be: > > From:?? 193.35.217.???? yes > (no x at the end) > I would assume that the X was just a sanitizing step to hide the real number that he didn't want to post to a mailing list. Just like the way he sanitized e-mail addresses. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/095593a8/signature.bin From simon.walter at hp-factory.de Wed May 20 22:51:44 2009 From: simon.walter at hp-factory.de (Simon Walter) Date: Wed May 20 22:52:02 2009 Subject: Bug#529358: mailscanner: MailScanner dies an ugly death when using perl 5.10.0-22 In-Reply-To: <94029a830905200654n7953738dv813ea7708ef38349@mail.gmail.com> References: <20090518202114.18810.13764.reportbug@mailkeeper> <20090520143543.5671d3ae@hp-factory.de> <94029a830905200654n7953738dv813ea7708ef38349@mail.gmail.com> Message-ID: <20090520235144.2dac35fd@hp-factory.de> On Wed, 20 May 2009 16:54:59 +0300 Gerasimos Melissaratos wrote: > On Wed, May 20, 2009 at 3:35 PM, Simon Walter > wrote: > > There is also a problem when using clamavd, it crash and complains > > about missing permission for lstat on the unpacked mail, no matter > > how I configure "Incoming Work User/Group/Permission". > > That's an easy one, just change the antivirus from "auto" to "clamav" > in MailScanner.conf and ... you have disabled clamd usage, using clamav as standalone scanner and lost a considerable amount of processing performance. It's a workaround but not a solution. -- Regards Simon Walter From gafaith at asdm.net Thu May 21 02:50:33 2009 From: gafaith at asdm.net (Gary Faith) Date: Thu May 21 02:50:56 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Message-ID: <4A147B290200002D00006737@sparky.asdm.net> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/982ee28f/attachment.html From eli at orbsky.homelinux.org Thu May 21 05:54:04 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 21 05:54:29 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A147B290200002D00006737@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> Message-ID: <200905210754.04555.eli@orbsky.homelinux.org> Gary... With all due respect. Assuming that the mail coming from your servers is not affected by something bad is a mistake. Not to mention, spam that uses your domain as email addresses in the to / from to get around just the kind of scenario is also makes your strategy a mistake. What harm besides having your server do some work would be caused by having all the mail scanned? On Thursday 21 May 2009 04:50:33 Gary Faith wrote: > I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. > > From: domain.com no > > This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. > > What is required: > 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. > 2. All other mail scanned (like normal). > > I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? > > Thanks, > > Gary Faith > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brent.addis at spit.gen.nz Thu May 21 06:25:04 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Thu May 21 06:26:55 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A147B290200002D00006737@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> Message-ID: <1242883504.23783.16.camel@baddis-laptop> Why don't you use SPF on your domains? -----Original Message----- From: Gary Faith Reply-to: MailScanner discussion To: mailscanner@lists.mailscanner.info Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Date: Wed, 20 May 2009 21:50:33 -0400 I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/6a85afca/attachment.html From shyamph at gmail.com Thu May 21 09:39:52 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 09:48:19 2009 Subject: Cached Timeout MailScanner Message-ID: Hi All, I am using MailScanner with postfix+clamav and scanning is happening properly, now a days i am seeing some time spam mails gets through and if i see the log or mailwatch it says *"cached timeout". *what could be the reason or is there any configuration tuning needs to be done. Let me know what are the input required from my end to debug the same. Mail Scanner Version :4.74.16 postfix : 2.2.11 SpamAssassin version 3.2.5 running on Perl version 5.8.5 OS : CentOS 4.7 Thanks in advance Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/6dbeac56/attachment.html From maxsec at gmail.com Thu May 21 11:10:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 21 11:10:50 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: Message-ID: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> there's problems with the spamassassin cache - stop mailscanner - delete the spamassassin cache (you'll find in in the "Incoming Work Dir" as mentioned in MailScanner.conf") and then start Mailscanner. 2009/5/21 shyam hirurkar > Hi All, > > > I am using MailScanner with postfix+clamav and scanning is happening > properly, now a days i am seeing some time spam mails gets through and if i > see the log or mailwatch it says *"cached timeout". > > *what could be the reason or is there any configuration tuning needs to be > done. > > Let me know what are the input required from my end to debug the same. > > Mail Scanner Version :4.74.16 > postfix : 2.2.11 > SpamAssassin version 3.2.5 > running on Perl version 5.8.5 > OS : CentOS 4.7 > > Thanks in advance > > Shyam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/96289fc4/attachment-0001.html From shyamph at gmail.com Thu May 21 11:17:09 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 11:17:18 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hi , Thanks for the input but small question how often i need to do is there any automation for this. Thanks in advance.. Shyam On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: > there's problems with the spamassassin cache - stop mailscanner - delete > the spamassassin cache (you'll find in in the "Incoming Work Dir" as > mentioned in MailScanner.conf") and then start Mailscanner. > > 2009/5/21 shyam hirurkar > >> Hi All, >> >> >> I am using MailScanner with postfix+clamav and scanning is happening >> properly, now a days i am seeing some time spam mails gets through and if i >> see the log or mailwatch it says *"cached timeout". >> >> *what could be the reason or is there any configuration tuning needs to >> be done. >> >> Let me know what are the input required from my end to debug the same. >> >> Mail Scanner Version :4.74.16 >> postfix : 2.2.11 >> SpamAssassin version 3.2.5 >> running on Perl version 5.8.5 >> OS : CentOS 4.7 >> >> Thanks in advance >> >> Shyam >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/4560ca17/attachment.html From shyamph at gmail.com Thu May 21 11:19:16 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 11:19:26 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hope the below parameter will solve my problem SpamAssassin Cache Timings (mailScanner.conf) Shyam On Thu, May 21, 2009 at 3:47 PM, shyam hirurkar wrote: > Hi , > > Thanks for the input but small question how often i need to do is there any > automation for this. > > Thanks in advance.. > Shyam > > > On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: > >> there's problems with the spamassassin cache - stop mailscanner - delete >> the spamassassin cache (you'll find in in the "Incoming Work Dir" as >> mentioned in MailScanner.conf") and then start Mailscanner. >> >> 2009/5/21 shyam hirurkar >> >>> Hi All, >>> >>> >>> I am using MailScanner with postfix+clamav and scanning is happening >>> properly, now a days i am seeing some time spam mails gets through and if i >>> see the log or mailwatch it says *"cached timeout". >>> >>> *what could be the reason or is there any configuration tuning needs to >>> be done. >>> >>> Let me know what are the input required from my end to debug the same. >>> >>> Mail Scanner Version :4.74.16 >>> postfix : 2.2.11 >>> SpamAssassin version 3.2.5 >>> running on Perl version 5.8.5 >>> OS : CentOS 4.7 >>> >>> Thanks in advance >>> >>> Shyam >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> -- >> Martin Hepworth >> Oxford, UK >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/b925752f/attachment.html From maxsec at gmail.com Thu May 21 11:58:01 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 21 11:58:10 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: <72cf361e0905210358w18b00076h9117fe9c95b1a9f3@mail.gmail.com> You shouldn't need to alter this - this are how long for various items to live in the cache. it sound like the cache has become corrupt if it's timing out - so as it's purely a performance cache its quite safe to delete it and let it rebuild itself. a good check is make sure it's growing and growing, after a few hours the cache should settle into a size (give or take a few MB). 2009/5/21 shyam hirurkar > Hope the below parameter will solve my problem > > SpamAssassin Cache Timings (mailScanner.conf) > > Shyam > > > > > On Thu, May 21, 2009 at 3:47 PM, shyam hirurkar wrote: > >> Hi , >> >> Thanks for the input but small question how often i need to do is there >> any automation for this. >> >> Thanks in advance.. >> Shyam >> >> >> On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: >> >>> there's problems with the spamassassin cache - stop mailscanner - delete >>> the spamassassin cache (you'll find in in the "Incoming Work Dir" as >>> mentioned in MailScanner.conf") and then start Mailscanner. >>> >>> 2009/5/21 shyam hirurkar >>> >>>> Hi All, >>>> >>>> >>>> I am using MailScanner with postfix+clamav and scanning is happening >>>> properly, now a days i am seeing some time spam mails gets through and if i >>>> see the log or mailwatch it says *"cached timeout". >>>> >>>> *what could be the reason or is there any configuration tuning needs to >>>> be done. >>>> >>>> Let me know what are the input required from my end to debug the same. >>>> >>>> Mail Scanner Version :4.74.16 >>>> postfix : 2.2.11 >>>> SpamAssassin version 3.2.5 >>>> running on Perl version 5.8.5 >>>> OS : CentOS 4.7 >>>> >>>> Thanks in advance >>>> >>>> Shyam >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/7b323cd1/attachment.html From ssilva at sgvwater.com Thu May 21 16:48:07 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 21 16:48:32 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: on 5-21-2009 3:17 AM shyam hirurkar spake the following: > Hi , > > Thanks for the input but small question how often i need to do is there > any automation for this. > You only need to do this if the cache becomes corrupt. It could be days or years, you never know when a db can get corrupted. I'm not sure if you could automate this. I guess if there is a utility in sqlite that can check for corruption and exit with an errorlevel, you could automate this in a startup script. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/b1e1efcf/signature.bin From paul.hutchings at mira.co.uk Thu May 21 20:34:02 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Thu May 21 20:34:19 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Ermm.. well sorry but does anyone have any ideas on this at all please? All I know is that it used to work, now it only works when I use rules such as "From: *@domain com". Cheers, Paul -- Paul Hutchings From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 16:56 To: MailScanner discussion Subject: RE: Mailscanner's stopped signing messages? Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/edc71914/attachment.html From ssilva at sgvwater.com Thu May 21 21:02:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 21 21:03:07 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: on 5-21-2009 12:34 PM Paul Hutchings spake the following: > Ermm.. well sorry but does anyone have any ideas on this at all please? > > > > All I know is that it used to work, now it only works when I use rules > such as ?From: *@domain com?. > Remember that MailScanner usually works on the envelope address. Does this mail go through another gateway on the way in? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/99b74974/signature.bin From MailScanner at ecs.soton.ac.uk Fri May 22 09:40:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:40:32 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905200159.n4K1x67u010236@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> Message-ID: On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > Hello, > > Installation details: RHEL5.3 with cPanel and MailScanner Front End > (configserver.com) > MailScanner is running ok for more than one year. > Our server uses the "Remove These Headers = > %rules-dir%/remove.headers.rules" setting to eliminate inbound return > receipts requests while allowing outbound receipts headers to stay intact. > > Two weeks ago after upgrading to version MailScanner - v4.76.24 we > begun to notice that some inbound emails were asking for return receipts. > > We played a lot with the rules file without success and as a temporary > solution, we replaced the per domain rules file with the the following > single line instruction: > > Remove These Headers = > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > > This solution is working, we have no receipts at all both inbound and > outbound, but we wish to regain the fine granularity control we once had. That should definitely not work, and it was a small bug that was allowing it to work. The spec in the MailScanner.conf file clearly states that: # Each header should end in a ":", but MailScanner will add it if you forget. # Headers should be separated by commas or spaces. > > The original rules file uses spaces to separate the headers. That was correct. > The typical per domain lines we had in the remove.headers.rules file were: > > # For each domain: > From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > X-Spam-Processed: > To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > Disposition-Notification-To: Errors-To: MDRcpt-To: > MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > X-Status: X-UID: X-UIDL: > > Those instructions used worked ok with previous MailScanner versions. And I have just tried a system with a rules file very much like yours and it works just fine. Sorry, but I cannot reproduce the problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:42:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:42:56 2009 Subject: Possible config option to skip filename/filettype checks for the message body? In-Reply-To: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> References: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> <4A16657A.2010906@ecs.soton.ac.uk> Message-ID: Just use a ruleset on "Allow Filenames" and "Allow Filetypes", with "." as the value for messages you don't want to check. That will allow any filename containing any character. On 20/05/2009 05:07, PSI Mailbag wrote: > Hey Jules + List, > > What do you guys/gals think about a config option to bypass the > filename/filetype checks on the message body? Very frequently, I get > messages being blocked because "file" (and even when used in the mime > only option) detects regular chatter as being a file that shouldn't be > sent: > > [root@psimf001 0114C74652C.B6E83]# file -i msg-27860-603.txt > msg-27860-603.txt: video/quicktime > [root@psimf001 0114C74652C.B6E83]# head -1 msg-27860-603.txt > Re: skipping ropes - would you want singles or the extra long ones for > > Is it feasible to find a way to bypass the checks on the extracted > message body content? I've stripped down my magic file of a lot of the > more common FP's, but lately I seem to be hitting new ones every other > week. > > In my mind I see a config option that would allow you to bypass the > "file" results from the content extracted from the message body > (msg-*.txt), while still allowing it to properly run against regular > attachments. > > Thoughts? > > > Cheers, > -Joshua > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:45:25 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:45:43 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <4A166625.8090705@ecs.soton.ac.uk> Message-ID: Please can you try 4.77.5 which I am about to publish. On 20/05/2009 16:36, Paul Hutchings wrote: > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: > > From: *@us co.uk yes > > And restarting MailScanner (I did a restart without changing anything) > has made it work. > > Has something changed with regard to the values that can be used in > rules (the IP address of the server hasn't changed!)? > > Cheers, > Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Hutchings > Sent: 20 May 2009 08:57 > To: MailScanner discussion > Subject: Mailscanner's stopped signing messages? > > As subject - it used to and other than a recent upgrade I don't believe > I've changed anything. > > How can I debug this on a production box to find out why it's not doing > it please? > > Mailscanner.conf contains: > > Sign Clean Messages = %rules-dir%/signature.rules > > And > > [root@relay log]# cat /etc/MailScanner/rules/signature.rules > # Only sign outbound mail > From: someaddress@us co.uk no > From: 193.35.217.x yes > From: *@ us co.uk and From: 193.35.217.x yes > FromOrTo: default no > > Cheers, > Paul > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:46:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:47:14 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> <4A16667A.2020206@ecs.soton.ac.uk> Message-ID: Please try 4.77.5. On 21/05/2009 20:34, Paul Hutchings wrote: > > Ermm.. well sorry but does anyone have any ideas on this at all please? > > All I know is that it used to work, now it only works when I use rules > such as ?From: *@domain com?. > > Cheers, > > Paul > > -- > > Paul Hutchings > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Paul Hutchings > *Sent:* 20 May 2009 16:56 > *To:* MailScanner discussion > *Subject:* RE: Mailscanner's stopped signing messages? > > Thanks for the reply. If the syntax has changed I?ve had this config > for a couple of years so it must be very recent ? plus that would sign > all messages from a subnet/ip range, I only want to target specific > source IP address? > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Alex Neuman > *Sent:* 20 May 2009 16:43 > *To:* MailScanner discussion > *Subject:* Re: Mailscanner's stopped signing messages? > > Are you sure the syntax isn't supposed to be: > > From: 193.35.217. yes > (no x at the end) > > On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings > > wrote: > > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > ------------------------------------------------------------------------ > > *MIRA Ltd* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us > either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > > ------------------------------------------------------------------------ > > *MIRA Ltd* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us > either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eddie at emcuk.com Fri May 22 10:13:30 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Fri May 22 10:13:58 2009 Subject: Commit ineffective error Message-ID: <4A166CBA.60002@emcuk.com> Hi All, I'm getting the below errors on a few of our servers when we moved to the newer mailscanner on them; commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 939. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 939. Any idea how to sort them out? Regards -- Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. From maxsec at gmail.com Fri May 22 10:22:50 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 22 10:23:00 2009 Subject: Commit ineffective error In-Reply-To: <4A166CBA.60002@emcuk.com> References: <4A166CBA.60002@emcuk.com> Message-ID: <72cf361e0905220222g77ca22a1n21a3cb15b7252500@mail.gmail.com> This is a well known 'error' with mailwatch see http://markmail.org/message/lan2mga2nghqk3ud#query:autocommit%20mailwatch+page:1+mid:m3j6otkwbtb5xq2k+state:resultsfor a 'fix' to keep the warning out of the logs etc. 2009/5/22 Eddie Hallahan > Hi All, > > I'm getting the below errors on a few of our servers when we moved to > the newer mailscanner on them; > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > > > Any idea how to sort them out? > > Regards > > -- > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and > Wales with company number 3134544. VAT registration number is 681038440. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/4e3b6041/attachment.html From marc at marcsnet.com Fri May 22 10:26:24 2009 From: marc at marcsnet.com (Marc Lucke) Date: Fri May 22 10:26:57 2009 Subject: Commit ineffective error In-Reply-To: <4A166CBA.60002@emcuk.com> References: <4A166CBA.60002@emcuk.com> Message-ID: <4A166FC0.9060109@marcsnet.com> I get those too. I wasn't too worried because it is only MailWatch which still seems to be OK. But am interested. Eddie Hallahan wrote: > Hi All, > > I'm getting the below errors on a few of our servers when we moved to > the newer mailscanner on them; > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > > > Any idea how to sort them out? > > Regards > > From sandro at e-den.it Fri May 22 10:50:51 2009 From: sandro at e-den.it (Alessandro Dentella) Date: Fri May 22 10:51:27 2009 Subject: spamassassin from MailScanner & dns Message-ID: <20090522095051.GA12888@ubuntu> Hi, I'm trying to study all the possible tuning for MailScanner. It I run su postfix -p -c 'spamassassin -x -D -C \ /etc/MailScanner/spam.assassin.prefs.conf --lint' I get among the rest: ... [2173] dbg: dns: is Net::DNS::Resolver available? yes ... [2173] dbg: dns: is DNS available? 0 [2173] dbg: rules: local tests only, ignoring RBL eval that appears contraddictory to me... what's the explanation? does the second 'dns' line means it doesn't understand the line in /etc/MailScanner/spam.assassin.prefs.conf: # grep dns /etc/MailScanner/spam.assassin.prefs.conf dns_available yes How should I enable non local test? Thanks *:-) From kalle at idlar.nu Fri May 22 13:22:23 2009 From: kalle at idlar.nu (kalle@idlar.nu) Date: Fri May 22 13:22:32 2009 Subject: per domain/user rules with MailScanner and Spamassassin Message-ID: <4A1698FF.7050607@idlar.nu> Hi! Sorry if this has been asked before, but I've searched around and can't find any good answers. We have been running MailScanner for some years now and it's working great. However I would like to setup a more dynamic system that can handle diffrent rules for diffrent users/domains both in MailScanner and Spamassassin. I would like to have all the settings/rules in an sql-database. Is there any documentation around of a setup like that? /Kalle From ismail at ismailozatay.net Fri May 22 13:58:21 2009 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Fri May 22 13:58:35 2009 Subject: Can not release mail from the quarantine Message-ID: <4A16A16D.80500@ismailozatay.net> Hi , Today I could not relase some e-mails from the quarantine to user. Normaly every time it works without any problem. I am trying to release this mail with mailwatch interface then then from the command line like this; sendmail -t -i < /var/spool/MailScanner/quarantine/20090522/spam/n4M6sPZS032539. But it could not send. When i checked the maillog i saw that ; "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: lost input channel from localhost.localdomain [127.0.0.1] to MTA after mail" "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: from=x@y.edu, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]" I have just tried to release a different quarantined mail and it worked properly. What is happening ? Thanks ismail From hilario at soliton.com.br Fri May 22 14:26:01 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 14:26:29 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> Message-ID: <200905221326.n4MDQK9A003574@safir.blacknight.ie> Good Morning Thus of course I have done some kind of mistake that I still did not pinpoint. I will try again to double check where I may have done the mistake. Is there any additional possibilities like user:group or permission related issues? Is the following example line correct? To: *@domain1.com.br \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ Till now I am just looking at the log tail for file load fails and sending outside emails to myself with return receipts to check if it is working. Is there a more intelligent way to test or generate more log details? Thanks for taking your time to help. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 At 05:40 2009-05-22, Julian Field wrote: >On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>Hello, >> >>Installation details: RHEL5.3 with cPanel and MailScanner Front End >>(configserver.com) >>MailScanner is running ok for more than one year. >>Our server uses the "Remove These Headers = >>%rules-dir%/remove.headers.rules" setting to eliminate inbound >>return receipts requests while allowing outbound receipts headers >>to stay intact. >> >>Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>begun to notice that some inbound emails were asking for return receipts. >> >>We played a lot with the rules file without success and as a >>temporary solution, we replaced the per domain rules file with the >>following single line instruction: >> >>Remove These Headers = >>/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >> >>This solution is working, we have no receipts at all both inbound >>and outbound, but we wish to regain the fine granularity control we once had. >That should definitely not work, and it was a small bug that was >allowing it to work. The spec in the MailScanner.conf file clearly states that: ># Each header should end in a ":", but MailScanner will add it if you forget. ># Headers should be separated by commas or spaces. >> >>The original rules file uses spaces to separate the headers. >That was correct. >>The typical per domain lines we had in the remove.headers.rules file were: >> >># For each domain: >>From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: >>To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>Disposition-Notification-To: Errors-To: MDRcpt-To: >>MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>X-Status: X-UID: X-UIDL: >> >>Those instructions used worked ok with previous MailScanner versions. >And I have just tried a system with a rules file very much like >yours and it works just fine. > >Sorry, but I cannot reproduce the problem. > >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >Need help customising MailScanner? >Contact me! >Need help fixing or optimising your systems? >Contact me! >Need help getting you started solving new requirements from your boss? >Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/867dfbfa/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 22 14:43:45 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 14:44:10 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905221326.n4MDQK9A003574@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> Message-ID: On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > Good Morning > > Thus of course I have done some kind of mistake that I still did not > pinpoint. I will try again to double check where I may have done the > mistake. > > Is there any additional possibilities like user:group or permission > related issues? > Is the following example line correct? > To: *@domain1.com.br > \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ That's wrong. The list, as I said, should be a space separated list of header names. So you should just put it like that, such as To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: No \ or | or anything like that at all. > > Till now I am just looking at the log tail for file load fails and > sending outside emails to myself with return receipts to check if it > is working. > Is there a more intelligent way to test or generate more log details? > > Thanks for taking your time to help. > > Best Regards, > > *Hilario Fochi Silveira > **Soliton Controles Industriais Ltda. > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > > > > *At 05:40 2009-05-22, Julian Field wrote: > > >> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>> Hello, >>> >>> Installation details: RHEL5.3 with cPanel and MailScanner Front End >>> (configserver.com) >>> MailScanner is running ok for more than one year. >>> Our server uses the "Remove These Headers = >>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >>> return receipts requests while allowing outbound receipts headers to >>> stay intact. >>> >>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>> begun to notice that some inbound emails were asking for return >>> receipts. >>> >>> We played a lot with the rules file without success and as a >>> temporary solution, we replaced the per domain rules file with the >>> following single line instruction: >>> >>> Remove These Headers = >>> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>> >>> This solution is working, we have no receipts at all both inbound >>> and outbound, but we wish to regain the fine granularity control we >>> once had. >> That should definitely not work, and it was a small bug that was >> allowing it to work. The spec in the MailScanner.conf file clearly >> states that: >> # Each header should end in a ":", but MailScanner will add it if you >> forget. >> # Headers should be separated by commas or spaces. >>> >>> The original rules file uses spaces to separate the headers. >> That was correct. >>> The typical per domain lines we had in the remove.headers.rules file >>> were: >>> >>> # For each domain: >>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >>> X-Spam-Processed: >>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>> Disposition-Notification-To: Errors-To: MDRcpt-To: >>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>> X-Status: X-UID: X-UIDL: >>> >>> Those instructions used worked ok with previous MailScanner versions. >> And I have just tried a system with a rules file very much like >> yours and it works just fine. >> >> Sorry, but I cannot reproduce the problem. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hilario at soliton.com.br Fri May 22 18:11:54 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 18:12:13 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> Message-ID: <200905221712.n4MHC3Pj014070@safir.blacknight.ie> Interesting ! If it still accepts the old configuration way, I am really curious to learn what happened in my box for it to stop accepting the old configuration file. I will have to work on it this week end ! When/How should I use the new regex feature in the remove.headers.rules file? Thanks, Hil?rio At 10:43 2009-05-22, you wrote: >On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >>Good Morning >> >>Thus of course I have done some kind of mistake >>that I still did not pinpoint. I will try again >>to double check where I may have done the mistake. >> >>Is there any additional possibilities like >>user:group or permission related issues? >>Is the following example line correct? >>To: *@domain1.com.br >>\Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >That's wrong. The list, as I said, should be a >space separated list of header names. So you >should just put it like that, such as >To: *@domain1.com.br Confirm-Reading-To: >Delivery-Receipt-To: Disposition-Notification-To: > >No \ or | or anything like that at all. >> >>Till now I am just looking at the log tail for >>file load fails and sending outside emails to >>myself with return receipts to check if it is working. >>Is there a more intelligent way to test or generate more log details? >> >>Thanks for taking your time to help. >> >>Best Regards, >> >>*Hilario Fochi Silveira >>**Soliton Controles Industriais Ltda. >>Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >> >> >> >>*At 05:40 2009-05-22, Julian Field wrote: >> >> >>>On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>>>Hello, >>>> >>>>Installation details: RHEL5.3 with cPanel and >>>>MailScanner Front End (configserver.com) >>>>MailScanner is running ok for more than one year. >>>>Our server uses the "Remove These Headers = >>>>%rules-dir%/remove.headers.rules" setting to >>>>eliminate inbound return receipts requests >>>>while allowing outbound receipts headers to stay intact. >>>> >>>>Two weeks ago after upgrading to version >>>>MailScanner - v4.76.24 we begun to notice >>>>that some inbound emails were asking for return receipts. >>>> >>>>We played a lot with the rules file without >>>>success and as a temporary solution, we >>>>replaced the per domain rules file with the following single line instruction: >>>> >>>>Remove These Headers = >>>>/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>>> >>>>This solution is working, we have no receipts >>>>at all both inbound and outbound, but we wish >>>>to regain the fine granularity control we once had. >>>That should definitely not work, and it was a >>>small bug that was allowing it to work. The >>>spec in the MailScanner.conf file clearly states that: >>># Each header should end in a ":", but >>>MailScanner will add it if you forget. >>># Headers should be separated by commas or spaces. >>>> >>>>The original rules file uses spaces to separate the headers. >>>That was correct. >>>>The typical per domain lines we had in the remove.headers.rules file were: >>>> >>>># For each domain: >>>>From: *@domain1.com.br X-Mozilla-Status: >>>>X-Mozilla-Status2: X-Spam-Processed: >>>>To: *@domain1.com.br Confirm-Reading-To: >>>>Delivery-Receipt-To: >>>>Disposition-Notification-To: Errors-To: >>>>MDRcpt-To: MDSend-Notifications-To: >>>>Read-Receipt-To: Receipt-Requested-To: >>>>Return-Receipt-To: Status: Smtp-Rcpt-To: >>>>X-Acknowledge-To: X-Confirm-Reading-To: >>>>X-IMAPBase: X-IMAP: X-Keywords: >>>>X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: >>>>X-Spam-Processed: X-Status: X-UID: X-UIDL: >>>> >>>>Those instructions used worked ok with previous MailScanner versions. >>>And I have just tried a system with a rules >>>file very much like yours and it works just fine. >>> >>>Sorry, but I cannot reproduce the problem. >>> >>>Jules >>> >>>-- >>>Julian Field MEng CITP CEng >>>www.MailScanner.info >>>Buy the MailScanner book at >>>www.MailScanner.info/store >>> >>>Need help customising MailScanner? >>>Contact me! >>>Need help fixing or optimising your systems? >>>Contact me! >>>Need help getting you started solving new requirements from your boss? >>>Contact me! >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! > >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >Need help customising MailScanner? >Contact me! >Need help fixing or optimising your systems? >Contact me! >Need help getting you started solving new requirements from your boss? >Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! Atenciosamente, Hil?rio Fochi Silveira Soliton Controles Industriais Ltda. 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: hilario@soliton.com.br Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm Controls, Action Instruments, Montalvo, Koyo, Sharp www.soliton.com.br www.eurotherm.com.br www.actionio.com.br www.montalvo.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/b4d37031/attachment.html From ssilva at sgvwater.com Fri May 22 18:52:32 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 22 18:52:54 2009 Subject: Commit ineffective error In-Reply-To: <4A166FC0.9060109@marcsnet.com> References: <4A166CBA.60002@emcuk.com> <4A166FC0.9060109@marcsnet.com> Message-ID: on 5-22-2009 2:26 AM Marc Lucke spake the following: > I get those too. I wasn't too worried because it is only MailWatch > which still seems to be OK. But am interested. > > You would either have to turn off autocommit in mysql, or find and remove the commits in the mailwatch modules. It is a harmless side effect, except for the log space it takes. http://mailwatch.sourceforge.net/doku.php?id=mailwatch:tipandtricks:autocommit_error -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/3f37293f/signature.bin From ssilva at sgvwater.com Fri May 22 18:54:20 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 22 18:55:14 2009 Subject: spamassassin from MailScanner & dns In-Reply-To: <20090522095051.GA12888@ubuntu> References: <20090522095051.GA12888@ubuntu> Message-ID: on 5-22-2009 2:50 AM Alessandro Dentella spake the following: > Hi, > > I'm trying to study all the possible tuning for MailScanner. It I run > > su postfix -p -c 'spamassassin -x -D -C \ > /etc/MailScanner/spam.assassin.prefs.conf --lint' > > I get among the rest: > > ... > [2173] dbg: dns: is Net::DNS::Resolver available? yes > ... > [2173] dbg: dns: is DNS available? 0 > [2173] dbg: rules: local tests only, ignoring RBL eval > > > that appears contraddictory to me... what's the explanation? > does the second 'dns' line means it doesn't understand the line in > /etc/MailScanner/spam.assassin.prefs.conf: > > # grep dns /etc/MailScanner/spam.assassin.prefs.conf > dns_available yes > > How should I enable non local test? > > Thanks > *:-) You can only enable network tests by piping a message into spamassassin. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/8ccadca3/signature.bin From rlopezcnm at gmail.com Fri May 22 19:34:03 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri May 22 19:34:14 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) Message-ID: I would like to try out mailscanner on Debian Lenny. My senior administrator does not want to try mailscanner on Debian unless it is using postfix instead of exim4. This brings up something I do not know how to do: I access MailScanner discussion list via Gmail to read the current email. I can use google to find discussions archived at http://lists.mailscanner.info/... It I go directly to http://lists.mailscanner.info/... and sort the lists But I can not figure out how to search there for discussion on my current project. Is there a direct way to search the email archives? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/5d3c3863/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 22 20:00:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 20:00:47 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905221712.n4MHC3Pj014070@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > Interesting ! > If it still accepts the old configuration way, I am really curious to > learn what happened in my box for it to stop accepting the old > configuration file. I will have to work on it this week end ! > When/How should I use the new regex feature in the > remove.headers.rules file? What new regex feature? There never was one! Not in my book anyway. What you may have exploited due to poor syntax checking on my part was never in any way a supported feature, the feature is as documented in the MailScanner.conf file, ie. a space-separated list of header names. > > Thanks, > > Hil?rio > > At 10:43 2009-05-22, you wrote: > > >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >>> Good Morning >>> >>> Thus of course I have done some kind of mistake that I still did not >>> pinpoint. I will try again to double check where I may have done the >>> mistake. >>> >>> Is there any additional possibilities like user:group or permission >>> related issues? >>> Is the following example line correct? >>> To: *@domain1.com.br >>> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >> That's wrong. The list, as I said, should be a space separated list >> of header names. So you should just put it like that, such as >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> Disposition-Notification-To: >> >> No \ or | or anything like that at all. >>> >>> Till now I am just looking at the log tail for file load fails and >>> sending outside emails to myself with return receipts to check if it >>> is working. >>> Is there a more intelligent way to test or generate more log details? >>> >>> Thanks for taking your time to help. >>> >>> Best Regards, >>> >>> *Hilario Fochi Silveira >>> **Soliton Controles Industriais Ltda. >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >>> >>> >>> >>> *At 05:40 2009-05-22, Julian Field wrote: >>> >>> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>>>> Hello, >>>>> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front >>>>> End (configserver.com) >>>>> MailScanner is running ok for more than one year. >>>>> Our server uses the "Remove These Headers = >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >>>>> return receipts requests while allowing outbound receipts headers >>>>> to stay intact. >>>>> >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>>>> begun to notice that some inbound emails were asking for return >>>>> receipts. >>>>> >>>>> We played a lot with the rules file without success and as a >>>>> temporary solution, we replaced the per domain rules file with the >>>>> following single line instruction: >>>>> >>>>> Remove These Headers = >>>>> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>>>> >>>>> This solution is working, we have no receipts at all both inbound >>>>> and outbound, but we wish to regain the fine granularity control >>>>> we once had. >>>> That should definitely not work, and it was a small bug that was >>>> allowing it to work. The spec in the MailScanner.conf file clearly >>>> states that: >>>> # Each header should end in a ":", but MailScanner will add it if >>>> you forget. >>>> # Headers should be separated by commas or spaces. >>>>> >>>>> The original rules file uses spaces to separate the headers. >>>> That was correct. >>>>> The typical per domain lines we had in the remove.headers.rules >>>>> file were: >>>>> >>>>> # For each domain: >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >>>>> X-Spam-Processed: >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>>>> X-Status: X-UID: X-UIDL: >>>>> >>>>> Those instructions used worked ok with previous MailScanner versions. >>>> And I have just tried a system with a rules file very much like >>>> yours and it works just fine. >>>> >>>> Sorry, but I cannot reproduce the problem. >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info < >>>> http://www.mailscanner.info/> >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> < >>>> http://www.mailscanner.info/store> >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Atenciosamente, > > *Hil?rio Fochi Silveira > **Soliton Controles Industriais Ltda. > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > hilario@soliton.com.br > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm > Controls, Action Instruments, Montalvo, Koyo, Sharp > www.soliton.com.br www.eurotherm.com.br > www.actionio.com.br > www.montalvo.com.br > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G +QTTpHrgwHz371bPuVpt6bE= =Qvgv -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hilario at soliton.com.br Fri May 22 20:35:12 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 20:35:44 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> Message-ID: <200905221935.n4MJZYi3020712@safir.blacknight.ie> Wow, Now I am really confused ! The following are the instructions I interpreted as new regex feature for "Remove These Headers" I see them in two different places: the changelog and the instructions in the MailScanner.conf file inside the MailScanner-4.77.5-1.rpm.tar.gz And the new instructions prohibit the use of spaces in the new regex mode. a) The changelog file Reference: http://www.mailscanner.info/ChangeLog 1/4/2009 New in Version 4.75.11-1 ================================= ... 9 Added support for regular expressions in "Remove These Headers". Note that the expression is matched against the whole header line, not just the name of the header. Note that the expressions must not contain any spaces, so use '\s' instead of ' '. The match is done case-insensitive in all cases. ... b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz). Reference: ... # If any of these headers are included in a a message, they will be deleted. # This is a space-separated list of a mixture of any combination of # 1. Names of headers, optionally ending with a ':' # (the ':' will be added if not supplied) # 2. Regular expressions starting and ending with a '/'. # These regular expressions are matched against the entire header line, # not just the name of the header. # **NOTE** The regular expressions must *not* contain spaces, # so use '\s' instead of ' '. # This is very useful for removing return-receipt requests and any headers ... I really thought it was a new regex feature to remove headers and/or additional information. It works as a line in the Mailscanner.conf file, but I am not able to have my old per domain file working anymore. I just do not know how to use it correctly and my server does not accept the file with spaces any more. Thanks again for helping. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 At 16:00 2009-05-22, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > > Interesting ! > > If it still accepts the old configuration way, I am really curious to > > learn what happened in my box for it to stop accepting the old > > configuration file. I will have to work on it this week end ! > > When/How should I use the new regex feature in the > > remove.headers.rules file? >What new regex feature? There never was one! Not in my book anyway. What >you may have exploited due to poor syntax checking on my part was never >in any way a supported feature, the feature is as documented in the >MailScanner.conf file, ie. a space-separated list of header names. > > > > Thanks, > > > > Hil?rio > > > > At 10:43 2009-05-22, you wrote: > > > > > >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > >>> Good Morning > >>> > >>> Thus of course I have done some kind of mistake that I still did not > >>> pinpoint. I will try again to double check where I may have done the > >>> mistake. > >>> > >>> Is there any additional possibilities like user:group or permission > >>> related issues? > >>> Is the following example line correct? > >>> To: *@domain1.com.br > >>> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ > >> That's wrong. The list, as I said, should be a space separated list > >> of header names. So you should just put it like that, such as > >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> Disposition-Notification-To: > >> > >> No \ or | or anything like that at all. > >>> > >>> Till now I am just looking at the log tail for file load fails and > >>> sending outside emails to myself with return receipts to check if it > >>> is working. > >>> Is there a more intelligent way to test or generate more log details? > >>> > >>> Thanks for taking your time to help. > >>> > >>> Best Regards, > >>> > >>> *Hilario Fochi Silveira > >>> **Soliton Controles Industriais Ltda. > >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > >>> > >>> > >>> > >>> *At 05:40 2009-05-22, Julian Field wrote: > >>> > >>> > >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > >>>>> Hello, > >>>>> > >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front > >>>>> End (configserver.com) > >>>>> MailScanner is running ok for more than one year. > >>>>> Our server uses the "Remove These Headers = > >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound > >>>>> return receipts requests while allowing outbound receipts headers > >>>>> to stay intact. > >>>>> > >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we > >>>>> begun to notice that some inbound emails were asking for return > >>>>> receipts. > >>>>> > >>>>> We played a lot with the rules file without success and as a > >>>>> temporary solution, we replaced the per domain rules file with the > >>>>> following single line instruction: > >>>>> > >>>>> Remove These Headers = > >>>>> > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > >>>>> > >>>>> This solution is working, we have no receipts at all both inbound > >>>>> and outbound, but we wish to regain the fine granularity control > >>>>> we once had. > >>>> That should definitely not work, and it was a small bug that was > >>>> allowing it to work. The spec in the MailScanner.conf file clearly > >>>> states that: > >>>> # Each header should end in a ":", but MailScanner will add it if > >>>> you forget. > >>>> # Headers should be separated by commas or spaces. > >>>>> > >>>>> The original rules file uses spaces to separate the headers. > >>>> That was correct. > >>>>> The typical per domain lines we had in the remove.headers.rules > >>>>> file were: > >>>>> > >>>>> # For each domain: > >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > >>>>> X-Spam-Processed: > >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: > >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > >>>>> X-Status: X-UID: X-UIDL: > >>>>> > >>>>> Those instructions used worked ok with previous MailScanner versions. > >>>> And I have just tried a system with a rules file very much like > >>>> yours and it works just fine. > >>>> > >>>> Sorry, but I cannot reproduce the problem. > >>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP CEng > >>>> www.MailScanner.info < > >>>> http://www.mailscanner.info/> > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> < > >>>> http://www.mailscanner.info/store> > >>>> > >>>> Need help customising MailScanner? > >>>> Contact me! > >>>> Need help fixing or optimising your systems? > >>>> Contact me! > >>>> Need help getting you started solving new requirements from your boss? > >>>> Contact me! > >>>> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > Atenciosamente, > > > > *Hil?rio Fochi Silveira > > **Soliton Controles Industriais Ltda. > > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > > hilario@soliton.com.br > > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm > > Controls, Action Instruments, Montalvo, Koyo, Sharp > > www.soliton.com.br www.eurotherm.com.br > > www.actionio.com.br > > www.montalvo.com.br > > > > > >Jules > >- -- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Follow me at twitter.com/JulesFM > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >PGP public key: http://www.jules.fm/julesfm.asc > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.10.0 (Build 500) >Comment: Use PGP or Thunderbird Enigmail to verify this message >Charset: ISO-8859-1 > >wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G >+QTTpHrgwHz371bPuVpt6bE= >=Qvgv >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/008f9745/attachment.html From gafaith at asdm.net Sat May 23 01:27:28 2009 From: gafaith at asdm.net (Gary Faith) Date: Sat May 23 01:27:51 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <1242883504.23783.16.camel@baddis-laptop> References: <4A147B290200002D00006737@sparky.asdm.net> <1242883504.23783.16.camel@baddis-laptop> Message-ID: <4A170AB00200002D00006768@sparky.asdm.net> I do use SPF for my domains and I am using v=spf1 a mx -all for the domain and v=spf1 a -all for the mail server. >>> Brent Addis 5/21/2009 1:25 AM >>> Why don't you use SPF on your domains? -----Original Message----- From: Gary Faith Reply-to: MailScanner discussion To: mailscanner@lists.mailscanner.info Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Date: Wed, 20 May 2009 21:50:33 -0400 I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/3ad951ff/attachment-0001.html From gafaith at asdm.net Sat May 23 01:47:50 2009 From: gafaith at asdm.net (Gary Faith) Date: Sat May 23 01:48:10 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <200905210754.04555.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> Message-ID: <4A170F760200002D0000676D@sparky.asdm.net> I am trying to get around the problem of whitelisting my entire domain which is what I did earlier by allowing any message FROM my domain name without scanning. As I said earlier, this caused problems because people were using my server to send spam using my domain. I only want it to not scan e-mail when it is from the server that authenticates. The server that I am talking about is a mail server, which used to have a static IP, I use for another unrelated business and my personal e-mail. Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. I need a solutions and I thought someone on this list would have a brilliant idea on how to do this. It can't be that hard, can it? >>> Eli Wapniarski 5/21/2009 12:54 AM >>> Gary... With all due respect. Assuming that the mail coming from your servers is not affected by something bad is a mistake. Not to mention, spam that uses your domain as email addresses in the to / from to get around just the kind of scenario is also makes your strategy a mistake. What harm besides having your server do some work would be caused by having all the mail scanned? On Thursday 21 May 2009 04:50:33 Gary Faith wrote: > I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. > > From: domain.com no > > This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. > > What is required: > 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. > 2. All other mail scanned (like normal). > > I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? > > Thanks, > > Gary Faith > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/fd5e4976/attachment.html From eli at orbsky.homelinux.org Sat May 23 05:57:00 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 23 05:57:33 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A170F760200002D0000676D@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> Message-ID: <200905230757.01173.eli@orbsky.homelinux.org> On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat May 23 11:03:07 2009 From: MailScanner at ecs.soton.ac.