From kse at hovmark.dk Fri May 1 07:16:48 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 1 07:14:59 2009 Subject: Common SQL Backend for several MailScanner clients. Message-ID: <1241158608.5854.8.camel@kse> Good morning. Can you have several MailScanner clients, that all run on a single SQL Database. That includes a bayesian filter, but afaik that shouldn't cause any problems, as it's already shared between users on some servers. The logging is through SQL ofcourse, as we use the mailwatch front-end. Will this create any problems that anyone can foresee? The reasoning behind this would be common logging, so we wouldn't have to edit several white/blacklists, check several filters for what went through and so on. And my boss does not want clustering, as depending on the bandwidth it uses, we might spread them out over several geographical locations. Thanks for the great software. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 From Johan at double-l.nl Fri May 1 08:07:15 2009 From: Johan at double-l.nl (Johan Hendriks) Date: Fri May 1 08:07:31 2009 Subject: FreeBSD port of MailScanner-4.75.11,1 - could someone test References: <57200BF94E69E54880C9BB1AF714BBCB5DE7CA@w2003s01.double-l.local> Message-ID: <57200BF94E69E54880C9BB1AF714BBCB5DE7DD@w2003s01.double-l.local> Thanks for this it has been committed today Because of the long outdates port i started to create my own! Try to see if that worked. I am no ports guru or Mailscanner guru also. Thanks again -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Kevin Kobb Verzonden: donderdag 30 april 2009 19:47 Aan: mailscanner@lists.mailscanner.info Onderwerp: Re: FreeBSD port of MailScanner-4.75.11,1 - could someone test Johan Hendriks wrote: > I created a port for MailScanner-4.75.11,1 on FreeBSD. > My programming skills are poor, but it al seems to work on my 7.1-stable > and 8.0 machine (both AMD64) > This is with perl 5.10.x , it does not work with perl-5.8.9 > > So please test it and let me know if it al works. > > > > You can download the file here. > > http://www.double-l.nl/mailscanner.tar > > > > regards, > > Johan Hendriks > > > For better or worse, the official FreeBSD port has been updated to 4.75.11. I had submitted a patch to an open PR and to the port maintainer several weeks ago, but never got any feedback. It looks like the update was automatically committed. I don't claim to be a ports, or MailScanner expert, but I gave it the old college try. Hopefully, this will work for others (seems to be OK on my tests), or motivate some guru to fix my feeble effort ;-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.9/2087 - Release Date: 04/29/09 18:03:00 No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.287 / Virus Database: 270.12.9/2087 - Release Date: 04/29/09 18:03:00 From support-lists at petdoctors.co.uk Fri May 1 09:38:16 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 09:38:42 2009 Subject: MailScanner slowwing down In-Reply-To: <49FA1147.7060101@whidbey.com> References: <045c01c9c970$75545130$5ffcf390$@ie><72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> Message-ID: >I was looking at those yesterday because I was running the load average up to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it does swap when it gets busy. >I can upgrade to a machine that's half again faster with twice the memory for the same monthly fee, but I'd have to run both during the transition and it would take a ton of >time to move everything over. (It's a webserver for a couple of dozen domains and my secondary name server.) May not be relevant here, but I had a box that slowed down last week. It was a P4 3GHz unit with only 768MB RAM and I had just upgraded it to the latest MailScanner download. I was getting a similar load average and lots of swapping. First off I noticed that the bitdefender update script was hogging over half the RAM when it kicked in so I turned it off, but since I was at the machine anyway, I did a yum update (it's running CentOS4). This updated quite a lot, but also messed up a MailScanner perl dependency, so I reinstalled MailScanner from Julian's script and ever since then the server's been running fine and still with only 768MB RAM. Nigel From support-lists at petdoctors.co.uk Fri May 1 10:09:49 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 10:10:20 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> Message-ID: Hi, I'm coming in a bit late here and am trying to catch up on this thread. I have had a good read but would appreciate some advice on the following: On the mail server that ground to a halt on me (frequently) about a week ago, it's currently showing 384 messages in the processing queue, stretching back to 20th April. Here's the top of the list: Number of messages: 384 Tries Message Next Try At ===== ======= =========== 1 762C72F0039.D1D4C Fri May 1 05:12:13 2009 1 762C72F0039.9458D Fri May 1 05:10:57 2009 1 762C72F0039.217F1 Fri May 1 05:09:31 2009 1 CA1472F003B.F132E Fri May 1 04:17:22 2009 1 8511F2F0038.17722 Fri May 1 04:13:59 2009 1 847282F003A.0C804 Fri May 1 04:12:34 2009 1 25C4167800F.C6CF0 Thu Apr 30 19:21:03 2009 1 25C4167800F.AE019 Thu Apr 30 19:19:56 2009 1 25C4167800F.3120B Thu Apr 30 19:17:54 2009 1 04BE62F003A.1F69E Thu Apr 30 13:20:46 2009 1 02D6867800F.64CA4 Thu Apr 30 13:18:50 2009 1 02D6867800F.3EF79 Thu Apr 30 13:18:05 2009 1 8628B67800F.1D156 Wed Apr 29 15:23:21 2009 1 D694C678019.51D4F Wed Apr 29 15:22:41 2009 1 B49BF678017.BC390 Wed Apr 29 15:22:27 2009 1 8628B67800F.5F79F Wed Apr 29 15:20:27 2009 1 3DDF567800F.D497F Wed Apr 29 13:41:58 2009 1 29634678033.E00D4 Wed Apr 29 13:39:45 2009 1 E1CB367801A.10092 Wed Apr 29 13:39:16 2009 1 AAFCC67802C.D024A Wed Apr 29 13:38:52 2009 1 0B532678019.78254 Wed Apr 29 13:37:36 2009 1 6244F67800F.34B35 Wed Apr 29 11:18:31 2009 1 6244F67800F.0537D Wed Apr 29 11:18:19 2009 1 6244F67800F.A73C3 Wed Apr 29 11:17:11 2009 Are these entries now considered 'spurious' and do I need to take any action, wait for the current MailScanner beta release to go stable or even install it now? Or do I have an ongoing problem!? Thanks Nigel Kendrick From mailadmin at midland-ics.ie Fri May 1 12:53:29 2009 From: mailadmin at midland-ics.ie (Mail Admin) Date: Fri May 1 12:54:41 2009 Subject: MailScanner slowwing down In-Reply-To: <49FA1147.7060101@whidbey.com> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> Message-ID: <005301c9ca53$7268b1d0$573a1570$@ie> I've managed to reduce the load (fingers crossed), I cant get smf-sav to compile on my box yet, but still looking into it. I firewalled some brazil IP Ranges which took a good load off too. Seen some bogus recipient addresses that are really targeted to and rejected them in my access database. I'm going to try my utmost to get smf-sav working - would love a sample of someones conf file where they have multiple domains multiple exchange servers for recipient verification From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour Van Horn Sent: 30 April 2009 22:00 To: MailScanner discussion Subject: Re: MailScanner slowwing down I was looking at those yesterday because I was running the load average up to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it does swap when it gets busy. I can upgrade to a machine that's half again faster with twice the memory for the same monthly fee, but I'd have to run both during the transition and it would take a ton of time to move everything over. (It's a webserver for a couple of dozen domains and my secondary name server.) I told Sendmail to stop accepting connections at load average of 6, which kept the load average from trying to get to 50. (Yes, I have seen the la go that high, although not on this system. It ain't pretty!) I dropped the child count from five to three, which seemed to help - each child just took bigger bites and the throughput didn't seem to be affected. One thing that looked appealing was setting up a caching nameserver, but all the docs I ran into assumed that you weren't already running BIND on the box and that you wanted to cache your local network, so I was too confused to get that running. (I do have everything installed, just need to figure out the config.) I did add pause-greet to the Sendmail config, it blocked at least a hundred messages overnight. Not a big change, but the price is right. I'm thinking about setting up greylisting, it will cut down on the MS load and should spread out the surges a little. I guess I should have expected things to slow down when I leapfrogged so many versions on Tuesday. Now I've got to figure out how to get it back in control or bite the bullet and get some more horsepower. Van Martin Hepworth wrote: See http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_s pamassassin Dropping unknown recipients and having a local caching nameserver are generally the first things to sort, then look at the number of children and batch size... -- Martin Hepworth Oxford, UK 2009/4/30 Mail Admin Hi All, Recently I am finding that the amount of incoming mail through my MailScanner Server is really slowing down things. There is a heavy load now since I took on a domain that seems to me well spammed. Yesterdays processing processed 22,000 emails @88% Spam approx. Server Spec POWEREDGE 1850 XEON 2.8GHZ/2MB 800FSB - WITH 2 GIG RAM and RAID 1 Configuration on two Disks RPM 10K. Its Running Fedora Core 5, Send Mail 8.13.8-1.fc5 with MailScanner 4.69.7-1 with SA, Razor, DCC., MailWatch V1 Its working very well blocking spam, but only in the last couple of days its got really slow. Any ideas on how to reduce the load on this server>? By blocking mail at the MTA before it hits MS? OR Tweaking my processes? What do the Experts think on the Server Spec, for the amount of traffic? I'd appreciate any help Regards Kevin This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although we make every effort to keep our systems free from viruses, you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/dc3e6144/attachment.html From ka at pacific.net Fri May 1 15:48:27 2009 From: ka at pacific.net (Ken A) Date: Fri May 1 15:48:46 2009 Subject: MailScanner slowwing down In-Reply-To: <005301c9ca53$7268b1d0$573a1570$@ie> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> Message-ID: <49FB0BBB.5090109@pacific.net> Mail Admin wrote: > I've managed to reduce the load (fingers crossed), I cant get smf-sav to > compile on my box yet, but still looking into it. > > I firewalled some brazil IP Ranges which took a good load off too. > > Seen some bogus recipient addresses that are really targeted to and rejected > them in my access database. > > I'm going to try my utmost to get smf-sav working - would love a sample of > someones conf file where they have multiple domains multiple exchange > servers for recipient verification I don't think smf-sav currently has that ability. You can only define 1 mailstore in the config. milter-ahead handles this correctly, of course, by asking sendmail where the mail for the domain would go, then using that host to test the recipient. http://www.snertsoft.com/sendmail/milter-ahead/ Ken > > > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour > Van Horn > Sent: 30 April 2009 22:00 > To: MailScanner discussion > Subject: Re: MailScanner slowwing down > > > > I was looking at those yesterday because I was running the load average up > to 10 or 12 in spurts. My box has a Sempron 2200 and a gig of RAM, so it > does swap when it gets busy. I can upgrade to a machine that's half again > faster with twice the memory for the same monthly fee, but I'd have to run > both during the transition and it would take a ton of time to move > everything over. (It's a webserver for a couple of dozen domains and my > secondary name server.) > > I told Sendmail to stop accepting connections at load average of 6, which > kept the load average from trying to get to 50. (Yes, I have seen the la go > that high, although not on this system. It ain't pretty!) > > I dropped the child count from five to three, which seemed to help - each > child just took bigger bites and the throughput didn't seem to be affected. > > One thing that looked appealing was setting up a caching nameserver, but all > the docs I ran into assumed that you weren't already running BIND on the box > and that you wanted to cache your local network, so I was too confused to > get that running. (I do have everything installed, just need to figure out > the config.) > > I did add pause-greet to the Sendmail config, it blocked at least a hundred > messages overnight. Not a big change, but the price is right. > > I'm thinking about setting up greylisting, it will cut down on the MS load > and should spread out the surges a little. > > I guess I should have expected things to slow down when I leapfrogged so > many versions on Tuesday. Now I've got to figure out how to get it back in > control or bite the bullet and get some more horsepower. > > Van > > Martin Hepworth wrote: > > See > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > > > and > > > > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_s > pamassassin > > > > Dropping unknown recipients and having a local caching nameserver are > generally the first things to sort, then look at the number of children and > batch size... > > > > -- Ken Anderson Pacific Internet - http://www.pacific.net From axisml at gmail.com Fri May 1 16:09:46 2009 From: axisml at gmail.com (Chris Stone) Date: Fri May 1 16:09:55 2009 Subject: MailScanner slowwing down In-Reply-To: <49FB0BBB.5090109@pacific.net> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> <49FB0BBB.5090109@pacific.net> Message-ID: <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> On Fri, May 1, 2009 at 8:48 AM, Ken A wrote: >> I'm going to try my utmost to get smf-sav working ?- would love a sample >> of >> someones conf file where they have multiple domains multiple exchange >> servers for recipient verification > > I don't think smf-sav currently has that ability. You can only define 1 > mailstore in the config. I'm not currently using smf-sav, but I did do some testing with it and I believe it does use mailertable to find out the server for the recipient validation checks. According to their site: "Sendmail virtusertable and mailertable features full support."..... Chris From MailScanner at ecs.soton.ac.uk Fri May 1 16:21:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 1 16:21:34 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> Message-ID: On 01/05/2009 10:09, Nigel Kendrick wrote: > Hi, > > I'm coming in a bit late here and am trying to catch up on this thread. I > have had a good read but would appreciate some advice > on the following: > > On the mail server that ground to a halt on me (frequently) about a week > ago, it's currently showing 384 messages in the processing queue, stretching > back > to 20th April. Here's the top of the list: > > Number of messages: 384 > Tries Message Next Try At > ===== ======= =========== > 1 762C72F0039.D1D4C Fri May 1 05:12:13 2009 > 1 762C72F0039.9458D Fri May 1 05:10:57 2009 > 1 762C72F0039.217F1 Fri May 1 05:09:31 2009 > 1 CA1472F003B.F132E Fri May 1 04:17:22 2009 > 1 8511F2F0038.17722 Fri May 1 04:13:59 2009 > 1 847282F003A.0C804 Fri May 1 04:12:34 2009 > 1 25C4167800F.C6CF0 Thu Apr 30 19:21:03 2009 > 1 25C4167800F.AE019 Thu Apr 30 19:19:56 2009 > 1 25C4167800F.3120B Thu Apr 30 19:17:54 2009 > 1 04BE62F003A.1F69E Thu Apr 30 13:20:46 2009 > 1 02D6867800F.64CA4 Thu Apr 30 13:18:50 2009 > 1 02D6867800F.3EF79 Thu Apr 30 13:18:05 2009 > 1 8628B67800F.1D156 Wed Apr 29 15:23:21 2009 > 1 D694C678019.51D4F Wed Apr 29 15:22:41 2009 > 1 B49BF678017.BC390 Wed Apr 29 15:22:27 2009 > 1 8628B67800F.5F79F Wed Apr 29 15:20:27 2009 > 1 3DDF567800F.D497F Wed Apr 29 13:41:58 2009 > 1 29634678033.E00D4 Wed Apr 29 13:39:45 2009 > 1 E1CB367801A.10092 Wed Apr 29 13:39:16 2009 > 1 AAFCC67802C.D024A Wed Apr 29 13:38:52 2009 > 1 0B532678019.78254 Wed Apr 29 13:37:36 2009 > 1 6244F67800F.34B35 Wed Apr 29 11:18:31 2009 > 1 6244F67800F.0537D Wed Apr 29 11:18:19 2009 > 1 6244F67800F.A73C3 Wed Apr 29 11:17:11 2009 > > Are these entries now considered 'spurious' and do I need to take any > action, wait for the current MailScanner beta release to go stable or even > install it now? It already is a stable release. I just haven't had time to announce it yet, sorry, that's tomorrow's job. Install the stable release, stop MailScanner, destroy /var/spool/MailScanner/incoming/*db and fire it up again. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Fri May 1 16:26:04 2009 From: ka at pacific.net (Ken A) Date: Fri May 1 16:26:21 2009 Subject: MailScanner slowwing down In-Reply-To: <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> References: <045c01c9c970$75545130$5ffcf390$@ie> <72cf361e0904300226y78c8dbf0v8aa6c2b16e3b1d79@mail.gmail.com> <49FA1147.7060101@whidbey.com> <005301c9ca53$7268b1d0$573a1570$@ie> <49FB0BBB.5090109@pacific.net> <3047fef10905010809v27a65928o5034e8bcbca223f7@mail.gmail.com> Message-ID: <49FB148C.4090205@pacific.net> Chris Stone wrote: > On Fri, May 1, 2009 at 8:48 AM, Ken A wrote: >>> I'm going to try my utmost to get smf-sav working - would love a sample >>> of >>> someones conf file where they have multiple domains multiple exchange >>> servers for recipient verification >> I don't think smf-sav currently has that ability. You can only define 1 >> mailstore in the config. > > I'm not currently using smf-sav, but I did do some testing with it and > I believe it does use mailertable to find out the server for the > recipient validation checks. According to their site: "Sendmail > virtusertable and mailertable features full support."..... > > You are correct. It does use mailertable entries, so that is all that's needed to route mail to several exchange boxes. Just tested here, and it works as advertised. Ken > > Chris -- Ken Anderson Pacific Internet - http://www.pacific.net From support-lists at petdoctors.co.uk Fri May 1 16:35:51 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Fri May 1 16:36:28 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> Message-ID: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, May 01, 2009 4:21 PM To: MailScanner discussion Subject: Re: Found nn messages in the processing-messages database On 01/05/2009 10:09, Nigel Kendrick wrote: > Hi, > > I'm coming in a bit late here and am trying to catch up on this thread. I > have had a good read but would appreciate some advice [Snip] It already is a stable release. I just haven't had time to announce it yet, sorry, that's tomorrow's job. Install the stable release, stop MailScanner, destroy /var/spool/MailScanner/incoming/*db and fire it up again. Jules Thanks Jules, I think you deserve some time off - take it easy! Nigel From eli at orbsky.homelinux.org Fri May 1 18:27:51 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 1 18:28:15 2009 Subject: Problem with the Installer Message-ID: <200905012027.52181.eli@orbsky.homelinux.org> Hi I just tried to install version MailScanner-4.76.24-1.rpm.tar.gz on Fedora 10 x86_64 and I'm getting I think your system will build architecture-dependent modules for x86_64 Deleting all the old versions of your Perl modules, I will re-install them in a minute. Removing perl-ExtUtils-MakeMaker Removing perl-TimeDate Removing perl-Pod-Escapes Removing perl-Pod-Simple Removing perl-Test-Harness Removing perl-Test-Simple Removing perl-IO-stringy Removing perl-HTML-Tagset Removing perl-HTML-Parser Removing perl-Compress-Zlib Removing perl-DBI Removing perl-Digest-SHA1 Removing perl-Digest-HMAC Removing perl-Net-DNS Perl modules have been removed... Rebuilding all the Perl RPMs for your version of Perl Oh good, module File-Spec version 0.82 is already installed. Attempting to build and install perl-ExtUtils-MakeMaker-6.50-1 Installing perl-ExtUtils-MakeMaker-6.50-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.yH6vlt + umask 022 + cd /root/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + cd /root/rpmbuild/BUILD + rm -rf ExtUtils-MakeMaker-6.50 + /bin/gzip -dc /root/rpmbuild/SOURCES/ExtUtils-MakeMaker-6.50.tar.gz + /bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd ExtUtils-MakeMaker-6.50 + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.6jpseI + umask 022 + cd /root/rpmbuild/BUILD + cd ExtUtils-MakeMaker-6.50 + LANG=C + export LANG + unset DISPLAY + CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' + perl Makefile.PL INSTALLDIRS=vendor Warning: prerequisite Pod::Man 0 not found. Checking if your kit is complete... Looks good Using included version of ExtUtils::Command (1.16) as it is newer than the installed version (1.13). Writing Makefile for ExtUtils::MakeMaker + make Can't locate ExtUtils/Install.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib64/perl5/site_perl/5.10.0 /usr/local/lib64/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0 /usr/local/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.10.0 /usr/lib64/perl5/vendor_perl /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .). BEGIN failed--compilation aborted. make: *** [pm_to_blib] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/e6eb3107/attachment.html From howard.kash at us.army.mil Fri May 1 19:36:14 2009 From: howard.kash at us.army.mil (Howard M. Kash (Civ, ARL/CISD)) Date: Fri May 1 19:36:26 2009 Subject: 4.76 install issues Message-ID: <49FB411E.9030301@us.army.mil> Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: http://rt.cpan.org/Public/Bug/Display.html?id=45171 Had to revert to previous version of perl-DBD-SQLlite. Had to run install.sh twice to get all modules to install. File::Temp didn't install after first run. Same behavior on two separate RHEL4 boxes. Still having issues with up2date not working after MailScanner update. Had to "rpm -e --nodeps perl" and "up2date -i perl" to fix. Howard From ssilva at sgvwater.com Fri May 1 23:24:08 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 1 23:24:31 2009 Subject: 4.76 install issues In-Reply-To: <49FB411E.9030301@us.army.mil> References: <49FB411E.9030301@us.army.mil> Message-ID: on 5-1-2009 11:36 AM Howard M. Kash (Civ, ARL/CISD) spake the following: > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > Had to revert to previous version of perl-DBD-SQLlite. > > Had to run install.sh twice to get all modules to install. File::Temp > didn't install after first run. Same behavior on two separate RHEL4 boxes. > > Still having issues with up2date not working after MailScanner update. > Had to "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > Howard I Gave up fighting with perl-DBD-SQLite and installed 1.25 from rpmforge. I figured my CentOS 4 box had been beaten into submission so many times that I didn't want to fight with it anymore. I'll be hitting my 5.3 boxes this weekend. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090501/b6b88adc/signature.bin From MailScanner at ecs.soton.ac.uk Sat May 2 01:13:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 2 01:13:46 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: <1241158608.5854.8.camel@kse> References: <1241158608.5854.8.camel@kse> <49FB900F.9070406@ecs.soton.ac.uk> Message-ID: That sounds mostly like SpamAssassin and MailWatch issues, not directly MailScanner related. Am I correct or not? MailScanner's use of SQL is strictly limited and not much can be gained by sharing its SQL databases (there are only about 2 tables). On 01/05/2009 07:16, Kasper Sacharias Eenberg wrote: > Good morning. > > Can you have several MailScanner clients, that all run on a single SQL > Database. > That includes a bayesian filter, but afaik that shouldn't cause any > problems, as it's already shared between users on some servers. > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > Will this create any problems that anyone can foresee? > > > The reasoning behind this would be common logging, so we wouldn't have > to edit several white/blacklists, check several filters for what went > through and so on. > > And my boss does not want clustering, as depending on the bandwidth it > uses, we might spread them out over several geographical locations. > > > > Thanks for the great software. > With regards, > > ________________________________________________________________________ > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Sat May 2 07:20:36 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 07:21:03 2009 Subject: Problem with the Installer In-Reply-To: <200905012027.52181.eli@orbsky.homelinux.org> References: <200905012027.52181.eli@orbsky.homelinux.org> Message-ID: <200905020920.37267.eli@orbsky.homelinux.org> Never mind... I had a problem with the perl development environment. Once I reinstalled perl-devel everythnig seems to be building correctly. Thank You for any attention that you might have put into this. Eli On Friday 01 May 2009 20:27:51 Eli Wapniarski wrote: > Hi > > I just tried to install version MailScanner-4.76.24-1.rpm.tar.gz on Fedora 10 x86_64 and I'm getting > > I think your system will build architecture-dependent modules for x86_64 > > Deleting all the old versions of your Perl modules, > I will re-install them in a minute. > > Removing perl-ExtUtils-MakeMaker > Removing perl-TimeDate > Removing perl-Pod-Escapes > Removing perl-Pod-Simple > Removing perl-Test-Harness > Removing perl-Test-Simple > Removing perl-IO-stringy > Removing perl-HTML-Tagset > Removing perl-HTML-Parser > Removing perl-Compress-Zlib > Removing perl-DBI > Removing perl-Digest-SHA1 > Removing perl-Digest-HMAC > Removing perl-Net-DNS > Perl modules have been removed... > > Rebuilding all the Perl RPMs for your version of Perl > > Oh good, module File-Spec version 0.82 is already installed. > > Attempting to build and install perl-ExtUtils-MakeMaker-6.50-1 > Installing perl-ExtUtils-MakeMaker-6.50-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.yH6vlt > + umask 022 > + cd /root/rpmbuild/BUILD > + LANG=C > + export LANG > + unset DISPLAY > + cd /root/rpmbuild/BUILD > + rm -rf ExtUtils-MakeMaker-6.50 > + /bin/gzip -dc /root/rpmbuild/SOURCES/ExtUtils-MakeMaker-6.50.tar.gz > + /bin/tar -xf - > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd ExtUtils-MakeMaker-6.50 > + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.6jpseI > + umask 022 > + cd /root/rpmbuild/BUILD > + cd ExtUtils-MakeMaker-6.50 > + LANG=C > + export LANG > + unset DISPLAY > + CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' > + perl Makefile.PL INSTALLDIRS=vendor > Warning: prerequisite Pod::Man 0 not found. > Checking if your kit is complete... > Looks good > Using included version of ExtUtils::Command (1.16) as it is newer than the installed version (1.13). > Writing Makefile for ExtUtils::MakeMaker > + make > Can't locate ExtUtils/Install.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib64/perl5/site_perl/5.10.0 /usr/local/lib64/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0 /usr/local/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.10.0 /usr/lib64/perl5/vendor_perl /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .). > BEGIN failed--compilation aborted. > make: *** [pm_to_blib] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.6jpseI (%build) > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/b3306196/attachment.html From eli at orbsky.homelinux.org Sat May 2 07:43:15 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 07:43:42 2009 Subject: 4.76 install issues In-Reply-To: <49FB411E.9030301@us.army.mil> References: <49FB411E.9030301@us.army.mil> Message-ID: <200905020943.15717.eli@orbsky.homelinux.org> This could be relevant. I had the following install issues on a Fedora 10 x86_64 installation error: Failed dependencies: <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 I also got the following error for the packages mentioned below. RPM build errors: Arch dependent binaries in noarch package perl-IO-1.2301-4.x86_64 perl-DBD-SQLite-1.21-1 perl-Net-DNS-0.65-1 On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > Had to revert to previous version of perl-DBD-SQLlite. > > Had to run install.sh twice to get all modules to install. File::Temp didn't > install after first run. Same behavior on two separate RHEL4 boxes. > > Still having issues with up2date not working after MailScanner update. Had to > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > Howard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/c33edf88/attachment.html From eli at orbsky.homelinux.org Sat May 2 21:00:14 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 2 21:00:40 2009 Subject: 4.76 install issues In-Reply-To: <200905020943.15717.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> Message-ID: <200905022300.14437.eli@orbsky.homelinux.org> Same installation problems exist for MailScanner-4.76.24-2 Eli On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: > This could be relevant. I had the following install issues on a Fedora 10 x86_64 installation > > error: Failed dependencies: > <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 > > > I also got the following error for the packages mentioned below. > > RPM build errors: > Arch dependent binaries in noarch package > > perl-IO-1.2301-4.x86_64 > perl-DBD-SQLite-1.21-1 > perl-Net-DNS-0.65-1 > > > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > > > Had to revert to previous version of perl-DBD-SQLlite. > > > > Had to run install.sh twice to get all modules to install. File::Temp didn't > > install after first run. Same behavior on two separate RHEL4 boxes. > > > > Still having issues with up2date not working after MailScanner update. Had to > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > > > > Howard > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090502/869a8200/attachment.html From paul.hutchings at mira.co.uk Sun May 3 16:50:45 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 3 16:50:59 2009 Subject: Testing update_virus_scanners is working? Message-ID: Just done an update from Centos 5.2 to 5.3 and then to the latest MailScanner. I want to be sure the update_virus_scanners script in /etc/cron.hourly is actually working, but when I run it nothing seems to happen or be logged to /var/log/maillog. How can I confirm it's working (barring just waiting and seeing if my definitions eventually get updated)? Cheers, Paul -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Sun May 3 22:39:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 3 22:39:27 2009 Subject: Twitter! References: <49FE0EFC.1000504@ecs.soton.ac.uk> Message-ID: Just to remind you all I'm on Twitter these days at twitter.com/JulesFM You never know, some of my random ramblings might be interesting! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Mon May 4 06:35:32 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 06:36:00 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 Message-ID: <200905040835.33176.eli@orbsky.homelinux.org> Hi Quotting from th changelog "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need Math-BigInt first. Great :-( 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build system is fundamentally broken. Take Pod-Escapes as a fine example, it cannot build without Pod-Simple. But Pod-Simple cannot build without Pod-Escapes. I quit." Please don't quit. I installed everything relatively correctly with version 4.76.24-3 ---------------------------------- Building perl-ExtUtils-MakeMaker ---------------------------------- Fedora provides a version of the module version 6.36. This module and perl-devel must be installed. You might need to reinstall perl-devel. I did that. Up to package version 2 perl-ExtUtils-MakeMaker would not install due to a conflict with perl-devel. It now installs fine. -------------------------- Building Perl-Pod-Simple -------------------------- No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 and perl-Pod-Simple 3.07 Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/ff46c165/attachment.html From eli at orbsky.homelinux.org Mon May 4 06:43:11 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 06:43:35 2009 Subject: 4.76 install issues In-Reply-To: <200905022300.14437.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> Message-ID: <200905040843.11609.eli@orbsky.homelinux.org> Hi RE installation on Fedora 10 x86_64 Prior to version 4.76-3 I got the following. > > error: Failed dependencies: > > <------>perl(ExtUtils::Installed) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 > > As of version 4.76-3 building and installing perl-ExtUtils-MakeMaker builds and installs just fine. Because the rpm was rebuilt just fine, it should probably can lead to a solution for the following errors which still exist. > > RPM build errors: > > Arch dependent binaries in noarch package > > > > perl-IO-1.2301-4.x86_64 > > perl-DBD-SQLite-1.21-1 > > perl-Net-DNS-0.65-1 However there is no real need to build them. These modules are already provided by Fedora. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/af6f1ae7/attachment.html From jonas at vrt.dk Mon May 4 09:44:43 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon May 4 09:44:58 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: <1241158608.5854.8.camel@kse> References: <1241158608.5854.8.camel@kse> Message-ID: <002001c9cc94$925e00b0$b71a0210$@dk> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kasper Sacharias Eenberg > Sent: 1. maj 2009 08:17 > To: mailscanner@lists.mailscanner.info > Subject: Common SQL Backend for several MailScanner clients. > > Good morning. > > Can you have several MailScanner clients, that all run on a single SQL > Database. > That includes a bayesian filter, but afaik that shouldn't cause any > problems, as it's already shared between users on some servers. > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > Will this create any problems that anyone can foresee? Nope, the systems are designed to be used in the way you describe. We do so ourselves, even with a more advanced setup with a distributed sql setup. So you can go right ahead. Just make sure your SQL server can handle the load. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From kse at hovmark.dk Mon May 4 09:54:02 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Mon May 4 09:52:03 2009 Subject: Common SQL Backend for several MailScanner clients. In-Reply-To: References: <1241158608.5854.8.camel@kse> <49FB900F.9070406@ecs.soton.ac.uk> Message-ID: <1241427242.6227.13.camel@kse> It is probably a mailwatch 'issue'. We have several MailScanners running (We filter about 50k emails every day after greylisting). My boss wants a common backend so we don't have to check several logs when there's a problem. And honestly i thought i could take a shortcut by asking here whether logging in SQL is dangerous and may overwrite something :) I'll ask the Mailwatch people, or look through the code first. Thanks for your help and great software :) With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Sat, 2009-05-02 at 01:13 +0100, Julian Field wrote: > That sounds mostly like SpamAssassin and MailWatch issues, not directly > MailScanner related. Am I correct or not? MailScanner's use of SQL is > strictly limited and not much can be gained by sharing its SQL databases > (there are only about 2 tables). > > On 01/05/2009 07:16, Kasper Sacharias Eenberg wrote: > > Good morning. > > > > Can you have several MailScanner clients, that all run on a single SQL > > Database. > > That includes a bayesian filter, but afaik that shouldn't cause any > > problems, as it's already shared between users on some servers. > > > > The logging is through SQL ofcourse, as we use the mailwatch front-end. > > > > Will this create any problems that anyone can foresee? > > > > > > The reasoning behind this would be common logging, so we wouldn't have > > to edit several white/blacklists, check several filters for what went > > through and so on. > > > > And my boss does not want clustering, as depending on the bandwidth it > > uses, we might spread them out over several geographical locations. > > > > > > > > Thanks for the great software. > > With regards, > > > > ________________________________________________________________________ > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > Follow me at twitter.com/JulesFM > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Mon May 4 12:47:21 2009 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon May 4 12:47:50 2009 Subject: 4.76 install issues In-Reply-To: <200905022300.14437.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> Message-ID: <49FED5C9.6080900@firstbhph.com> I, too, have had installation issues. I've been running MS successfully on a CentOS 3.x box for quite some time now. Last Friday, I decided to upgrade from 4.74 to 4.76. I had a very tough time, as MS complained about one perl module or another (mainly TNEF, HTML-Parser, MIME-tools, along with one or two others). I had to re-install these, then run the MailScanner RPM to at least get mail flowing. Now, however, I get the following in syslog every minute or so: May 4 07:32:11 mail1 MailScanner: waiting for children to die: Process did not exit cleanly, returned 255 with signal 0 Also, MailWatch has completely stopped. The last message recorded was just before MS 4.76 start. I've tried everything to correct the above issues, but haven't succeeded. Help would be greatly appreciated. Thanks. Dimitri Eli Wapniarski wrote: > Same installation problems exist for > > > MailScanner-4.76.24-2 > > > Eli > > > > On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: > > This could be relevant. I had the following install issues on a > Fedora 10 x86_64 installation > > > > error: Failed dependencies: > > <------>perl(ExtUtils::Installed) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > > > > > > I also got the following error for the packages mentioned below. > > > > RPM build errors: > > Arch dependent binaries in noarch package > > > > perl-IO-1.2301-4.x86_64 > > perl-DBD-SQLite-1.21-1 > > perl-Net-DNS-0.65-1 > > > > > > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: > > > > > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: > > > > > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 > > > > > > Had to revert to previous version of perl-DBD-SQLlite. > > > > > > Had to run install.sh twice to get all modules to install. > File::Temp didn't > > > install after first run. Same behavior on two separate RHEL4 boxes. > > > > > > Still having issues with up2date not working after MailScanner > update. Had to > > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. > > > > > > > > > Howard > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- Dimitri Yioulos Chief Information Officer First 1 Financial Corporation 600 Cordwainer Dr. Norwell, MA 02061 (781) 871-4220 x1007 dyioulos@firstbhph.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Mon May 4 12:56:39 2009 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon May 4 12:57:04 2009 Subject: 4.76 install issues In-Reply-To: <49FED5C9.6080900@firstbhph.com> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> <49FED5C9.6080900@firstbhph.com> Message-ID: <49FED7F7.8030705@firstbhph.com> Er, sorry, more info - MailScanner --lint returns no errors. Dimitri Yioulos wrote: > I, too, have had installation issues. I've been running MS successfully > on a CentOS 3.x box for quite some time now. Last Friday, I decided to > upgrade from 4.74 to 4.76. I had a very tough time, as MS complained > about one perl module or another (mainly TNEF, HTML-Parser, MIME-tools, > along with one or two others). I had to re-install these, then run the > MailScanner RPM to at least get mail flowing. Now, however, I get the > following in syslog every minute or so: > > May 4 07:32:11 mail1 MailScanner: waiting for children to die: Process > did not exit cleanly, returned 255 with signal 0 > > Also, MailWatch has completely stopped. The last message recorded was > just before MS 4.76 start. > > I've tried everything to correct the above issues, but haven't > succeeded. Help would be greatly appreciated. > > Thanks. > > Dimitri > > > Eli Wapniarski wrote: >> Same installation problems exist for >> >> >> MailScanner-4.76.24-2 >> >> >> Eli >> >> >> >> On Saturday 02 May 2009 09:43:15 Eli Wapniarski wrote: >> > This could be relevant. I had the following install issues on a >> Fedora 10 x86_64 installation >> > >> > error: Failed dependencies: >> > <------>perl(ExtUtils::Installed) is needed by (installed) >> perl-devel-4:5.10.0-68.fc10.x86_64 >> > >> > >> > I also got the following error for the packages mentioned below. >> > >> > RPM build errors: >> > Arch dependent binaries in noarch package >> > >> > perl-IO-1.2301-4.x86_64 >> > perl-DBD-SQLite-1.21-1 >> > perl-Net-DNS-0.65-1 >> > >> > >> > On Friday 01 May 2009 21:36:14 Howard M. Kash (Civ, ARL/CISD) wrote: >> > > >> > > Build/install of perl-DBD-SQLite 1.21 fails on RHEL4: >> > > >> > > http://rt.cpan.org/Public/Bug/Display.html?id=45171 >> > > >> > > Had to revert to previous version of perl-DBD-SQLlite. >> > > >> > > Had to run install.sh twice to get all modules to install. >> File::Temp didn't >> > > install after first run. Same behavior on two separate RHEL4 boxes. >> > > >> > > Still having issues with up2date not working after MailScanner >> update. Had to >> > > "rpm -e --nodeps perl" and "up2date -i perl" to fix. >> > > >> > > >> > > Howard >> > > -- >> > > MailScanner mailing list >> > > mailscanner@lists.mailscanner.info >> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > >> > > Before posting, read http://wiki.mailscanner.info/posting >> > > >> > > Support MailScanner development - buy the book off the website! >> > > >> > >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean. >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , and is >> believed to be clean. >> > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 4 13:54:24 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 4 13:54:40 2009 Subject: Testing update_virus_scanners is working? In-Reply-To: References: Message-ID: <49FEE580.7040103@USherbrooke.ca> Paul Hutchings a ?crit : > Just done an update from Centos 5.2 to 5.3 and then to the latest > MailScanner. I want to be sure the update_virus_scanners script in > /etc/cron.hourly is actually working, but when I run it nothing seems to > happen or be logged to /var/log/maillog. > > How can I confirm it's working (barring just waiting and seeing if my > definitions eventually get updated)? > > Cheers, > Paul > > > Paul, Run "bash -vx /usr/sbin/update_virus_scanners" as your usual MS user and you'll see a trace of what is being executed (lines prefixed with "+"). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/4508a364/smime.bin From malli at mcrirents.com Mon May 4 16:34:12 2009 From: malli at mcrirents.com (Mohammed Alli) Date: Mon May 4 15:41:15 2009 Subject: Ubuntu 9.04 with MailScanner 4.75.11 Message-ID: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> Guys, I'm running MailScanner 4.75.11 on Ubuntu 9.04 with the MailWatch Gui. I did an apt-get install mailscanner and then apt-get remove mailscanner, just to install the dependencies. I then used the tar file to install version 4.75.11 in the /opt folder. I'm trying to get the /etc/init.d/mailscanner stop/restart/start script working, but can totally use killall mailscanner and check_mailscanner. I noticed that the tar install does not create the following 2 directories: /var/lock/subsys/MailScanner /var/run/MailScanner I believe the above directories is the source of my problem, but cannot confirm. Is this something I should worry about or something that can be fixed? MO -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/46440dc9/attachment.html From shuttlebox at gmail.com Mon May 4 15:58:41 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Mon May 4 15:59:07 2009 Subject: Ubuntu 9.04 with MailScanner 4.75.11 In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> References: <3B1A431BDA34C54581BE43253BC1BD93BA756E@exchange.computerrents.com> Message-ID: <625385e30905040758s1c3dc060sefeea9e5368cf5a4@mail.gmail.com> On Mon, May 4, 2009 at 5:34 PM, Mohammed Alli wrote: > I noticed that the tar install does not create the following 2 directories: > /var/lock/subsys/MailScanner > /var/run/MailScanner You need the following dirs for MS to start: Incoming Work Dir Incoming Queue Dir Outgoing Queue Dir Lockfile Dir Quarantine Dir -- /peter From MailScanner at ecs.soton.ac.uk Mon May 4 16:54:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 16:54:43 2009 Subject: MailScanner ANNOUNCE: 4.76 released References: <49FF0FAD.2040101@ecs.soton.ac.uk> Message-ID: Hi folks! This is to let you all know that I have released a new stable version of MailScanner, 4.76. Also, to let you know that you can now follow me at twitter.com/JulesFM if you want to :-) See the Change Log for full details, but the main new features I have introduced this time around are: - Totally separate rules for filename and filetype tests for attachments added directly to email messages, from files which are put into zip files or other archives, which are then attached to the message. So you can very different rules for objects allowed in zip files or Word documents such as, say, allowing executables, while still stopping people accidentally running a malicious executable with 1 click from their email program. You even get to decide what is considered to be "an archive" and what is not, out of zip, rar, Office document, TNEF (winmail.dat) and uu-encoded files. - I have done a lot of the work on the installer and the installation that you get. Perl modules are no longer "forced" into installing at all, neither do any of them cause problems with updating Perl itself. If you have any issues with the new installer, please do get in touch straight away with details of your system, and I will produce a solution for you. - "Sign Clean Messages" will put the signature at any location of your choice within the message, instead of always being at the bottom. So you can have a corporate sig/disclaimer (added by MailScanner) which goes before your personal signature (added by your email application) if you so wish. - Fixed all the issues with Postfix not playing nicely with the crash-protection defence system introduced in the last version of MailScanner. - Speeded up SQL to reduce the penalty of running the crash-protection system enabled with the "Maximum Processing Attempts" configuration setting in MailScanner.conf. You can download it as usual from www.mailscanner.info The full Change Log is this: * New Features and Improvements * 1 Added the ability to have totally different filename and filetype checks for files which are attachments and files which are members of attached archives. You even get to define what you consider to be an archive and what is not. New Configuration options in MailScanner.conf are Archives Are = Archives: Allow Filenames = Archives: Deny Filenames = Archives: Filename Rules = Archives: Allow Filetypes = Archives: Allow File MIME Types = Archives: Deny Filetypes = Archives: Deny File MIME Types = Archives: Filetype Rules = In the shipped MailScanner.conf, the checks applied to files within archives are the same as those applied to normal attachments that are not within an archive. See the relevant settings in MailScanner.conf for more information. 4 RPM builds changed so that no RPMs are "forced" into being installed on RedHat 5 or CentOS 5 systems. 5 RPM builds changed so that no RPMs are "forced" into being installed at all. 5 RPM builds changed so that any previously installed RPM will not be rebuilt, even if the perl version check shows that it is not being used. This will dramatically speed up the upgrade process in future, especially if you use "./install.sh fast" to upgrade. 5 Changed @INC which is where Perl looks for its Perl modules. It was previously mostly left alone so that RedHat could override some versions of modules that you thought you had upgraded. The new @INC path inserts the "site_perl" and "vendor_perl" directories before the core directories. This may result in your MailScanner behaving differently from before as it will actually be using all your upgraded modules, and not sticking with ones supplied by RedHat (at which point it ignore your upgrades). This should not cause any problems with MailScanner. 7 Rebuilt i386 version of "tnef" on RHEL4 to be compatible with more systems. 8 Drastically improved getPERLLIB added in 4.76.5. Perl does funny things with $PERL5LIB when calculating @INC to find Perl modules. 8 Added Digest::HMAC as RedHat Enterprise 4 needs it for Net::DNS. 9 Upgraded Perl module DBD::SQLite. 11 The "Archives: Filename Rules" and "Archives: Filetype Rules" now point to copies of the normal filename and filetype.rules.conf files, rather than pointing to the same file. This will make it easier for new users to customise the rules for files in archives. 12 Improved RPM install.sh installation script so that it detects an upgrade from before the big RPM rebuild in 4.76.11 and forces a "reinstall" of all the Perl modules, which will fix problems with later upgrading Perl. 13 Improved Postfix MailScanner message id so that it relates much better with the "messages being processed" database. It is now based on the "Fletcher" checksum of the data at the start of the file. Thanks to JD Marsters (jd@oddlittle.me) for this one! 17 If you use "Sign Clean Messages", then the signature will be placed in your email message wherever you put the marker "_SIGNATURE_", and it will be placed at the end by default if that marker is not found. 22 Both the "Phishing Safe Sites File" and the "Phishing Bad Sites File" settings can now take a space-separated list of filenames, to make local management simpler. Note that your filenames must not have spaces in them! 22 Speeded up SQL processing-messages database code by pre-preparing all SQL statements. I am now tempted to leave this feature enabled by default for safety. We can always add a note to the performance tips on the wiki that users struggling under high load might want to switch this feature off. 23 Changed RPM installation order to fit better with CentOS 5.2->5.3 systems. * Fixes * 2 Added "Unpack Microsoft Documents" back into the list of recognised settings in MailScanner.conf. 3 Fixed "Add Text Of Doc" for Apple Mail's utterly broken MIME structure. 6 Fixed problems with RHEL5 installation created by 4.76.5. 7 Fixed problems with RHEL4 installation created by 4.76.5. 10 Fixed problems with Fedora Core 10 installation created by 4.76.5. 10-2 Fixed missing Locks dir. 14 Possibly fixed problem with incomplete Postfix messages getting into the 'processed messages' table. 15 Neatened up message rejection code to help solve processing-messages database problem. 16 Fixed permissions and ownership problems with data extracted from TNEF winmail.dat attachments. 16 Fixed slight problem in installer on new systems, so it does not complain about perl-TimeDate already being installed. 16 Fixed problem with Postfix leaving messages in the processing-messages db. Many thanks to Kai Schaetzl and Mark Sapiro for spotting the common features of the message ids being left behind. 18 Fixed Postfix entropy bug. 19 Changed handling of "Sign Clean Messages" so that if the signing process fails, we don't worry about it too much, and we certainly don't create a new message section just containing a signature and nothing else. 20 Alternate solution to Postfix procesing database bug, without adding 'P'. 21 Better solution to Postfix processing database bug, adding 'A' to shorter entropy value, so no change to final message id. 21 Moved Net::CIDR much lower down in the installation order, to avoid problems with CentOS 5.2-->5.3 upgraded systems. 22 Made sure it works with the processing-messages database switched on. 23 Fixed problem with HTML sig being re-added at end of message. 24 Removed type identifier from filenames listed in sender warnings. 24-2 Don't uninstall ExtUtils-MakeMaker in "./install.sh --reinstall". 24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need Math-BigInt first. Great :-( 24-3 Fedora Core 10 upgrades are no longer officially supported. The RPM Perl build system is fundamentally broken. Take Pod-Escapes as a fine example, it cannot build without Pod-Simple. But Pod-Simple cannot build without Pod-Escapes. I quit. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 4 17:30:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 17:30:42 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905040835.33176.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: On 04/05/2009 06:35, Eli Wapniarski wrote: > Hi > > > Quotting from th changelog > > > "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. > 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need > Math-BigInt > first. Great :-( > 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build > system is fundamentally broken. Take Pod-Escapes as a fine example, it > cannot build without Pod-Simple. But Pod-Simple cannot build without > Pod-Escapes. I quit." > > > > Please don't quit. > > > I installed everything relatively correctly with version 4.76.24-3 > > > ---------------------------------- > Building perl-ExtUtils-MakeMaker > ---------------------------------- > > > Fedora provides a version of the module version 6.36. This module and > perl-devel must be installed. You might need to reinstall perl-devel. > I did that. Up to package version 2 perl-ExtUtils-MakeMaker would not > install due to a conflict with perl-devel. It now installs fine. > > > -------------------------- > Building Perl-Pod-Simple > -------------------------- > > > No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 > and perl-Pod-Simple 3.07 Yes, I haven't quite quit, just upgrades on Fedora 10 won't always be very smooth. I did get a clean install on a fresh Fedora 10 box to work eventually. But upgrading from version prior to MailScanner 4.76 are probably best done like this: Back up /etc/MailScanner. rpm -e mailscanner ./install.sh fast Use upgrade_MailScanner_conf and upgrade_languages_conf to get the new options into your MailScanner.conf and copy over your /etc/MailScanner/rules directory and /etc/MailScanner/file{name,type}.rules.conf from your backup. The MailScanner installer will, by default, detect an upgrade from a version prior to 4.76.11 (it's about that). If it finds it, it will remove each perl module RPM before installing the new one even if that version of the module is already installed but by a different RPM. This makes it install all the updated RPMs I developed over Easter so that nothing clashes with Perl yum updates any more and no modules are "forced" to install. This procedure doesn't work well on Fedora 10 as their perl build setup is so horribly broken. So you are better off wiping the mailscanner RPM and doing an install.sh from that state, so it thinks it is a fresh install and not an upgrade. If I could find a better solution, I would. You shouldn't be running production servers on Fedora anyway if you can *possibly* avoid it, so I'm not too worried about making Fedora less than comfortable, it's a fairly small subset of users. The important thing was to solve the CentOS issues and make it trivial to "yum update" the whole machine without MailScanner breaking the process. > > > Eli > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 4 17:31:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 4 17:31:36 2009 Subject: 4.76 install issues In-Reply-To: <200905040843.11609.eli@orbsky.homelinux.org> References: <49FB411E.9030301@us.army.mil> <200905020943.15717.eli@orbsky.homelinux.org> <200905022300.14437.eli@orbsky.homelinux.org> <200905040843.11609.eli@orbsky.homelinux.org> <49FF1852.2020900@ecs.soton.ac.uk> Message-ID: Do the procedure I already described in a previous article about Fedora 10. On 04/05/2009 06:43, Eli Wapniarski wrote: > Hi > > > RE installation on Fedora 10 x86_64 > > > Prior to version 4.76-3 I got the following. > > > > > error: Failed dependencies: > > > <------>perl(ExtUtils::Installed) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > > > > > > As of version 4.76-3 building and installing perl-ExtUtils-MakeMaker > builds and installs just fine. > > > Because the rpm was rebuilt just fine, it should probably can lead to > a solution for the following errors which still exist. > > > > > RPM build errors: > > > Arch dependent binaries in noarch package > > > > > > perl-IO-1.2301-4.x86_64 > > > perl-DBD-SQLite-1.21-1 > > > perl-Net-DNS-0.65-1 > > > However there is no real need to build them. These modules are already > provided by Fedora. > > > Eli > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc Follow me at twitter.com/JulesFM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Mon May 4 18:11:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:12:20 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042011.50514.eli@orbsky.homelinux.org> > But upgrading from version prior to MailScanner 4.76 are > probably best done like this: > Back up /etc/MailScanner. > rpm -e mailscanner > ./install.sh fast Ahh,... Now I understand why after I ran rpm -Uvh --force mailscanner-4,76*.rpm why the installer did not try to remove the rpms currently installed. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/4033a2b9/attachment.html From eli at orbsky.homelinux.org Mon May 4 18:12:55 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:13:18 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042012.55578.eli@orbsky.homelinux.org> > This procedure doesn't work well on Fedora 10 as their perl build setup > is so horribly broken. So you are better off wiping the mailscanner RPM > and doing an install.sh from that state, so it thinks it is a fresh > install and not an upgrade. Are you in contact with the Fedora Perl Packagers? Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/02fe9271/attachment.html From eli at orbsky.homelinux.org Mon May 4 18:20:49 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 4 18:21:17 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905042020.50111.eli@orbsky.homelinux.org> On Monday 04 May 2009 19:30:20 Julian Field wrote: Maybe a dumb question. Is there any reason why MailScanner cannot be packaged and distributed within the various distributions themselves. For example, with Fedora if the Mailscanner would be packaged correctly then the dependancies would have to be built as well and simply downloaded and installed as well. Nobody would have to build anything as the build systems for the various distros would do the job. You wouldn't have to worry about arch issues or whether or not there would be a conflict etc. This is a great tool in the fight against spam and mail borne malware. More people should be made aware of the product and having the distros themselves distribute the applicaiton might help spread the word better. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/04430489/attachment.html From glenn.steen at gmail.com Mon May 4 20:41:26 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 4 20:41:35 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905042020.50111.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> <200905042020.50111.eli@orbsky.homelinux.org> Message-ID: <223f97700905041241j72e38586i6b914fb594be0f6@mail.gmail.com> 2009/5/4 Eli Wapniarski : > On Monday 04 May 2009 19:30:20 Julian Field wrote: > > > Maybe a dumb question. Is there any reason why MailScanner cannot be > packaged and distributed within the various distributions themselves. For > example, with Fedora if the Mailscanner would be packaged correctly then the > dependancies would have to be built as well and simply downloaded and > installed as well. Nobody would have to build anything as the build systems > for the various distros would do the job. You wouldn't have to worry about > arch issues or whether or not there would be a conflict etc. This is a great > tool in the fight against spam and mail borne malware. More people should be > made aware of the product and having the distros themselves distribute the > applicaiton might help spread the word better. > > Eli Historically, and looking to keep being so, MailScanner has been a bit too volatile for most distros. Not that there haven't been attempts (like the horrid debian thing), and some quite successful (the FreeBSD one, as long as JP has (or rather had) the time/energy:)... Keeping up with the bad boys (and gals) as well as Jules... involves a bit of tinkering. But basically there's nothing stopping any enterprising soul from submitting it all to their favourite packagers/distributors. Don't expect Jules to have time for it though... Believe it or not, but he has a day job too:-). And the different distributions all have very different takes on version freezing etc so... might not work that well with Jules schedule. There have been numerous efforts. Still. The only One True release is the one (or rather two or three) packages Jules release. There's also a bit of philosophical pondering to do here... Can youu (and your users) live with the lag of repackaging? I don't. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jpabuyer at tecnoera.com Mon May 4 22:03:44 2009 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Mon May 4 22:04:03 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> Message-ID: <49FF5830.1050802@tecnoera.com> I downloaded MailScanner-4.76.24-3, installed, stopped MailScanner, removed /var/spool/MailScanner/incoming/*db and started MailScanner again. But again, it is piling up messages in the database. The last entry in the logfile before the operation was: ay 4 16:02:44 anubis MailScanner[24886]: Found 23937 messages in the processing-messages database After the procedure it started like this: May 4 16:08:35 anubis MailScanner[32765]: Found 0 messages in the processing-messages database May 4 16:08:38 anubis MailScanner[412]: Found 9 messages in the processing-messages database May 4 16:08:43 anubis MailScanner[501]: Found 31 messages in the processing-messages database now I have this: May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the processing-messages database May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the processing-messages database May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the processing-messages database (Can this be related to the fact that the server is piling up mail queue?) JP Nigel Kendrick wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Friday, May 01, 2009 4:21 PM > To: MailScanner discussion > Subject: Re: Found nn messages in the processing-messages database > > > > On 01/05/2009 10:09, Nigel Kendrick wrote: > >> Hi, >> >> I'm coming in a bit late here and am trying to catch up on this thread. I >> have had a good read but would appreciate some advice >> > > [Snip] > > It already is a stable release. I just haven't had time to announce it > yet, sorry, that's tomorrow's job. > Install the stable release, stop MailScanner, destroy > /var/spool/MailScanner/incoming/*db and fire it up again. > > Jules > > > > > Thanks Jules, > > I think you deserve some time off - take it easy! > > Nigel > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090504/b35baefe/attachment.html From seven at seven.dorksville.net Tue May 5 00:45:25 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Tue May 5 00:45:43 2009 Subject: What can cause really low spamassassin scores on obvious spam & GTUBE Message-ID: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> I've got 2 servers that are almost identical except one is rating very obvious spam very low (ie. less then 1) then other is fine event the GTUBE test was getting past spamassassin and was being picked up by clamav. I tried updating the low rating server to 4.75.11-1 to no effect both servers are using sendmail as the MTA, spamassassin & clamav. The low rating server was running as a standalone sendmail/spamassassin server for quiet some time before being installed as a MailScanner server. Can anyone please suggest some setting to check, I'm at a loss why this is happening. Cheers, Anthony From infernix at infernix.net Tue May 5 01:13:42 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 01:13:54 2009 Subject: Measuring the time it takes to process one message or batch Message-ID: <49FF84B6.7060901@infernix.net> Hi, I've got a 6 node cluster with 4 scanning nodes running mailscanner. Some details: - per box 2x quad core amd, 4GB (soon 6GB for more children and some headroom); mqueue, mqueue.in, MailScanner/incoming and Mimedefang are all in tmpfs so hardly any disk IO -22 children, 50 messages/batch, queue mode, normal queue size 5000. Only using local spamhaus and sorbs zones plus a few whitelists and Spam Domain lists, that are served with rbldnsd+bind on a separate cluster. Clamd virus scanning. No content checks apart from spam checking and virus scanning. Spamassassin scans all messages, even those that got hit on MSs rbl lists. - Sendmail+mimedefang take care of incoming mail with receiver validity check + outgoing mail. I don't block at SMTP level. Most of the time, mail processes fine; the 4 nodes have about 40 to 70 SMTP connections and are processing about one million messages on average. However, I've got one node that processes batches significantly slower than the rest. Of course there can be a variety of factors that could cause one batch of real (and thus random) messages to be slower, but is there any way to test mailscanners performance on a single batch or message similar to 'time spamassassin -D < spammail' so I can do repeated tests on the same subset? I'd like to be able to test this on the live setup just as spamassassin can. As far as i can tell, MailScanner --lint only does internal checking and does not actually support processing a message or batch of messages. Thanks! Regards, infernix From seven at seven.dorksville.net Tue May 5 04:03:37 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Tue May 5 04:03:58 2009 Subject: What can cause really low spamassassin scores on obvious spam & GTUBE In-Reply-To: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> References: <47340.125.168.254.15.1241480725.squirrel@seven.dorksville.net> Message-ID: <37592.125.168.254.15.1241492617.squirrel@seven.dorksville.net> Dont worry I found my answer from another post mentioning MailScanner --lint I had previously been using spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf which had no issues but MailScanner --lint was showing some issues with ther spamassassin perl modules. cpan install Mail::SpamAssassin fixed the issue. Thank You From eli at orbsky.homelinux.org Tue May 5 08:41:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 08:42:10 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> Message-ID: <200905051041.39398.eli@orbsky.homelinux.org> One more query. One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) Processing files: perl-IO-1.2301-4-noarch Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) error: Arch dependent binaries in noarch package RPM build errors: Arch dependent binaries in noarch package Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. So I guess in the end I'm asking why not remove the BuildArch: noarch from the spec file? If a user needs to compile for both an 64bit platform 32bit platform, ppc platform etc. that user would have to rebuild everything multiple times anyway. Thank you for any better insight you can provide me. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 09:12:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:12:33 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <49FF5830.1050802@tecnoera.com> References: <49F17B04.2040702@ecs.soton.ac.uk> <9DBAD9F18D3049EE88792A9560BEAE38@SAHOMELT><49F2FB20.2080701@ecs.soton.ac.uk> <49FB1363.40601@ecs.soton.ac.uk> <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <49FFF4D8.6050608@ecs.soton.ac.uk> Message-ID: You don't *have* to run with the processing-messages database. Just set Maximum Processing Attempts = 0 and it will all go away. On 04/05/2009 22:03, Juan Pablo Abuyeres wrote: > I downloaded MailScanner-4.76.24-3, installed, stopped MailScanner, > removed /var/spool/MailScanner/incoming/*db and started MailScanner again. > > But again, it is piling up messages in the database. > > The last entry in the logfile before the operation was: > ay 4 16:02:44 anubis MailScanner[24886]: Found 23937 messages in the > processing-messages database > > After the procedure it started like this: > May 4 16:08:35 anubis MailScanner[32765]: Found 0 messages in the > processing-messages database > May 4 16:08:38 anubis MailScanner[412]: Found 9 messages in the > processing-messages database > May 4 16:08:43 anubis MailScanner[501]: Found 31 messages in the > processing-messages database > > > now I have this: > May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the > processing-messages database > May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the > processing-messages database > May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the > processing-messages database > > > (Can this be related to the fact that the server is piling up mail queue?) > > JP > > > > Nigel Kendrick wrote: >> >> >> -----Original Message----- >> From:mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field >> Sent: Friday, May 01, 2009 4:21 PM >> To: MailScanner discussion >> Subject: Re: Found nn messages in the processing-messages database >> >> >> >> On 01/05/2009 10:09, Nigel Kendrick wrote: >> >>> Hi, >>> >>> I'm coming in a bit late here and am trying to catch up on this thread. I >>> have had a good read but would appreciate some advice >>> >> >> [Snip] >> >> It already is a stable release. I just haven't had time to announce it >> yet, sorry, that's tomorrow's job. >> Install the stable release, stop MailScanner, destroy >> /var/spool/MailScanner/incoming/*db and fire it up again. >> >> Jules >> >> >> >> >> Thanks Jules, >> >> I think you deserve some time off - take it easy! >> >> Nigel >> >> >> >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 09:13:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:13:46 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: <49FF84B6.7060901@infernix.net> References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> Message-ID: On 05/05/2009 01:13, infernix wrote: > Hi, > > I've got a 6 node cluster with 4 scanning nodes running mailscanner. > Some details: > > - per box 2x quad core amd, 4GB (soon 6GB for more children and some > headroom); mqueue, mqueue.in, MailScanner/incoming and Mimedefang are > all in tmpfs so hardly any disk IO > > -22 children, 50 messages/batch, queue mode, normal queue size 5000. > Only using local spamhaus and sorbs zones plus a few whitelists and > Spam Domain lists, that are served with rbldnsd+bind on a separate > cluster. Clamd virus scanning. No content checks apart from spam > checking and virus scanning. Spamassassin scans all messages, even > those that got hit on MSs rbl lists. > > - Sendmail+mimedefang take care of incoming mail with receiver > validity check + outgoing mail. I don't block at SMTP level. > > Most of the time, mail processes fine; the 4 nodes have about 40 to 70 > SMTP connections and are processing about one million messages on > average. However, I've got one node that processes batches > significantly slower than the rest. > > Of course there can be a variety of factors that could cause one batch > of real (and thus random) messages to be slower, but is there any way > to test mailscanners performance on a single batch or message similar > to 'time spamassassin -D < spammail' so I can do repeated tests on the > same subset? > > I'd like to be able to test this on the live setup just as > spamassassin can. As far as i can tell, MailScanner --lint only does > internal checking and does not actually support processing a message > or batch of messages. Do "MailScanner --help" and you will find the "--debug" and "--debug-sa" switches, among others. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Tue May 5 09:13:51 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 09:15:35 2009 Subject: filename rules Message-ID: hi we see a few messages like this: The virus detector said this about the message: Report: Report: MailScanner: Attempt to hide real filename extension (invoice 657 L%F8.pdf) because people are using the dainsh chars ??? in the filenames - Im guessing other languages have the samme issues when people are attaching documents that are using special hars not in \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ I would like to say "yea but its simply not allowed in the mail standard" - but im not even sure if its true or if its just an old rule not updated now that its 2009 and unicode or what ever. I dont actually see how it would hit this rule as there is only one \. in the filename and the rule seams to need two \. to hit... But I dont find any other rules having the response "Attempt to hide real filename extension". -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/34af8ff9/attachment.html From MailScanner at ecs.soton.ac.uk Tue May 5 09:15:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 09:16:03 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051041.39398.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FF181C.8040104@ecs.soton.ac.uk> <200905051041.39398.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> Message-ID: On 05/05/2009 08:41, Eli Wapniarski wrote: > One more query. > > One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > > > From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > > Processing files: perl-IO-1.2301-4-noarch > Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > error: Arch dependent binaries in noarch package > > > RPM build errors: > Arch dependent binaries in noarch package > > > Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > > So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > > So I guess in the end I'm asking why not remove the > > BuildArch: noarch > > from the spec file? I can't remove it altogether, as the BuildArch selects where the RPM file is put, which I need to know to be able to install it. I admit that some of the BuildArch settings are just plain wrong, but it doesn't affect the installed system or the execution of MailScanner one jot, so I've never bothered fixing them. There are simply more important things than something that purely affects a bit of metadata which no-one ever uses anyway. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ja at conviator.com Tue May 5 10:32:30 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 10:33:50 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <018501c9c726$a225ca00$0a00080a@gordon> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> Message-ID: you can also try the lowlevel solution - write a script that looks at the queue length and when its longer than what you can handle then block incomming connections using iptables :D -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gordon Colyn Sent: 27. april 2009 12:55 To: 'MailScanner discussion' Subject: RE: Stop incoming mail if message queue exceeds set value Thanks, have implemented these already. The issue is not on the load, the load stays pretty under control. I just want to stop accepting mail on the 1 server so the mails are forced to go to the other servers, i.e. 1000 messages handled by 4 servers will be quicker than 1000 mails handled by 1... -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Pentland Sent: 27 April 2009 12:47 PM To: 'MailScanner discussion' Subject: RE: Stop incoming mail if message queue exceeds set value Hi, Look here... http://www.sendmail.org/m4/tweaking_config.html Particularly these... confQUEUE_LA QueueLA [varies] Load average at which queue-only function kicks in. Default values is (8 * numproc) where numproc is the number of processors online (if that can be determined). confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP connections are refused. Default values is (12 * numproc) where numproc is the number of processors online (if that can be determined). confDELAY_LA DelayLA [0] Load average at which sendmail will sleep for one second on most SMTP commands and before accepting connections. 0 means no limit. But a few others might be of use. Be sure you're rejecting invalid recipients during the SMTP dialouge and not at some stage later. It sounds obvious but can easily be missed and result in 1,000s of messages from a bot being queued and work being done on them, reject these before you queue them! Regards, Gary mailscanner-bounces@lists.mailscanner.info wrote: > I am running a round robin dns mail solution with 4 mailscanner > servers accepting mail. The problem I am having is that on occasion 1 > of the servers gets hit with massive volumes over a very short time so > the queue can grow to 5000+ in a matter of minutes causing mail > delivery delays on that specific server. I would like to be able to > set a limit on the queue size so that the server stops accepting mail > until the queue drops below that set value. > > I have tried with sendmail creating 2 cf files but can't get it > working. Does this have to be managed by mailscanner, r can it be done > in sendmail? > > Currently using sendmail-8.14.1 and Mailscanner 4.63.8 > > Thanks > > > Gordon Colyn > Office : 086 123 ITNT (4868) > Cell : 083 296 7534 > Fax : 086 520 0885 > InTheNet Technologies > www.itnt.co.za > MSN:gordoncolyn@hotmail.com > SKYPE:gordoncolyn > > Confidentiality: This e-mail including any attachments is intended for > the above named addressee(s) only and contains confidential > information. If you have received this email in error you must take no > action based on its contents, nor must you reproduce or show the > e-mail or any attachments or any part thereof or communicate the > contents to anyone; please reply to the sender of this e-mail > informing them of the error. > > Viruses: We recommend that in keeping with good computing practice the > recipient should ensure that e-mails received are virus free before > opening. > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4035 (20090425) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! __________ Information from ESET NOD32 Antivirus, version of virus signature database 4036 (20090427) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eli at orbsky.homelinux.org Tue May 5 11:12:12 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 11:12:39 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> Message-ID: <200905051312.12974.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > > On 05/05/2009 08:41, Eli Wapniarski wrote: > > One more query. > > > > One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > > > > > From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > > > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > > > > > Processing files: perl-IO-1.2301-4-noarch > > Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > > Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > > Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > > error: Arch dependent binaries in noarch package > > > > > > RPM build errors: > > Arch dependent binaries in noarch package > > > > > > Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > > > > So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > > > > So I guess in the end I'm asking why not remove the > > > > BuildArch: noarch > > > > from the spec file? > I can't remove it altogether, as the BuildArch selects where the RPM > file is put, which I need to know to be able to install it. I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Tue May 5 11:52:28 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue May 5 11:52:22 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905040835.33176.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> Message-ID: > Quotting from th changelog > > "24-3 ExtUtils-MakeMaker will not build on Fedora 10 x86_64 as it stands. > 24-3 Fedora 10 needs Test-Simple first, RHEL5 and CentOS 5 need > Math-BigInt > first. Great :-( > 24-3 Fedora Core 10 is no longer officially supported. The RPM Perl build > system is fundamentally broken. Take Pod-Escapes as a fine example, > it > cannot build without Pod-Simple. But Pod-Simple cannot build without > Pod-Escapes. I quit." > > > Please don't quit. > > I installed everything relatively correctly with version 4.76.24-3 +1 > ---------------------------------- > Building perl-ExtUtils-MakeMaker > ---------------------------------- > > Fedora provides a version of the module version 6.36. This module and > perl-devel must be installed. You might need to reinstall perl-devel. I > did that. Up to package version 2 perl-ExtUtils-MakeMaker would not > install due to a conflict with perl-devel. It now installs fine. The perlExtUtils-MakeMaker provided with MailScanner built and installed fine on my FC10 machine, replacing the 6.36 provided by Fedora with the 6.50 provided by MailScanner. > -------------------------- > Building Perl-Pod-Simple > -------------------------- > > No need. Both packages are provided by Fedora. perl-Pod-Escapes 1.04 and > perl-Pod-Simple 3.07 For reference, I needed to remove these package requirements from the top of MailScanner's install.sh (so it didn't uninstall them for me, causing the build to fail). Instead I installed them using yum from the standard Fedora repositories: perl-Pod-Simple perl-Pod-Escapes perl-Test-Pod perl-Test-Harness perl-Compress-Zlib perl-Archive-Zip I now have MailScanner 4.76.24-3 running happily on FC10, having upgraded from the pre-RPM-rebuild version 4.74.16. Jules, am I right in saying that the next few upgrades won't do the uninstall of RPMs now that I've done this upgrade step? In which case MailScanner should upgrade quite happily on my machine without tweaking the install.sh script next time. Cheers! Anthony -- www.fonant.com - Quality web sites From infernix at infernix.net Tue May 5 11:59:30 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 11:59:48 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> Message-ID: <4A001C12.5080001@infernix.net> Julian Field wrote: >> I'd like to be able to test this on the live setup just as >> spamassassin can. As far as i can tell, MailScanner --lint only does >> internal checking and does not actually support processing a message >> or batch of messages. > Do "MailScanner --help" and you will find the "--debug" and "--debug-sa" > switches, among others. I know about those, but: -lint: Test the configuration and report errors. -debug: Run MailScanner in debug-mode. In debug-mode MailScanner doesn't spawn childrens and produce a lot of output. Can be compined with -debug-sa. -debug-sa: Run the spamassassine module inside MailScanner in debug-mode. Warning: This option doesn't stop MailScanner from spawning children! Can be combined with -debug. These options will just spawn MailScanner as normal, possibly not forked, but with much more output. This is not the equivalent of 'spamassassin -D < spammail', because MailScanner in debug mode will just load the MailScanner.conf that is used in production and start processing the configured queue directory. There is also no option to specify some alternative config. It's not possible to run it in debug mode while the live mailscanner processes continue on as normal, nor is it possible to let it process one mail (or batch) by pointing it to a file (or directory). So my question still stands; is there a way to let MailScanner process one (batch of) messages in debug mode *without* having it affect the running (live) mailscanner process? Because right now the only way I can see this happening is if I copy the MailScanner binary to MailScannerTest and start modifying paths so that it runs with its own unique config files, which is a real hassle for obvious reasons. Thanks! From MailScanner at ecs.soton.ac.uk Tue May 5 12:07:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:07:19 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051312.12974.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <49FFF5AB.60906@ecs.soton.ac.uk> <200905051312.12974.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:12, Eli Wapniarski wrote: > On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > >> On 05/05/2009 08:41, Eli Wapniarski wrote: >> >>> One more query. >>> >>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >>> >>> >>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads >>>> >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>> >>> >>> Processing files: perl-IO-1.2301-4-noarch >>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 >>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>> error: Arch dependent binaries in noarch package >>> >>> >>> RPM build errors: >>> Arch dependent binaries in noarch package >>> >>> >>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. >>> >>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. >>> >>> So I guess in the end I'm asking why not remove the >>> >>> BuildArch: noarch >>> >>> from the spec file? >>> >> I can't remove it altogether, as the BuildArch selects where the RPM >> file is put, which I need to know to be able to install it. >> > I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it puts it in /root/rpmbuild/RPMS/ directory, where is the BuildArch. If I don't specify it, then I don't know where it put the final RPM that I'm trying to install! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 12:07:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:08:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001E03.4040700@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:52, Anthony Cartmell wrote: > > Jules, am I right in saying that the next few upgrades won't do the > uninstall of RPMs now that I've done this upgrade step? In which case > MailScanner should upgrade quite happily on my machine without > tweaking the install.sh script next time. Correct. It has done the upgrade once, so it won't need to do it again. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 5 12:09:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 12:09:39 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: <4A001C12.5080001@infernix.net> References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> <4A001C12.5080001@infernix.net> <4A001E5F.5060900@ecs.soton.ac.uk> Message-ID: On 05/05/2009 11:59, infernix wrote: > Julian Field wrote: >>> I'd like to be able to test this on the live setup just as >>> spamassassin can. As far as i can tell, MailScanner --lint only does >>> internal checking and does not actually support processing a message >>> or batch of messages. >> Do "MailScanner --help" and you will find the "--debug" and >> "--debug-sa" switches, among others. > > I know about those, but: > > -lint: Test the configuration and report errors. > > -debug: Run MailScanner in debug-mode. In debug-mode MailScanner > doesn't spawn childrens and produce a lot of output. Can be compined > with -debug-sa. > > -debug-sa: Run the spamassassine module inside MailScanner in > debug-mode. Warning: This option doesn't stop MailScanner from > spawning children! Can be combined with -debug. > > These options will just spawn MailScanner as normal, possibly not > forked, but with much more output. This is not the equivalent of > 'spamassassin -D < spammail', because MailScanner in debug mode will > just load the MailScanner.conf that is used in production and start > processing the configured queue directory. There is also no option to > specify some alternative config. Yes there is, just specify the config file on the command line. No switch needed for that. > It's not possible to run it in debug mode while the live mailscanner > processes continue on as normal, nor is it possible to let it process > one mail (or batch) by pointing it to a file (or directory). Yes it is, read the output of "MailScanner --help" before you say things like this :-) > > So my question still stands; is there a way to let MailScanner process > one (batch of) messages in debug mode *without* having it affect the > running (live) mailscanner process? Yes, just run it with --debug. It will not affect the live MailScanner process at all. I do it all the time. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From infernix at infernix.net Tue May 5 12:29:41 2009 From: infernix at infernix.net (infernix) Date: Tue May 5 12:30:01 2009 Subject: Measuring the time it takes to process one message or batch In-Reply-To: References: <49FF84B6.7060901@infernix.net> <49FFF521.5030303@ecs.soton.ac.uk> <4A001C12.5080001@infernix.net> <4A001E5F.5060900@ecs.soton.ac.uk> Message-ID: <4A002325.50903@infernix.net> Julian Field wrote: > Yes it is, read the output of "MailScanner --help" before you say things > like this :-) >> So my question still stands; is there a way to let MailScanner process >> one (batch of) messages in debug mode *without* having it affect the >> running (live) mailscanner process? > Yes, just run it with --debug. It will not affect the live MailScanner > process at all. I do it all the time. My apologies, i was looking at the Debian manpage and it was missing some of the options that show up with --help. Won't happen again :) From correo at miguelangelnieto.net Tue May 5 12:34:18 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Tue May 5 13:09:13 2009 Subject: mailscanner whitelist (SQLWhitelist) Message-ID: <1241523258.2761.5.camel@miguel.irontec.com> Hi, I have the whitelists configured with MailWatch: Is Definitely Not Spam = &SQLWhitelist Mailscanner reads the whitelist: May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 whitelist entries But Mailscanner scans the message with Spamassassin, and It shouldn't happen. What i'm doing wrong? Thank you. Mailscanner version: 4.55.10-3 From simonmjones at gmail.com Tue May 5 13:17:16 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 13:17:24 2009 Subject: leaky gateway Message-ID: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> Hi folks, I'm running a distributed system, one of the gateways seems to have sprung a leek though and is letting some spam through which is being caught on the other systems. I copied the config files between the systems to ensure consistancy when the systems were built so I'm wondering if it could be some other weakness I haven't considered, perhaps a time-out or setitng which causes the messages to be sent through unscanned or part scanned perhaps? I'm using mailwatch too and can see the scores in the message headers, an example of one is below; thanks for any help or suggestions you may offer, 2.44 Spam Report: Score Matching Rule Description cached score=2.441 3 required autolearn=disabled 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area 0.00 HTML_MESSAGE HTML included in message 1.67 MIME_HTML_ONLY Message only has text/html MIME parts 0.10 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS From maxsec at gmail.com Tue May 5 13:33:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 5 13:33:51 2009 Subject: leaky gateway In-Reply-To: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> References: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> Message-ID: <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> Simonthe cached here means it's already seen it and scored it 'low'. Try removing the spamassassin cache and restarting mailscanner in the system. http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin NB I'd say 3 a little low for a 'low spam threshold' anyway, you're quite likely to hit alot of ham. I'd look at what rulesets you've got and see if iXhasf and the sought ruleset (and others) help 2009/5/5 Simon Jones > Hi folks, > > I'm running a distributed system, one of the gateways seems to have > sprung a leek though and is letting some spam through which is being > caught on the other systems. I copied the config files between the > systems to ensure consistancy when the systems were built so I'm > wondering if it could be some other weakness I haven't considered, > perhaps a time-out or setitng which causes the messages to be sent > through unscanned or part scanned perhaps? I'm using mailwatch too > and can see the scores in the message headers, an example of one is > below; > > thanks for any help or suggestions you may offer, > > 2.44 > Spam Report: Score Matching Rule Description > cached > score=2.441 > 3 required > autolearn=disabled > 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d > 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area > 0.00 HTML_MESSAGE HTML included in message > 1.67 MIME_HTML_ONLY Message only has text/html MIME parts > 0.10 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking > rDNS > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/912cb363/attachment.html From simonmjones at gmail.com Tue May 5 13:40:46 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 13:40:54 2009 Subject: leaky gateway In-Reply-To: <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> References: <70572c510905050517m4733277dgf72161d53b4bb091@mail.gmail.com> <72cf361e0905050533h1a14ee0blf7aec99ec42168a6@mail.gmail.com> Message-ID: <70572c510905050540s723c9b80h8a9c7b35192892bd@mail.gmail.com> 2009/5/5 Martin Hepworth : > Simon > the cached here means it's already seen it and scored it 'low'. Try removing > the spamassassin cache and restarting mailscanner in the system. > > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin > > > NB I'd say 3 a little low for a 'low spam threshold' anyway, you're quite > likely to hit alot of ham. I'd look at what rulesets you've got and see if > iXhasf and the sought ruleset (and others) help > > 2009/5/5 Simon Jones >> >> Hi folks, >> >> I'm running a distributed system, one of the gateways seems to have >> sprung a leek though and is letting some spam through which is being >> caught on the other systems. ?I copied the config files between the >> systems to ensure consistancy when the systems were built so I'm >> wondering if it could be some other weakness I haven't considered, >> perhaps a time-out or setitng which causes the messages to be sent >> through unscanned or part scanned perhaps? ?I'm using mailwatch too >> and can see the scores in the message headers, an example of one is >> below; >> >> thanks for any help or suggestions you may offer, >> >> 2.44 >> Spam Report: Score Matching Rule Description >> ?cached >> ?score=2.441 >> 3 required >> ?autolearn=disabled >> 0.50 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d >> 0.17 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area >> 0.00 HTML_MESSAGE HTML included in message >> 1.67 MIME_HTML_ONLY Message only has text/html MIME parts >> 0.10 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > thanks Martin, I'll give that a go, would never have thought of it! From eli at orbsky.homelinux.org Tue May 5 13:36:35 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 13:48:24 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> Message-ID: <200905051536.36288.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > > On 05/05/2009 11:12, Eli Wapniarski wrote: > > On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > > > >> On 05/05/2009 08:41, Eli Wapniarski wrote: > >> > >>> One more query. > >>> > >>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > >>> > >>> > >>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > >>>> > >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>> > >>> > >>> Processing files: perl-IO-1.2301-4-noarch > >>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > >>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > >>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>> error: Arch dependent binaries in noarch package > >>> > >>> > >>> RPM build errors: > >>> Arch dependent binaries in noarch package > >>> > >>> > >>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > >>> > >>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > >>> > >>> So I guess in the end I'm asking why not remove the > >>> > >>> BuildArch: noarch > >>> > >>> from the spec file? > >>> > >> I can't remove it altogether, as the BuildArch selects where the RPM > >> file is put, which I need to know to be able to install it. > >> > > I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > > > That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it > puts it in /root/rpmbuild/RPMS/ directory, where is the > BuildArch. If I don't specify it, then I don't know where it put the > final RPM that I'm trying to install! > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however On my x86_64 platform rpm --showrc | grep "build arch" shows build arch : x86_64 compatible build archs: x86_64 noarch and on my i686 system build arch : i386 compatible build archs: i686 i586 i486 i386 noarch fat Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Tue May 5 13:50:57 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue May 5 13:51:08 2009 Subject: filename rules In-Reply-To: References: Message-ID: <4A003631.5070507@USherbrooke.ca> Jan Agermose a ?crit : > > hi > > > > we see a few messages like this: > > > > The virus detector said this about the message: > Report: Report: MailScanner: Attempt to hide real filename extension > (invoice 657 L%F8.pdf) > > > > > > because people are using the dainsh chars ??? in the filenames - Im > guessing other languages have the samme issues when people are > attaching documents that are using special hars not in > > > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > > > I would like to say "yea but its simply not allowed in the mail > standard" - but im not even sure if its true or if its just an old > rule not updated now that its 2009 and unicode or what ever. > > > > I dont actually see how it would hit this rule as there is only one \. > in the filename and the rule seams to need two \. to hit... But I dont > find any other rules having the response "Attempt to hide real > filename extension". > > > > > Jan, I doubt this is the rule that matched (unless the filename you provided isn't complete because it was sanitized). You are right about the 2 \. This rule wants to deny files such as filename.pdf.exe. I disabled this rule a long while ago. I have never permitted EXE|COM|REG|BAT and many other dangerous file extensions anyways. Maybe the filetype rules got involved instead? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Tue May 5 13:55:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 5 13:55:57 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051536.36288.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A001DD4.5050303@ecs.soton.ac.uk> <200905051536.36288.eli@orbsky.homelinux.org> <4A003739.6080600@ecs.soton.ac.uk> Message-ID: On 05/05/2009 13:36, Eli Wapniarski wrote: > On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > >> On 05/05/2009 11:12, Eli Wapniarski wrote: >> >>> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: >>> >>> >>>> On 05/05/2009 08:41, Eli Wapniarski wrote: >>>> >>>> >>>>> One more query. >>>>> >>>>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. >>>>> >>>>> >>>>> >>>>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads >>>>>> >>>>>> >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>>>> >>>>> >>>>> Processing files: perl-IO-1.2301-4-noarch >>>>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 >>>>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) >>>>> error: Arch dependent binaries in noarch package >>>>> >>>>> >>>>> RPM build errors: >>>>> Arch dependent binaries in noarch package >>>>> >>>>> >>>>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. >>>>> >>>>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. >>>>> >>>>> So I guess in the end I'm asking why not remove the >>>>> >>>>> BuildArch: noarch >>>>> >>>>> from the spec file? >>>>> >>>>> >>>> I can't remove it altogether, as the BuildArch selects where the RPM >>>> file is put, which I need to know to be able to install it. >>>> >>>> >>> I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). >>> >>> >> That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it >> puts it in /root/rpmbuild/RPMS/ directory, where is the >> BuildArch. If I don't specify it, then I don't know where it put the >> final RPM that I'm trying to install! >> >> > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however > > On my x86_64 platform > > rpm --showrc | grep "build arch" > > shows > > build arch : x86_64 > compatible build archs: x86_64 noarch > > and on my i686 system > > build arch : i386 > compatible build archs: i686 i586 i486 i386 noarch fat > > Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. > But that does not tell you if it decided to build the rpm with i386/x86_64 or noarch. So it only partially helps. I already work out whether it's i386 or x86_64, I can do that already very easily. What I *don't* know is whether it decided it was a noarch RPM or not. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Tue May 5 14:26:20 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 14:26:40 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <1241523258.2761.5.camel@miguel.irontec.com> References: <1241523258.2761.5.camel@miguel.irontec.com> Message-ID: <4A003E7C.7000000@pacific.net> Miguel Angel Nieto wrote: > Hi, > > I have the whitelists configured with MailWatch: > > Is Definitely Not Spam = &SQLWhitelist > > Mailscanner reads the whitelist: > > May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time > reached > May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL Whitelist > May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 whitelist entries > > But Mailscanner scans the message with Spamassassin, and It shouldn't > happen. > > What i'm doing wrong? Nothing. That is normal behavior. Whitelisting does not exclude a message from SA scanning. It doesn't apply the MailScanner SA rules to the message, so even if it scores above your 'high' threshold, it will not be spam tagged or quarantined or whatever. If you want to exclude a message from scanning, you need to use the "Use SpamAssassin" instead, or even "Spam Checks". Read the config file. Ken > > Thank you. > > Mailscanner version: 4.55.10-3 > -- Ken Anderson Pacific Internet - http://www.pacific.net From eli at orbsky.homelinux.org Tue May 5 14:29:28 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 14:29:52 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A003739.6080600@ecs.soton.ac.uk> Message-ID: <200905051629.28486.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 15:55:21 Julian Field wrote: > > On 05/05/2009 13:36, Eli Wapniarski wrote: > > On Tuesday 05 May 2009 14:07:00 Julian Field wrote: > > > >> On 05/05/2009 11:12, Eli Wapniarski wrote: > >> > >>> On Tuesday 05 May 2009 11:15:39 Julian Field wrote: > >>> > >>> > >>>> On 05/05/2009 08:41, Eli Wapniarski wrote: > >>>> > >>>> > >>>>> One more query. > >>>>> > >>>>> One thing I don't understand, is the use of the BuildArch: parameter in the spec file. > >>>>> > >>>>> > >>>>> > >>>>>> From my understanding... rpm will automatically figure out the platform that a package is being built for. I get similar output for serveral packages when building on my server. One of things that you will notice is that there is a line that reads > >>>>>> > >>>>>> > >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>>>> > >>>>> > >>>>> Processing files: perl-IO-1.2301-4-noarch > >>>>> Provides: IO.so()(64bit) perl(IO) = 1.23 perl(IO::Dir) = 1.06 perl(IO::File) = 1.14 perl(IO::Handle) = 1.27 perl(IO::Pipe) = 1.13 perl(IO::Pipe::End) perl(IO::Poll) = 0.07 perl(IO::Seekable) = 1.10 perl(IO::Select) = 1.17 perl(IO::Socket) = 1.30 perl(IO::Socket::INET) = 1.31 perl(IO::Socket::UNIX) = 1.23 > >>>>> Requires(rpmlib): rpmlib(CompressedFileNames)<= 3.0.4-1 rpmlib(PayloadFilesHavePrefix)<= 4.0-1 rpmlib(VersionedDependencies)<= 3.0.3-1 > >>>>> Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH) > >>>>> error: Arch dependent binaries in noarch package > >>>>> > >>>>> > >>>>> RPM build errors: > >>>>> Arch dependent binaries in noarch package > >>>>> > >>>>> > >>>>> Please correct me where appropriate. I am only trying to gain a better understanding as to what's involved in the packaging and rebuilding. > >>>>> > >>>>> So... from what I'm reading the error being generated is correct in that libc on 64bit platform can either be the x86_64 library or the i386 library (if the i386 support files are included). Be that as it may, on my x86_64 bit platform I only want to compile and rebuild 64bit libraries (perl modules included). From my understanding Mailscanner itself is platform agnostic in that it is a script and will run properly if the environment variables are set correctly. > >>>>> > >>>>> So I guess in the end I'm asking why not remove the > >>>>> > >>>>> BuildArch: noarch > >>>>> > >>>>> from the spec file? > >>>>> > >>>>> > >>>> I can't remove it altogether, as the BuildArch selects where the RPM > >>>> file is put, which I need to know to be able to install it. > >>>> > >>>> > >>> I think that rpm takes care of it. In that without the BuildArch, Using the %{libdir} macorw would install perl libraries in /usr/lib64 on 64bit platforms and /usr/lib on 32bit platforms. You shouldn't have to worry about this sort of thing (I think). > >>> > >>> > >> That's not the issue. When you do a "rpmbuild --rebuild" on the SRPM, it > >> puts it in /root/rpmbuild/RPMS/ directory, where is the > >> BuildArch. If I don't specify it, then I don't know where it put the > >> final RPM that I'm trying to install! > >> > >> > > Actually.... I've just done some research on this and as a matter of fact you do. Now I'm not trying to be a smart aleck. Cause I am by no stretch of the imagination an expert with regular expressions, however > > > > On my x86_64 platform > > > > rpm --showrc | grep "build arch" > > > > shows > > > > build arch : x86_64 > > compatible build archs: x86_64 noarch > > > > and on my i686 system > > > > build arch : i386 > > compatible build archs: i686 i586 i486 i386 noarch fat > > > > Now, it would seem to me (if you had the time of course) that if you could parse out the "build arch" line, you would know where the rpms are being built and you can have your script install the files where required. > > > But that does not tell you if it decided to build the rpm with > i386/x86_64 or noarch. So it only partially helps. I already work out > whether it's i386 or x86_64, I can do that already very easily. What I > *don't* know is whether it decided it was a noarch RPM or not. > I don't believe that you need to worry about it. The packages will be built in the directory build arch is configured for by the distro. (ie /root/rpmbuild/RPMS/x86_64, or /root/rpmbuild/RPMS/i386 or /root/rpmbuild/RPMS/i586. no arch is not required and confusing. I'm assuming that you're worried about running the rpm -Uvh / -ivh package command. Like I said I'm not trying to be too smart but, with the right regular expression you could grep "build arch" into a variable and then you would be able to exec rpm -Uvh /root/rpmbuild/RPMS/BuildArchVariable or however it is that you get the packages installed. That would take care of the issues regarding noarch and arch dependant variables. You then do not need to specify whch arch you are installing on. The system will do that for you. It is probably the shape of things to come for upcoming Redhat and Centos versions and probably anything else that relies on RPM for package management since Fedora is probably the first to incorporate the latest greatest version. Of course, its your baby and your decisions regarding how you wish to build and have MailScanner installed on the system. I am grateful for the insight you have provided. I will personally be doing some additional digging into this. Thank You for this great and wonderful tool. A loyal user. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Tue May 5 15:44:56 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue May 5 15:45:27 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <018501c9c726$a225ca00$0a00080a@gordon> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> Message-ID: <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> 2009/4/27 Gordon Colyn : > Thanks, have implemented these already. ?The issue is not on the load, the > load stays pretty under control. ?I just want to stop accepting mail on the > 1 server so the mails are forced to go to the other servers, i.e. 1000 > messages handled by 4 servers will be quicker than 1000 mails handled by > 1... > milter-limit? http://www.milter.info/sendmail/milter-limit/ this milter responses with a 451 xxxx when the amount of N emails in M time is reached, example when you have recieved 1000 emails in less than 5 minutes sendmail starts answering with 451 (while the 5 minutes are not complete) so the traffic should go away to other box. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary > Pentland > Sent: 27 April 2009 12:47 PM > To: 'MailScanner discussion' > Subject: RE: Stop incoming mail if message queue exceeds set value > > Hi, > > Look here... > > http://www.sendmail.org/m4/tweaking_config.html > > Particularly these... > > confQUEUE_LA QueueLA [varies] Load average at which queue-only function > kicks in. Default values is (8 * numproc) where numproc is the number of > processors online (if that can be determined). > > confREFUSE_LA RefuseLA [varies] Load average at which incoming SMTP > connections are refused. Default values is (12 * numproc) where numproc is > the number of processors online (if that can be determined). > > confDELAY_LA DelayLA [0] Load average at which sendmail will sleep for one > second on most SMTP commands and before accepting connections. 0 means no > limit. > > > But a few others might be of use. ?Be sure you're rejecting invalid > recipients during the SMTP dialouge and not at some stage later. ?It sounds > obvious but can easily be missed and result in 1,000s of messages from a bot > being queued and work being done on them, reject these before you queue > them! > > Regards, > > Gary > > > mailscanner-bounces@lists.mailscanner.info wrote: >> I am running a round robin dns mail solution with 4 mailscanner >> servers accepting mail. ?The problem I am having is that on occasion 1 >> of the servers gets hit with massive volumes over a very short time so >> the queue can grow to 5000+ in a matter of minutes causing mail >> delivery delays on that specific server. ?I would like to be able to >> set a limit on the queue size so that the server stops accepting mail >> until the queue drops below that set value. >> >> I have tried with sendmail creating 2 cf files but can't get it >> working. Does this have to be managed by mailscanner, r can it be done >> in sendmail? >> >> Currently using sendmail-8.14.1 and Mailscanner 4.63.8 >> >> Thanks >> >> >> Gordon Colyn >> Office : 086 123 ITNT (4868) >> Cell : 083 296 7534 >> Fax : 086 520 0885 >> InTheNet Technologies >> www.itnt.co.za >> MSN:gordoncolyn@hotmail.com >> SKYPE:gordoncolyn >> >> Confidentiality: This e-mail including any attachments is intended for >> the above named addressee(s) only and contains confidential >> information. If you have received this email in error you must take no >> action based on its contents, nor must you reproduce or show the >> e-mail or any attachments or any part thereof or communicate the >> contents to anyone; please reply to the sender of this e-mail >> informing them of the error. >> >> Viruses: We recommend that in keeping with good computing practice the >> recipient should ensure that e-mails received are virus free before >> opening. >> >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 4035 (20090425) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4036 (20090427) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ja at conviator.com Tue May 5 16:08:48 2009 From: ja at conviator.com (Jan Agermose) Date: Tue May 5 16:09:57 2009 Subject: filename rules In-Reply-To: <4A003631.5070507@USherbrooke.ca> References: <4A003631.5070507@USherbrooke.ca> Message-ID: Jan Agermose a ?crit : > > hi > > > > we see a few messages like this: > > > > The virus detector said this about the message: > Report: Report: MailScanner: Attempt to hide real filename extension > (invoice 657 L%F8.pdf) > > > > > > because people are using the dainsh chars ??? in the filenames - Im > guessing other languages have the samme issues when people are > attaching documents that are using special hars not in > > > > \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ > > > > I would like to say "yea but its simply not allowed in the mail > standard" - but im not even sure if its true or if its just an old > rule not updated now that its 2009 and unicode or what ever. > > > > I dont actually see how it would hit this rule as there is only one \. > in the filename and the rule seams to need two \. to hit... But I dont > find any other rules having the response "Attempt to hide real > filename extension". > > > > > Jan, I doubt this is the rule that matched (unless the filename you provided isn't complete because it was sanitized). You are right about the 2 \. This rule wants to deny files such as filename.pdf.exe. I disabled this rule a long while ago. I have never permitted EXE|COM|REG|BAT and many other dangerous file extensions anyways. Maybe the filetype rules got involved instead? Denis -- _ HI I was looking at the mail "on disk" and found what might be the real reason why it actually is this rule. Just strange that even mailwatch shows the name of the attachment different than what it seams to really be. Part of the maildump looks like this and this has clearly ".xls.pdf" what would be stopped by the rule. Im just thinking if this rule will actually help anything or just make to much trouble so I should be removed... there are other rules that will take care of .exe and so on and also based on application type - that must be secure or? --Apple-Mail-6--942219872 Content-Disposition: inline; filename*=ISO-8859-1''invoice%20657%20L%F8bekompagniet.xls.pdf Content-Type: application/pdf; x-unix-mode=0644; name="=?ISO-8859-1?Q?invoice_657_L=F8bekompagniet.xls.pdf?=" Content-Transfer-Encoding: base64 From simonmjones at gmail.com Tue May 5 16:14:25 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 16:14:34 2009 Subject: db clean Message-ID: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> what's the best way to reduce the size of the db, currently i have over 6 mil records and the search and stuff is slow as a turd :( i run dbclean.php on a cron but the site of the db, in particular the maillog table are mahoosive... anyone point me to some docs or have any tips? From steve.freegard at fsl.com Tue May 5 16:30:43 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue May 5 16:30:54 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A003E7C.7000000@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> Message-ID: <4A005BA3.8070602@fsl.com> Ken A wrote: > Miguel Angel Nieto wrote: >> Hi, >> >> I have the whitelists configured with MailWatch: >> >> Is Definitely Not Spam = &SQLWhitelist >> >> Mailscanner reads the whitelist: >> >> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >> whitelist entries >> But Mailscanner scans the message with Spamassassin, and It shouldn't >> happen. >> >> What i'm doing wrong? > > Nothing. That is normal behavior. Whitelisting does not exclude a > message from SA scanning. It doesn't apply the MailScanner SA rules to > the message, so even if it scores above your 'high' threshold, it will > not be spam tagged or quarantined or whatever. > > If you want to exclude a message from scanning, you need to use the "Use > SpamAssassin" instead, or even "Spam Checks". Read the config file. > That's not quite correct. Set 'Always Include SpamAssassin Report = No' and MailScanner will not run SA for messages that are whitelisted. Regards, Steve. From maxsec at gmail.com Tue May 5 16:48:43 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 5 16:48:53 2009 Subject: db clean In-Reply-To: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> References: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> Message-ID: <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> more of a mailwatch question, but make sure the db_clean.php is running with the appropriate number of days - you may wish to reduce the default of 60 days down a little (and make sure the require line at the start of the script points to the correct place to start with!) Also make sure the quarantine is cleared out correctly if you're using that in mailscanner (again see the tools dir) 2009/5/5 Simon Jones > what's the best way to reduce the size of the db, currently i have > over 6 mil records and the search and stuff is slow as a turd :( i > run dbclean.php on a cron but the site of the db, in particular the > maillog table are mahoosive... anyone point me to some docs or have > any tips? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/19833297/attachment.html From ka at pacific.net Tue May 5 16:57:04 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 16:57:27 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A005BA3.8070602@fsl.com> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> Message-ID: <4A0061D0.7010306@pacific.net> Steve Freegard wrote: > Ken A wrote: >> Miguel Angel Nieto wrote: >>> Hi, >>> >>> I have the whitelists configured with MailWatch: >>> >>> Is Definitely Not Spam = &SQLWhitelist >>> >>> Mailscanner reads the whitelist: >>> >>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>> whitelist entries >>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>> happen. >>> >>> What i'm doing wrong? >> Nothing. That is normal behavior. Whitelisting does not exclude a >> message from SA scanning. It doesn't apply the MailScanner SA rules to >> the message, so even if it scores above your 'high' threshold, it will >> not be spam tagged or quarantined or whatever. >> >> If you want to exclude a message from scanning, you need to use the "Use >> SpamAssassin" instead, or even "Spam Checks". Read the config file. >> > > That's not quite correct. > > Set 'Always Include SpamAssassin Report = No' and MailScanner will not > run SA for messages that are whitelisted. > > Regards, > Steve. Ah, that's a simpler to change, no ruleset required. Maybe I need to read the config file again. It's been a couple years. :-) Thanks for correcting me. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From simonmjones at gmail.com Tue May 5 17:35:46 2009 From: simonmjones at gmail.com (Simon Jones) Date: Tue May 5 17:35:55 2009 Subject: db clean In-Reply-To: <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> References: <70572c510905050814od796c31o498fc81f67ce99d@mail.gmail.com> <72cf361e0905050848y51d31b1dk410936296b0ef26a@mail.gmail.com> Message-ID: <70572c510905050935o790c39d6t7c9d699b831cda0a@mail.gmail.com> 2009/5/5 Martin Hepworth : > more of a mailwatch question, but make sure the db_clean.php is running with > the appropriate number of days - you may wish to reduce the default of 60 > days down a little (and make sure the require line at the start of the > script points to the correct place to start with!) > > Also make sure the quarantine is cleared out correctly if you're using that > in mailscanner (again see the tools dir) > 2009/5/5 Simon Jones >> >> what's the best way to reduce the size of the db, currently i have >> over 6 mil records and the search and stuff is slow as a turd :( ?i >> run dbclean.php on a cron but the site of the db, in particular the >> maillog table are mahoosive... ?anyone point me to some docs or have >> any tips? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > thanks Martin, apologies for wrong list posting. i have days to keep set at 15 and i run a seperate db server so there's no quatantine_maint to run as it doesn't process mail and it seems to point to the correct functions.php location. From paul.lemmons at tmcaz.com Tue May 5 18:44:49 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 18:45:02 2009 Subject: filetype rules and pptx files Message-ID: <4A007B11.5030700@tmcaz.com> Our CIO (of all people) is trying to send a PowerPoint 2007 document and it is getting rejected. It turns out that the .pptx file is really a zip archive and within that archive there is a file named "0000.dat" which is getting identified as a DOS executable. When I extract the file and run the file command against it I get the following: $ file 0000.dat 0000.dat: DOS executable (device driver) for DOS $ file -i 0000.dat 0000.dat: text/plain charset=iso-8859-1 When I look at the file itself, it appears to be a bunch of binary zeros. I have tried to to add the following line to the filetypes.rules file: allow - text\/plain - - allow - text/plain - - with no success. I also tried adding the following line to the filenames.rules file: allow \.dat$ - - with no success. And to save time on an obvious question or two, Yes, I am using tabs between fields and Yes I am restarting MailScanner after an update. I am hoping that it is something very simple that I am missing. Any assistance would be greatly appreciated. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/352a4b21/smime-0001.bin From steve.freegard at fsl.com Tue May 5 18:50:25 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue May 5 18:50:35 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A0061D0.7010306@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: <4A007C61.1050609@fsl.com> Ken A wrote: > Steve Freegard wrote: >> Ken A wrote: >>> Miguel Angel Nieto wrote: >>>> Hi, >>>> >>>> I have the whitelists configured with MailWatch: >>>> >>>> Is Definitely Not Spam = &SQLWhitelist >>>> >>>> Mailscanner reads the whitelist: >>>> >>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>> whitelist entries >>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>> happen. >>>> >>>> What i'm doing wrong? >>> Nothing. That is normal behavior. Whitelisting does not exclude a >>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>> the message, so even if it scores above your 'high' threshold, it will >>> not be spam tagged or quarantined or whatever. >>> >>> If you want to exclude a message from scanning, you need to use the "Use >>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>> >> >> That's not quite correct. >> >> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >> run SA for messages that are whitelisted. >> >> Regards, >> Steve. > > Ah, that's a simpler to change, no ruleset required. Maybe I need to > read the config file again. It's been a couple years. :-) > Thanks for correcting me. No problem; it's actually not clear in the docs in MailScanner.conf what effect this option can have - it's from bitter experience and reading the code that I know about this behaviour. I always disable this option on sites that are struggling with load issues as it almost always helps. Cheers, Steve. From paul.lemmons at tmcaz.com Tue May 5 18:55:43 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 18:55:55 2009 Subject: Validating Email addresses Message-ID: <4A007D9F.7090403@tmcaz.com> We are getting a great deal of Spam bypassing both Postini and Mail Scanner due to a discrepancy between how these two products define an email address and the way Exchange does. The two scanning products recognize emails with a pipe character "|" at the beginning of the address as both valid and part of the email address. I believe this is in line with the email standards. Exchange, othe the other hand simply ignores the character. So a message sent to me@mydom.com and |me@mydom.com are seen as two different addresses by the scanning systems and as a single address by Exchange. I have tried with minimal success to check for the pipe using sendmail rules. I have it stopped but it is stopping more than it should. I would like to stop it with MailScanner. I have tried what appears to be obvious to me but so far I have not hit upon the magic combination of options to make this work. Has anyone else encountered this situation and come up with a solution? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/36dcb565/smime.bin From mark at msapiro.net Tue May 5 19:10:44 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue May 5 19:33:20 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <49FF5830.1050802@tecnoera.com> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> Message-ID: <20090505181044.GA384@msapiro> On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: > > now I have this: > May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the > processing-messages database > May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the > processing-messages database > May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the > processing-messages database When a child processes a batch, do you see log messages similar to May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database I.e. does the child say it deleted the messages from the processing-database, and if not are there other messages to indicate why not? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From eli at orbsky.homelinux.org Tue May 5 21:10:41 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 21:11:08 2009 Subject: Validating Email addresses In-Reply-To: <4A007D9F.7090403@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> Message-ID: <200905052310.41338.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: > We are getting a great deal of Spam bypassing both Postini and Mail > Scanner due to a discrepancy between how these two products define an > email address and the way Exchange does. The two scanning products > recognize emails with a pipe character "|" at the beginning of the > address as both valid and part of the email address. I believe this is > in line with the email standards. Exchange, othe the other hand simply > ignores the character. So a message sent to me@mydom.com and > |me@mydom.com are seen as two different addresses by the scanning > systems and as a single address by Exchange. > > I have tried with minimal success to check for the pipe using sendmail > rules. I have it stopped but it is stopping more than it should. I would > like to stop it with MailScanner. I have tried what appears to be > obvious to me but so far I have not hit upon the magic combination of > options to make this work. Has anyone else encountered this situation > and come up with a solution? > Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: http://www.benzedrine.cx/milter-regex.html It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e LegitimateTo = header /^TO$/i /(\|\|\)/e LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e LegitimateMail = $LegitimateTo or $LegitimateFrom discard not $LegitimateMail discard $IllegitimateTo -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Tue May 5 21:15:27 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Tue May 5 21:15:50 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: <200905052315.27727.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: Why is your cio trying to send a pptx (powerpoint xml) file? Why not send it as a standard ppt file? Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue May 5 21:29:41 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 21:30:01 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A0061D0.7010306@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: on 5-5-2009 8:57 AM Ken A spake the following: > Steve Freegard wrote: >> Ken A wrote: >>> Miguel Angel Nieto wrote: >>>> Hi, >>>> >>>> I have the whitelists configured with MailWatch: >>>> >>>> Is Definitely Not Spam = &SQLWhitelist >>>> >>>> Mailscanner reads the whitelist: >>>> >>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>> whitelist entries >>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>> happen. >>>> >>>> What i'm doing wrong? >>> Nothing. That is normal behavior. Whitelisting does not exclude a >>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>> the message, so even if it scores above your 'high' threshold, it will >>> not be spam tagged or quarantined or whatever. >>> >>> If you want to exclude a message from scanning, you need to use the "Use >>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>> >> >> That's not quite correct. >> >> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >> run SA for messages that are whitelisted. >> >> Regards, >> Steve. > > Ah, that's a simpler to change, no ruleset required. Maybe I need to > read the config file again. It's been a couple years. :-) That's OK, because the version you are running is a couple of years old anyway. It looks to have been written in January of 2006. MailScanner has made some very large strides since then. You might think about upgrading. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/9a102d89/signature.bin From paul.lemmons at tmcaz.com Tue May 5 21:29:59 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Tue May 5 21:30:12 2009 Subject: filetype rules and pptx files In-Reply-To: <200905052315.27727.eli@orbsky.homelinux.org> References: <4A007B11.5030700@tmcaz.com> <200905052315.27727.eli@orbsky.homelinux.org> Message-ID: <4A00A1C7.9090500@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Eli Wapniarski To: "mailscanner@lists.mailscanner.info" Date: 05/05/2009 01:15 PM > On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> > > Why is your cio trying to send a pptx (powerpoint xml) file? Why not send it as a standard ppt file? > > Eli > > And I quote (my CIO)... "...In order to send the file, I have to save it in 93-97 format and resend. A real pain and unnecessary. Please fix so I can send pptx attachments." So, there I am :/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/f021c835/smime.bin From ssilva at sgvwater.com Tue May 5 21:46:06 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 21:46:26 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: on 5-5-2009 10:44 AM Paul Lemmons spake the following: > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: > > $ file 0000.dat > 0000.dat: DOS executable (device driver) for DOS > > $ file -i 0000.dat > 0000.dat: text/plain charset=iso-8859-1 > > When I look at the file itself, it appears to be a bunch of binary zeros. > > I have tried to to add the following line to the filetypes.rules file: > > allow - text\/plain - - > allow - text/plain - - > > with no success. > > I also tried adding the following line to the filenames.rules file: > > allow \.dat$ - - > > with no success. > > And to save time on an obvious question or two, Yes, I am using tabs > between fields and Yes I am restarting MailScanner after an update. > > I am hoping that it is something very simple that I am missing. Any > assistance would be greatly appreciated. > The latest version has some conveniences added for this type of situation. Download, install, and read the changelog, and your life might get easier! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/0b5457cc/signature.bin From steve at fsl.com Tue May 5 21:53:01 2009 From: steve at fsl.com (Stephen Swaney) Date: Tue May 5 21:53:11 2009 Subject: filetype rules and pptx files In-Reply-To: <4A00A1C7.9090500@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> <200905052315.27727.eli@orbsky.homelinux.org> <4A00A1C7.9090500@tmcaz.com> Message-ID: <4A00A72D.2060809@fsl.com> Paul Lemmons wrote: > -------- Original Message -------- > Subject: filetype rules and pptx files > From: Eli Wapniarski > To: "mailscanner@lists.mailscanner.info" > > Date: 05/05/2009 01:15 PM >> On Tuesday 05 May 2009 20:44:49 Paul Lemmons wrote: >> >>> Our CIO (of all people) is trying to send a PowerPoint 2007 document >>> and it is getting rejected. It turns out that the .pptx file is >>> really a zip archive and within that archive there is a file named >>> "0000.dat" which is getting identified as a DOS executable. When I >>> extract the file and run the file command against it I get the >>> following: >>> >> >> Why is your cio trying to send a pptx (powerpoint xml) file? Why not >> send it as a standard ppt file? >> >> Eli >> >> > And I quote (my CIO)... > > "...In order to send the file, I have to save it in 93-97 format and > resend. A real pain and unnecessary. Please fix so I can send pptx > attachments." > > So, there I am :/ Below are the filename rules we install as the default to allow for safe Office 2007 filenames to pass through MailScanner. We've had zero complaints since we started using these rules. DO NOT CUT "N PATE these rules into filename.rules.conf. You'll need to replace some of spaces with tabs for MailScanner to parse the rules. Remember: Syntax for filename.rules.conf rules is four fields: Field one: allow/deny/deny+delete, Field two: regular expression to match Field three: log text to use Field four: user report text. !!!!! NOTE: Fields are separated by TAB characters --- Important!!!!! And below are the rules: # ---- Start the Word 2007 File Type Extensions # ------------------------------------------- # docx - Word 2007 XML Document # docm - Word 2007 XML Macro-Enabled Document # dotx - Word 2007 XML Template # dotm - Word 2007 XML Macro-Enabled Template # Excel 2007 File Type Extension # ------------------------------------------- # xlsx - Excel 2007 XML Workbook # xlsm - Excel 2007 XML Macro-Enabled Workbook # xltx - Excel 2007 XML Template # xltm - Excel 2007 XML Macro-Enabled Template # xlsb - Excel 2007 binary workbook (BIFF12) # xlam - Excel 2007 XML Macro-Enabled Add-In # PowerPoint 2007 File Type Extension # ------------------------------------------- # pptx - PowerPoint 2007 XML Presentation # pptm - PowerPoint 2007 Macro-Enabled XML Presentation # potx - PowerPoint 2007 XML Template # potm - PowerPoint 2007 Macro-Enabled XML Template # ppam - PowerPoint 2007 Macro-Enabled XML Add-In # ppsx - PowerPoint 2007 XML Show # ppsm - PowerPoint 2007 Macro-Enabled XML Show # Word 2007 File Type Extensions # ------------------------------------------- allow \.docx$ Word 2007 XML Document Word 2007 XML Document deny \.docmx$ Word 2007 XML Macro-Enabled Document Word 2007 XML Macro-Enabled Document deny \.dotx$ Word 2007 XML Template Word 2007 XML Template deny \.dotm$ Word 2007 XML Macro-Enabled Template Word 2007 XML Macro-Enabled Template # Excel 2007 File Type Extension # ------------------------------------------- allow \.xlsx$ Excel 2007 XML Workbook Excel 2007 XML Workbook deny \.xlsm$ Excel 2007 XML Macro-Enabled Workbook Excel 2007 XML Macro-Enabled Workbook deny \.xltx$ Excel 2007 XML Template Excel 2007 XML Template deny \.xltm$ Excel 2007 XML Macro-Enabled Template Excel 2007 XML Macro-Enabled Template deny \.xlsb$ Excel 2007 binary workbook Excel 2007 binary workbook deny \.xlam$ Excel 2007 XML Macro-Enabled Add-In Excel 2007 XML Macro-Enabled Add-In # PowerPoint 2007 File Type Extension # ------------------------------------------- allow \.pptx$ PowerPoint 2007 XML Presentation PowerPoint 2007 XML Presentation deny \.pptm$ PowerPoint 2007 Macro-Enabled XML Presentation PowerPoint 2007 Macro-Enabled XML Presentation deny \.potx$ PowerPoint 2007 XML Template PowerPoint 2007 XML Template deny \.potm$ PowerPoint 2007 Macro-Enabled XML Template PowerPoint 2007 Macro-Enabled XML Template deny \.ppam$ PowerPoint 2007 Macro-Enabled XML Add-In PowerPoint 2007 Macro-Enabled XML Add-In deny \.ppsx$ PowerPoint 2007 XML Show PowerPoint 2007 XML Show deny \.ppsm$ PowerPoint 2007 Macro-Enabled XML Show PowerPoint 2007 Macro-Enabled XML Show # ------- End the Office 2007 rules Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available From ka at pacific.net Tue May 5 21:57:23 2009 From: ka at pacific.net (Ken A) Date: Tue May 5 21:57:38 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> Message-ID: <4A00A833.3000706@pacific.net> Scott Silva wrote: > on 5-5-2009 8:57 AM Ken A spake the following: >> Steve Freegard wrote: >>> Ken A wrote: >>>> Miguel Angel Nieto wrote: >>>>> Hi, >>>>> >>>>> I have the whitelists configured with MailWatch: >>>>> >>>>> Is Definitely Not Spam = &SQLWhitelist >>>>> >>>>> Mailscanner reads the whitelist: >>>>> >>>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>>> whitelist entries >>>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>>> happen. >>>>> >>>>> What i'm doing wrong? >>>> Nothing. That is normal behavior. Whitelisting does not exclude a >>>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>>> the message, so even if it scores above your 'high' threshold, it will >>>> not be spam tagged or quarantined or whatever. >>>> >>>> If you want to exclude a message from scanning, you need to use the "Use >>>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>>> >>> That's not quite correct. >>> >>> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >>> run SA for messages that are whitelisted. >>> >>> Regards, >>> Steve. >> Ah, that's a simpler to change, no ruleset required. Maybe I need to >> read the config file again. It's been a couple years. :-) > > That's OK, because the version you are running is a couple of years old > anyway. It looks to have been written in January of 2006. MailScanner has made > some very large strides since then. You might think about upgrading. > > > > um.. no. Not sure where you get that idea. You must have me confused with the person who started the thread. I've done about 25 upgrades since Jan 06. I average about 10 a year, almost keeping pace with Julian. I wish I had more time to do beta testing, but I seem to 'think' I'm going to have more time than I actually do. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From rcooper at dwford.com Tue May 5 22:01:16 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 5 22:01:26 2009 Subject: filetype rules and pptx files In-Reply-To: <4A007B11.5030700@tmcaz.com> References: <4A007B11.5030700@tmcaz.com> Message-ID: <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files > Our CIO (of all people) is trying to send a PowerPoint 2007 document and > it is getting rejected. It turns out that the .pptx file is really a zip > archive and within that archive there is a file named "0000.dat" which > is getting identified as a DOS executable. When I extract the file and > run the file command against it I get the following: > > $ file 0000.dat > 0000.dat: DOS executable (device driver) for DOS > > $ file -i 0000.dat > 0000.dat: text/plain charset=iso-8859-1 > > When I look at the file itself, it appears to be a bunch of binary zeros. > > I have tried to to add the following line to the filetypes.rules file: > > allow - text\/plain - - > allow - text/plain - - > > with no success. > > I also tried adding the following line to the filenames.rules file: > > allow \.dat$ - - > > with no success. > > And to save time on an obvious question or two, Yes, I am using tabs > between fields and Yes I am restarting MailScanner after an update. > > I am hoping that it is something very simple that I am missing. Any > assistance would be greatly appreciated. You are going to have to pass it in the flietype rules as well. And you should be able to handle this failry easily with the latest version of MS and you won't have to allow raw files of this type through. The latest version allows you to apply rules specific to files within archives, and I think even speficy the type of archive to unarchive for checks as well. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jpabuyer at tecnoera.com Tue May 5 22:38:44 2009 From: jpabuyer at tecnoera.com (Juan Pablo Abuyeres) Date: Tue May 5 22:39:01 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <20090505181044.GA384@msapiro> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <20090505181044.GA384@msapiro> Message-ID: <4A00B1E4.6040207@tecnoera.com> I had this feature disabled. Now I re-enabled it to see what happens: I see messages like these: May 5 17:29:41 anubis MailScanner[30612]: Connected to processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Using locktype = flock May 5 17:30:12 anubis MailScanner[30612]: New Batch: Found 141 messages waiting May 5 17:30:12 anubis MailScanner[30612]: New Batch: Scanning 3 messages, 828769 bytes ... May 5 17:30:34 anubis MailScanner[30612]: Requeue: 933CB39DEA6.A75E7 to 0ED7239CC08 May 5 17:30:34 anubis MailScanner[30612]: Uninfected: Delivered 2 messages May 5 17:30:35 anubis MailScanner[30612]: Deleted 3 messages from processing-database May 5 17:30:35 anubis MailScanner[30612]: Batch completed at 35483 bytes per second (828769 / 23) May 5 17:30:35 anubis MailScanner[30612]: Batch (3 messages) processed in 23.36 seconds But the number of messages in the processing messages database is increasing. Although sometimes it decreses. It's like it is deleting some messages, but not all of them. May 5 17:29:00 anubis MailScanner[29799]: Found 112 messages in the processing-messages database May 5 17:29:13 anubis MailScanner[30022]: Found 110 messages in the processing-messages database May 5 17:29:16 anubis MailScanner[30139]: Found 106 messages in the processing-messages database May 5 17:29:21 anubis MailScanner[30259]: Found 97 messages in the processing-messages database May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the processing-messages database ... May 5 17:35:31 anubis MailScanner[7161]: Found 154 messages in the processing-messages database JP Mark Sapiro wrote: > On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: > >> now I have this: >> May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the >> processing-messages database >> May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the >> processing-messages database >> May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the >> processing-messages database >> > > > > When a child processes a batch, do you see log messages similar to > > May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes > May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages > May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database > > I.e. does the child say it deleted the messages from the > processing-database, and if not are there other messages to indicate > why not? > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/74e60ec4/attachment.html From ssilva at sgvwater.com Tue May 5 23:03:14 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 5 23:03:36 2009 Subject: mailscanner whitelist (SQLWhitelist) In-Reply-To: <4A00A833.3000706@pacific.net> References: <1241523258.2761.5.camel@miguel.irontec.com> <4A003E7C.7000000@pacific.net> <4A005BA3.8070602@fsl.com> <4A0061D0.7010306@pacific.net> <4A00A833.3000706@pacific.net> Message-ID: on 5-5-2009 1:57 PM Ken A spake the following: > Scott Silva wrote: >> on 5-5-2009 8:57 AM Ken A spake the following: >>> Steve Freegard wrote: >>>> Ken A wrote: >>>>> Miguel Angel Nieto wrote: >>>>>> Hi, >>>>>> >>>>>> I have the whitelists configured with MailWatch: >>>>>> >>>>>> Is Definitely Not Spam = &SQLWhitelist >>>>>> >>>>>> Mailscanner reads the whitelist: >>>>>> >>>>>> May 5 13:57:16 eksmtp01 MailScanner[26158]: Whitelist refresh time >>>>>> reached May 5 13:57:16 eksmtp01 MailScanner[26158]: Starting up SQL >>>>>> Whitelist May 5 13:57:16 eksmtp01 MailScanner[26158]: Read 89 >>>>>> whitelist entries >>>>>> But Mailscanner scans the message with Spamassassin, and It shouldn't >>>>>> happen. >>>>>> >>>>>> What i'm doing wrong? >>>>> Nothing. That is normal behavior. Whitelisting does not exclude a >>>>> message from SA scanning. It doesn't apply the MailScanner SA rules to >>>>> the message, so even if it scores above your 'high' threshold, it will >>>>> not be spam tagged or quarantined or whatever. >>>>> >>>>> If you want to exclude a message from scanning, you need to use the >>>>> "Use >>>>> SpamAssassin" instead, or even "Spam Checks". Read the config file. >>>>> >>>> That's not quite correct. >>>> >>>> Set 'Always Include SpamAssassin Report = No' and MailScanner will not >>>> run SA for messages that are whitelisted. >>>> >>>> Regards, >>>> Steve. >>> Ah, that's a simpler to change, no ruleset required. Maybe I need to >>> read the config file again. It's been a couple years. :-) >> >> That's OK, because the version you are running is a couple of years old >> anyway. It looks to have been written in January of 2006. MailScanner >> has made >> some very large strides since then. You might think about upgrading. >> >> >> >> > > um.. no. Not sure where you get that idea. You must have me confused > with the person who started the thread. > > I've done about 25 upgrades since Jan 06. I average about 10 a year, > almost keeping pace with Julian. I wish I had more time to do beta > testing, but I seem to 'think' I'm going to have more time than I > actually do. > > Ken > Sorry, I must have replied to the wrong message. That is what I get for having 2 monitors running full of help sessions and message threads. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/2fe7cb15/signature.bin From mrm at quantumcc.com Tue May 5 23:38:34 2009 From: mrm at quantumcc.com (Mike M) Date: Tue May 5 23:38:51 2009 Subject: Too Large or Too small or neither????? Message-ID: After updating to 4.76.23 from 4.74 today I had some users complain about not getting some messages. Here is a portion of the error they get: ---------------------------------------------------------------------- The original e-mail message, or an attachment it contained, was too large and has been removed. At Tue May 5 13:15:51 2009 the content filters said: MailScanner: Attachment is too small --------- All of the messages I've looked at with this problem appear to have both text and html versions. There's an example of a quarantined message at: http://pastebin.com/dc6ed9a1 If it would be helpful to see the qf file just let me know. I have changed the min attachment size from 1 to 0 for now so that hopefully these messages can go through, but I don't know what it is about these html emails that is triggering the attachment size filter. Oh and MailScanner --lint shows no errors. Any clues?? Mike From alex at rtpty.com Tue May 5 23:57:31 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 5 23:57:41 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> Message-ID: <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> > > > milter-limit? http://www.milter.info/sendmail/milter-limit/ this > milter responses with a 451 xxxx when the amount of N emails in M time > is reached, example when you have recieved 1000 emails in less than 5 > minutes sendmail starts answering with 451 (while the 5 minutes are > not complete) so the traffic should go away to other box. > > You have to take into account some broken mailservers will treat this as undeliverable and some others (broken in different ways) will take a long time to retry using the next server. You should keep an eye out for the possibility, even though it is remote. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090505/df160e70/attachment.html From ecasarero at gmail.com Wed May 6 03:40:48 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed May 6 03:41:13 2009 Subject: Stop incoming mail if message queue exceeds set value In-Reply-To: <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> References: <018101c9c723$46c9c1a0$0a00080a@gordon> <018501c9c726$a225ca00$0a00080a@gordon> <7d9b3cf20905050744n10853d38sf49fe265be5f5f54@mail.gmail.com> <24e3d2e40905051557q85371abs320e8e2a976435b@mail.gmail.com> Message-ID: <7d9b3cf20905051940w11617188gaf7bdafe9788cd06@mail.gmail.com> 2009/5/5 Alex Neuman : > >> >> >> milter-limit? http://www.milter.info/sendmail/milter-limit/ this >> milter responses with a 451 xxxx when the amount of N emails in M time >> is reached, example when you have recieved 1000 emails in less than 5 >> minutes sendmail starts answering with 451 (while the 5 minutes are >> not complete) so the traffic should go away to other box. >> > You have to take into account some broken mailservers will treat this as > undeliverable and some others (broken in different ways) will take a long > time to retry using the next server. You should keep an eye out for the > possibility, even though it is remote. > i'm actually using milter-greylisting, in fact i did have problems in the past with bugged Exchange's (just a couple) now a days i have no complies, In my setup i apply limits per to_address, no to_domain. > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Wed May 6 09:54:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:54:50 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <4A015044.2010903@ecs.soton.ac.uk> Message-ID: On 05/05/2009 21:46, Scott Silva wrote: > on 5-5-2009 10:44 AM Paul Lemmons spake the following: > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> >> $ file 0000.dat >> 0000.dat: DOS executable (device driver) for DOS >> >> $ file -i 0000.dat >> 0000.dat: text/plain charset=iso-8859-1 >> >> When I look at the file itself, it appears to be a bunch of binary zeros. >> >> I have tried to to add the following line to the filetypes.rules file: >> >> allow - text\/plain - - >> allow - text/plain - - >> >> with no success. >> >> I also tried adding the following line to the filenames.rules file: >> >> allow \.dat$ - - >> >> with no success. >> >> And to save time on an obvious question or two, Yes, I am using tabs >> between fields and Yes I am restarting MailScanner after an update. >> >> I am hoping that it is something very simple that I am missing. Any >> assistance would be greatly appreciated. >> >> > The latest version has some conveniences added for this type of situation. > Download, install, and read the changelog, and your life might get easier! > > Yes, you want the latest release with a filetype rule allowing executables in archives, *or else* Use the MIME type of the 0000.dat file and put in a line allowing that in the normal filetype.rules.conf, but read the stuff at the top of the file on how to specify the MIME type of the file, and put the rule above the line that denies executables. "file -i" which works out the MIME type, often produces different results from "file" which is what is normally used. The filetype.rules.conf file allows you to specify the MIME type instead of the keywords to look for in the output of the "file" command, read the docs. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 09:57:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:57:33 2009 Subject: Validating Email addresses In-Reply-To: <4A007D9F.7090403@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> Message-ID: On 05/05/2009 18:55, Paul Lemmons wrote: > We are getting a great deal of Spam bypassing both Postini and Mail > Scanner due to a discrepancy between how these two products define an > email address and the way Exchange does. The two scanning products > recognize emails with a pipe character "|" at the beginning of the > address as both valid and part of the email address. I believe this is > in line with the email standards. Exchange, othe the other hand simply > ignores the character. So a message sent to me@mydom.com and > |me@mydom.com are seen as two different addresses by the scanning > systems and as a single address by Exchange. Set "Reject Messages" to point to a ruleset, and have a ruleset that looks roughly like this: FromOrTo: /^\|/ yes FromOrTo: default no and MailScanner will reject messages coming from or going to an address starting with a pipe character. Simple as that. Remember to "service MailScanner reload" after changing the ruleset and MailScanner.conf file. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 09:58:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 09:59:06 2009 Subject: filetype rules and pptx files In-Reply-To: <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> References: <4A007B11.5030700@tmcaz.com> <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> <4A015140.1060302@ecs.soton.ac.uk> Message-ID: On 05/05/2009 22:01, Rick Cooper wrote: > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: > mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files > > >> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >> it is getting rejected. It turns out that the .pptx file is really a zip >> archive and within that archive there is a file named "0000.dat" which >> is getting identified as a DOS executable. When I extract the file and >> run the file command against it I get the following: >> >> $ file 0000.dat >> 0000.dat: DOS executable (device driver) for DOS >> >> $ file -i 0000.dat >> 0000.dat: text/plain charset=iso-8859-1 >> >> When I look at the file itself, it appears to be a bunch of binary zeros. >> >> I have tried to to add the following line to the filetypes.rules file: >> >> allow - text\/plain - - >> allow - text/plain - - >> >> with no success. >> >> I also tried adding the following line to the filenames.rules file: >> >> allow \.dat$ - - >> >> with no success. >> >> And to save time on an obvious question or two, Yes, I am using tabs >> between fields and Yes I am restarting MailScanner after an update. >> >> I am hoping that it is something very simple that I am missing. Any >> assistance would be greatly appreciated. >> > You are going to have to pass it in the flietype rules as well. And you > should be able to handle this failry easily with the latest version of MS > and you won't have to allow raw files of this type through. The latest > version allows you to apply rules specific to files within archives, and I > think even speficy the type of archive to unarchive for checks as well. > Correct. But give the MIME type stuff a go as well, as "file -i" may produce a very different answer for your 0000.dat file from the output of the plain "file" command with no "-i". Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 10:01:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 10:01:29 2009 Subject: Found nn messages in the processing-messages database In-Reply-To: <4A00B1E4.6040207@tecnoera.com> References: <0AB07A9761FC416C93EF8A3A052A0B8D@SUPPORT01V> <49FF5830.1050802@tecnoera.com> <20090505181044.GA384@msapiro> <4A00B1E4.6040207@tecnoera.com> <4A0151D3.8060808@ecs.soton.ac.uk> Message-ID: You can only accurately see if there any messages abandoned by letting a) MailScanner stop nicely or b) wait until there are no messages outstanding in your queue and all batches of messages still being processed have been delivered. Or else it will report the number of messages being processed by the sum of all the other MailScanner children, which may be quite a large number. Also make sure you are running the latest stable release as earlier releases had a problem with the number not going down properly on Postfix systems. On 05/05/2009 22:38, Juan Pablo Abuyeres wrote: > I had this feature disabled. Now I re-enabled it to see what happens: > > I see messages like these: > > May 5 17:29:41 anubis MailScanner[30612]: Connected to > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Using locktype = flock > May 5 17:30:12 anubis MailScanner[30612]: New Batch: Found 141 > messages waiting > May 5 17:30:12 anubis MailScanner[30612]: New Batch: Scanning 3 > messages, 828769 bytes > ... > May 5 17:30:34 anubis MailScanner[30612]: Requeue: 933CB39DEA6.A75E7 > to 0ED7239CC08 > May 5 17:30:34 anubis MailScanner[30612]: Uninfected: Delivered 2 > messages > May 5 17:30:35 anubis MailScanner[30612]: Deleted 3 messages from > processing-database > May 5 17:30:35 anubis MailScanner[30612]: Batch completed at 35483 > bytes per second (828769 / 23) > May 5 17:30:35 anubis MailScanner[30612]: Batch (3 messages) > processed in 23.36 seconds > > But the number of messages in the processing messages database is > increasing. Although sometimes it decreses. It's like it is deleting > some messages, but not all of them. > > May 5 17:29:00 anubis MailScanner[29799]: Found 112 messages in the > processing-messages database > May 5 17:29:13 anubis MailScanner[30022]: Found 110 messages in the > processing-messages database > May 5 17:29:16 anubis MailScanner[30139]: Found 106 messages in the > processing-messages database > May 5 17:29:21 anubis MailScanner[30259]: Found 97 messages in the > processing-messages database > May 5 17:29:41 anubis MailScanner[30612]: Found 107 messages in the > processing-messages database > ... > May 5 17:35:31 anubis MailScanner[7161]: Found 154 messages in the > processing-messages database > > > JP > > Mark Sapiro wrote: >> On Mon, May 04, 2009 at 05:03:44PM -0400, Juan Pablo Abuyeres wrote: >> >>> now I have this: >>> May 4 16:54:36 anubis MailScanner[1868]: Found 887 messages in the >>> processing-messages database >>> May 4 16:55:15 anubis MailScanner[3072]: Found 905 messages in the >>> processing-messages database >>> May 4 16:55:17 anubis MailScanner[3217]: Found 906 messages in the >>> processing-messages database >>> >> >> >> >> When a child processes a batch, do you see log messages similar to >> >> May 5 09:51:42 sbh16 MailScanner[23758]: New Batch: Scanning 2 messages, 6276 bytes >> May 5 09:51:46 sbh16 MailScanner[23758]: Uninfected: Delivered 2 messages >> May 5 09:51:46 sbh16 MailScanner[23758]: Deleted 2 messages from processing-database >> >> I.e. does the child say it deleted the messages from the >> processing-database, and if not are there other messages to indicate >> why not? >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 10:57:17 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 10:57:45 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905051629.28486.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <200905051629.28486.eli@orbsky.homelinux.org> Message-ID: <200905061257.17355.eli@orbsky.homelinux.org> Hi Julian If this is getting annoynig please forgive me. Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. My request would be to please indicate what problems would crop up with the procedure as outlined. Once again thanks for any insight you would be willing to provide. Sincerely Eli Wapniarski ----------------------------------------- DISCOVERING DEFAULT BUILD ARCH ------------------------------------------ With rpm there is a default build arch. You can discover what that is and isolate it by running. rpm --showrc | awk '/^build arch/ {print $NF}' so.... rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') echo rpmBuildArch will produce x86_64 or i386 or i586 depending on the default value. -------------------------------------------------------- REBUILDING RPMs USING THE DEFAULT BUILD ARCH -------------------------------------------------------- (I've tested this with your perl-IO package) I've installed the perl-IO SRPM after removing the BUILDARCH parameter from the perl-IO spec filed I ran rpmbuild -ba perl-IO.spec. The module rebuilt successfully. ------------------------------------- INSTALLING THE REBUILT MODULE ------------------------------------- To install the module I ran rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm perl-IO was found and installed as expected. Again, thanks for your patience. Eli Wapniarski -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From correo at miguelangelnieto.net Wed May 6 10:23:00 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Wed May 6 10:58:20 2009 Subject: disable recipent virus notifications Message-ID: <1241601780.2772.3.camel@miguel.irontec.com> Hi, How can I disable virus notifications to recipients? I want only to delete them :) I tried to disable "Deleted Virus Message Report" with no luck :( Thank you. From eli at orbsky.homelinux.org Wed May 6 10:59:54 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 11:00:22 2009 Subject: Validating Email addresses In-Reply-To: <200905052310.41338.eli@orbsky.homelinux.org> References: <4A007D9F.7090403@tmcaz.com> <200905052310.41338.eli@orbsky.homelinux.org> Message-ID: <200905061259.54928.eli@orbsky.homelinux.org> On Tuesday 05 May 2009 23:10:41 Eli Wapniarski wrote: > On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: > > We are getting a great deal of Spam bypassing both Postini and Mail > > Scanner due to a discrepancy between how these two products define an > > email address and the way Exchange does. The two scanning products > > recognize emails with a pipe character "|" at the beginning of the > > address as both valid and part of the email address. I believe this is > > in line with the email standards. Exchange, othe the other hand simply > > ignores the character. So a message sent to me@mydom.com and > > |me@mydom.com are seen as two different addresses by the scanning > > systems and as a single address by Exchange. > > > > I have tried with minimal success to check for the pipe using sendmail > > rules. I have it stopped but it is stopping more than it should. I would > > like to stop it with MailScanner. I have tried what appears to be > > obvious to me but so far I have not hit upon the magic combination of > > options to make this work. Has anyone else encountered this situation > > and come up with a solution? > > > > Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. > > If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: > > http://www.benzedrine.cx/milter-regex.html > > It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. > > > IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e > LegitimateTo = header /^TO$/i /(\|\|\)/e > LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e > LegitimateMail = $LegitimateTo or $LegitimateFrom > discard not $LegitimateMail > discard $IllegitimateTo > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > I just read your response to Paul. Am I able to implement what I wrote above in "Reject Messages" ? Thanks Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:39:38 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:39:57 2009 Subject: disable recipent virus notifications In-Reply-To: <1241601780.2772.3.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> Message-ID: On 06/05/2009 10:23, Miguel Angel Nieto wrote: > Hi, > > How can I disable virus notifications to recipients? > > I want only to delete them :) > Silent Viruses = All-Viruses > I tried to disable "Deleted Virus Message Report" with no luck :( > > Thank you. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:40:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:41:12 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061257.17355.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <200905051629.28486.eli@orbsky.homelinux.org> <200905061257.17355.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> Message-ID: But as I keep saying, where is it going to automatically put an RPM that has no binary code in it at all and is therefore totally architecture-independent? On 06/05/2009 10:57, Eli Wapniarski wrote: > Hi Julian > > If this is getting annoynig please forgive me. > > Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. > > The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. > > My request would be to please indicate what problems would crop up with the procedure as outlined. > > Once again thanks for any insight you would be willing to provide. > > Sincerely > > Eli Wapniarski > > ----------------------------------------- > DISCOVERING DEFAULT BUILD ARCH > ------------------------------------------ > > With rpm there is a default build arch. You can discover what that is and isolate it by running. > > > rpm --showrc | awk '/^build arch/ {print $NF}' > > so.... > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > echo rpmBuildArch will produce > > x86_64 or i386 or i586 depending on the default value. > > > -------------------------------------------------------- > REBUILDING RPMs USING THE DEFAULT BUILD ARCH > -------------------------------------------------------- > > (I've tested this with your perl-IO package) > > I've installed the perl-IO SRPM > > after removing the BUILDARCH parameter from the perl-IO spec filed I ran > > rpmbuild -ba perl-IO.spec. > > The module rebuilt successfully. > > > ------------------------------------- > INSTALLING THE REBUILT MODULE > ------------------------------------- > > To install the module I ran > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm > > perl-IO was found and installed as expected. > > > Again, thanks for your patience. > > Eli Wapniarski > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 11:41:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 11:42:10 2009 Subject: Validating Email addresses In-Reply-To: <200905061259.54928.eli@orbsky.homelinux.org> References: <4A007D9F.7090403@tmcaz.com> <200905052310.41338.eli@orbsky.homelinux.org> <200905061259.54928.eli@orbsky.homelinux.org> <4A016967.8030203@ecs.soton.ac.uk> Message-ID: On 06/05/2009 10:59, Eli Wapniarski wrote: > On Tuesday 05 May 2009 23:10:41 Eli Wapniarski wrote: > >> On Tuesday 05 May 2009 20:55:43 Paul Lemmons wrote: >> >>> We are getting a great deal of Spam bypassing both Postini and Mail >>> Scanner due to a discrepancy between how these two products define an >>> email address and the way Exchange does. The two scanning products >>> recognize emails with a pipe character "|" at the beginning of the >>> address as both valid and part of the email address. I believe this is >>> in line with the email standards. Exchange, othe the other hand simply >>> ignores the character. So a message sent to me@mydom.com and >>> |me@mydom.com are seen as two different addresses by the scanning >>> systems and as a single address by Exchange. >>> >>> I have tried with minimal success to check for the pipe using sendmail >>> rules. I have it stopped but it is stopping more than it should. I would >>> like to stop it with MailScanner. I have tried what appears to be >>> obvious to me but so far I have not hit upon the magic combination of >>> options to make this work. Has anyone else encountered this situation >>> and come up with a solution? >>> >>> >> Yes, I have. And my solution is to run milter-regex to filter legit and illegit email addresses. >> >> If you install the milter, then feel free to use the following macro to filter out legit and illegit email addresses. Of course you will need to substitute email@address.one, etc for real email addresses. Hopefully your distro will have milter-regex available. However if not, then you can find it at: >> >> http://www.benzedrine.cx/milter-regex.html >> >> It took me quite some time to get the regular expressions to work the way I wanted because I am by no means an expert with regular expressions. And its been so long since I needed to look up and understand the syntax. However, the following works and it works very well. >> >> >> IllegitimateTo = header /^TO$/i /(\.email@address.one\>|\.email@address.two\>|\.email@address.etc\>|)/e >> LegitimateTo = header /^TO$/i /(\|\|\)/e >> LegitimateFrom = header /^FROM$/i /(email@address.one|email@address.two|email@address.etc)/e >> LegitimateMail = $LegitimateTo or $LegitimateFrom >> discard not $LegitimateMail >> discard $IllegitimateTo >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > I just read your response to Paul. Am I able to implement what I wrote above in "Reject Messages" ? > Yes, just turn it into a ruleset. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 12:00:15 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 12:00:38 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> Message-ID: <200905061400.15369.eli@orbsky.homelinux.org> Are you talking about the MailScanner rpm itself? If so what does it really matter? MailScanner, because it has no binary dependancies remains noarch. You aren't rebuilding mailscanner anyway and it installs where you already says its to be installed. No problem. If the environment variables for perl are set correctly then running the particular commands as is will find them which is what happens in any case. Eli On Wednesday 06 May 2009 13:40:53 Julian Field wrote: > But as I keep saying, where is it going to automatically put an RPM that > has no binary code in it at all and is therefore totally > architecture-independent? > > On 06/05/2009 10:57, Eli Wapniarski wrote: > > Hi Julian > > > > If this is getting annoynig please forgive me. > > > > Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. > > > > The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. > > > > My request would be to please indicate what problems would crop up with the procedure as outlined. > > > > Once again thanks for any insight you would be willing to provide. > > > > Sincerely > > > > Eli Wapniarski > > > > ----------------------------------------- > > DISCOVERING DEFAULT BUILD ARCH > > ------------------------------------------ > > > > With rpm there is a default build arch. You can discover what that is and isolate it by running. > > > > > > rpm --showrc | awk '/^build arch/ {print $NF}' > > > > so.... > > > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > echo rpmBuildArch will produce > > > > x86_64 or i386 or i586 depending on the default value. > > > > > > -------------------------------------------------------- > > REBUILDING RPMs USING THE DEFAULT BUILD ARCH > > -------------------------------------------------------- > > > > (I've tested this with your perl-IO package) > > > > I've installed the perl-IO SRPM > > > > after removing the BUILDARCH parameter from the perl-IO spec filed I ran > > > > rpmbuild -ba perl-IO.spec. > > > > The module rebuilt successfully. > > > > > > ------------------------------------- > > INSTALLING THE REBUILT MODULE > > ------------------------------------- > > > > To install the module I ran > > > > rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm > > > > perl-IO was found and installed as expected. > > > > > > Again, thanks for your patience. > > > > Eli Wapniarski > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 12:11:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 12:11:47 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061400.15369.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A016935.9020002@ecs.soton.ac.uk> <200905061400.15369.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: No, I'm talking about all the RPMs installed by install.sh that are required by MailScanner. Many of these are architecture-independent. If I don't give them a BuildArch and know the BuildArch that it is going to use, how can I possibly know which directory to find them in? I'm getting really bored with this conversation, sorry. We are clearly having a severe communication failure, you're just not understanding the cases I'm talking about over and over again. Jules. On 06/05/2009 12:00, Eli Wapniarski wrote: > Are you talking about the MailScanner rpm itself? If so what does it really matter? MailScanner, because it has no binary dependancies remains noarch. You aren't rebuilding mailscanner anyway and it installs where you already says its to be installed. No problem. If the environment variables for perl are set correctly then running the particular commands as is will find them which is what happens in any case. > > Eli > > On Wednesday 06 May 2009 13:40:53 Julian Field wrote: > >> But as I keep saying, where is it going to automatically put an RPM that >> has no binary code in it at all and is therefore totally >> architecture-independent? >> >> On 06/05/2009 10:57, Eli Wapniarski wrote: >> >>> Hi Julian >>> >>> If this is getting annoynig please forgive me. >>> >>> Because I am still a little confused at this time,,, one more comment and request from me (unless of course you want to continue discussing this). And then I will stop. Promise. >>> >>> The comment is put to you in the form of a procedure I've come up with after researching this for the last 12 hours or so and come up with the following. >>> >>> My request would be to please indicate what problems would crop up with the procedure as outlined. >>> >>> Once again thanks for any insight you would be willing to provide. >>> >>> Sincerely >>> >>> Eli Wapniarski >>> >>> ----------------------------------------- >>> DISCOVERING DEFAULT BUILD ARCH >>> ------------------------------------------ >>> >>> With rpm there is a default build arch. You can discover what that is and isolate it by running. >>> >>> >>> rpm --showrc | awk '/^build arch/ {print $NF}' >>> >>> so.... >>> >>> rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') >>> echo rpmBuildArch will produce >>> >>> x86_64 or i386 or i586 depending on the default value. >>> >>> >>> -------------------------------------------------------- >>> REBUILDING RPMs USING THE DEFAULT BUILD ARCH >>> -------------------------------------------------------- >>> >>> (I've tested this with your perl-IO package) >>> >>> I've installed the perl-IO SRPM >>> >>> after removing the BUILDARCH parameter from the perl-IO spec filed I ran >>> >>> rpmbuild -ba perl-IO.spec. >>> >>> The module rebuilt successfully. >>> >>> >>> ------------------------------------- >>> INSTALLING THE REBUILT MODULE >>> ------------------------------------- >>> >>> To install the module I ran >>> >>> rpmBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') >>> rpm -Uvh ~/rpmbuild/RPMS/$rpmBuildArch/perl-IO-1.2301-4.$rpmBuildArch.rpm >>> >>> perl-IO was found and installed as expected. >>> >>> >>> Again, thanks for your patience. >>> >>> Eli Wapniarski >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at elasticmind.net Wed May 6 12:29:57 2009 From: lists at elasticmind.net (mog) Date: Wed May 6 12:30:51 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 Message-ID: <4A0174B5.3050207@elasticmind.net> Greetings everyone, I've just recently upgraded to MailScanner version MailScanner-4.75.11 using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is unable to process mail. When MailScanner tries to run it reports the following type of error: MailScanner[42585]: Could not use Custom Function code /usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it could not be "require"d. Make sure the last line is "1;" and the module is correct with perl -wc (Error: Insecure dependency in require while running with -T switch at /usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) The same error is reported for all of the following functions: ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, Ruleset-from-Function.pm. A helpful fellow suggested I check with some perl people to see what the -T switch of perl means, and then ask on the mailing list for some more information. Some perl people said the -T is a 'taint mode' designed to perform additional safety/sanity checks on the code, and apparently the Function modules are using, or "require"-ing, some user provided data; which is all in turn causing MailScanner to break on FreeBSD systems running perl versions higher than 5.8.8. This has the effect of preventing any FreeBSD servers running MailScanner from being able to be updated - kind of crippling them :( Unfortunately I don't know enough about perl or what MailScanner is doing with these functions in order to solve the problem and make MailScanner work on FreeBSD again. If anyone could please help with this it would be greatly appreciated. Thank you in advance for your time and consideration. Regards, Moggie. From eli at orbsky.homelinux.org Wed May 6 12:32:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 12:33:03 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: <200905061432.39368.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > No, I'm talking about all the RPMs installed by install.sh that are > required by MailScanner. Many of these are architecture-independent. If > I don't give them a BuildArch and know the BuildArch that it is going to > use, how can I possibly know which directory to find them in? > > I'm getting really bored with this conversation, sorry. We are clearly > having a severe communication failure, you're just not understanding the > cases I'm talking about over and over again. > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Johan at double-l.nl Wed May 6 12:40:50 2009 From: Johan at double-l.nl (Johan Hendriks) Date: Wed May 6 12:41:02 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 References: <4A0174B5.3050207@elasticmind.net> Message-ID: <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> >Greetings everyone, > >I've just recently upgraded to MailScanner version MailScanner-4.75.11 >using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is >unable to process mail. When MailScanner tries to run it reports the >following type of error: >MailScanner[42585]: Could not use Custom Function code >/usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it >could not be "require"d. Make sure the last line is "1;" and the module >is correct with perl -wc (Error: Insecure dependency in require while >running with -T switch at >/usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) > > >The same error is reported for all of the following functions: >ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, >LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, >Ruleset-from-Function.pm. >A helpful fellow suggested I check with some perl people to see what the >-T switch of perl means, and then ask on the mailing list for some more >information. Some perl people said the -T is a 'taint mode' designed to >perform additional safety/sanity checks on the code, and apparently the >Function modules are using, or "require"-ing, some user provided data; >which is all in turn causing MailScanner to break on FreeBSD systems >running perl versions higher than 5.8.8. This has the effect of >preventing any FreeBSD servers running MailScanner from being able to be >updated - kind of crippling them :( >Unfortunately I don't know enough about perl or what MailScanner is >doing with these functions in order to solve the problem and make >MailScanner work on FreeBSD again. If anyone could please help with this >it would be greatly appreciated. > >Thank you in advance for your time and consideration. > >Regards, >Moggie. You can do 2 things. 1 revert back to perl 5.8.8, it will all work like it should after going back to 5.8.8 2 Upgrade to 5.10.x see /usr/port/UPDATING how to upgrade your perl to 5.10 With perl 5.10 things will start to work again. I had the same issue, on my servers i am running MailScanner-4.75.11 with perl-5.10.x This is on 8.0 and 7.x systems, both i386 and amd64. I would go for option 2 Regards, Johan Hendriks Double L Automatisering No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.325 / Virus Database: 270.12.18/2096 - Release Date: 05/06/09 06:04:00 From correo at miguelangelnieto.net Wed May 6 12:08:58 2009 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Wed May 6 12:44:36 2009 Subject: disable recipent virus notifications In-Reply-To: References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> Message-ID: <1241608138.2772.8.camel@miguel.irontec.com> Hi, El mi?, 06-05-2009 a las 11:39 +0100, Julian Field escribi?: > > On 06/05/2009 10:23, Miguel Angel Nieto wrote: > > Hi, > > > > How can I disable virus notifications to recipients? > > > > I want only to delete them :) > > > Silent Viruses = All-Viruses I have: # The default of "All-Viruses" means that no senders of viruses will be # notified (as the sender address is always forged these days anyway), # but anyone who sends a message that is blocked for other reasons will # still be notified. # # This can also be the filename of a ruleset. Silent Viruses = All-Viruses The comment says: "no senders of viruses will be notified". My problem is with my clients, the recipients. I dont want to tell them that they have received a Virus. Not the senders. Thank you. From lists at elasticmind.net Wed May 6 12:48:10 2009 From: lists at elasticmind.net (mog) Date: Wed May 6 12:49:02 2009 Subject: MailScanner seems broken on FreeBSD using perl > 5.8.8 In-Reply-To: <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> References: <4A0174B5.3050207@elasticmind.net> <57200BF94E69E54880C9BB1AF714BBCB5DE7F4@w2003s01.double-l.local> Message-ID: <4A0178FA.9020601@elasticmind.net> Johan Hendriks wrote: >> Greetings everyone, >> >> I've just recently upgraded to MailScanner version MailScanner-4.75.11 >> using perl-5.8.9_2 on a FreeBSD 7.1 system, and sadly the server is >> unable to process mail. When MailScanner tries to run it reports the >> following type of error: >> > > > >> MailScanner[42585]: Could not use Custom Function code >> /usr/local/lib/MailScanner/MailScanner/CustomFunctions/MyExample.pm, it >> could not be "require"d. Make sure the last line is "1;" and the module >> is correct with perl -wc (Error: Insecure dependency in require while >> running with -T switch at >> /usr/local/lib/MailScanner/MailScanner/Config.pm line 623.) >> >> >> The same error is reported for all of the following functions: >> ZMRouterDirHash.pm, SpamWhitelist.pm, MyExample.pm, DavidHooton.pm, >> LastSpam.pm, GenericSpamScanner.pm, CustomAction.pm, >> Ruleset-from-Function.pm. >> > > >> A helpful fellow suggested I check with some perl people to see what the >> -T switch of perl means, and then ask on the mailing list for some more >> information. Some perl people said the -T is a 'taint mode' designed to >> perform additional safety/sanity checks on the code, and apparently the >> Function modules are using, or "require"-ing, some user provided data; >> which is all in turn causing MailScanner to break on FreeBSD systems >> running perl versions higher than 5.8.8. This has the effect of >> preventing any FreeBSD servers running MailScanner from being able to be >> updated - kind of crippling them :( >> > > >> Unfortunately I don't know enough about perl or what MailScanner is >> doing with these functions in order to solve the problem and make >> MailScanner work on FreeBSD again. If anyone could please help with this >> it would be greatly appreciated. >> >> Thank you in advance for your time and consideration. >> >> Regards, >> Moggie. >> > > You can do 2 things. > 1 revert back to perl 5.8.8, it will all work like it should after going back to 5.8.8 > 2 Upgrade to 5.10.x see /usr/port/UPDATING how to upgrade your perl to 5.10 > With perl 5.10 things will start to work again. > > I had the same issue, on my servers i am running MailScanner-4.75.11 with perl-5.10.x > This is on 8.0 and 7.x systems, both i386 and amd64. > > I would go for option 2 > Regards, > Johan Hendriks > Double L Automatisering > Ahhh, cool thanks, I'll give that a go now. Yeah reverting back to 5.8.8 was necessary when the problem was first encountered, but it's not really an option for a long term solution. I'll upgrade to 5.10 and see how it goes. With thanks, mog From MailScanner at ecs.soton.ac.uk Wed May 6 14:06:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:06:39 2009 Subject: disable recipent virus notifications In-Reply-To: <1241608138.2772.8.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com> <4A0168EA.6050505@ecs.soton.ac.uk> <1241608138.2772.8.camel@miguel.irontec.com> <4A018B4C.3080200@ecs.soton.ac.uk> Message-ID: On 06/05/2009 12:08, Miguel Angel Nieto wrote: > Hi, > > El mi?, 06-05-2009 a las 11:39 +0100, Julian Field escribi?: > >> On 06/05/2009 10:23, Miguel Angel Nieto wrote: >> >>> Hi, >>> >>> How can I disable virus notifications to recipients? >>> >>> I want only to delete them :) >>> >>> >> Silent Viruses = All-Viruses >> > I have: > > # The default of "All-Viruses" means that no senders of viruses will be > # notified (as the sender address is always forged these days anyway), > # but anyone who sends a message that is blocked for other reasons will > # still be notified. > # > # This can also be the filename of a ruleset. > Silent Viruses = All-Viruses > > The comment says: "no senders of viruses will be notified". > > My problem is with my clients, the recipients. I dont want to tell them > that they have received a Virus. Not the senders. > From the docs above the "Silent Viruses" setting, # If a virus name is given here, then # 1) The sender will not be warned that he sent it # 2) No attempt at true disinfection will take place # (but it will still be "cleaned" by removing the nasty attachments # from the message) # 3) The recipient will not receive the message, # unless the "Still Deliver Silent Viruses" option is set So make sure you don't have "Still Deliver Silent Viruses" set. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 14:07:11 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:07:33 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061432.39368.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061432.39368.eli@orbsky.homelinux.org> <4A018B7F.1020703@ecs.soton.ac.uk> Message-ID: On 06/05/2009 12:32, Eli Wapniarski wrote: > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > >> No, I'm talking about all the RPMs installed by install.sh that are >> required by MailScanner. Many of these are architecture-independent. If >> I don't give them a BuildArch and know the BuildArch that it is going to >> use, how can I possibly know which directory to find them in? >> >> I'm getting really bored with this conversation, sorry. We are clearly >> having a severe communication failure, you're just not understanding the >> cases I'm talking about over and over again. >> >> > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. > Loads of them. Take File::Temp as a trivial example. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailbag at partnersolutions.ca Wed May 6 14:08:39 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed May 6 14:08:40 2009 Subject: disable recipent virus notifications In-Reply-To: <1241608138.2772.8.camel@miguel.irontec.com> References: <1241601780.2772.3.camel@miguel.irontec.com><4A0168EA.6050505@ecs.soton.ac.uk> <1241608138.2772.8.camel@miguel.irontec.com> Message-ID: <0A5EC380C825E440B3BB048CDE603A16593A@PSIMS002.pshosting.intranet> > My problem is with my clients, the recipients. I dont want to tell > them > that they have received a Virus. Not the senders. Make sure that also have "Still Deliver Silent Viruses = no". Cheers, -Joshua From eli at orbsky.homelinux.org Wed May 6 14:31:36 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 14:32:00 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> Message-ID: <200905061631.36677.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > No, I'm talking about all the RPMs installed by install.sh that are > required by MailScanner. Many of these are architecture-independent. If > I don't give them a BuildArch and know the BuildArch that it is going to > use, how can I possibly know which directory to find them in? Without the Buildarch parameter, you know where they will be installed because there are defaults. When you specify the Buildarch parameter in the spec file you are overriding the default installation path. x86_64 libraries by default will be installed in /usr/lib64 ix86 will by default be installed in /usr/lib These values are not dependant on binary dependancies the are default values. You do not need to know where they will be installed because the defaults will determine that for you. You do not need Buildarch in your specs. /usr/bin is still /usr/bin /bin is still /bin etc. These are the defaul values. The default values and macros can be found in folder /usr/lib/rpm You can see them all by issuing the command rpm --showrc There a heck of alot of them. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 14:47:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 14:47:56 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905061631.36677.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061631.36677.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: On 06/05/2009 14:31, Eli Wapniarski wrote: > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > >> No, I'm talking about all the RPMs installed by install.sh that are >> required by MailScanner. Many of these are architecture-independent. If >> I don't give them a BuildArch and know the BuildArch that it is going to >> use, how can I possibly know which directory to find them in? >> > Sorry, I give up. > Without the Buildarch parameter, you know where they will be installed because there are defaults. > > When you specify the Buildarch parameter in the spec file you are overriding the default installation path. > > > > x86_64 libraries by default will be installed in /usr/lib64 > > ix86 will by default be installed in /usr/lib > > > These values are not dependant on binary dependancies the are default values. > > > You do not need to know where they will be installed because the defaults will determine that for you. > > > You do not need Buildarch in your specs. > > > /usr/bin is still /usr/bin > > /bin is still /bin > > etc. > > > These are the defaul values. The default values and macros can be found in folder /usr/lib/rpm > > > You can see them all by issuing the command > > rpm --showrc > > There a heck of alot of them. > > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 14:47:43 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 14:48:08 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A018B7F.1020703@ecs.soton.ac.uk> Message-ID: <200905061647.43989.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 16:07:11 Julian Field wrote: > > On 06/05/2009 12:32, Eli Wapniarski wrote: > > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > > > >> No, I'm talking about all the RPMs installed by install.sh that are > >> required by MailScanner. Many of these are architecture-independent. If > >> I don't give them a BuildArch and know the BuildArch that it is going to > >> use, how can I possibly know which directory to find them in? > >> > >> I'm getting really bored with this conversation, sorry. We are clearly > >> having a severe communication failure, you're just not understanding the > >> cases I'm talking about over and over again. > >> > >> > > Which RPMs are you talking about? Let me take a look at the specs. Maybe I can come up with something. > > > Loads of them. Take File::Temp as a trivial example. > OK... Let me work on it. I should get back to you sometime tomorrow if nothing gets in the way. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Wed May 6 15:18:51 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed May 6 15:19:26 2009 Subject: message-processing db notifications Message-ID: Julian: An observation, relatively minor, about the new message processing database... There is an associated hourly cron job 'processing_messages_alert' which sends notifications using the 'Notices To' setting of 'MailScanner.conf'. This happens even if the config file says 'Send Notices = no'. And that doesn't seem right. Historically, these notification settings were originally concerned with virus processing but are now, in effect, being deployed beyond that original scope. I can see two reasonably straightforward resolutions: 1. Adjust comments in MS.conf to include expanded scope. 2. Consider different sets of notification definitions for different classes of events: e.g. existing set 'as-is' for viruses; a new set for the message-db; (then another new set for the next feature, etc.). The first is very easy for you to implement, but imposes a "one size has to fit all" behaviour. The second allows a site to tailor different notification levels for different classes of events. (Might some sort of 'ruleset'-like capability assist?) P.S. We have now rolled out "4.76.24-3" on the majority of our gateways and it is going well. Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From jonas.lilja at sigma.se Wed May 6 15:34:12 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 15:34:24 2009 Subject: Perl problems on Fedora 9 Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. make: *** [manifypods] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. Maybe it did not build correctly? ------------------------------------ I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. Please give me a hint. Jonas PS - sorry for running MS on Fedora. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/79cb65bc/attachment.html From raymond at prolocation.net Wed May 6 15:37:41 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Wed May 6 15:37:49 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: Hi! > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib Try to instal Pod::Simple with cpan (for example) Bye, Raymond. From mrm at quantumcc.com Wed May 6 15:49:14 2009 From: mrm at quantumcc.com (Mike M) Date: Wed May 6 15:49:28 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: Message-ID: Mike M wrote: > After updating to 4.76.23 from 4.74 today I had some users complain > about not getting some messages. Here is a portion of the error they get: > > > ---------------------------------------------------------------------- > The original e-mail message, or an attachment it contained, was too > large and has been removed. > > > > At Tue May 5 13:15:51 2009 the content filters said: > MailScanner: Attachment is too small > > > --------- > > All of the messages I've looked at with this problem appear to have both > text and html versions. There's an example of a quarantined message > at: http://pastebin.com/dc6ed9a1 > > If it would be helpful to see the qf file just let me know. > > I have changed the min attachment size from 1 to 0 for now so that > hopefully these messages can go through, but I don't know what it is > about these html emails that is triggering the attachment size filter. > Oh and MailScanner --lint shows no errors. Any clues?? > CORRECTION: It is happening to just plain text messages as well. What should I be looking for to determine why Mailscanner is thinking messages have 0 byte attachments when I can't find anything in the qf or df files in the quarantine that look like any sort of attachment is included with the email? Does the fact that the error message states that the attachment is too large in one spot and too small in another indicate anything special that might point me in the right direction to troubleshoot? I've been using MailScanner for years and have never had a problem upgrading countless times before, but this is occuring on more then one server since I upgraded yesterday. From eli at orbsky.homelinux.org Wed May 6 18:13:34 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 18:14:01 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905062013.34296.eli@orbsky.homelinux.org> Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > > Please give me a hint. > > Jonas > > PS - sorry for running MS on Fedora. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Robert.Meurlin at se.fujitsu.com Wed May 6 18:24:04 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed May 6 18:24:40 2009 Subject: error: Failed dependencies Message-ID: Hi all, I get this error when I try to upgrade MailScanner (The version now is like 4.71) to 4.76.24-3: error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 But I have installed http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz so i dont now why I get this error? /thanks Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/807b91dd/attachment.html From shuttlebox at gmail.com Wed May 6 18:44:34 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 6 18:48:09 2009 Subject: error: Failed dependencies In-Reply-To: References: Message-ID: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter From shuttlebox at gmail.com Wed May 6 18:44:34 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Wed May 6 18:51:31 2009 Subject: error: Failed dependencies In-Reply-To: References: Message-ID: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter From Robert.Meurlin at se.fujitsu.com Wed May 6 19:25:47 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed May 6 19:26:44 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: So how do you recommend i do? I have made the same update on another mailgw (a twin to this one =)) and it worked there. thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jonas.lilja at sigma.se Wed May 6 20:09:21 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 20:09:44 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905062013.34296.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > > Please give me a hint. > > Jonas > > PS - sorry for running MS on Fedora. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From oliver at linux-kernel.at Wed May 6 20:35:59 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 6 20:36:30 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED Message-ID: <200905061936.n46JZxcB016576@mail.linux-kernel.at> Note: I've tried to bug Fedota Perl packager to update a few modules and was successfull! So, I wonder which packages need to be replaced by the MS install.sh!? There was also some thread about why not package it within the distribution.. Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. And finally. I can also imagine doing this for RHEL, using EPEL... It's just a "Do you want this?" Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? Keep me posted... -of ----- Urspr?ngliche Nachricht ----- Von: Jonas Lilja Gesendet: Mittwoch, 06. Mai 2009 21:09 An: MailScanner discussion Betreff: SV: Perl problems on Fedora 9 SOLVED Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work From MailScanner at ecs.soton.ac.uk Wed May 6 20:42:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:42:50 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On 06/05/2009 15:18, David Lee wrote: > > Julian: An observation, relatively minor, about the new message > processing database... > > There is an associated hourly cron job 'processing_messages_alert' > which sends notifications using the 'Notices To' setting of > 'MailScanner.conf'. > > This happens even if the config file says 'Send Notices = no'. And > that doesn't seem right. > > Historically, these notification settings were originally concerned > with virus processing but are now, in effect, being deployed beyond > that original scope. > > I can see two reasonably straightforward resolutions: > 1. Adjust comments in MS.conf to include expanded scope. > > 2. Consider different sets of notification definitions for different > classes of events: e.g. existing set 'as-is' for viruses; a new set > for the message-db; (then another new set for the next feature, > etc.). > > The first is very easy for you to implement, but imposes a "one size > has to fit all" behaviour. The second allows a site to tailor > different notification levels for different classes of events. (Might > some sort of 'ruleset'-like capability assist?) How about I just make it test to see if "Send Notices = yes" instead, and not send the message if it's set to "no"? > P.S. We have now rolled out "4.76.24-3" on the majority of our > gateways and it is going well. Thanks. Great, thanks for letting me know! :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:44:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:44:49 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: I'll have to do a test with Fedora 9 and see how to resolve the problems, in case a similar solution is needed as for Fedora 10. But there can't be many people using Fedora 9 any more, it must be near end-of-life. Is it worth my while? Jules. On 06/05/2009 20:09, Jonas Lilja wrote: > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. >> >> Please give me a hint. >> >> Jonas >> >> PS - sorry for running MS on Fedora. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:46:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:47:21 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: On 06/05/2009 15:49, Mike M wrote: > Mike M wrote: >> After updating to 4.76.23 from 4.74 today I had some users complain >> about not getting some messages. Here is a portion of the error >> they get: >> >> >> ---------------------------------------------------------------------- >> The original e-mail message, or an attachment it contained, was too >> large and has been removed. >> >> >> >> At Tue May 5 13:15:51 2009 the content filters said: >> MailScanner: Attachment is too small >> >> >> --------- >> >> All of the messages I've looked at with this problem appear to have >> both text and html versions. There's an example of a quarantined >> message at: http://pastebin.com/dc6ed9a1 >> >> If it would be helpful to see the qf file just let me know. >> >> I have changed the min attachment size from 1 to 0 for now so that >> hopefully these messages can go through, but I don't know what it is >> about these html emails that is triggering the attachment size >> filter. Oh and MailScanner --lint shows no errors. Any clues?? >> > > CORRECTION: It is happening to just plain text messages as well. > What should I be looking for to determine why Mailscanner is thinking > messages have 0 byte attachments when I can't find anything in the qf > or df files in the quarantine that look like any sort of attachment is > included with the email? > > Does the fact that the error message states that the attachment is too > large in one spot and too small in another indicate anything special > that might point me in the right direction to troubleshoot? I've > been using MailScanner for years and have never had a problem > upgrading countless times before, but this is occuring on more then > one server since I upgraded yesterday. > I'll need to take a look at this, and try a 0-byte attachment and see what happens. To disable the tests, set Maximum Attachment Size = -1 Minimum Attachment Size = -1 Please read the docs carefully and ensure you are setting the values appropriately. What is the precise case that you think it is handling incorrectly? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:48:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:48:36 2009 Subject: error: Failed dependencies In-Reply-To: References: <4A01E975.4080709@ecs.soton.ac.uk> Message-ID: Check what version MailScanner thinks it is finding with "MailScanner -v". On 06/05/2009 18:24, Meurlin Robert wrote: > > Hi all, > > I get this error when I try to upgrade MailScanner (The version now is > like 4.71) to 4.76.24-3: > > error: Failed dependencies: > > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? > > **/thanks** > > **Rob*** > > *** > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 20:51:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 20:51:26 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905061936.n46JZxcB016576@mail.linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A01EA27.3060406@ecs.soton.ac.uk> Message-ID: I will happily help you out, provided I can see what the problems are, and if enough people are affected by the problem. I'm slightly loathed to spend lots of time solving packaging problems if only 3 people are still using Fedora 9 in the first place, I'm sure you understand :-) *If* I get time in the next day or two to install Fedora 9 and try to do a clean install, I'll see what I can do and put out a beta of the next version of MailScanner that will work for you folks. But no promises, I do have a day job to do as well, which is pretty busy right now! Cheers, Jules. On 06/05/2009 20:35, Oliver Falk wrote: > Note: > I've tried to bug Fedota Perl packager to update a few modules and was successfull! > So, I wonder which packages need to be replaced by the MS install.sh!? > There was also some thread about why not package it within the distribution.. > Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. > And finally. I can also imagine doing this for RHEL, using EPEL... > > It's just a "Do you want this?" > > Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) > > Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? > > Keep me posted... > > -of > > ----- Urspr?ngliche Nachricht ----- > Von: Jonas Lilja > Gesendet: Mittwoch, 06. Mai 2009 21:09 > An: MailScanner discussion > Betreff: SV: Perl problems on Fedora 9 SOLVED > > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work-- >> > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 21:02:06 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:02:28 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: <200905062302.06962.eli@orbsky.homelinux.org> I understand you are tired of this conversation. Me too :). So I will quit with this last one. I agree there is a failure of communication but it isn't due to a lack of understanding, but rather disbelief. Please read what I have to say one more time. A little more patience an I am outta your hair with this. I do realize that you are trying to be helpful. Please realize that I too am trying to be helpful. On Wednesday 06 May 2009 16:47:33 Julian Field wrote: > > On 06/05/2009 14:31, Eli Wapniarski wrote: > > On Wednesday 06 May 2009 14:11:27 Julian Field wrote: > > > >> No, I'm talking about all the RPMs installed by install.sh that are > >> required by MailScanner. Many of these are architecture-independent. If > >> I don't give them a BuildArch and know the BuildArch that it is going to > >> use, how can I possibly know which directory to find them in? Because there is a default Buildarch parameter already set in the rpm build environment. How can you discover what it is by running the following command in the shell and consquently in your bashscript. rpm --showrc | awk '/^build arch/ {print $NF}' Try to run it please in a console. Please.,, this isn't a question of a lack of understanding. It is a question of disbelief. Please believe what I'm writing to you here. If you don't specify Buildarch in your spec file the final rpm will be built in the folder defined by default Buildarch You define Buildarch as noarch and consequently the built rpms are placed in ~/rpmbuild/RPMS/noarch If you don't specify then it will be ~/rpmbuild/RPMS/x86_64 ~/rpmbuild/RPMS/i386 ~/rpmbuild/RPMS/i586 etc depending on the the default environment. How would install.sh know where to look. An example is defined below wih the perl-File-Temp-0.20-4. The example assumes a modified spec file with the Buildarch pararmeter removed from the file. And the rpm builds successfully which it does. On an x86_64 platform the final rpm is called. perl-File-Temp-0.20-4.x86_64.rpm example of the contents of the bash script would be DefaultRPMBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') rpm -Uvh ~/rpmbuild/RPMS/$DefaultRPMBuildArch/perl-File-Temp-4.$DefaultRPMBuildArch.rpm Please note the substitution of the variable $DefaultRPMBuildArch as it holds the value of the default Build Arch Thanks for your time an patience. Eli Wapniarski -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas.lilja at sigma.se Wed May 6 21:04:18 2009 From: jonas.lilja at sigma.se (Jonas Lilja) Date: Wed May 6 21:04:40 2009 Subject: SV: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> No, perhaps not, but if it's easy to do a system-check in the beginning of the install-script and if that check turns back Fedora 9 it would be nice if the script interrupt and says "Fedora 9 is not supported. Installation aborted". That would be a better solution than continuing with a lot of errors. But as you said - it must be a minor problem since Fedora 9 is at the end of life :-) Kind regards Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 6 maj 2009 21:44 Till: MailScanner discussion ?mne: Re: SV: Perl problems on Fedora 9 SOLVED I'll have to do a test with Fedora 9 and see how to resolve the problems, in case a similar solution is needed as for Fedora 10. But there can't be many people using Fedora 9 any more, it must be near end-of-life. Is it worth my while? Jules. On 06/05/2009 20:09, Jonas Lilja wrote: > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > Thanx guys > > Jonas > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > Skickat: den 6 maj 2009 19:14 > Till: mailscanner@lists.mailscanner.info > ?mne: Re: Perl problems on Fedora 9 > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > Eli > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: >> >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. >> make: *** [manifypods] Error 2 >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> RPM build errors: >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) >> >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. >> Maybe it did not build correctly? >> ------------------------------------ >> >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. >> >> Please give me a hint. >> >> Jonas >> >> PS - sorry for running MS on Fedora. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eli at orbsky.homelinux.org Wed May 6 21:08:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:09:13 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905061936.n46JZxcB016576@mail.linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> Message-ID: <200905062308.50542.eli@orbsky.homelinux.org> On Wednesday 06 May 2009 22:35:59 Oliver Falk wrote: > Note: > I've tried to bug Fedota Perl packager to update a few modules and was successfull! > So, I wonder which packages need to be replaced by the MS install.sh!? > There was also some thread about why not package it within the distribution.. > Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. > And finally. I can also imagine doing this for RHEL, using EPEL... > > It's just a "Do you want this?" > > Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) > > Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? > > Keep me posted... > I would be willing to help as best as I can. There are problems with Fedora 10 as well, and I am assuming that it will carry over to Fedora 11 etc and consequently the next major revision of Redhat and Centos (ie. 5 to 6) and I think this is a great idea as it potentially save a lot of time ironing out packaging issues if more than one persion is working on it. Please understand that currently I have sometime on my hands. And of course like everyone else I have other obligations, but I am willing to help in anyway that I can. Sincerely Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 21:14:25 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 21:14:47 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: <200905062302.06962.eli@orbsky.homelinux.org> References: <200905040835.33176.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> <200905062302.06962.eli@orbsky.homelinux.org> <4A01EFA1.8040501@ecs.soton.ac.uk> Message-ID: On 06/05/2009 21:02, Eli Wapniarski wrote: > I understand you are tired of this conversation. Me too :). So I will quit with this last one. I agree there is a failure of communication but it isn't due to a lack of understanding, but rather disbelief. > > Please read what I have to say one more time. A little more patience an I am outta your hair with this. > > I do realize that you are trying to be helpful. > > Please realize that I too am trying to be helpful. > > On Wednesday 06 May 2009 16:47:33 Julian Field wrote: > >> On 06/05/2009 14:31, Eli Wapniarski wrote: >> >>> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: >>> >>> >>>> No, I'm talking about all the RPMs installed by install.sh that are >>>> required by MailScanner. Many of these are architecture-independent. If >>>> I don't give them a BuildArch and know the BuildArch that it is going to >>>> use, how can I possibly know which directory to find them in? >>>> > Because there is a default Buildarch parameter already set in the rpm build environment. > > How can you discover what it is by running the following command in the shell and consquently in your bashscript. > > rpm --showrc | awk '/^build arch/ {print $NF}' > > Try to run it please in a console. Please.,, this isn't a question of a lack of understanding. It is a question of disbelief. > > Please believe what I'm writing to you here. > > If you don't specify Buildarch in your spec file the final rpm will be built in the folder defined by default Buildarch > > You define Buildarch as noarch and consequently the built rpms are placed in > > ~/rpmbuild/RPMS/noarch > > If you don't specify then it will be > > ~/rpmbuild/RPMS/x86_64 > ~/rpmbuild/RPMS/i386 > ~/rpmbuild/RPMS/i586 > > etc depending on the the default environment. How would install.sh know where to look. An example is defined below wih the perl-File-Temp-0.20-4. > > The example assumes a modified spec file with the Buildarch pararmeter removed from the file. And the rpm builds successfully which it does. On an x86_64 platform the final rpm is called. > > > perl-File-Temp-0.20-4.x86_64.rpm > which is wrong as it contains no architecture-dependent code and so should be in noarch. Which was my point all along :-) > > example of the contents of the bash script would be > > DefaultRPMBuildArch=$(rpm --showrc | awk '/^build arch/ {print $NF}') > > rpm -Uvh ~/rpmbuild/RPMS/$DefaultRPMBuildArch/perl-File-Temp-4.$DefaultRPMBuildArch.rpm > > > Please note the substitution of the variable $DefaultRPMBuildArch as it holds the value of the default Build Arch > > > > Thanks for your time an patience. > > Eli Wapniarski > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 6 21:16:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 6 21:16:42 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905062308.50542.eli@orbsky.homelinux.org> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: On 06/05/2009 21:08, Eli Wapniarski wrote: > On Wednesday 06 May 2009 22:35:59 Oliver Falk wrote: > >> Note: >> I've tried to bug Fedota Perl packager to update a few modules and was successfull! >> So, I wonder which packages need to be replaced by the MS install.sh!? >> There was also some thread about why not package it within the distribution.. >> Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. >> And finally. I can also imagine doing this for RHEL, using EPEL... >> >> It's just a "Do you want this?" >> >> Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) >> >> Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? >> >> Keep me posted... >> >> > I would be willing to help as best as I can. There are problems with Fedora 10 as well, and I am assuming that it will carry over to Fedora 11 etc and consequently the next major revision of Redhat and Centos (ie. 5 to 6) Not necessarily true at all, as the Perl build system in Fedora 10 is totally broken and this will be caught well before it makes it into RedHat Enterprise Linux 6. They can hardly miss it :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 6 21:27:50 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 6 21:28:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01EFA1.8040501@ecs.soton.ac.uk> Message-ID: <200905062327.50954.eli@orbsky.homelinux.org> > > perl-File-Temp-0.20-4.x86_64.rpm > > > which is wrong as it contains no architecture-dependent code and so > should be in noarch. > Which was my point all along :-) I just tried rebuilding the rpm as is and it rebuilds just fine. Just a suggestion. So for architecture dependant code maybe what I suggested and for architecture independant code keep it in noarch? Just a suggestion. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From craigwhite at azapple.com Wed May 6 21:30:30 2009 From: craigwhite at azapple.com (Craig White) Date: Wed May 6 21:30:47 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: <1241641830.2605.219.camel@lin-workstation.azapple.com> Fedora 9 will EOL at or around the end of June. I couldn't possibly suggest whether it is worth your time. Craig On Wed, 2009-05-06 at 20:44 +0100, Julian Field wrote: > I'll have to do a test with Fedora 9 and see how to resolve the > problems, in case a similar solution is needed as for Fedora 10. But > there can't be many people using Fedora 9 any more, it must be near > end-of-life. > > Is it worth my while? > > Jules. > > On 06/05/2009 20:09, Jonas Lilja wrote: > > Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. > > > > Thanx guys > > > > Jonas > > > > -----Ursprungligt meddelande----- > > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski > > Skickat: den 6 maj 2009 19:14 > > Till: mailscanner@lists.mailscanner.info > > ?mne: Re: Perl problems on Fedora 9 > > > > Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. > > > > After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. > > > > Eli > > > > > > On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > > > >> Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > >> > >> /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > >> Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > >> BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > >> Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > >> make: *** [manifypods] Error 2 > >> error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > >> > >> RPM build errors: > >> Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > >> > >> Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > >> Maybe it did not build correctly? > >> ------------------------------------ > >> > >> I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work. > >> > >> Please give me a hint. > >> > >> Jonas > >> > >> PS - sorry for running MS on Fedora. > >> > >> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Follow me at twitter.com/JulesFM > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.lemmons at tmcaz.com Wed May 6 22:13:12 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Wed May 6 22:13:29 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <4A015044.2010903@ecs.soton.ac.uk> Message-ID: <4A01FD68.10805@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:54 AM > On 05/05/2009 21:46, Scott Silva wrote: > >> on 5-5-2009 10:44 AM Paul Lemmons spake the following: >> >> >>> >>> >>> $ file 0000.dat >>> 0000.dat: DOS executable (device driver) for DOS >>> >>> $ file -i 0000.dat >>> 0000.dat: text/plain charset=iso-8859-1 >>> >>> When I look at the file itself, it appears to be a bunch of binary zeros. >>> >>> I have tried to to add the following line to the filetypes.rules file: >>> >>> allow - text\/plain - - >>> allow - text/plain - - >>> >>> with no success. >>> >>> >>> >> >> > > > *or else* > Use the MIME type of the 0000.dat file and put in a line allowing that > in the normal filetype.rules.conf, but read the stuff at the top of the > file on how to specify the MIME type of the file, and put the rule above > the line that denies executables. "file -i" which works out the MIME > type, often produces different results from "file" which is what is > normally used. The filetype.rules.conf file allows you to specify the > MIME type instead of the keywords to look for in the output of the > "file" command, read the docs. > > Jules > > The "*or else*" is what I had originally tried. If this should work then I have clearly done something wrong. The allow statements above do precede the deny statements. As you see I tried a pattern where the "/" was escaped and one without with no cheese down either hole. Here is a snippet from my filetypes.rules file: # makes the checked text check against the MIME type of the attachment # as determined by the output of the "file -i" command. allow - text/plain - - allow text - - allow \bscript - - allow archive - - allow postscript - - deny self-extract No self-extracting archives No self-extracting archives allowed deny executable No executables No programs allowed -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/9812f2ae/smime.bin From paul.lemmons at tmcaz.com Wed May 6 22:16:41 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Wed May 6 22:16:56 2009 Subject: filetype rules and pptx files In-Reply-To: References: <4A007B11.5030700@tmcaz.com> <60A7029FC55B4C6A8D3FCB45FCB5F48F@SAHOMELT> <4A015140.1060302@ecs.soton.ac.uk> Message-ID: <4A01FE39.1070608@tmcaz.com> -------- Original Message -------- Subject: filetype rules and pptx files From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:58 AM > On 05/05/2009 22:01, Rick Cooper wrote: > >> ----Original Message---- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul >> Lemmons Sent: Tuesday, May 05, 2009 1:45 PM To: >> mailscanner@lists.mailscanner.info Subject: filetype rules and pptx files >> >> >> >>> Our CIO (of all people) is trying to send a PowerPoint 2007 document and >>> it is getting rejected. It turns out that the .pptx file is really a zip >>> archive and within that archive there is a file named "0000.dat" which >>> is getting identified as a DOS executable. When I extract the file and >>> run the file command against it I get the following: >>> >>> $ file 0000.dat >>> 0000.dat: DOS executable (device driver) for DOS >>> >>> $ file -i 0000.dat >>> 0000.dat: text/plain charset=iso-8859-1 >>> >>> When I look at the file itself, it appears to be a bunch of binary zeros. >>> >>> I have tried to to add the following line to the filetypes.rules file: >>> >>> allow - text\/plain - - >>> allow - text/plain - - >>> >>> with no success. >>> >>> I also tried adding the following line to the filenames.rules file: >>> >>> allow \.dat$ - - >>> >>> with no success. >>> >>> And to save time on an obvious question or two, Yes, I am using tabs >>> between fields and Yes I am restarting MailScanner after an update. >>> >>> I am hoping that it is something very simple that I am missing. Any >>> assistance would be greatly appreciated. >>> >>> >> You are going to have to pass it in the flietype rules as well. And you >> should be able to handle this failry easily with the latest version of MS >> and you won't have to allow raw files of this type through. The latest >> version allows you to apply rules specific to files within archives, and I >> think even speficy the type of archive to unarchive for checks as well. >> >> > Correct. > But give the MIME type stuff a go as well, as "file -i" may produce a > very different answer for your 0000.dat file from the output of the > plain "file" command with no "-i". > > > Jules > > I am trying the file -i mime types first. I will upgrade MailScanner at some point but the testing involved with an upgrade makes it a second best choice If I can solve it more easily some other way. I am not getting the mime types to work at the moment but that is on another thread. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/ef1a9812/smime.bin From ssilva at sgvwater.com Wed May 6 22:24:51 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 6 22:25:14 2009 Subject: Changelog 3/5/2009 New in Version 4.76.24-3 In-Reply-To: References: <200905040835.33176.eli@orbsky.homelinux.org> <4A01705F.5070904@ecs.soton.ac.uk> <200905061631.36677.eli@orbsky.homelinux.org> <4A0194F5.3020007@ecs.soton.ac.uk> Message-ID: on 5-6-2009 6:47 AM Julian Field spake the following: > > > On 06/05/2009 14:31, Eli Wapniarski wrote: >> On Wednesday 06 May 2009 14:11:27 Julian Field wrote: >> >>> No, I'm talking about all the RPMs installed by install.sh that are >>> required by MailScanner. Many of these are architecture-independent. If >>> I don't give them a BuildArch and know the BuildArch that it is going to >>> use, how can I possibly know which directory to find them in? >>> >> > Sorry, I give up. I understand what you are saying, so it isn't you Julian! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/48f03148/signature-0001.bin From ssilva at sgvwater.com Wed May 6 22:33:28 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 6 22:33:54 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: on 5-6-2009 11:25 AM Meurlin Robert spake the following: > So how do you recommend i do? > > I have made the same update on another mailgw (a twin to this one =)) and it worked there. > > thanks Just like gambling. Sometimes you win, sometimes you lose! Don't mix CPAN and package based systems. If your system uses a package manager, find a tool that will convert or createe said packages from CPAN. For rpm there is cpan2rpm and some others. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/d83a505d/signature.bin From oliver at linux-kernel.at Wed May 6 23:10:39 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 6 23:11:13 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED Message-ID: <200905062210.n46MAcOD003042@mail.linux-kernel.at> Note: I've tried to bug Fedota Perl packager to update a few modules and was successfull! So, I wonder which packages need to be replaced by the MS install.sh!? There was also some thread about why not package it within the distribution.. Well, if enough of you run Fedora... I can imagine a SIG. I can also imagine beeing the primary packager... If you want. And finally. I can also imagine doing this for RHEL, using EPEL... It's just a "Do you want this?" Are there other Fedora packagers (or some who want to become one) who are willing to help? Because fom time to time I tend to enjoy some holiday :-) Or - as an old RPM packager - shall I just try to fix broken specs and the install.sh? Keep me posted... -of ----- Urspr?ngliche Nachricht ----- Von: Jonas Lilja Gesendet: Mittwoch, 06. Mai 2009 21:09 An: MailScanner discussion Betreff: SV: Perl problems on Fedora 9 SOLVED Hi, I followed your suggestions and simply installed the missed perl-modules (and the perl-Pod-Simple) with yum. Now the install-script works fine. Thanx guys Jonas -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Eli Wapniarski Skickat: den 6 maj 2009 19:14 Till: mailscanner@lists.mailscanner.info ?mne: Re: Perl problems on Fedora 9 Try reinstalling perl-ExtUtils-MakeMaker and perl-devel from Fedora's update repository. That should fix things. I had the same problem on Fedora 10. After you've done that make a back up of /etc/Mailsacnner. Then, rpm -Uvh --force mailscanner-4.76.24-3.noarch.rpm. Then run the install script. Everything should be OK. Eli On Wednesday 06 May 2009 17:34:12 Jonas Lilja wrote: > Hi, I've search for Perl issues in the archive of this list but can't find any solutions regarding Fedora 9 (I've understand that there is a lot of problems with Fedora 10). Now - when I try to install or upgrade (no matter what) I get this error: > > /usr/bin/perl "-Iblib/arch" "-Iblib/lib" "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/instmodsh > Can't locate Pod/Simple.pm in @INC (@INC contains: blib/arch blib/lib /usr/local/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl .) at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > BEGIN failed--compilation aborted at /usr/lib/perl5/5.10.0/Pod/Man.pm line 35. > Compilation failed in require at blib/lib/ExtUtils/Command/MM.pm line 95. > make: *** [manifypods] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.30068 (%build) > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.50-2.noarch.rpm. > Maybe it did not build correctly? > ------------------------------------ > > I have tried to remove MS completely and make a fresh installation but with the same result. I've also updated Perl (yum update perl*) but MS install script seems to remove that Perl-installation and try to install its own Perl-modules. Finally, I tried to install MS with nodeps but it didn't work From lists at rheel.co.nz Thu May 7 00:11:09 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 00:09:05 2009 Subject: possible error with config due to clam upgrade Message-ID: <4A02190D.7040706@rheel.co.nz> Hi all, I am running MailScanner version 4.72.5 on Centos 5.2 I recently attempted an upgrade to ClamAV 0.95.1 Now I am getting errors in the clamd.log as example: Warning: lstat() failed on: /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 I asked on the clam mail list and got the response "The error really just means "file not found", but the problem is related to MailScanner and how it is using clamav, you probably have a bad MailScanner configuration." Post upgrade I had to do the following in order to get it to start up. # rename the old binaries mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old # Create links to the new ones in /usr/local/bin ln -s /usr/bin/clamscan /usr/local/bin/clamscan ln -s /usr/bin/freshclam /usr/local/bin/freshclam ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan # There was a fourth new clam binary - /usr/bin/clamconf ln -s /usr/bin/clamconf /usr/local/bin/clamconf I was wondering if anyone new of any configuration options that might effect / cause these lstat failed warnings. Prior to the upgrade clam was running fine without warnings. Thanks Kate From ssilva at sgvwater.com Thu May 7 00:33:15 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 00:33:38 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <4A02190D.7040706@rheel.co.nz> References: <4A02190D.7040706@rheel.co.nz> Message-ID: on 5-6-2009 4:11 PM Lists spake the following: > Hi all, > > I am running MailScanner version 4.72.5 on Centos 5.2 > > I recently attempted an upgrade to ClamAV 0.95.1 > Now I am getting errors in the clamd.log > > as example: > Warning: lstat() failed on: > /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 > > I asked on the clam mail list and got the response > "The error really just means "file not found", but the problem is related > to MailScanner and how it is using clamav, you probably have a bad > MailScanner configuration." > > Post upgrade I had to do the following in order to get it to start up. > # rename the old binaries > mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old > mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old > mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old > > # Create links to the new ones in /usr/local/bin > ln -s /usr/bin/clamscan /usr/local/bin/clamscan > ln -s /usr/bin/freshclam /usr/local/bin/freshclam > ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan > > # There was a fourth new clam binary - /usr/bin/clamconf > ln -s /usr/bin/clamconf /usr/local/bin/clamconf > > I was wondering if anyone new of any configuration options that might > effect / cause these lstat failed warnings. > Prior to the upgrade clam was running fine without warnings. > Upgrading a source install over an RPM install can do this almost every time. If you have binaries in /usr/bin AND /usr/local/bin, you need to either stick with the RPM or the source, but not change back and forth. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090506/f04fc07b/signature.bin From seven at seven.dorksville.net Thu May 7 00:48:13 2009 From: seven at seven.dorksville.net (Anthony Giggins) Date: Thu May 7 00:48:35 2009 Subject: possible error with config due to clam upgrade In-Reply-To: References: <4A02190D.7040706@rheel.co.nz> Message-ID: <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> > on 5-6-2009 4:11 PM Lists spake the following: >> Hi all, >> >> I am running MailScanner version 4.72.5 on Centos 5.2 >> >> I recently attempted an upgrade to ClamAV 0.95.1 >> Now I am getting errors in the clamd.log >> >> as example: >> Warning: lstat() failed on: >> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >> >> I asked on the clam mail list and got the response >> "The error really just means "file not found", but the problem is >> related >> to MailScanner and how it is using clamav, you probably have a bad >> MailScanner configuration." >> >> Post upgrade I had to do the following in order to get it to start up. >> # rename the old binaries >> mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old >> mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old >> mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old >> >> # Create links to the new ones in /usr/local/bin >> ln -s /usr/bin/clamscan /usr/local/bin/clamscan >> ln -s /usr/bin/freshclam /usr/local/bin/freshclam >> ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan >> >> # There was a fourth new clam binary - /usr/bin/clamconf >> ln -s /usr/bin/clamconf /usr/local/bin/clamconf >> >> I was wondering if anyone new of any configuration options that might >> effect / cause these lstat failed warnings. >> Prior to the upgrade clam was running fine without warnings. >> > Upgrading a source install over an RPM install can do this almost every > time. > If you have binaries in /usr/bin AND /usr/local/bin, you need to either > stick > with the RPM or the source, but not change back and forth. I had this same issue, I had to set the following options in MailScanner.conf Incoming Work User = clamav Incoming Work Group = clamav Cheers Anthony From mailbag at partnersolutions.ca Thu May 7 01:03:38 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Thu May 7 01:03:37 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <4A02190D.7040706@rheel.co.nz> References: <4A02190D.7040706@rheel.co.nz> Message-ID: <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> > as example: > Warning: lstat() failed on: > /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 This problem matches up with issues I was seeing as well. Upgrading to the latest MailScanner release will fix it, as the tnef processing has been updated to correct the permission errors. (see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for reference, and "16 Fixed permissions and ownership problems with data extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 from http://www.mailscanner.info/ChangeLog). Cheers, -Joshua From lists at rheel.co.nz Thu May 7 01:11:22 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 01:09:32 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> References: <4A02190D.7040706@rheel.co.nz> <0A5EC380C825E440B3BB048CDE603A165945@PSIMS002.pshosting.intranet> Message-ID: <4A02272A.20608@rheel.co.nz> PSI Mailbag wrote: >> as example: >> Warning: lstat() failed on: >> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >> > > This problem matches up with issues I was seeing as well. Upgrading to > the latest MailScanner release will fix it, as the tnef processing has > been updated to correct the permission errors. > > (see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for > reference, and "16 Fixed permissions and ownership problems with data > extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 > from http://www.mailscanner.info/ChangeLog). > > Cheers, > -Joshua > Thanks Joshua, I will schedule an upgrade of MailScanner asap. Thanks again Kate From lists at rheel.co.nz Thu May 7 01:12:56 2009 From: lists at rheel.co.nz (Lists) Date: Thu May 7 01:11:16 2009 Subject: possible error with config due to clam upgrade In-Reply-To: <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> References: <4A02190D.7040706@rheel.co.nz> <43770.125.168.254.15.1241653693.squirrel@seven.dorksville.net> Message-ID: <4A022788.4050104@rheel.co.nz> Anthony Giggins wrote: >> on 5-6-2009 4:11 PM Lists spake the following: >> >>> Hi all, >>> >>> I am running MailScanner version 4.72.5 on Centos 5.2 >>> >>> I recently attempted an upgrade to ClamAV 0.95.1 >>> Now I am getting errors in the clamd.log >>> >>> as example: >>> Warning: lstat() failed on: >>> /var/spool/MailScanner/incoming/31494/MESSAGEIDISHERE/tnef.31494 >>> >>> I asked on the clam mail list and got the response >>> "The error really just means "file not found", but the problem is >>> related >>> to MailScanner and how it is using clamav, you probably have a bad >>> MailScanner configuration." >>> >>> Post upgrade I had to do the following in order to get it to start up. >>> # rename the old binaries >>> mv /usr/local/bin/clamscan /usr/local/bin/clamscan.old >>> mv /usr/local/bin/freshclam /usr/local/bin/freshclam.old >>> mv /usr/local/bin/clamdscan /usr/local/bin/clamdscan.old >>> >>> # Create links to the new ones in /usr/local/bin >>> ln -s /usr/bin/clamscan /usr/local/bin/clamscan >>> ln -s /usr/bin/freshclam /usr/local/bin/freshclam >>> ln -s /usr/bin/clamdscan /usr/local/bin/clamdscan >>> >>> # There was a fourth new clam binary - /usr/bin/clamconf >>> ln -s /usr/bin/clamconf /usr/local/bin/clamconf >>> >>> I was wondering if anyone new of any configuration options that might >>> effect / cause these lstat failed warnings. >>> Prior to the upgrade clam was running fine without warnings. >>> >>> >> Upgrading a source install over an RPM install can do this almost every >> time. >> If you have binaries in /usr/bin AND /usr/local/bin, you need to either >> stick >> with the RPM or the source, but not change back and forth. >> > > I had this same issue, I had to set the following options in MailScanner.conf > > Incoming Work User = clamav > Incoming Work Group = clamav > > Cheers > > Anthony > > > Hi Anthony, Thanks for your reply - I have checked and I believe my settings for these options are correct. I am going to attempt an upgrade of MailScanner and see if it solves the issues. Regards, Kate From ajcartmell at fonant.com Thu May 7 08:10:26 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:10:17 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: > I'll have to do a test with Fedora 9 and see how to resolve the > problems, in case a similar solution is needed as for Fedora 10. But > there can't be many people using Fedora 9 any more, it must be near > end-of-life. > > Is it worth my while? Quite probably not, but I'm sure us Fedora users can manage to investigate and sort things. If it's an easy tweak to the install script then you could consider adding it. The beauty of open-source code :) It's not like Fedora is binary incompatible or anything - it's just working out which packages need installing in what order. Luckily Fedora has pretty up-to-date packages for a lot of Perl modules, all pre-compiled, so by making sure they're there (using yum from the standard repos) before installing MailScanner seems to work fine. I might just start a page on the wiki... Cheers! Anthony -- www.fonant.com - Quality web sites From oliver at linux-kernel.at Thu May 7 08:13:55 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:14:18 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A01EA27.3060406@ecs.soton.ac.uk> Message-ID: <4A028A33.7050309@linux-kernel.at> Hi Jules! Julian Field wrote: > I will happily help you out, provided I can see what the problems are, > and if enough people are affected by the problem. I'm slightly loathed > to spend lots of time solving packaging problems if only 3 people are > still using Fedora 9 in the first place, I'm sure you understand :-) > > *If* I get time in the next day or two to install Fedora 9 and try to do > a clean install, I'll see what I can do and put out a beta of the next > version of MailScanner that will work for you folks. > > But no promises, I do have a day job to do as well, which is pretty busy > right now! I don't see a reason to take a look at Fedora 9, as long as there isn't a large userbase! As already stated, F9 will EOL soon... Better go with F10 and F11. I still would like to know how large the Fedora + MS userbase is. Is it reasonable to get MS into Fedora!? Best, Oliver From ajcartmell at fonant.com Thu May 7 08:14:55 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:14:41 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: > Not necessarily true at all, as the Perl build system in Fedora 10 is > totally broken and this will be caught well before it makes it into > RedHat Enterprise Linux 6. They can hardly miss it :-) It might be, but it hasn't stopped me installing MailScanner on Fedora 10 :) It just needed the basic packages to be pre-installed from the Fedora repos (where someone has managed to build them OK) before letting MailScanner install any newer versions it needs. [FWIW I've just shut down a server (not owned by me) that had been running FC5 until this last week. Although it was way past EOL it was still running quite happily :) I have another server running FC6 that is also quite happy, but will be upgraded soon (needs new hardware too).] Cheers! Anthony -- www.fonant.com - Quality web sites From oliver at linux-kernel.at Thu May 7 08:30:44 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:32:22 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) Message-ID: <4A028E24.3050406@linux-kernel.at> Hi! I'll fork off a new thread with an appropriate subject - so maybe more people get involved. I've added people CC: who have replied to the last thread, so they don't get lost. However. The original threads are here: http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html So. Again my question. How large is the Fedora + MS userbase. Is it worth to create a SIG within Fedora for the same? Some people already said, that they are willing to help - I guess you're not a Fedora packager yet? Do you have a RH bugzilla account? Send me/us your +1 if you're interested in such a SIG, so we know (at least a part of) the userbase. If we reach the critical mass, then I'm going to undertake the action of creating such a SIG within Fedora :-) -of PS: Everybody who wants to contribute (in packaging), please follow this: http://fedoraproject.org/wiki/PackageMaintainers/Join :-) From oliver at linux-kernel.at Thu May 7 08:35:19 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu May 7 08:35:43 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: <4A028F37.8070709@linux-kernel.at> Anthony Cartmell wrote: >> Not necessarily true at all, as the Perl build system in Fedora 10 is >> totally broken and this will be caught well before it makes it into >> RedHat Enterprise Linux 6. They can hardly miss it :-) > > It might be, but it hasn't stopped me installing MailScanner on Fedora > 10 :) > > It just needed the basic packages to be pre-installed from the Fedora > repos (where someone has managed to build them OK) before letting > MailScanner install any newer versions it needs. > > [FWIW I've just shut down a server (not owned by me) that had been > running FC5 until this last week. Although it was way past EOL it was > still running quite happily :) I have another server running FC6 that is > also quite happy, but will be upgraded soon (needs new hardware too).] Well. I've also Fedora 9 and MS running... Since it's not only MS, but also Cyrus and Sympa and Webmail, I always fear a distribution upgrade. Not that I didn't manage any upgrade since FC4 and made it working in the end, but it - sometimes - costs really much time... -of From eli at orbsky.homelinux.org Thu May 7 08:41:46 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 08:42:11 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <4A028A33.7050309@linux-kernel.at> References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <4A028A33.7050309@linux-kernel.at> Message-ID: <200905071041.47215.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:13:55 Oliver Falk wrote: > Hi Jules! > > Julian Field wrote: > > I will happily help you out, provided I can see what the problems are, > > and if enough people are affected by the problem. I'm slightly loathed > > to spend lots of time solving packaging problems if only 3 people are > > still using Fedora 9 in the first place, I'm sure you understand :-) > > > > *If* I get time in the next day or two to install Fedora 9 and try to do > > a clean install, I'll see what I can do and put out a beta of the next > > version of MailScanner that will work for you folks. > > > > But no promises, I do have a day job to do as well, which is pretty busy > > right now! > > I don't see a reason to take a look at Fedora 9, as long as there isn't > a large userbase! As already stated, F9 will EOL soon... > > Better go with F10 and F11. > > I still would like to know how large the Fedora + MS userbase is. Is it > reasonable to get MS into Fedora!? > How to tell how many Fedora users are using Mailscanner? Unknown. How popular is Fedora? A good indication can be found at: http://distrowatch.com/stats.php?section=popularity How many Sysadmins using Fedora are aware of Mailscanner? Unknown. Worthwhile to package Mailscanner in Fedora. Absolutely. By the way.... I'm working on modifying the specs for the packages as they relate to Fedora (at least release 10). So that: 1) the .rpmacro file that is generated at the beginning of the install is not required 2) skipped packages (ie documentation is included) 3) Those modules that are architecture dependant will be rebuilt and labled for the specific architecture. I'm doing it currently for pesonal curiosity's sake. If interested as to what I found. And what was required to get manual builds of the perl modules please let me know. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 08:50:06 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:49:54 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> Message-ID: > I might just start a page on the wiki... Just in case it's useful for anyone else: http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora Cheers! Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Thu May 7 08:58:57 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 08:58:57 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: > So. Again my question. How large is the Fedora + MS userbase. Probably not as large as it could be? > Is it worth to create a SIG within Fedora for the same? If MailScanner could be added to Fedora's repositories then I'm sure that a lot of people would be pleased. I think the main problem will be in finding manpower to keep up with the very-frequent MailScanner releases, updating and testing the Fedora packages each time. I suspect that using the MailScanner rpm tar files, with some fiddles if needed, is likely to be the easiest way to keep going unless we can get a lot of people to help. > Some people already said, that they are willing to help - I guess you're > not a Fedora packager yet? Do you have a RH bugzilla account? Nope, I'm mainly a web developer, with very limited knowledge of the details of packaging things. > Send me/us your +1 if you're interested in such a SIG, so we know (at > least a part of) the userbase. I might be interested, but have many other jobs to do. Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Thu May 7 09:03:20 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 09:03:06 2009 Subject: SV: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905062013.34296.eli@orbsky.homelinux.org> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE58@ss0010.sigma.local> <4A01E89B.1050501@ecs.soton.ac.uk> <3A08229453BB5B4EA8629BE7CDA2E9625A48AE59@ss0010.sigma.local> Message-ID: > No, perhaps not, but if it's easy to do a system-check in the beginning > of the install-script and if that check turns back Fedora 9 it would be > nice if the script interrupt and says "Fedora 9 is not supported. > Installation aborted". That would be a better solution than continuing > with a lot of errors. But as you said - it must be a minor problem since > Fedora 9 is at the end of life :-) I disagree that it should abort the installation. It could possibly warn that Fedora isn't supported any more, but it should continue if required. The errors are very useful to tell me what needs fixing, MailScanner does still work on Fedora, and FC9 is still supported (and widely used). Cheers! Anthony -- www.fonant.com - Quality web sites From eli at orbsky.homelinux.org Thu May 7 09:04:54 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 09:05:18 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905071104.54392.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:50:06 Anthony Cartmell wrote: > > I might just start a page on the wiki... > > Just in case it's useful for anyone else: > > http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > Cheers! > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Thu May 7 09:24:42 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu May 7 09:29:42 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On Wed, 6 May 2009, Julian Field wrote: > On 06/05/2009 15:18, David Lee wrote: >> >> [...] >> Historically, these notification settings were originally concerned with >> virus processing but are now, in effect, being deployed beyond that >> original scope. >> >> I can see two reasonably straightforward resolutions: >> 1. Adjust comments in MS.conf to include expanded scope. >> >> 2. Consider different sets of notification definitions for different >> classes of events: e.g. existing set 'as-is' for viruses; a new set >> for the message-db; (then another new set for the next feature, etc.). >> >> The first is very easy for you to implement, but imposes a "one size has to >> fit all" behaviour. The second allows a site to tailor different >> notification levels for different classes of events. (Might some sort of >> 'ruleset'-like capability assist?) > How about I just make it test to see if "Send Notices = yes" instead, and not > send the message if it's set to "no"? (Oops. I intended, but forgot, to type that into the "1. Adjust comments" part of my original email.) It might be worth letting this one simmer in background for a few days as we mull it over. For instance, we are a "Send Notices = no" site for viruses. But for other sorts of functionality, such as this new msg-db, we would like to be a "Send Notices = yes" site. And other sites might want other variants, such as "yes" in both cases but with different recipients. And then in a few months time, MS might get an additional new class of functionality (just as msg-db is new now) with other possible variants. Hence my idle wondering about something ruleset-like. (I was trying to avoid suggesting yet more options directly in MS.conf!) I'll try to give it some thought over the next few days. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From ajcartmell at fonant.com Thu May 7 09:39:53 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 09:39:41 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905071104.54392.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> Message-ID: >> Just in case it's useful for anyone else: >> >> http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). I've added perl-devel to the basic list. It may need perl-Test-Harness and perl-ExtUtils-ParseXS too, but I can't easily test that at the moment. I found that MailScanner's perl-ExtUtils-MakeMaker actually compiled fine, and is version 6.50-2 as opposed to Fedora's 6.36-68 Of course anyone can add to the list ;) Anthony -- www.fonant.com - Quality web sites From john at tradoc.fr Thu May 7 09:41:41 2009 From: john at tradoc.fr (John Wilcock) Date: Thu May 7 09:44:52 2009 Subject: getPERLLIB Message-ID: <4A029EC5.4040203@tradoc.fr> Hi Julian I'm in the process of updating my gentoo ebuild for 4.76.24, and note that there's one new file in the tarball: bin/getPERLLIB. Is this script actually used by MailScanner, or is it just there as a testing tool? (In other words, do I actually need to have the ebuild install it?) Also, I made the following request just before you went stable with 4.76, but you didn't reply on the list at the time and I assume it got lost in the noise... > Your update_bad_phishing_sites script stores its working data as a > subdirectory of the quarantine directory, which results in a spurious > "hi/ng/phis" date being reported in MailWatch's list of quarantine > directories, and also requires you to implement a workaround to stop > this subdirectory being deleted by the quarantine cleaning script. > Simply shifting to the SpamAssassin User State Directory instead > would avoid both these problems. Any chance of changing this for a future release? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Thu May 7 09:57:38 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 09:58:01 2009 Subject: getPERLLIB In-Reply-To: <4A029EC5.4040203@tradoc.fr> References: <4A029EC5.4040203@tradoc.fr> <4A02A282.5010006@ecs.soton.ac.uk> Message-ID: On 07/05/2009 09:41, John Wilcock wrote: > Hi Julian > > I'm in the process of updating my gentoo ebuild for 4.76.24, and note > that there's one new file in the tarball: bin/getPERLLIB. > Is this script actually used by MailScanner, or is it just there as a > testing tool? (In other words, do I actually need to have the ebuild > install it?) It's used by the install.sh. > > Also, I made the following request just before you went stable with > 4.76, but you didn't reply on the list at the time and I assume it got > lost in the noise... > >> Your update_bad_phishing_sites script stores its working data as a >> subdirectory of the quarantine directory, which results in a spurious >> "hi/ng/phis" date being reported in MailWatch's list of quarantine >> directories, and also requires you to implement a workaround to stop >> this subdirectory being deleted by the quarantine cleaning script. >> Simply shifting to the SpamAssassin User State Directory instead >> would avoid both these problems. > > Any chance of changing this for a future release? And if the SpamAssassin User State Directory is not defined? :) > > John. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Thu May 7 10:02:19 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 10:02:51 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> Message-ID: <200905071202.19394.eli@orbsky.homelinux.org> On Thursday 07 May 2009 11:39:53 Anthony Cartmell wrote: > >> Just in case it's useful for anyone else: > >> > >> http://wiki.mailscanner.info/doku.php?id=documentation:install_upgrade:fedora > > > > You forgot perl-devel and perl-ExtUtils-MakeMaker in the list. :). > > I've added perl-devel to the basic list. It may need perl-Test-Harness and > perl-ExtUtils-ParseXS too, but I can't easily test that at the moment. I just tried to uninstall these 2 packages and got rpm -e perl-ExtUtils-ParseXS perl-Test-Harness error: Failed dependencies: perl(ExtUtils::ParseXS) is needed by (installed) perl-Module-Install-0.77-1.fc10.noarch perl(ExtUtils::ParseXS) >= 1.02 is needed by (installed) perl-Module-Build-1:0.3200-68.fc10.x86_64 perl(ExtUtils::ParseXS) is needed by (installed) perl-devel-4:5.10.0-68.fc10.x86_64 perl(Test::Harness) is needed by (installed) mod_perl-devel-2.0.4-7.x86_64 And while trying to run down the dependancy list for perl-Module-Build I ran into a whole lot of stuff. So.... I would assume that those packages are probably needed for any healthy perl build system and are probably installed by default. > I found that MailScanner's perl-ExtUtils-MakeMaker actually compiled fine, > and is version 6.50-2 as opposed to Fedora's 6.36-68 Cool. > Of course anyone can add to the list ;) > > Anthony > -- > www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 10:25:30 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 10:25:20 2009 Subject: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: <200905071202.19394.eli@orbsky.homelinux.org> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> <200905071104.54392.eli@orbsky.homelinux.org> <200905071202.19394.eli@orbsky.homelinux.org> Message-ID: > I just tried to uninstall these 2 packages and got > > rpm -e perl-ExtUtils-ParseXS perl-Test-Harness > error: Failed dependencies: > perl(ExtUtils::ParseXS) is needed by (installed) > perl-Module-Install-0.77-1.fc10.noarch > perl(ExtUtils::ParseXS) >= 1.02 is needed by (installed) > perl-Module-Build-1:0.3200-68.fc10.x86_64 > perl(ExtUtils::ParseXS) is needed by (installed) > perl-devel-4:5.10.0-68.fc10.x86_64 > perl(Test::Harness) is needed by (installed) > mod_perl-devel-2.0.4-7.x86_64 > > > And while trying to run down the dependancy list for perl-Module-Build I > ran into a whole lot of stuff. > > So.... I would assume that those packages are probably needed for any > healthy perl build system and are probably installed by default. Good testing idea! Almost certainly then they will be installed with perl-devel which is now included in the base list. Cheers! Anthony -- www.fonant.com - Quality web sites From john at tradoc.fr Thu May 7 10:36:01 2009 From: john at tradoc.fr (John Wilcock) Date: Thu May 7 10:39:11 2009 Subject: getPERLLIB In-Reply-To: References: <4A029EC5.4040203@tradoc.fr> <4A02A282.5010006@ecs.soton.ac.uk> Message-ID: <4A02AB81.3000001@tradoc.fr> Le 07/05/2009 10:57, Julian Field a ?crit : >> I'm in the process of updating my gentoo ebuild for 4.76.24, and note >> that there's one new file in the tarball: bin/getPERLLIB. >> Is this script actually used by MailScanner, or is it just there as a >> testing tool? (In other words, do I actually need to have the ebuild >> install it?) > It's used by the install.sh. OK, so I don't need it on gentoo then. Thanks. >> Also, I made the following request just before you went stable with >> 4.76, but you didn't reply on the list at the time and I assume it got >> lost in the noise... >> >>> Your update_bad_phishing_sites script stores its working data as a >>> subdirectory of the quarantine directory, which results in a spurious >>> "hi/ng/phis" date being reported in MailWatch's list of quarantine >>> directories, and also requires you to implement a workaround to stop >>> this subdirectory being deleted by the quarantine cleaning script. >>> Simply shifting to the SpamAssassin User State Directory instead >>> would avoid both these problems. >> >> Any chance of changing this for a future release? > And if the SpamAssassin User State Directory is not defined? :) You could always fall back to the default value of /var/spool/MailScanner/spamassassin, just like you currently fall back to /var/spool/MailScanner/quarantine :-) John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From eli at orbsky.homelinux.org Thu May 7 11:33:49 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 11:34:14 2009 Subject: Perl problems on Fedora 9 In-Reply-To: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> References: <3A08229453BB5B4EA8629BE7CDA2E9625A48AE49@ss0010.sigma.local> Message-ID: <200905071333.49760.eli@orbsky.homelinux.org> To paraphrase... Here is my report of the bad, the ugly and the good. ---------- THE BAD ---------- Two packages will not rebuild at all due to testing errors. They are perl-Compress-Zlib-1.41-2.src.rpm and perl-Storable-2.16-3.src.rpm. The output is included below. Please note Regarding perl-Compress-Zlib-1.41: A similar problem has been discussed with version 1.42 and may be related. This discussion can be found at: http://www.nntp.perl.org/group/perl.perl5.porters/2007/05/msg124890.html perl-Compress-Zlib-1.41-2.src.rpm Test Summary Report ------------------- t/02zlib.t (Wstat: 0 Tests: 239 Failed: 12) Failed tests: 35-37, 43-45, 51-53, 60, 62, 64 t/03examples.t (Wstat: 0 Tests: 16 Failed: 1) Failed test: 6 Files=6, Tests=305, 1 wallclock secs ( 0.10 usr 0.02 sys + 0.77 cusr 0.16 csys = 1.05 CPU) Result: FAIL Failed 2/6 test programs. 13/305 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.B48Mge (%build) perl-Storable-2.16-3.src.rpm t/utf8hash.t .......... 1/148 # Failed test (t/utf8hash.t at line 63) # '?' # ne # '?' Character in 'C' format wrapped in pack at t/utf8hash.t line 60. Character in 'C' format wrapped in pack at t/utf8hash.t line 65. # Failed test (t/utf8hash.t at line 77) # got: '3' # expected: '4' # Failed test (t/utf8hash.t at line 63) # '?' # ne # '?' Character in 'C' format wrapped in pack at t/utf8hash.t line 60. Character in 'C' format wrapped in pack at t/utf8hash.t line 65. # Failed test (t/utf8hash.t at line 77) # got: '3' # expected: '4' # Looks like you planned 148 tests but only ran 142. t/utf8hash.t .......... Dubious, test returned 10 (wstat 2560, 0xa00) Failed 10/148 subtests t/weak.t .............. ok Test Summary Report ------------------- t/code.t (Wstat: 0 Tests: 59 Failed: 2) Failed tests: 42-43 t/utf8hash.t (Wstat: 2560 Tests: 142 Failed: 4) Failed tests: 1, 5, 72, 76 Non-zero exit status: 10 Parse errors: Bad plan. You planned 148 tests but ran 142. Files=32, Tests=2326, 4 wallclock secs ( 0.58 usr 0.11 sys + 2.38 cusr 0.45 csys = 3.52 CPU) Result: FAIL Failed 2/32 test programs. 6/2326 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.ErIIWG (%build) ----------- THE UGLY ----------- A minor issue with a third package; perl-Net-DNS-0.65-1.src.rpm is that will stop to ask if you want to perform connectivity tests to a live external DNS server if it detects a live internet connection. The following packages will not build due to architecture dependant libraries. But will build correctly if the Buildarch parameter is commented out or removed (This is true for Fedora 10 at least - I am unable to confirm one way or another if this is true for other RPM based distros). These packages include: perl-DBD-SQLite-1.21-1.src.rpm perl-DBI-1.607-1.src.rpm perl-Digest-MD5-2.36-3.src.rpm perl-Digest-SHA1-2.11-2.src.rpm perl-Filesys-Df-0.90-2.src.rpm perl-IO-1.2301-4.src.rpm perl-Net-DNS-0.65-1.src.rpm perl-Sys-Syslog-0.27-1.src.rpm perl-Time-HiRes-1.9707-3.src.rpm Of course, I am unable to confirm one way or the other if perl-Compress-Zlib-1.41-2.src.rpm or perl-Storable-2.16-3.src.rpm due to the testing problem ------------ THE GOOD ------------ All other packages will rebuild as expected. ----------------------------------------------- ONE FINAL NOTE FOR COMPLETION'S SAKE ----------------------------------------------- If rebuilding the RPMs manually and there is the .rpmacro that install.sh generates is not in place then none of the SRPM's will rebuild with the SPEC files as is. The reason being is that rebuilding the modules include documentation and other files that, while found by the rpm build process are not included in the install process while rebuilding. I am assuming that this is due to the fact that different distros use different macros to denote default locations in the file system (don't you just love politics). In any case. If rebuiliding the srpms manually you will either have to modify the specs, or manually create .rpmacro file manually in the home folder of the user which rebuilds the packages nd place the line %_unpackaged_files_terminate_build 0 in the file. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ravennaita at gmail.com Thu May 7 12:06:14 2009 From: ravennaita at gmail.com (Raven Naita) Date: Thu May 7 12:06:23 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> Message-ID: <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> Hello?Everyone, - im a newbie - using mailscanner v 4.76 goal to acchive: - create second signature?like inline.sig.txt/html to be added on top of the?message - and to use date variables in it (format mmddyy h:m:s utc) been googling out?and edditing some pm file in lib directory, but cudn't manage to get it work yet.. is it possible ? appreciate an ideas regards RN From MailScanner at ecs.soton.ac.uk Thu May 7 12:19:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 12:19:39 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> <4A02C3B9.5060209@ecs.soton.ac.uk> Message-ID: On 07/05/2009 12:06, Raven Naita wrote: > Hello Everyone, > > - im a newbie > - using mailscanner v 4.76 > > goal to acchive: > - create second signature like inline.sig.txt/html to be added on top > of the message > - and to use date variables in it (format mmddyy h:m:s utc) > > been googling out and edditing some pm file in lib directory, but > cudn't manage to get it work yet.. > > is it possible ? appreciate an ideas > You can get the signature added at the top of the file by putting the token "_SIGNATURE_" at the top of each message. You can't use date variables currently, but there's nothing to stop a cron job on your MailScanner server changing the signature file every few minutes :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Thu May 7 13:44:32 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 13:44:56 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905071544.32678.eli@orbsky.homelinux.org> On Thursday 07 May 2009 10:58:57 Anthony Cartmell wrote: I am a packager at Fedora. Like I said, I would be wiling to contribute as best I can Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Robert.Meurlin at se.fujitsu.com Thu May 7 15:04:30 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Thu May 7 15:06:17 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and I can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu May 7 15:45:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 7 15:46:15 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A02F41F.8050802@ecs.soton.ac.uk> Message-ID: It doesn't think you've got perl installed at all! :-( On 07/05/2009 3:04 PM, Meurlin Robert wrote: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl>= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > > Rob > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: den 6 maj 2009 19:45 > To: MailScanner discussion > Subject: Re: error: Failed dependencies > > On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert > wrote: > >> error: Failed dependencies: >> >> perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 >> >> >> >> But I have installed >> http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz >> so i dont now why I get this error? >> > > It looks for a package, you used CPAN. You shouldn't mix the two. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at quantumcc.com Thu May 7 16:06:27 2009 From: mrm at quantumcc.com (Mike M) Date: Thu May 7 16:06:49 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: Julian Field wrote: >> > I'll need to take a look at this, and try a 0-byte attachment and see > what happens. > To disable the tests, set > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > > Please read the docs carefully and ensure you are setting the values > appropriately. > What is the precise case that you think it is handling incorrectly? > > Jules > I don't think testing it with a 0 byte attachment will help much, because a 0 byte attachment *should* get blocked when the min size is set to 1. The problem I'm having on 3 separate servers since upgrading to 4.76 is that it's blocking on the attachment rule even when there is no attachment. I'm not exactly sure how to proceed because one part of the error message says the attachment is too large, and another part says it's too small. Regardless there is no attachment so those errors are just unintentional red herrings. I have looked at numerous messages in the quarantine and cannot find anything that gives away why it thinks they have attachments to begin with. Like I said, I have been using MS for a number of years, have done numerous upgrades, have had the min attachment size setting at the default of 1 byte since it was available and have never had a problem before upgrading to 4.76. I just upgraded another server last night and made sure it wasn't having this problem before the upgrade, and as soon as I started MS after the upgrade it started having the same problem. I can provide more from the quarantine at pastbin.com if the original data I posted is not enough. Oh, and again: MailScanner --lint says no errors. With all of the perl updates and other changes, going back to 4.74 where things were working fine is probably out of the question? From ravennaita at gmail.com Thu May 7 17:52:05 2009 From: ravennaita at gmail.com (Ravenna Naita) Date: Thu May 7 17:52:13 2009 Subject: Create second inline.sig.txt/html to be placed top of message In-Reply-To: References: <13fcb7240905061248r1427779ah36b819de5a8307bf@mail.gmail.com> <4A02C3B9.5060209@ecs.soton.ac.uk> <13fcb7240905070406i3fbe91c6wd33997d1b2fca764@mail.gmail.com> Message-ID: <13fcb7240905070952i32bb7995s1134ba3849e74999@mail.gmail.com> hi jules, thanks for "_SIGNATURE_" token i did try this earlier, it works but then i will not be able to put any disclaimer on the bottom of the msg. that's why need another signature for mailscanner to append on top of the msg for quick picture, the first inline.sig will be placed on top of msg i.e: *Company LLC* *12str Ndo* *Tel +xxs Fax +sxxx * ** *Ref.No: $d* *Date: $datenumber (that's why i asked if this variables can be add in inline sig, can you give me a hint on where in MS conf to modify ?)* the second inline.sig will be placed on the bottom of msg: *Company Disclaimer* *---* *This e-mail and any attachments are believed to be free from viruses but it is your responsibility to carry out all necessary virus checks. We Company LLC accepts no liability for any damage caused by any virus that might become available during internet transmission of this e-mail.* * * any guidance or hint please *or else can just shoot me with simple "NO, MS IS NOT THE RIGHT ONE TO DO THIS JOB"* regards RN On Thu, May 7, 2009 at 6:19 PM, Julian Field wrote: > > > On 07/05/2009 12:06, Raven Naita wrote: > >> Hello Everyone, >> >> - im a newbie >> - using mailscanner v 4.76 >> >> goal to acchive: >> - create second signature like inline.sig.txt/html to be added on top >> of the message >> - and to use date variables in it (format mmddyy h:m:s utc) >> >> been googling out and edditing some pm file in lib directory, but >> cudn't manage to get it work yet.. >> >> is it possible ? appreciate an ideas >> >> > You can get the signature added at the top of the file by putting the token > "_SIGNATURE_" at the top of each message. > You can't use date variables currently, but there's nothing to stop a cron > job on your MailScanner server changing the signature file every few minutes > :-) > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/99c4d1df/attachment.html From Robert.Meurlin at se.fujitsu.com Thu May 7 11:41:16 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Thu May 7 18:38:26 2009 Subject: error: Failed dependencies In-Reply-To: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Thu May 7 19:54:28 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu May 7 19:54:46 2009 Subject: Create second inline.sig.txt/html to be placed top of message Message-ID: <1213490F1F316842A544A850422BFA9629F7F9E3@BHLSBS.bhl.local> Surely it shouldn't be too hard to look at jules code and add a second _signature_ type tag in? Just need to read the other sig in. ________________________________ From: Ravenna Naita Sent: 07 May 2009 18:02 To: MailScanner discussion Subject: Re: Create second inline.sig.txt/html to be placed top of message hi jules, thanks for "_SIGNATURE_" token i did try this earlier, it works but then i will not be able to put any disclaimer on the bottom of the msg. that's why need another signature for mailscanner to append on top of the msg for quick picture, the first inline.sig will be placed on top of msg i.e: Company LLC 12str Ndo Tel +xxs Fax +sxxx Ref.No: $d Date: $datenumber (that's why i asked if this variables can be add in inline sig, can you give me a hint on where in MS conf to modify ?) the second inline.sig will be placed on the bottom of msg: Company Disclaimer --- This e-mail and any attachments are believed to be free from viruses but it is your responsibility to carry out all necessary virus checks. We Company LLC accepts no liability for any damage caused by any virus that might become available during internet transmission of this e-mail. any guidance or hint please or else can just shoot me with simple "NO, MS IS NOT THE RIGHT ONE TO DO THIS JOB" regards RN On Thu, May 7, 2009 at 6:19 PM, Julian Field > wrote: On 07/05/2009 12:06, Raven Naita wrote: Hello Everyone, - im a newbie - using mailscanner v 4.76 goal to acchive: - create second signature like inline.sig.txt/html to be added on top of the message - and to use date variables in it (format mmddyy h:m:s utc) been googling out and edditing some pm file in lib directory, but cudn't manage to get it work yet.. is it possible ? appreciate an ideas You can get the signature added at the top of the file by putting the token "_SIGNATURE_" at the top of each message. You can't use date variables currently, but there's nothing to stop a cron job on your MailScanner server changing the signature file every few minutes :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/9213e2fc/attachment.html From ssilva at sgvwater.com Thu May 7 20:21:38 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:22:05 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/2a68affc/signature.bin From ssilva at sgvwater.com Thu May 7 20:27:08 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:27:35 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: on 5-7-2009 12:14 AM Anthony Cartmell spake the following: >> Not necessarily true at all, as the Perl build system in Fedora 10 is >> totally broken and this will be caught well before it makes it into >> RedHat Enterprise Linux 6. They can hardly miss it :-) > > It might be, but it hasn't stopped me installing MailScanner on Fedora > 10 :) > > It just needed the basic packages to be pre-installed from the Fedora > repos (where someone has managed to build them OK) before letting > MailScanner install any newer versions it needs. > > [FWIW I've just shut down a server (not owned by me) that had been > running FC5 until this last week. Although it was way past EOL it was > still running quite happily :) I have another server running FC6 that is > also quite happy, but will be upgraded soon (needs new hardware too).] > Just because an old distro is happy doesn't mean it is secure. Once you are EOL, you have to try and find and fix all the security holes yourself. If a system is locked down behind a firewall you might be OK, but if it is internet facing, you are just playing russian roulette. You just haven't hit the loaded chamber yet! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/5052ac42/signature.bin From ssilva at sgvwater.com Thu May 7 20:31:27 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 7 20:35:11 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: on 5-7-2009 12:58 AM Anthony Cartmell spake the following: >> So. Again my question. How large is the Fedora + MS userbase. > > Probably not as large as it could be? > >> Is it worth to create a SIG within Fedora for the same? > > If MailScanner could be added to Fedora's repositories then I'm sure > that a lot of people would be pleased. > > I think the main problem will be in finding manpower to keep up with the > very-frequent MailScanner releases, updating and testing the Fedora > packages each time. I suspect that using the MailScanner rpm tar files, > with some fiddles if needed, is likely to be the easiest way to keep > going unless we can get a lot of people to help. > >> Some people already said, that they are willing to help - I guess >> you're not a Fedora packager yet? Do you have a RH bugzilla account? > > Nope, I'm mainly a web developer, with very limited knowledge of the > details of packaging things. > >> Send me/us your +1 if you're interested in such a SIG, so we know (at >> least a part of) the userbase. > > I might be interested, but have many other jobs to do. > > Anthony If Fedora has all the needed modules in repo, then all you would really need is a custom spec file with the proper requires in it. Yum install MailScanner would then bring in the deps and then you need to edit a sane config. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/efdda46e/signature.bin From david at gnsa.us Thu May 7 20:51:54 2009 From: david at gnsa.us (David Nalley) Date: Thu May 7 20:52:23 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: On Thu, May 7, 2009 at 3:30 AM, Oliver Falk wrote: > Hi! > > I'll fork off a new thread with an appropriate subject - so maybe more > people get involved. > > I've added people CC: who have replied to the last thread, so they don't get > lost. > > However. > > The original threads are here: > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html > > So. Again my question. How large is the Fedora + MS userbase. Is it worth to > create a SIG within Fedora for the same? > > Some people already said, that they are willing to help - I guess you're not > a Fedora packager yet? Do you have a RH bugzilla account? > > Send me/us your +1 if you're interested in such a SIG, so we know (at least > a part of) the userbase. > > If we reach the critical mass, then I'm going to undertake the action of > creating such a SIG within Fedora :-) > > -of > > PS: Everybody who wants to contribute (in packaging), please follow this: > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I am already a Fedora packager and certainly interested in working towards the goal of having MailScanner in the default repos. From gafaith at asdm.net Thu May 7 21:22:27 2009 From: gafaith at asdm.net (Gary Faith) Date: Thu May 7 21:22:45 2009 Subject: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: <4A030AC30200002D0000650C@sparky.asdm.net> Sorry to jump in the middle of this but I think it might be relevant. This morning, I just downloaded the Suse version of MailScaner 4.76.24-3 and I am sure that Perl 5.8.8 installed. I ran install.sh fast. When I attempted to start MailScanner, I got errors pertaining to perl-HTML-Tagset so I did another install.sh this time without using the fast. I monitored the output of the install process and verified that these errors were logged. Attempting to build and install perl-HTML-Tagset-3.03-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-HTML-Tagset-3.03-2.noarch Installing perl-HTML-Tagset-3.03-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-HTML-Tagset-3.03-2.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-TNEF-0.17-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-Convert-TNEF-0.17-2.noarch Installing perl-Convert-TNEF-0.17-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-Convert-TNEF-0.17-2.noarch.rpm. Maybe it did not build correctly? I downloaded from the SLES SP2 DVD and installed perl-HTML-Tagset-3.20-2.1.x86_64.rpm. Restarted MailScanner and it works fine. I found an x86_64 SLES rpm for perl-Convert-TNEF on the DVD also. One problem I still have is in perl-Storable. It fails to install with this error: t/weak................Weak references are not implemented in the version of perl at t/weak.t line 28 BEGIN failed--compilation aborted at t/weak.t line 33. dubious Test returned status 255 (wstat 65280, 0xff00) Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/weak.t 255 65280 ?? ?? ?? 2 tests skipped. Failed 1/32 test scripts. 0/2204 subtests failed. Files=32, Tests=2204, 2 wallclock secs ( 1.23 cusr + 0.27 csys = 1.50 CPU) Failed 1/32 test programs. 0/2204 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.99024 (%build) Gary Faith >>> Scott Silva 5/7/2009 3:21 PM >>> on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/2748039d/attachment.html From eli at orbsky.homelinux.org Thu May 7 21:29:07 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 7 21:29:32 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905072329.08117.eli@orbsky.homelinux.org> On Thursday 07 May 2009 22:31:27 Scott Silva wrote: > on 5-7-2009 12:58 AM Anthony Cartmell spake the following: > >> So. Again my question. How large is the Fedora + MS userbase. > > > > Probably not as large as it could be? > > > >> Is it worth to create a SIG within Fedora for the same? > > > > If MailScanner could be added to Fedora's repositories then I'm sure > > that a lot of people would be pleased. > > > > I think the main problem will be in finding manpower to keep up with the > > very-frequent MailScanner releases, updating and testing the Fedora > > packages each time. I suspect that using the MailScanner rpm tar files, > > with some fiddles if needed, is likely to be the easiest way to keep > > going unless we can get a lot of people to help. > > > >> Some people already said, that they are willing to help - I guess > >> you're not a Fedora packager yet? Do you have a RH bugzilla account? > > > > Nope, I'm mainly a web developer, with very limited knowledge of the > > details of packaging things. > > > >> Send me/us your +1 if you're interested in such a SIG, so we know (at > >> least a part of) the userbase. > > > > I might be interested, but have many other jobs to do. > > > > Anthony > If Fedora has all the needed modules in repo, then all you would really need > is a custom spec file with the proper requires in it. Yum install MailScanner > would then bring in the deps and then you need to edit a sane config. > > That really is the trick and there does seem to be some problems with a few perl modules. We would probably need to get one or more of the perl packagers on board to help sort out the issues. Really, there are 2 modules that will not compile and one that requires some interaction during the build process which I'm sure could be worked out with the right expertise. Please see my post: http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091510.html Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajcartmell at fonant.com Thu May 7 21:43:16 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu May 7 21:43:07 2009 Subject: AW: SV: Perl problems on Fedora 9 SOLVED In-Reply-To: References: <200905061936.n46JZxcB016576@mail.linux-kernel.at> <200905062308.50542.eli@orbsky.homelinux.org> <4A01F011.3050906@ecs.soton.ac.uk> Message-ID: > Just because an old distro is happy doesn't mean it is secure. Once you > are > EOL, you have to try and find and fix all the security holes yourself. > If a > system is locked down behind a firewall you might be OK, but if it is > internet > facing, you are just playing russian roulette. You just haven't hit the > loaded > chamber yet! I know. But by "happy" I did mean "un-hacked", which, given the constant script-kiddie attacks an internet server suffers, must say something about the security remaining. Cheers! Anthony -- www.fonant.com - Quality web sites From Kevin_Miller at ci.juneau.ak.us Thu May 7 21:44:47 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu May 7 21:45:08 2009 Subject: error: Failed dependencies In-Reply-To: <4A030AC30200002D0000650C@sparky.asdm.net> References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A030AC30200002D0000650C@sparky.asdm.net> Message-ID: <4A09477D575C2C4B86497161427DD94C0D153E2AE0@city-exchange07> Same issue the other day. I added the tagset perl package in YaST and then it did fine. Before installing MailScanner, I add the following packages: sendmail, sendmail-devel, mysql, php5-mysql, gcc, zlib, zlib-devel, gmp, curl, python, python-devel, unzip, bzip2, bzip2-devel, apache2, apach2-modphp5, apach2-prefork, php5-session, bind (DNS), perl-libwww-perl, perl-Digest-HMAC, perl-net-DNS, perl-convert-tnef, php5-gd Note that the apache & php stuff is for MailWatch, not MailScanner. One of the packages in the list isn't on SLES, but was on earlier versions of openSUSE. May still be - just haven't installed MailScanner on a recent version of openSUSE. IIRC, it was bzip2-devel, but I don't remember for sure. Sometimes I'd have to check the "Provides" box in YAST as the perl module will be in a bundle with a different name. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: Thursday, May 07, 2009 12:22 PM To: mailscanner@lists.mailscanner.info Subject: Re: error: Failed dependencies Sorry to jump in the middle of this but I think it might be relevant. This morning, I just downloaded the Suse version of MailScaner 4.76.24-3 and I am sure that Perl 5.8.8 installed. I ran install.sh fast. When I attempted to start MailScanner, I got errors pertaining to perl-HTML-Tagset so I did another install.sh this time without using the fast. I monitored the output of the install process and verified that these errors were logged. Attempting to build and install perl-HTML-Tagset-3.03-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-HTML-Tagset-3.03-2.noarch Installing perl-HTML-Tagset-3.03-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-HTML-Tagset-3.03-2.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-TNEF-0.17-2 error: Failed build dependencies: perl >= 0:5.00503 is needed by perl-Convert-TNEF-0.17-2.noarch Installing perl-Convert-TNEF-0.17-2.src.rpm Missing file /usr/src/packages/RPMS/noarch/perl-Convert-TNEF-0.17-2.noarch.rpm. Maybe it did not build correctly? I downloaded from the SLES SP2 DVD and installed perl-HTML-Tagset-3.20-2.1.x86_64.rpm. Restarted MailScanner and it works fine. I found an x86_64 SLES rpm for perl-Convert-TNEF on the DVD also. One problem I still have is in perl-Storable. It fails to install with this error: t/weak................Weak references are not implemented in the version of perl at t/weak.t line 28 BEGIN failed--compilation aborted at t/weak.t line 33. dubious Test returned status 255 (wstat 65280, 0xff00) Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/weak.t 255 65280 ?? ?? ?? 2 tests skipped. Failed 1/32 test scripts. 0/2204 subtests failed. Files=32, Tests=2204, 2 wallclock secs ( 1.23 cusr + 0.27 csys = 1.50 CPU) Failed 1/32 test programs. 0/2204 subtests failed. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.99024 (%build) Gary Faith >>> Scott Silva 5/7/2009 3:21 PM >>> on 5-7-2009 7:04 AM Meurlin Robert spake the following: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl >= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > Are you sure you are installing the SUSE RPM package and not the RedHat RPM package? From Carl.Andrews at crackerbarrel.com Thu May 7 22:29:33 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 7 22:29:46 2009 Subject: Interesting article - Image spam returns with a vengeance - Network World Message-ID: http://www.networkworld.com/news/2009/050609-image-spam-returns-with-a.html?nlhtsec=ts_050709&nladname=050709securityal From gafaith at asdm.net Fri May 8 00:12:52 2009 From: gafaith at asdm.net (Gary Faith) Date: Fri May 8 00:13:05 2009 Subject: MailScanner status shows Dead but it isn't Message-ID: <4A0332B40200002D00006522@sparky.asdm.net> After running into an issue upgrading to 4.76 on SLES 10 SP2 x86_64 and getting it figured out and working, I figured I would use check the MailScanner status. I know MailScanner is working because I can tail the mail log and see it processing but when I run rcMailScanner status, I get this (I added echo's, after I found it showing dead, in the init script). Checking for service MailScanner: Sendmail: running Sendmail Incoming: running Sendmail Outgoing: running MailScanner: dead If I run /usr/sbin/check_MailScanner, I get this: /etc/init.d # check_MailScanner MailScanner running with pid 3584 15152 15535 15870 15894 16020 -rw------- 1 root root 5 Apr 13 14:04 MailScanner.pid and mscan:/var/run # ps ax | grep MailScanner 3584 ? Ss 0:01 MailScanner: starting child 15152 ? S 0:20 MailScanner: waiting for messages 15535 ? S 0:16 MailScanner: waiting for messages 15870 ? S 0:17 MailScanner: waiting for messages 15894 ? S 0:16 MailScanner: waiting for messages 16020 ? S 0:18 MailScanner: waiting for messages So, why is rcMailScanner status showing MailScanner as dead ? Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090507/a0c888c6/attachment-0001.html From mrm at quantumcc.com Fri May 8 15:50:34 2009 From: mrm at quantumcc.com (Mike M) Date: Fri May 8 15:50:54 2009 Subject: Perl after 4.76 Message-ID: How can I get a list of all of the required Perl modules and also make sure all of them are installed and working *properly* after installing 4.76? -Mike From gmourani at prival.ca Fri May 8 16:00:41 2009 From: gmourani at prival.ca (Gerhard Mourani) Date: Fri May 8 16:01:14 2009 Subject: File extension ADX Message-ID: <1241794841.12788.15.camel@gmourani-laptop> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: email_logo Type: image/jpeg Size: 2072 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090508/f5e625bf/email_logo.jpe From david at gnsa.us Fri May 8 16:45:28 2009 From: david at gnsa.us (David Nalley) Date: Fri May 8 16:45:57 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: On Thu, May 7, 2009 at 3:30 AM, Oliver Falk wrote: > Hi! > > I'll fork off a new thread with an appropriate subject - so maybe more > people get involved. > > I've added people CC: who have replied to the last thread, so they don't get > lost. > > However. > > The original threads are here: > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091460.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-May/091469.html > > So. Again my question. How large is the Fedora + MS userbase. Is it worth to > create a SIG within Fedora for the same? > > Some people already said, that they are willing to help - I guess you're not > a Fedora packager yet? Do you have a RH bugzilla account? > > Send me/us your +1 if you're interested in such a SIG, so we know (at least > a part of) the userbase. > > If we reach the critical mass, then I'm going to undertake the action of > creating such a SIG within Fedora :-) > > -of > > PS: Everybody who wants to contribute (in packaging), please follow this: > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > I figure we need to outline what work is needed to make this happen - and have setup a wiki page to identify those things: https://fedoraproject.org/wiki/MailScanner_in_Fedora Feel free to edit, change, add, etc. From naolson at gmail.com Sat May 9 10:57:51 2009 From: naolson at gmail.com (Nathan Olson) Date: Sat May 9 10:58:01 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <4A028E24.3050406@linux-kernel.at> References: <4A028E24.3050406@linux-kernel.at> Message-ID: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Why in the world would you want to run a production service on a distribution used specifically for testing? CentOS - for those who can't afford the RHEL license. From nick at inticon.net.au Sat May 9 11:19:19 2009 From: nick at inticon.net.au (Nick Brown) Date: Sat May 9 11:19:33 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: <4A0558A7.4010009@inticon.net.au> Nathan Olson wrote: > Why in the world would you want to run a production service on a > distribution used specifically for testing? > CentOS - for those who can't afford the RHEL license. > This Post - for those who want to read pointless crap. Apparently. From ajcartmell at fonant.com Sat May 9 15:31:42 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Sat May 9 15:31:27 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: Nathan Olson wrote: > Why in the world would you want to run a production service on a > distribution used specifically for testing? Eh? Fedora is a production-ready distro (so long as you avoid the beta releases, of course!) and is designed and run as such. But there's no point in arguing about distros, we've done that and you aren't going to change any minds :) There are a lot of people using Fedora on servers, as I have from when it was called RedHat Linux. Even if you think we're all mad, I think it's a Good Idea to make it easy for them to make use of MailScanner: both to reduce spam and because they might buy Julian's book :) You also get to benefit because we make sure MailScanner works with recent Perl versions, on the OS that RHEL is based on. Cheers! Anthony -- www.fonant.com - Quality web sites From mark at msapiro.net Sat May 9 15:43:13 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat May 9 15:43:28 2009 Subject: Perl after 4.76 In-Reply-To: References: Message-ID: <20090509144313.GA1236@msapiro> On Fri, May 08, 2009 at 09:50:34AM -0500, Mike M wrote: > How can I get a list of all of the required Perl modules and also make > sure all of them are installed and working *properly* after installing > 4.76? MailScanner -v This won't directly answer the "working properly" issue, but if you are relying on an rpm based install using the install.sh script, modules that don't pass the tests in the rpm won't be installed. Also, the very beginning of the install.sh script has a list of Perl modules and versions. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From eli at orbsky.homelinux.org Sat May 9 18:19:46 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 9 18:20:14 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <8f54b4330905090257l349c000cn899da8c1fba30b68@mail.gmail.com> Message-ID: <200905092019.47102.eli@orbsky.homelinux.org> Hear... Hear....; Eli On Saturday 09 May 2009 17:31:42 Anthony Cartmell wrote: > Nathan Olson wrote: > > Why in the world would you want to run a production service on a > > distribution used specifically for testing? > > Eh? Fedora is a production-ready distro (so long as you avoid the beta > releases, of course!) and is designed and run as such. But there's no > point in arguing about distros, we've done that and you aren't going to > change any minds :) > > There are a lot of people using Fedora on servers, as I have from when it > was called RedHat Linux. Even if you think we're all mad, I think it's a > Good Idea to make it easy for them to make use of MailScanner: both to > reduce spam and because they might buy Julian's book :) You also get to > benefit because we make sure MailScanner works with recent Perl versions, > on the OS that RHEL is based on. > > Cheers! > > Anthony > -- > www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Sat May 9 21:02:57 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 9 21:03:20 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> Message-ID: <200905092302.57728.eli@orbsky.homelinux.org> On Friday 08 May 2009 18:45:28 David Nalley wrote: > > PS: Everybody who wants to contribute (in packaging), please follow this: > > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) I should find some time tommorrow to start woking on the documentation here. Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Sat May 9 21:30:01 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Sat May 9 21:30:09 2009 Subject: Mailwatch Message-ID: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is available somewhere? I noticed it's quite old and might not be usable with PHP5 and MySQL5? Thanks. From mikael at syska.dk Sat May 9 23:41:38 2009 From: mikael at syska.dk (Mikael Syska) Date: Sat May 9 23:41:47 2009 Subject: Mailwatch In-Reply-To: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: <6beca9db0905091541u6686b2bse506ea95b35c395d@mail.gmail.com> Hi, On Sat, May 9, 2009 at 10:30 PM, Lj?snet wrote: > Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > available somewhere? No, 1.0.4 is the latest ... but there are some working on releasing a 1.0.5 with all the contribs included. > > I noticed it's quite old and might not be usable with PHP5 and MySQL5? We are runing it with mysql 5 but php4 with no problems ... other than it can be slow sometimes cause our DB it quite big. > Thanks. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > mvh Mikael Syska From david at gnsa.us Sun May 10 02:44:34 2009 From: david at gnsa.us (David Nalley) Date: Sun May 10 02:45:03 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <200905092302.57728.eli@orbsky.homelinux.org> References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: > On Friday 08 May 2009 18:45:28 David Nalley wrote: >> > PS: Everybody who wants to contribute (in packaging), please follow this: >> > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) > > I should find some time tommorrow to start woking on the documentation here. > > Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. > > Eli > I'll create a resource request for a mailing list with infra tonight. From david at gnsa.us Sun May 10 02:51:35 2009 From: david at gnsa.us (David Nalley) Date: Sun May 10 02:52:08 2009 Subject: Mailwatch In-Reply-To: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: > Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > available somewhere? There is a 2.0 pre-alpha release floating around somewhere - uses postgres instead of mysql. > > I noticed it's quite old and might not be usable with PHP5 and MySQL5? 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. From paul.hutchings at mira.co.uk Sun May 10 10:44:01 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 10 10:44:19 2009 Subject: "Problem Messages" - what's happening? Message-ID: Hmm OK seeing a few of the below in my Postmaster inbox. Doing a grep of the logs shows this: May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing message 8BE611FCC8.A5E8C May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat May 9 17:13:54 relay MailScanner[8261]: Making attempt 3 at processing message 8BE611FCC8.A5E8C May 9 17:13:55 relay MailScanner[8261]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8261/8BE611FCC8.A5E8C/winmail.dat May 9 17:17:01 relay MailScanner[8475]: Making attempt 4 at processing message 8BE611FCC8.A5E8C May 9 17:17:01 relay MailScanner[8475]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8475/8BE611FCC8.A5E8C/winmail.dat May 9 17:21:50 relay MailScanner[8653]: Making attempt 5 at processing message 8BE611FCC8.A5E8C May 9 17:21:50 relay MailScanner[8653]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8653/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:27 relay MailScanner[9274]: Making attempt 6 at processing message 8BE611FCC8.A5E8C May 9 17:27:27 relay MailScanner[9274]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9274/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message 8BE611FCC8.A5E8C as it has been attempted too many times May 9 17:27:30 relay MailScanner[9522]: Quarantined message 8BE611FCC8.A5E8C as it caused MailScanner to crash several times May 9 17:27:30 relay MailScanner[9522]: Saved entire message to /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C Using 4.76.24 on CentOS 5.3. Not sure where to begin on this one - basic background is we have MailScanner in production and have done for years and I've not seen this before, seems to only affect a single message out of the thousands in/out we deal with. Any help would be much appreciated. Cheers, Paul -- Paul Hutchings -----Original Message----- From: MailScanner [mailto:postmaster@domain] Sent: 10 May 2009 10:02 To: Postmaster Subject: Problem Messages Archive: Number of messages: 2 Tries Message Last Tried ===== ======= ========== 6 8BE611FCC8.A5E8C Sat May 9 17:31:57 2009 6 9651A1FCCB.A556B Sat May 9 17:25:57 2009 -- MailScanner -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From nick at inticon.net.au Sun May 10 11:17:41 2009 From: nick at inticon.net.au (Nick Brown) Date: Sun May 10 11:17:57 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: <4A06A9C5.2010901@inticon.net.au> Paul Hutchings wrote: > Hmm OK seeing a few of the below in my Postmaster inbox. > Odd. Have not had a chance to look into it as yet but we started seeing these ~12 hours ago for the first time also. Nick. From mikael at syska.dk Sun May 10 13:18:53 2009 From: mikael at syska.dk (Mikael Syska) Date: Sun May 10 13:19:09 2009 Subject: Mailwatch In-Reply-To: References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> Message-ID: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >> available somewhere? > > There is a 2.0 pre-alpha release floating around somewhere - uses > postgres instead of mysql. As I understand it ... 2.0 wont be free ... you have to buy it. The Alpha version is buggy and I would not use it for any production servers. >> >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? > > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mark at msapiro.net Sun May 10 15:46:00 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 10 15:46:14 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: <20090510144600.GA4040@msapiro> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: > Hmm OK seeing a few of the below in my Postmaster inbox. > > Doing a grep of the logs shows this: > > May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: > message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> > May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing > message 8BE611FCC8.A5E8C > May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat [...] > May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message > 8BE611FCC8.A5E8C as it has been attempted too many times > May 9 17:27:30 relay MailScanner[9522]: Quarantined message > 8BE611FCC8.A5E8C as it caused MailScanner to crash several times > May 9 17:27:30 relay MailScanner[9522]: Saved entire message to > /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C I suspect the problem is the TNEF decoder is timing out trying to decode the TNEF (winmail.dat) part of the message. The part is likely corrupt. You could verify this by retrieving the message from the quarantine, saving the winmail.dat attachment and then trying to expand it with /usr/bin/tnef which is the default decoder. Also see . -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.hutchings at mira.co.uk Sun May 10 17:19:29 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun May 10 17:19:56 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: Message-ID: OK well having looked at them they're junk anyway so I deleted them from the quarantine folder yet I'm still being emailed telling me about "Problem Messages" that were last tried yesterday - how do I stop the nagging emails please? -- Paul Hutchings -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 10 May 2009 10:44 To: MailScanner discussion Subject: "Problem Messages" - what's happening? Hmm OK seeing a few of the below in my Postmaster inbox. Doing a grep of the logs shows this: May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing message 8BE611FCC8.A5E8C May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat May 9 17:13:54 relay MailScanner[8261]: Making attempt 3 at processing message 8BE611FCC8.A5E8C May 9 17:13:55 relay MailScanner[8261]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8261/8BE611FCC8.A5E8C/winmail.dat May 9 17:17:01 relay MailScanner[8475]: Making attempt 4 at processing message 8BE611FCC8.A5E8C May 9 17:17:01 relay MailScanner[8475]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8475/8BE611FCC8.A5E8C/winmail.dat May 9 17:21:50 relay MailScanner[8653]: Making attempt 5 at processing message 8BE611FCC8.A5E8C May 9 17:21:50 relay MailScanner[8653]: Expanding TNEF archive at /var/spool/MailScanner/incoming/8653/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:27 relay MailScanner[9274]: Making attempt 6 at processing message 8BE611FCC8.A5E8C May 9 17:27:27 relay MailScanner[9274]: Expanding TNEF archive at /var/spool/MailScanner/incoming/9274/8BE611FCC8.A5E8C/winmail.dat May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message 8BE611FCC8.A5E8C as it has been attempted too many times May 9 17:27:30 relay MailScanner[9522]: Quarantined message 8BE611FCC8.A5E8C as it caused MailScanner to crash several times May 9 17:27:30 relay MailScanner[9522]: Saved entire message to /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C Using 4.76.24 on CentOS 5.3. Not sure where to begin on this one - basic background is we have MailScanner in production and have done for years and I've not seen this before, seems to only affect a single message out of the thousands in/out we deal with. Any help would be much appreciated. Cheers, Paul -- Paul Hutchings -----Original Message----- From: MailScanner [mailto:postmaster@domain] Sent: 10 May 2009 10:02 To: Postmaster Subject: Problem Messages Archive: Number of messages: 2 Tries Message Last Tried ===== ======= ========== 6 8BE611FCC8.A5E8C Sat May 9 17:31:57 2009 6 9651A1FCCB.A556B Sat May 9 17:25:57 2009 -- MailScanner -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From alex at skynet-srl.com Sun May 10 17:32:35 2009 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Sun May 10 17:35:46 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: <200905101100.n4AB02lf017410@safir.blacknight.ie> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> Message-ID: <4A0701A3.2040608@skynet-srl.com> > Nathan Olson wrote: >> Why in the world would you want to run a production service on a >> distribution used specifically for testing? > > Eh? Fedora is a production-ready distro (so long as you avoid the beta > releases, of course!) and is designed and run as such. But there's no > point in arguing about distros, we've done that and you aren't going > to change any minds :) > > There are a lot of people using Fedora on servers, as I have from when > it was called RedHat Linux. Even if you think we're all mad, I think > it's a Good Idea to make it easy for them to make use of MailScanner: > both to reduce spam and because they might buy Julian's book :) You > also get to benefit because we make sure MailScanner works with recent > Perl versions, on the OS that RHEL is based on. > > Cheers! > > Anthony I've been using Fedora since it was Red Hat 9 I've been running run more than 10 mailservers using postfix+mysql+MailScanner+mailwatch in a clustered environment, and I never had any kind of problem MailScanner has always worked very fine and installed OK until the latest relase, when it seems to remove pieces it needs. I'm pretty sure that Fedora is a VERY important platform, and Jules will, as usual, support it. Than you Jules for all your efforts Alessandrfo Bianchi From alex at skynet-srl.com Sun May 10 17:37:42 2009 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Sun May 10 17:40:56 2009 Subject: Tiny image only spam [OT] In-Reply-To: <200905101100.n4AB02lf017410@safir.blacknight.ie> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> Message-ID: <4A0702D6.8060202@skynet-srl.com> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- *SkyNet SRL* P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com . ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/8908d3a6/attachment.html From eli at orbsky.homelinux.org Sun May 10 20:57:39 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sun May 10 20:58:25 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0702D6.8060202@skynet-srl.com> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> Message-ID: <200905102257.39999.eli@orbsky.homelinux.org> On Sunday 10 May 2009 19:37:42 Alessandro Bianchi wrote: > In the last days I'm getting a lot of image only spam. > > It contains no links and no text at all > > The size of the image is different every time, and it advertizes > pharmacy inviting users to visit funny sites with always different names > like www.8654.org and similar. > > I've palayed around spamassassin rules with some luck (somettimes I > catch sometimes I don't). > > Has anyone else seen something similar? > > Any ideas about how to stop it? > Unless somebody know how to block mail based on subject lines in Mailscanner, the only thing that I can suggest is to install a milter like milter-regex and start creating simple filters based on the subject. Hopefully your distro will have milter-regex available however if not it can be found at: http://www.benzedrine.cx/milter-regex.html Cheers. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Sun May 10 22:09:46 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sun May 10 22:33:27 2009 Subject: Additional header info turned of in 4-77-1-2 Message-ID: <20090510210945.GB13040@doctor.nl2k.ab.ca> How do you turn it back on? From gafaith at asdm.net Mon May 11 04:21:05 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 11 04:21:21 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0702D6.8060202@skynet-srl.com> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> Message-ID: <4A0761610200002D0000656E@sparky.asdm.net> I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com. ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/2ba8d36b/attachment.html From gafaith at asdm.net Mon May 11 04:21:54 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 11 04:22:05 2009 Subject: MailScanner status shows Dead but it isn't In-Reply-To: <4A0332B40200002D00006522@sparky.asdm.net> References: <4A0332B40200002D00006522@sparky.asdm.net> Message-ID: <4A0761920200002D00006573@sparky.asdm.net> Anyone ? >>> "Gary Faith" 5/7/2009 7:12 PM >>> After running into an issue upgrading to 4.76 on SLES 10 SP2 x86_64 and getting it figured out and working, I figured I would use check the MailScanner status. I know MailScanner is working because I can tail the mail log and see it processing but when I run rcMailScanner status, I get this (I added echo's, after I found it showing dead, in the init script). Checking for service MailScanner: Sendmail: running Sendmail Incoming: running Sendmail Outgoing: running MailScanner: dead If I run /usr/sbin/check_MailScanner, I get this: /etc/init.d # check_MailScanner MailScanner running with pid 3584 15152 15535 15870 15894 16020 -rw------- 1 root root 5 Apr 13 14:04 MailScanner.pid and mscan:/var/run # ps ax | grep MailScanner 3584 ? Ss 0:01 MailScanner: starting child 15152 ? S 0:20 MailScanner: waiting for messages 15535 ? S 0:16 MailScanner: waiting for messages 15870 ? S 0:17 MailScanner: waiting for messages 15894 ? S 0:16 MailScanner: waiting for messages 16020 ? S 0:18 MailScanner: waiting for messages So, why is rcMailScanner status showing MailScanner as dead ? Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090510/8cb72c4b/attachment.html From J.Ede at birchenallhowden.co.uk Mon May 11 07:54:37 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon May 11 07:55:05 2009 Subject: Tiny image only spam [OT] In-Reply-To: <4A0761610200002D0000656E@sparky.asdm.net> References: <200905101100.n4AB02lf017410@safir.blacknight.ie> <4A0702D6.8060202@skynet-srl.com> <4A0761610200002D0000656E@sparky.asdm.net> Message-ID: <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> Fuzzy OCR does the job, but bear in mind there is a significant overhead with using it. We stopped using it as it was significantly increasing the load on our servers and other measures were working better. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: 11 May 2009 04:21 To: mailscanner@lists.mailscanner.info Subject: Re: Tiny image only spam [OT] I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com. ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/2b064358/attachment.html From Robert.Meurlin at se.fujitsu.com Mon May 11 08:31:21 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon May 11 08:32:32 2009 Subject: SV: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> Message-ID: Sorry dubble post =) I haven't solve it but has made a way trough it by just have sendmail running on it and forward it (smarthost) to a new mailgw that have mailscanner-4.76.24-3. Thanks for the tip will look at it.. Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Meurlin Robert Skickat: den 7 maj 2009 12:41 Till: MailScanner discussion ?mne: RE: error: Failed dependencies I doesnt get it to work, have reinstalled perl,perl-MIME-tools error: File not found by glob: tnef*.package error: open of perl failed: No such file or directory error: open of is failed: No such file or directory error: open of not failed: No such file or directory error: open of installed.rpm failed: No such file or directory Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: /usr/bin/perl is needed by mailscanner-4.76.24-3 perl >= 5.005 is needed by mailscanner-4.76.24-3 perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 and get this when when I start yast: Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory and can't reinstall the packages. When I start MailScanner: Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. Any tip? Rob -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: den 6 maj 2009 19:45 To: MailScanner discussion Subject: Re: error: Failed dependencies On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert wrote: > error: Failed dependencies: > > ??????? perl-MIME-tools >= 5.412 is needed by mailscanner-4.76.24-3 > > > > But I have installed > http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz > so i dont now why I get this error? It looks for a package, you used CPAN. You shouldn't mix the two. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Mon May 11 09:44:27 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 09:44:53 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: <20090510144600.GA4040@msapiro> References: <20090510144600.GA4040@msapiro> Message-ID: On Sun, 10 May 2009, Mark Sapiro wrote: > On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >> Hmm OK seeing a few of the below in my Postmaster inbox. >> >> Doing a grep of the logs shows this: >> >> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >> message 8BE611FCC8.A5E8C >> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat > [...] >> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >> 8BE611FCC8.A5E8C as it has been attempted too many times >> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C > > > I suspect the problem is the TNEF decoder is timing out trying to > decode the TNEF (winmail.dat) part of the message. The part is likely > corrupt. > > You could verify this by retrieving the message from the quarantine, > saving the winmail.dat attachment and then trying to expand it with > /usr/bin/tnef which is the default decoder. To confirm the problem and possible workaround: I, too, have just started seeing a tiny number of such instances. It recurred even of quiet machines. But I don't think it is the timeout (at least, nor directly). In my "MailScanner.conf" we have historically had: TNEF Expander = internal Quick fix: When I switched this to use the "/usr/bin/tnef" version, the emails (rescued from quarantine and replaced into the MS inbound queue) seemed to go through OK. I got the correct setting from a ".rpmnew" file which seems to be: TNEF Expander = /usr/bin/tnef --maxsize=100000000 A little deeper: When I ran them through MS in debug mode (with TNEF setting "internal") I got: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 2 messages. Can't call method "path" on an undefined value at /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. Not the "Can't call ..." line. The MS run took less than four seconds. I had initially suspected TNEF timeout, but it seems to be something different, related to the "internal" setting of "TNEF Expander". That 'Can't call method "path"...' doesn't appear in the "maillog" file (which, in retrospect, is a pity, because that would have been a more obvious clue to follow). Anyway: summary: 1. Problem seems to coincide with "TNEF Expander = internal". For end-users, using "/usr/bin/tnef ..." seems to be a workaround for the moment. 2. For those who sometimes look a little deeper in the "why", MS in '-debug' mode seems to indicate a perl coding error which doesn't get shown in the 'maillog' file. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From prandal at herefordshire.gov.uk Mon May 11 10:00:28 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon May 11 10:00:55 2009 Subject: Tiny image only spam [OT] In-Reply-To: <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> References: <200905101100.n4AB02lf017410@safir.blacknight.ie><4A0702D6.8060202@skynet-srl.com><4A0761610200002D0000656E@sparky.asdm.net> <1213490F1F316842A544A850422BFA9629F6DBE7@BHLSBS.bhl.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA06B91B89@HC-MBX02.herefordshire.gov.uk> These rules were posted to the spamassassin-users mailing list by John Hardin a few days ago header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i meta MIME_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __ANY_IMAGE_ATTACH && !__ANY_TEXT_ATTACH) score MIME_IMAGE_ONLY 2.00 describe MIME_IMAGE_ONLY Image body part but no text body parts Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: 11 May 2009 07:55 To: MailScanner discussion Subject: RE: Tiny image only spam [OT] Fuzzy OCR does the job, but bear in mind there is a significant overhead with using it. We stopped using it as it was significantly increasing the load on our servers and other measures were working better. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gary Faith Sent: 11 May 2009 04:21 To: mailscanner@lists.mailscanner.info Subject: Re: Tiny image only spam [OT] I have seen this too. I ran across several sites that pointed me to some software that has solved this problem. I looked at this first: http://www.nabble.com/GIF-Spam----Setting-up-the-%27OCR-scanner-and-image-validator-SA-plugin%27-to5622534.html But this is the one that I adapted from MaiaMailGuard to MailScanner. http://www.maiamailguard.com/files/SLES10_MaiaMailGuard_Gateway_102.pdf Basically, I installed -rw-r--r-- 1 root root 124418 Jan 7 2007 fuzzyocr-3.5.1-devel.tar.gz -rw-r--r-- 1 root root 248889 Apr 4 01:15 gifsicle-1.55.tar.gz -rw-r--r-- 1 root root 700288 Oct 22 2008 gocr-0.46.tar.gz -rw-r--r-- 1 root root 363267 Mar 29 16:54 gocr-0.47.tar.gz -rw-r--r-- 1 root root 95139 May 5 16:06 ocrad-0.18-rc1.tar.gz -rw-r--r-- 1 root root 37544 May 5 16:26 sample-mails.tar.gz and I needed to install: giflib-progs-4.1.4-14.2 needed by gif conversion programs and I needed to install several perl modules. BTW, gocr-0.47 has a build problem with linker flags not being specified but I was able to work around it eventually. I only implemented it earlier last week, and so far stopped 502 e-mails with image based spam: FUZZY_OCR Mail contains an image with common spam text inside 502 0 0 502 100 Gary Faith >>> Alessandro Bianchi 5/10/2009 12:37 PM >>> In the last days I'm getting a lot of image only spam. It contains no links and no text at all The size of the image is different every time, and it advertizes pharmacy inviting users to visit funny sites with always different names like www.8654.org and similar. I've palayed around spamassassin rules with some luck (somettimes I catch sometimes I don't). Has anyone else seen something similar? Any ideas about how to stop it? Best regards and thanks Alessandro Bianchi -- SkyNet SRL P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali e ne ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com . ( Rif. D.L. 196/200 ) From Robert.Meurlin at se.fujitsu.com Mon May 11 10:05:10 2009 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon May 11 10:16:07 2009 Subject: SV: error: Failed dependencies In-Reply-To: References: <625385e30905061044i2308df02he537d275b76f914f@mail.gmail.com> <4A02F41F.8050802@ecs.soton.ac.uk> Message-ID: Hi Julian, I was wondering if you have any script to clean/delete the mailq from a specific email address? Have got 4000 email from a system that had some problems over the weekend and all mail from that is in the que. Rob -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Julian Field Skickat: den 7 maj 2009 16:46 Till: MailScanner discussion ?mne: Re: error: Failed dependencies It doesn't think you've got perl installed at all! :-( On 07/05/2009 3:04 PM, Meurlin Robert wrote: > I doesnt get it to work, have reinstalled perl,perl-MIME-tools > > error: File not found by glob: tnef*.package > error: open of perl failed: No such file or directory > error: open of is failed: No such file or directory > error: open of not failed: No such file or directory > error: open of installed.rpm failed: No such file or directory > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > error: Failed dependencies: > /usr/bin/perl is needed by mailscanner-4.76.24-3 > perl>= 5.005 is needed by mailscanner-4.76.24-3 > perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 > > and get this when when I start yast: > > Error loading language plugin /usr/lib64/YaST2/plugin/libpy2lang_perl.so: libperl.so: cannot open shared object file: No such file or directory > > and I can't reinstall the packages. > > When I start MailScanner: > Initializing MailScannerCan't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /root/localperl/lib/5.8.9/x86_64-linux /root/localperl/lib/5.8.9 /root/localperl/lib/site_perl/5.8.9/x86_64-linux /root/localperl/lib/site_perl/5.8.9 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > Any tip? > > Rob > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox > Sent: den 6 maj 2009 19:45 > To: MailScanner discussion > Subject: Re: error: Failed dependencies > > On Wed, May 6, 2009 at 7:24 PM, Meurlin Robert > wrote: > >> error: Failed dependencies: >> >> perl-MIME-tools>= 5.412 is needed by mailscanner-4.76.24-3 >> >> >> >> But I have installed >> http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/MIME-tools-6.200_02.tar.gz >> so i dont now why I get this error? >> > > It looks for a package, you used CPAN. You shouldn't mix the two. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 11 10:28:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 10:29:17 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: On 11/05/2009 09:44, David Lee wrote: > On Sun, 10 May 2009, Mark Sapiro wrote: > >> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>> Hmm OK seeing a few of the below in my Postmaster inbox. >>> >>> Doing a grep of the logs shows this: >>> >>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >>> message 8BE611FCC8.A5E8C >>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >> [...] >>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>> 8BE611FCC8.A5E8C as it has been attempted too many times >>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >> >> >> I suspect the problem is the TNEF decoder is timing out trying to >> decode the TNEF (winmail.dat) part of the message. The part is likely >> corrupt. >> >> You could verify this by retrieving the message from the quarantine, >> saving the winmail.dat attachment and then trying to expand it with >> /usr/bin/tnef which is the default decoder. > > To confirm the problem and possible workaround: I, too, have just > started seeing a tiny number of such instances. It recurred even of > quiet machines. But I don't think it is the timeout (at least, nor > directly). > > In my "MailScanner.conf" we have historically had: > TNEF Expander = internal > > Quick fix: When I switched this to use the "/usr/bin/tnef" version, > the emails (rescued from quarantine and replaced into the MS inbound > queue) seemed to go through OK. I got the correct setting from a > ".rpmnew" file which seems to be: > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > A little deeper: When I ran them through MS in debug mode (with TNEF > setting "internal") I got: > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 2 messages. > Can't call method "path" on an undefined value at > /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. > > Not the "Can't call ..." line. > > The MS run took less than four seconds. I had initially suspected > TNEF timeout, but it seems to be something different, related to the > "internal" setting of "TNEF Expander". > > That 'Can't call method "path"...' doesn't appear in the "maillog" > file (which, in retrospect, is a pity, because that would have been a > more obvious clue to follow). > > Anyway: summary: > > 1. Problem seems to coincide with "TNEF Expander = internal". For > end-users, using "/usr/bin/tnef ..." seems to be a workaround for the > moment. > > 2. For those who sometimes look a little deeper in the "why", MS in > '-debug' mode seems to indicate a perl coding error which doesn't get > shown in the 'maillog' file. > > Hope that helps. > Please can you send me a copy of the message that triggered the fault? Zip up the raw queue file and mail it to me at mailscanner@ecs.soton.ac.uk please. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Mon May 11 10:35:40 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 10:35:54 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: <910ee2ac0905110235q115ff9b6p64e2239f577fea8e@mail.gmail.com> I managed to get it up and running on my FreeBSD box. I however could not get the Blacklist/Whitelist feature to work, no matter that I tried to blacklist it still went though. On Sun, May 10, 2009 at 12:18 PM, Mikael Syska wrote: > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >>> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >>> available somewhere? >> >> There is a 2.0 pre-alpha release floating around somewhere - uses >> postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. > >>> >>> I noticed it's quite old and might not be usable with PHP5 and MySQL5? >> >> 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily used. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From paul.hutchings at mira.co.uk Mon May 11 11:13:53 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon May 11 11:14:08 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: Thanks, I think that's gone to you now - I'm still receiving the "Problem Messages" reminder/summary despite having deleted them - how do I stop this? -- Paul Hutchings -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 11 May 2009 10:29 To: MailScanner discussion Subject: Re: "Problem Messages" - what's happening? On 11/05/2009 09:44, David Lee wrote: > On Sun, 10 May 2009, Mark Sapiro wrote: > >> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>> Hmm OK seeing a few of the below in my Postmaster inbox. >>> >>> Doing a grep of the logs shows this: >>> >>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at processing >>> message 8BE611FCC8.A5E8C >>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >> [...] >>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>> 8BE611FCC8.A5E8C as it has been attempted too many times >>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >> >> >> I suspect the problem is the TNEF decoder is timing out trying to >> decode the TNEF (winmail.dat) part of the message. The part is likely >> corrupt. >> >> You could verify this by retrieving the message from the quarantine, >> saving the winmail.dat attachment and then trying to expand it with >> /usr/bin/tnef which is the default decoder. > > To confirm the problem and possible workaround: I, too, have just > started seeing a tiny number of such instances. It recurred even of > quiet machines. But I don't think it is the timeout (at least, nor > directly). > > In my "MailScanner.conf" we have historically had: > TNEF Expander = internal > > Quick fix: When I switched this to use the "/usr/bin/tnef" version, > the emails (rescued from quarantine and replaced into the MS inbound > queue) seemed to go through OK. I got the correct setting from a > ".rpmnew" file which seems to be: > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > > A little deeper: When I ran them through MS in debug mode (with TNEF > setting "internal") I got: > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 2 messages. > Can't call method "path" on an undefined value at > /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. > > Not the "Can't call ..." line. > > The MS run took less than four seconds. I had initially suspected > TNEF timeout, but it seems to be something different, related to the > "internal" setting of "TNEF Expander". > > That 'Can't call method "path"...' doesn't appear in the "maillog" > file (which, in retrospect, is a pity, because that would have been a > more obvious clue to follow). > > Anyway: summary: > > 1. Problem seems to coincide with "TNEF Expander = internal". For > end-users, using "/usr/bin/tnef ..." seems to be a workaround for the > moment. > > 2. For those who sometimes look a little deeper in the "why", MS in > '-debug' mode seems to indicate a perl coding error which doesn't get > shown in the 'maillog' file. > > Hope that helps. > Please can you send me a copy of the message that triggered the fault? Zip up the raw queue file and mail it to me at mailscanner@ecs.soton.ac.uk please. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From t.d.lee at durham.ac.uk Mon May 11 12:09:07 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 12:09:32 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> Message-ID: On Mon, 11 May 2009, Paul Hutchings wrote: > Thanks, I think that's gone to you now - I'm still receiving the > "Problem Messages" reminder/summary despite having deleted them - how do > I stop this? Paul: 1. If you do have a couple of samples that you could send direct to Julian (not to the list) as he describes, that would be useful. I don't now have any to hand. (I'm re-setting things in the hopes of catching a few more.) 2. For the continued notifications you probably need to try something like the following: Stop MailScanner; Check all MS processes have stopped; Rename or remove the "Processing Attempts Database"; Start MailScanner. Hope that helps. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From maxsec at gmail.com Mon May 11 12:36:32 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon May 11 12:36:41 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> Just like 1.x there will be a commercial version of MailWatch (defender MX from fsl.com). Steve has no plans to pull the open-source/free mailwatch from what I know of... 2009/5/10 Mikael Syska > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: > > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: > >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is > >> available somewhere? > > > > There is a 2.0 pre-alpha release floating around somewhere - uses > > postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. > > >> > >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? > > > > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily > used. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/5c296114/attachment.html From john at tradoc.fr Mon May 11 14:57:04 2009 From: john at tradoc.fr (John Wilcock) Date: Mon May 11 14:57:19 2009 Subject: SPF Scoring In-Reply-To: References: Message-ID: <4A082EB0.7090203@tradoc.fr> Le 11/05/2009 14:22, Robert Dunkley a ?crit : > I might be misunderstanding what needs to be done to enable SPF but I > would like domains failing SPF check for disallow and discourage to get > scores of 10 and 6 respectively but I can't seem to get any SPF scoring > to work. I added the following to /etc/mail/spamassassin/mailscanner.cf: > > #SPF Fail Check > score SPF_FAIL 10.0 > score SPF_SOFTFAIL 6.0 > > > MailScanner -v shows these versions: > 3.002005 Mail::SpamAssassin > v2.005 Mail::SPF > 1.999001 Mail::SPF::Query > > Any ideas on why this might not be working? Have you uncommented the loadplugin Mail::SpamAssassin::Plugin::SPF line in init.pre (or another .pre file)? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From Andrew.Chester at ukuvuma.co.za Mon May 11 15:19:00 2009 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Mon May 11 15:19:13 2009 Subject: Andrew Chester is out of the office. Message-ID: I will be out of the office starting 2009/05/07 and will not return until 2009/05/13. I will respond to your message when I return. In case of emergency, please contact Ryan Bell on 0733182598, or Dawid Van Heerden on 0827707919. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From t.d.lee at durham.ac.uk Mon May 11 15:39:24 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Mon May 11 15:39:50 2009 Subject: message-processing db notifications In-Reply-To: References: <4A01E824.6050808@ecs.soton.ac.uk> Message-ID: On Thu, 7 May 2009, David Lee wrote: > [...] > For instance, we are a "Send Notices = no" site for viruses. But for other > sorts of functionality, such as this new msg-db, we would like to be a "Send > Notices = yes" site. And other sites might want other variants, such as > "yes" in both cases but with different recipients. And then in a few months > time, MS might get an additional new class of functionality (just as msg-db > is new now) with other possible variants. > > Hence my idle wondering about something ruleset-like. (I was trying to avoid > suggesting yet more options directly in MS.conf!) > [...] Can the existing settings: Send Notices = ... Notices To = ... with their ruleset possibilities achieve the differential sending (or not sending) of class-based (e.g. "virus", "msg-db", ...) notifications to different recipients? It would end up with something (logically at least) like: Send Notices = yes Notices To = rules/notices.to.rules [notices.to.rules] viruses nobody@black.hole msg-db email-admin@my.site or (the equivalent): Send Notices = rules/send.notices.rules Notices To = rules/notices.to.rules [send.notices.rules] viruses no * yes [notices.to.rules] msg-db email-admin@my.site or some other specification and/or implementation to similar effect. Such a scheme would be extensible to other classes (analogous to "virus" class (long-established) and "msg-db" class (new at 4.76)) that come along later. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From painethom at gmail.com Mon May 11 16:22:55 2009 From: painethom at gmail.com (Thom Paine) Date: Mon May 11 16:23:03 2009 Subject: Spam Reduction on a New Server Message-ID: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> I just deplyed a new CentOS 5.3 server that run mail where I work. Spam had been steadily increasing over the past few weeks and it was due for new hardware anyways so I have the conversion all done. I installed the latest mailscanner and the sa and the clamd files and things are working well. I haven't installed any rbl's as some of my older ones fomr the old server are likely outdated. Does anyone have a list of a couple that are working well? I'm still getting some spam thru and likely need to tune things a bit. My old server I was using milters a bit. Any recommendations I should implement? I don't want to make alot of changes all at once, but one at a time until I have it working really well. Thanks. -- -=/>Thom From ljosnet at gmail.com Mon May 11 16:27:55 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 16:28:04 2009 Subject: Mailwatch In-Reply-To: <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> <72cf361e0905110436y337fa1fj12e7ed95207b4d6b@mail.gmail.com> Message-ID: <910ee2ac0905110827k187adfdwf4e8d01c8cd1fcc4@mail.gmail.com> Does anyone know how I can make the status work in Mailwatch/FreeBSD? Currently this is my status although everything is running. I'm guessing it's a matter of editing file(s) but I cant find the correct ones. MailScanner: NO 0 proc(s) Sendmail: NO 0 proc(s) Inbound: 0 Outbound: 0 On Mon, May 11, 2009 at 11:36 AM, Martin Hepworth wrote: > Just like 1.x there will be a commercial version of MailWatch (defender MX > from fsl.com). Steve has no plans to pull the open-source/free mailwatch > from what I know of... > > 2009/5/10 Mikael Syska >> >> On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> > On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >> >> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >> >> available somewhere? >> > >> > There is a 2.0 pre-alpha release floating around somewhere - uses >> > postgres instead of mysql. >> >> As I understand it ... 2.0 wont be free ... you have to buy it. The >> Alpha version is buggy and I would not use it for any production >> servers. >> >> >> >> >> I noticed it's quite old and might not be usable with PHP5 and MySQL5? >> > >> > 1.0.4 Works fine with both php5 and mysql5, and it's still very heavily >> > used. >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ljosnet at gmail.com Mon May 11 16:29:51 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 11 16:30:00 2009 Subject: Spam Reduction on a New Server In-Reply-To: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> References: <9e1340d20905110822n15d39f30sa05c6a7a612ff338@mail.gmail.com> Message-ID: <910ee2ac0905110829o5d8aae5etb94ec2331fe96bf8@mail.gmail.com> zen.spamhaus.org On Mon, May 11, 2009 at 3:22 PM, Thom Paine wrote: > I just deplyed a new CentOS 5.3 server that run mail where I work. > Spam had been steadily increasing over the past few weeks and it was > due for new hardware anyways so I have the conversion all done. > > I installed the latest mailscanner and the sa and the clamd files and > things are working well. > > I haven't installed any rbl's as some of my older ones fomr the old > server are likely outdated. > > Does anyone have a list of a couple that are working well? I'm still > getting some spam thru and likely need to tune things a bit. My old > server I was using milters a bit. > > Any recommendations I should implement? I don't want to make alot of > changes all at once, but one at a time until I have it working really > well. > > Thanks. > -- > -=/>Thom > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From david at gnsa.us Mon May 11 17:03:16 2009 From: david at gnsa.us (David Nalley) Date: Mon May 11 17:03:45 2009 Subject: Mailwatch In-Reply-To: <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> References: <910ee2ac0905091330y27ac3b9drd4d84c0dca23a491@mail.gmail.com> <6beca9db0905100518n3f7cca43m7a6d4c3386c3bb2b@mail.gmail.com> Message-ID: On Sun, May 10, 2009 at 8:18 AM, Mikael Syska wrote: > On Sun, May 10, 2009 at 3:51 AM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:30 PM, Lj?snet wrote: >>> Hello, does anyone know if a newer version than 1.0.4 of Mailwatch is >>> available somewhere? >> >> There is a 2.0 pre-alpha release floating around somewhere - uses >> postgres instead of mysql. > > As I understand it ... 2.0 wont be free ... you have to buy it. The > Alpha version is buggy and I would not use it for any production > servers. Yes this is my understanding as well. IIRC Steve's reasoning was that there wasn't much community involvement with development of v1. I also see this changing and the community rolling together a 1.0.5 version. Perhaps if significant effort was leveraged to push bugfixes back upstream to Steve this would change. From MailScanner at ecs.soton.ac.uk Mon May 11 18:26:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 18:27:09 2009 Subject: "Problem Messages" - what's happening? In-Reply-To: References: <20090510144600.GA4040@msapiro> <4A07EFD7.1090500@ecs.soton.ac.uk> <4A085FD7.7080202@ecs.soton.ac.uk> Message-ID: I have just published 4.77.2 which will solve this problem. It does more error checking. On 11/05/2009 10:28, Julian Field wrote: > > > On 11/05/2009 09:44, David Lee wrote: >> On Sun, 10 May 2009, Mark Sapiro wrote: >> >>> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote: >>>> Hmm OK seeing a few of the below in my Postmaster inbox. >>>> >>>> Doing a grep of the logs shows this: >>>> >>>> May 9 17:03:19 relay postfix/cleanup[7749]: 8BE611FCC8: >>>> message-id=<06A07D7DB16C417C8990A7FACEE37518@Desktop> >>>> May 9 17:09:19 relay MailScanner[7940]: Making attempt 2 at >>>> processing >>>> message 8BE611FCC8.A5E8C >>>> May 9 17:09:19 relay MailScanner[7940]: Expanding TNEF archive at >>>> /var/spool/MailScanner/incoming/7940/8BE611FCC8.A5E8C/winmail.dat >>> [...] >>>> May 9 17:27:30 relay MailScanner[9522]: Warning: skipping message >>>> 8BE611FCC8.A5E8C as it has been attempted too many times >>>> May 9 17:27:30 relay MailScanner[9522]: Quarantined message >>>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times >>>> May 9 17:27:30 relay MailScanner[9522]: Saved entire message to >>>> /var/spool/MailScanner/quarantine/20090509/8BE611FCC8.A5E8C >>> >>> >>> I suspect the problem is the TNEF decoder is timing out trying to >>> decode the TNEF (winmail.dat) part of the message. The part is likely >>> corrupt. >>> >>> You could verify this by retrieving the message from the quarantine, >>> saving the winmail.dat attachment and then trying to expand it with >>> /usr/bin/tnef which is the default decoder. >> >> To confirm the problem and possible workaround: I, too, have just >> started seeing a tiny number of such instances. It recurred even of >> quiet machines. But I don't think it is the timeout (at least, nor >> directly). >> >> In my "MailScanner.conf" we have historically had: >> TNEF Expander = internal >> >> Quick fix: When I switched this to use the "/usr/bin/tnef" version, >> the emails (rescued from quarantine and replaced into the MS inbound >> queue) seemed to go through OK. I got the correct setting from a >> ".rpmnew" file which seems to be: >> TNEF Expander = /usr/bin/tnef --maxsize=100000000 >> >> >> A little deeper: When I ran them through MS in debug mode (with TNEF >> setting "internal") I got: >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> Have a batch of 2 messages. >> Can't call method "path" on an undefined value at >> /usr/lib/MailScanner/MailScanner/TNEF.pm line 178. >> >> Not the "Can't call ..." line. >> >> The MS run took less than four seconds. I had initially suspected >> TNEF timeout, but it seems to be something different, related to the >> "internal" setting of "TNEF Expander". >> >> That 'Can't call method "path"...' doesn't appear in the "maillog" >> file (which, in retrospect, is a pity, because that would have been a >> more obvious clue to follow). >> >> Anyway: summary: >> >> 1. Problem seems to coincide with "TNEF Expander = internal". For >> end-users, using "/usr/bin/tnef ..." seems to be a workaround for the >> moment. >> >> 2. For those who sometimes look a little deeper in the "why", MS in >> '-debug' mode seems to indicate a perl coding error which doesn't get >> shown in the 'maillog' file. >> >> Hope that helps. >> > Please can you send me a copy of the message that triggered the fault? > Zip up the raw queue file and mail it to me at > mailscanner@ecs.soton.ac.uk please. > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at medicine.wisc.edu Mon May 11 18:44:14 2009 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon May 11 18:44:34 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> Message-ID: <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> > Julian Field wrote: > >>> >> I'll need to take a look at this, and try a 0-byte attachment and see >> what happens. >> To disable the tests, set >> Maximum Attachment Size = -1 >> Minimum Attachment Size = -1 >> >> Please read the docs carefully and ensure you are setting the values >> appropriately. >> What is the precise case that you think it is handling incorrectly? >> >> Jules >> > > I don't think testing it with a 0 byte attachment will help much, > because a 0 byte attachment *should* get blocked when the min size is > set to 1. The problem I'm having on 3 separate servers since upgrading > to 4.76 is that it's blocking on the attachment rule even when there is > no attachment. I'm not exactly sure how to proceed because one part of > the error message says the attachment is too large, and another part > says it's too small. Regardless there is no attachment so those errors > are just unintentional red herrings. I have looked at numerous messages > in the quarantine and cannot find anything that gives away why it thinks > they have attachments to begin with. > > Like I said, I have been using MS for a number of years, have done > numerous upgrades, have had the min attachment size setting at the > default of 1 byte since it was available and have never had a problem > before upgrading to 4.76. I just upgraded another server last night > and made sure it wasn't having this problem before the upgrade, and as > soon as I started MS after the upgrade it started having the same > problem. I can provide more from the quarantine at pastbin.com if the > original data I posted is not enough. > > Oh, and again: MailScanner --lint says no errors. > > > Latest Update: This problem really seems to me like a bug in 4.76.24-3. I can reproduce this attachement size problem on every 4.76.24-3 system I can get my hands on with a specific df/qf file combo that has NO attachment associated with it. I've tried 3 more completely different systems with very different configs and it always fails. If I stick this same df/qf file pair into the mqueue.in on any 4.74 or 4.75 system, it processes them correctly. I have posted a culprit df file at: http://pastebin.com/m216927c Even after trying to sanitize the user's real info, this very file will still cause an attachment size error. If you look at the file, you can see that there is nothing in it telling the system that there is an attachment associated with the email, yet mailscanner still trips on it saying that the attachment size is both too big and too small. The problem seems to be related to whitespace in the original file, because if I paste the text from that very pastebin back into a new df file, and then send it through mqueue.in, it will process correctly. If you would like me to send an actual problematic df/qf file pair so you can reproduce this yourself, I would be more then willing to do so. Mike From MailScanner at ecs.soton.ac.uk Mon May 11 19:15:31 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 19:15:53 2009 Subject: Too Large or Too small or neither????? In-Reply-To: <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086B43.6050403@ecs.soton.ac.uk> Message-ID: On 11/05/2009 18:44, Michael Masse wrote: >> Julian Field wrote: >> >> >>>> >>> I'll need to take a look at this, and try a 0-byte attachment and see >>> what happens. >>> To disable the tests, set >>> Maximum Attachment Size = -1 >>> Minimum Attachment Size = -1 >>> >>> Please read the docs carefully and ensure you are setting the values >>> appropriately. >>> What is the precise case that you think it is handling incorrectly? >>> >>> Jules >>> >>> >> I don't think testing it with a 0 byte attachment will help much, >> because a 0 byte attachment *should* get blocked when the min size is >> set to 1. The problem I'm having on 3 separate servers since upgrading >> to 4.76 is that it's blocking on the attachment rule even when there is >> no attachment. I'm not exactly sure how to proceed because one part of >> the error message says the attachment is too large, and another part >> says it's too small. Regardless there is no attachment so those errors >> are just unintentional red herrings. I have looked at numerous messages >> in the quarantine and cannot find anything that gives away why it thinks >> they have attachments to begin with. >> >> Like I said, I have been using MS for a number of years, have done >> numerous upgrades, have had the min attachment size setting at the >> default of 1 byte since it was available and have never had a problem >> before upgrading to 4.76. I just upgraded another server last night >> and made sure it wasn't having this problem before the upgrade, and as >> soon as I started MS after the upgrade it started having the same >> problem. I can provide more from the quarantine at pastbin.com if the >> original data I posted is not enough. >> >> Oh, and again: MailScanner --lint says no errors. >> >> >> >> > Latest Update: > > This problem really seems to me like a bug in 4.76.24-3. I can reproduce this attachement size problem on every 4.76.24-3 system I can get my hands on with a specific df/qf file combo that has NO attachment associated with it. I've tried 3 more completely different systems with very different configs and it always fails. If I stick this same df/qf file pair into the mqueue.in on any 4.74 or 4.75 system, it processes them correctly. > > I have posted a culprit df file at: > http://pastebin.com/m216927c > > Even after trying to sanitize the user's real info, this very file will still cause an attachment size error. If you look at the file, you can see that there is nothing in it telling the system that there is an attachment associated with the email, yet mailscanner still trips on it saying that the attachment size is both too big and too small. > > The problem seems to be related to whitespace in the original file, because if I paste the text from that very pastebin back into a new df file, and then send it through mqueue.in, it will process correctly. > > If you would like me to send an actual problematic df/qf file pair so you can reproduce this yourself, I would be more then willing to do so. Please zip up a qf+df pair and mail it to me off-list at mailscanner@ecs.soton.ac.uk. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Mon May 11 19:20:27 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 19:20:47 2009 Subject: MailScanner 4.77.1-2 Child silently dies Message-ID: I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in the child process silently dying on every message, even simple text/plain messages. The child starts a batch May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 messages, 2984 bytes and the next MailScanner log message is a new child starting May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus Scanner version 4.77.1 starting... Eventually, on restart we see for example May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at processing message 1FFC16900C6.A2B03 and on the next restart May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message 1FFC16900C6.A2B03 as it has been attempted too many times May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message 1FFC16900C6.A2B03 as it caused MailScanner to crash several times May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 MTA is Postfix. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Denis.Beauchemin at USherbrooke.ca Mon May 11 19:43:20 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 11 19:43:37 2009 Subject: File extension ADX In-Reply-To: <1241794841.12788.15.camel@gmourani-laptop> References: <1241794841.12788.15.camel@gmourani-laptop> Message-ID: <4A0871C8.7050503@USherbrooke.ca> Gerhard Mourani a ?crit : > Hello, I want to allow file extension -> IMPORT.ADX to MailScanner. > I've edited -> 'filename.rules.conf' and added -> allow \.adx$ - - > without success. When the attachment gets blocked, this is the message > I receive -> Report: No programs allowed (IMPORT.ADX). > > Running the "file" command on the attachement returns the following > result: > file > /var/spool/MailScanner/quarantine/20090507/1680C2AFF0.C72B7/IMPORT.ADX > /var/spool/MailScanner/quarantine/20090507/1680C2AFF0.C72B7/IMPORT.ADX: > VMS Alpha executable > > According to guys on the MailScanner IRC Chanel, this happen because > it's getting blocked not by 'filename.rules.conf' but by > 'filetype.rules.conf' based on the results of the 'file' command and > the recommendation to fix the problem is to add a new mime type to get > file to report it as another file type. > > Check the 'filetype.rules.conf' file itself. It supposedly has info on > how to use/modify it in the comments at the beginning but > unfortunately I don't see nothing and don't know which kind of line to > add inside this file (filetype.rules.conf) to make file extension with > ADX to be allowed. > > My question is: Can soneone here know the line/syntax to add inside > 'filetype.rules.conf' to make MailScanner allow *.ADX file extension > to pass? Gerhard, Add the following to filetype.rules.conf: allowVMS Alpha executable-- Replace by a real TAB character and then reload MS. Or you could modify "Allow Filetypes =" in MailScanner.conf. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4583724c/smime.bin From paul.lemmons at tmcaz.com Mon May 11 19:58:28 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 19:58:41 2009 Subject: Blocking by character set Message-ID: <4A087554.4090806@tmcaz.com> Is there any way to recognize a particular character set in a message and block based on it. We are a non-international company and 100% of the email containing non-English characters is spam. I would like to use that to my advantage and simply block mail containing (to us) foreign character sets. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/20a1bf45/smime.bin From MailScanner at ecs.soton.ac.uk Mon May 11 20:02:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 20:03:52 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: References: <4A08765A.1040304@ecs.soton.ac.uk> Message-ID: Please do a MailScanner --debug and tell me what it shows you. On 11/05/2009 19:20, Mark Sapiro wrote: > I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in > the child process silently dying on every message, even simple > text/plain messages. > > The child starts a batch > > May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 > messages, 2984 bytes > > and the next MailScanner log message is a new child starting > > May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus > Scanner version 4.77.1 starting... > > Eventually, on restart we see for example > > May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at > processing message 1FFC16900C6.A2B03 > > and on the next restart > > May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message > 1FFC16900C6.A2B03 as it has been attempted too many times > May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message > 1FFC16900C6.A2B03 as it caused MailScanner to crash several times > May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to > /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 > > MTA is Postfix. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Mon May 11 20:06:50 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon May 11 20:07:05 2009 Subject: Blocking by character set In-Reply-To: <4A087554.4090806@tmcaz.com> References: <4A087554.4090806@tmcaz.com> Message-ID: <4A08774A.7050507@USherbrooke.ca> Paul Lemmons a ?crit : > Is there any way to recognize a particular character set in a message > and block based on it. We are a non-international company and 100% of > the email containing non-English characters is spam. I would like to > use that to my advantage and simply block mail containing (to us) > foreign character sets. Paul, Maybe this SA option could do the trick (from man Mail::SpamAssassin::Conf): ok_locales xx [ yy zz ... ] (default: all) This option is used to specify which locales are considered OK for incoming mail. Mail using the character sets that are allowed by this option will not be marked as possibly being spam in a foreign language. If you receive lots of spam in foreign languages, and never get any non-spam in these languages, this may help. Note that all ISO-8859-* character sets, and Windows code page character sets, are always permitted by default. Set this to all to allow all character sets. This is the default. The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and CHARSET_FARAWAY_HEADERS are triggered based on how this is set. Examples: ok_locales all (allow all locales) ok_locales en (only allow English) ok_locales en ja zh (allow English, Japanese, and Chinese) Note: if there are multiple ok_locales lines, only the last one is used. Select the locales to allow from the list below: en - Western character sets in general ja - Japanese character sets ko - Korean character sets ru - Cyrillic character sets th - Thai character sets zh - Chinese (both simplified and traditional) character sets normalize_charset ( 0 | 1) (default: 0) Whether to detect character sets and normalize message content to Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 or later, and Perl 5.8.5 or later. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Mon May 11 20:15:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 20:15:24 2009 Subject: Blocking by character set In-Reply-To: <4A087554.4090806@tmcaz.com> References: <4A087554.4090806@tmcaz.com> <4A087937.5060806@ecs.soton.ac.uk> Message-ID: SpamAssassin can do this, look for ok_locales in the documentation for it. On 11/05/2009 19:58, Paul Lemmons wrote: > Is there any way to recognize a particular character set in a message > and block based on it. We are a non-international company and 100% of > the email containing non-English characters is spam. I would like to > use that to my advantage and simply block mail containing (to us) > foreign character sets. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpirie at rma.edu Mon May 11 20:15:08 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Mon May 11 20:15:40 2009 Subject: Blocking by character set In-Reply-To: <4A08774A.7050507@USherbrooke.ca> References: <4A087554.4090806@tmcaz.com> <4A08774A.7050507@USherbrooke.ca> Message-ID: <4A08793C.3070707@rma.edu> Denis Beauchemin wrote: > Paul Lemmons a ?crit : >> Is there any way to recognize a particular character set in a message >> and block based on it. We are a non-international company and 100% of >> the email containing non-English characters is spam. I would like to >> use that to my advantage and simply block mail containing (to us) >> foreign character sets. > Paul, > > Maybe this SA option could do the trick (from man > Mail::SpamAssassin::Conf): > ok_locales xx [ yy zz ... ] (default: all) > This option is used to specify which locales are considered OK for > incoming mail. Mail using the character sets that are allowed by this > option will not be marked as possibly being spam in a foreign language. > > If you receive lots of spam in foreign languages, and never get any > non-spam in these languages, this may help. Note that all ISO-8859-* > character sets, and Windows code page character sets, are always > permitted by default. > > Set this to all to allow all character sets. This is the default. > > The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and > CHARSET_FARAWAY_HEADERS are triggered based on how this is set. > > Examples: > > ok_locales all (allow all locales) > ok_locales en (only allow English) > ok_locales en ja zh (allow English, Japanese, and Chinese) > > Note: if there are multiple ok_locales lines, only the last one is > used. > > Select the locales to allow from the list below: > > en - Western character sets in general > ja - Japanese character sets > ko - Korean character sets > ru - Cyrillic character sets > th - Thai character sets > zh - Chinese (both simplified and traditional) character sets > > normalize_charset ( 0 | 1) (default: 0) > Whether to detect character sets and normalize message content to > Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 > or later, and Perl 5.8.5 or later. > > Denis > Another possible option is the TextCat plugin included with spamassassin. Brendan From mark at msapiro.net Mon May 11 20:59:12 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 20:59:33 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: Message-ID: Julian Field wrote: >Please do a MailScanner --debug and tell me what it shows you. > [root@sbh16 ~]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. max message size is '200k continue 200k' Undefined subroutine &MailScanner::Unzip::UnpackZipMembers called at /usr/lib/MailScanner/MailScanner/Message.pm line 2461. [root@sbh16 ~]# cd /etc/MailScanner/ [root@sbh16 MailScanner]# Note that /usr/lib/MailScanner/MailScanner/Unzip.pm exists and does define sub UnpackZipMembers >On 11/05/2009 19:20, Mark Sapiro wrote: >> I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in >> the child process silently dying on every message, even simple >> text/plain messages. >> >> The child starts a batch >> >> May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 >> messages, 2984 bytes >> >> and the next MailScanner log message is a new child starting >> >> May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus >> Scanner version 4.77.1 starting... >> >> Eventually, on restart we see for example >> >> May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at >> processing message 1FFC16900C6.A2B03 >> >> and on the next restart >> >> May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message >> 1FFC16900C6.A2B03 as it has been attempted too many times >> May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message >> 1FFC16900C6.A2B03 as it caused MailScanner to crash several times >> May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to >> /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 >> >> MTA is Postfix. >> >> > >Jules -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.lemmons at tmcaz.com Mon May 11 21:03:17 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 21:03:32 2009 Subject: Validating Email addresses In-Reply-To: References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> Message-ID: <4A088485.3050307@tmcaz.com> -------- Original Message -------- Subject: Validating Email addresses From: Julian Field To: MailScanner discussion Date: 05/06/2009 01:57 AM > On 05/05/2009 18:55, Paul Lemmons wrote: > >> We are getting a great deal of Spam bypassing both Postini and Mail >> Scanner due to a discrepancy between how these two products define an >> email address and the way Exchange does. The two scanning products >> recognize emails with a pipe character "|" at the beginning of the >> address as both valid and part of the email address. I believe this is >> in line with the email standards. Exchange, othe the other hand simply >> ignores the character. So a message sent to me@mydom.com and >> |me@mydom.com are seen as two different addresses by the scanning >> systems and as a single address by Exchange. >> > Set "Reject Messages" to point to a ruleset, and have a ruleset that > looks roughly like this: > FromOrTo: /^\|/ yes > FromOrTo: default no > and MailScanner will reject messages coming from or going to an address > starting with a pipe character. > Simple as that. > Remember to "service MailScanner reload" after changing the ruleset and > MailScanner.conf file. > > > Jules > > I have tried this and now I am getting a new message in my log.... MailScanner[5583]: Cannot match against destination IP address when resolving configuration option "rejectmessage" # cat reject-messages.conf FromOrTo: /^\|/ yes FromOrTo: default no Any thoughts? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/d99525c8/smime-0001.bin From MailScanner at ecs.soton.ac.uk Mon May 11 21:12:02 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 21:12:29 2009 Subject: MailScanner 4.77.1-2 Child silently dies In-Reply-To: References: <4A088692.9020902@ecs.soton.ac.uk> Message-ID: On 11/05/2009 20:59, Mark Sapiro wrote: > Julian Field wrote: > > >> Please do a MailScanner --debug and tell me what it shows you. >> >> > > [root@sbh16 ~]# MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 1 message. > max message size is '200k continue 200k' > Undefined subroutine&MailScanner::Unzip::UnpackZipMembers called at > /usr/lib/MailScanner/MailScanner/Message.pm line 2461. > [root@sbh16 ~]# cd /etc/MailScanner/ > [root@sbh16 MailScanner]# > > > Note that /usr/lib/MailScanner/MailScanner/Unzip.pm exists and does > define sub UnpackZipMembers > All fixed. Try MailScanner 4.77.3 which I am just uploading now. Sorry about that. This new feature is switched off by default now too. > > >> On 11/05/2009 19:20, Mark Sapiro wrote: >> >>> I tried upgrading MailScanner 4.76.24-3 to 4.77.1-2. This resulted in >>> the child process silently dying on every message, even simple >>> text/plain messages. >>> >>> The child starts a batch >>> >>> May 11 09:35:22 sbh16 MailScanner[20257]: New Batch: Scanning 1 >>> messages, 2984 bytes >>> >>> and the next MailScanner log message is a new child starting >>> >>> May 11 09:35:24 sbh16 MailScanner[20303]: MailScanner E-Mail Virus >>> Scanner version 4.77.1 starting... >>> >>> Eventually, on restart we see for example >>> >>> May 11 10:07:42 sbh16 MailScanner[21289]: Making attempt 6 at >>> processing message 1FFC16900C6.A2B03 >>> >>> and on the next restart >>> >>> May 11 10:07:49 sbh16 MailScanner[21318]: Warning: skipping message >>> 1FFC16900C6.A2B03 as it has been attempted too many times >>> May 11 10:07:49 sbh16 MailScanner[21318]: Quarantined message >>> 1FFC16900C6.A2B03 as it caused MailScanner to crash several times >>> May 11 10:07:49 sbh16 MailScanner[21318]: Saved entire message to >>> /var/spool/MailScanner/quarantine/20090511/1FFC16900C6.A2B03 >>> >>> MTA is Postfix. >>> >>> >>> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon May 11 21:14:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 11 21:14:37 2009 Subject: Validating Email addresses In-Reply-To: <4A088485.3050307@tmcaz.com> References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> <4A088485.3050307@tmcaz.com> <4A088716.4030804@ecs.soton.ac.uk> Message-ID: On 11/05/2009 21:03, Paul Lemmons wrote: > -------- Original Message -------- > Subject: Validating Email addresses > From: Julian Field > To: MailScanner discussion > Date: 05/06/2009 01:57 AM >> On 05/05/2009 18:55, Paul Lemmons wrote: >>> We are getting a great deal of Spam bypassing both Postini and Mail >>> Scanner due to a discrepancy between how these two products define >>> an email address and the way Exchange does. The two scanning >>> products recognize emails with a pipe character "|" at the beginning >>> of the address as both valid and part of the email address. I >>> believe this is in line with the email standards. Exchange, othe the >>> other hand simply ignores the character. So a message sent to >>> me@mydom.com and |me@mydom.com are seen as two different addresses >>> by the scanning systems and as a single address by Exchange. >> Set "Reject Messages" to point to a ruleset, and have a ruleset that >> looks roughly like this: >> FromOrTo: /^\|/ yes >> FromOrTo: default no >> and MailScanner will reject messages coming from or going to an >> address starting with a pipe character. >> Simple as that. >> Remember to "service MailScanner reload" after changing the ruleset >> and MailScanner.conf file. >> >> >> Jules >> > I have tried this and now I am getting a new message in my log.... > > MailScanner[5583]: Cannot match against destination IP address when > resolving configuration option "rejectmessage" > > > # cat reject-messages.conf > FromOrTo: /^\|/ yes > FromOrTo: default no > > Any thoughts? As your regexp doesn't contain any alphabetic characters, its heuristic code for deducing the pattern type is going wrong. If you change it to something like "/^\|[a-z0-9]/" then it is more likely to work. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.lemmons at tmcaz.com Mon May 11 22:12:00 2009 From: paul.lemmons at tmcaz.com (Paul Lemmons) Date: Mon May 11 22:12:15 2009 Subject: Validating Email addresses In-Reply-To: References: <4A007D9F.7090403@tmcaz.com> <4A0150E6.3070503@ecs.soton.ac.uk> <4A088485.3050307@tmcaz.com> <4A088716.4030804@ecs.soton.ac.uk> Message-ID: <4A0894A0.6030408@tmcaz.com> -------- Original Message -------- Subject: Validating Email addresses From: Julian Field To: MailScanner discussion Date: 05/11/2009 01:14 PM > On 11/05/2009 21:03, Paul Lemmons wrote: > >> -------- Original Message -------- >> Subject: Validating Email addresses >> From: Julian Field >> To: MailScanner discussion >> Date: 05/06/2009 01:57 AM >> >>> On 05/05/2009 18:55, Paul Lemmons wrote: >>> >>>> We are getting a great deal of Spam bypassing both Postini and Mail >>>> Scanner due to a discrepancy between how these two products define >>>> an email address and the way Exchange does. The two scanning >>>> products recognize emails with a pipe character "|" at the beginning >>>> of the address as both valid and part of the email address. I >>>> believe this is in line with the email standards. Exchange, othe the >>>> other hand simply ignores the character. So a message sent to >>>> me@mydom.com and |me@mydom.com are seen as two different addresses >>>> by the scanning systems and as a single address by Exchange. >>>> >>> Set "Reject Messages" to point to a ruleset, and have a ruleset that >>> looks roughly like this: >>> FromOrTo: /^\|/ yes >>> FromOrTo: default no >>> and MailScanner will reject messages coming from or going to an >>> address starting with a pipe character. >>> Simple as that. >>> Remember to "service MailScanner reload" after changing the ruleset >>> and MailScanner.conf file. >>> >>> >>> Jules >>> >>> >> I have tried this and now I am getting a new message in my log.... >> >> MailScanner[5583]: Cannot match against destination IP address when >> resolving configuration option "rejectmessage" >> >> >> # cat reject-messages.conf >> FromOrTo: /^\|/ yes >> FromOrTo: default no >> >> Any thoughts? >> > As your regexp doesn't contain any alphabetic characters, its heuristic > code for deducing the pattern type is going wrong. If you change it to > something like "/^\|[a-z0-9]/" then it is more likely to work. > > Jules > > The good news is that I have eliminated the error message. The bad news is that it does not filter the "pipe mail". # cat reject-messages.conf FromOrTo: /^\|[a-z0-9]/ yes FromOrTo: default no Here is what I see in the syslog: May 11 13:52:54 remus sendmail[812]: NOQUEUE: connect from exprod6mx247.postini.com [64.18.1.147] May 11 13:52:54 remus sendmail[812]: AUTH: available mech=PLAIN ANONYMOUS LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: Milter: no active filter May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 220 remus.tmcaz.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 11 May 2009 13:52:54 -0700 May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- HELO psmtp.com May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 remus.myisp.com Hello exprod6mx247.postini.com [64.18.1.147], pleased to meet you May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- MAIL FROM: May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.0 ... Sender ok May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- RCPT TO:< test.user@myisp.com> May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.1.5 < test.user@myisp.com>... Recipient ok May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: <-- DATA May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 354 Enter mail, end with "." on a line by itself May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: from=, size=1774, class=0, nrcpts=1, msgid=<5caea7060905111352r2fedeb42m84c767f19 e191f68@mail.gmail.com>, proto=SMTP, daemon=MTA, relay=exprod6mx247.postini.com [64.18.1.147] May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 050 < test.user@myisp.com>... queued May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: to=< test.user@myisp.com>, delay=00:00:00, mailer=relay, pri=31774, stat=queued May 11 13:52:54 remus sendmail[812]: n4BKqsbn000812: --- 250 2.0.0 n4BKqsbn000812 Message accepted for delivery May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: <-- QUIT May 11 13:52:54 remus sendmail[812]: n4BKqsbo000812: --- 221 2.0.0 remus.myisp.com closing connection I don't know if this is important but I find it interesting that the pipe (|) appears to have been replaced with a space above. The message was sent to |test.user@myisp.com (email address and domain altered for public discussion) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3316 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090511/4c43325f/smime.bin From mark at msapiro.net Mon May 11 23:15:45 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 23:16:17 2009 Subject: MailScanner 4.77.3 fails to scan some messages Message-ID: In MailScanner.conf I have Scan Messages = %rules-dir%/scan.messages.rules and also Read IP Address From Received Header = no and in %rules-dir%/scan.messages.rules I have amongst others From: 127.0.0.1 no This appears to skip scanning of unintended messages. I have attached two sets of partially sanitized message headers - scanned.txt and unscanned.txt. These messages were massaged by me from an original and then resent through the MailScanner server. MailScanner skipped scanning the 'unscanned.txt' message. The essential difference between these is in the unscanned message, the third (from the top) Received: header is present and reads Received: from albatross.python.org (localhost.localdomain [127.0.0.1]) by mail.python.org (Postfix) with ESMTP id 602F0C33B for ; Mon, 11 May 2009 20:48:20 +0200 (CEST) Note that this header is separated from the following (earlier) Received: headers by X-Spam-Status: and X-Spam-Evidence: headers added by an intermediate server. The only thing interesting about this header is it contains IP 127.0.0.1, but my understanding of Read IP Address From Received Header = no is that MailScanner shouldn't be looking at IP addresses in Received: headers at all. Now I see the above analysis is probably wrong. I just received another unscanned message. Headers are attached as scanned2.txt and unscanned2.txt. Here again, I was able to get the message to be scanned by removing a Received: header, but the header I removed doesn't have any 'special' IP address in it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 67AC1690235 for ; Mon, 11 May 2009 14:28:33 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI0ZN-0002NO-0O for Mark@ms2.msapiro.net; Mon, 11 May 2009 14:28:35 -0700 X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'problem,': 0.05; 'python': 0.06; 'mailman': 0.06; 'interface.': 0.07; '(#1,': 0.16; '(apple': 0.16; '2.3': 0.16; '[gcc': 0.16; 'category,': 0.16; 'darwin': 0.16; 'from:addr:dave': 0.16; 'main()': 0.16; 'skip:" 40': 0.16; 'skip:/ 50': 0.16; 'skip:[ 20': 0.16; 'sorry,': 0.16; 'subject:Delete': 0.16; 'greatly': 0.18; '(most': 0.21; 'skip:_ 10': 0.22; 'thanks': 0.23; 'dave': 0.26; 'last):': 0.26; 'sep': 0.26; 'skip:" 30': 0.26; 'traceback': 0.26; 'tried': 0.27; 'thanks!': 0.28; 'skip:f 30': 0.28; 'version': 0.29; 'appreciated.': 0.30; 'causes': 0.33; 'to:addr:mailman-users': 0.33; 'variable': 0.34; 'names': 0.34; 'list': 0.35; 'file': 0.36; 'when': 0.38; 'skip:/ 10': 0.39; 'call': 0.60; 'identify': 0.61; 'email': 0.63; 'subject:List': 0.63; 'below': 0.65; 'webmaster': 0.93 Received: from localhost.localdomain (HELO mail.python.org) (127.0.0.1) by albatross.python.org with SMTP; 11 May 2009 20:48:20 +0200 X-policyd-weight: using cached result; rate: -8.5 X-Greylist: delayed 399 seconds by postgrey-1.31 at albatross; Mon, 11 May 2009 20:48:19 CEST Received: from smtpauth02.prod.mesa1.secureserver.net (smtpauth02.prod.mesa1.secureserver.net [64.202.165.182]) by mail.python.org (Postfix) with SMTP for ; Mon, 11 May 2009 20:48:19 +0200 (CEST) Received: (qmail 26652 invoked from network); 11 May 2009 18:41:38 -0000 Received: from unknown (69.245.40.115) by smtpauth02.prod.mesa1.secureserver.net (64.202.165.182) with ESMTP; 11 May 2009 18:41:37 -0000 Mime-Version: 1.0 (Apple Message framework v753) Message-Id: <44D4029D-1B71-4C3F-A1E6-D2707D2DD707@dpss.bz> To: mailman-users@python.org From: Xxxx Xxxxx Date: Mon, 11 May 2009 13:41:29 -0500 X-Mailer: Apple Mail (2.753) Subject: [Mailman-Users] Can't Delete List Member X-BeenThere: mailman-users@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Mailman mailing list management users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: mailman-users-bounces@python.org Errors-To: mailman-users-bounces@python.org X-GPC-MailScanner-ID: 67AC1690235.ADF94 X-GPC-MailScanner: Found to be clean X-GPC-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=-0.752, required 5, autolearn=not spam, BAYES_00 -0.75, SPF_HELO_PASS -0.00, SPF_PASS -0.00) X-GPC-MailScanner-From: mark@msapiro.net X-Spam-Status: No -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id D4929690235 for ; Mon, 11 May 2009 14:26:49 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI0WR-0002NO-AP for Mark@ms2.msapiro.net; Mon, 11 May 2009 14:26:51 -0700 Received: from albatross.python.org (localhost.localdomain [127.0.0.1]) by mail.python.org (Postfix) with ESMTP id 602F0C33B for ; Mon, 11 May 2009 20:48:20 +0200 (CEST) X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'problem,': 0.05; 'python': 0.06; 'mailman': 0.06; 'interface.': 0.07; '(#1,': 0.16; '(apple': 0.16; '2.3': 0.16; '[gcc': 0.16; 'category,': 0.16; 'darwin': 0.16; 'from:addr:dave': 0.16; 'main()': 0.16; 'skip:" 40': 0.16; 'skip:/ 50': 0.16; 'skip:[ 20': 0.16; 'sorry,': 0.16; 'subject:Delete': 0.16; 'greatly': 0.18; '(most': 0.21; 'skip:_ 10': 0.22; 'thanks': 0.23; 'dave': 0.26; 'last):': 0.26; 'sep': 0.26; 'skip:" 30': 0.26; 'traceback': 0.26; 'tried': 0.27; 'thanks!': 0.28; 'skip:f 30': 0.28; 'version': 0.29; 'appreciated.': 0.30; 'causes': 0.33; 'to:addr:mailman-users': 0.33; 'variable': 0.34; 'names': 0.34; 'list': 0.35; 'file': 0.36; 'when': 0.38; 'skip:/ 10': 0.39; 'call': 0.60; 'identify': 0.61; 'email': 0.63; 'subject:List': 0.63; 'below': 0.65; 'webmaster': 0.93 Received: from localhost.localdomain (HELO mail.python.org) (127.0.0.1) by albatross.python.org with SMTP; 11 May 2009 20:48:20 +0200 X-policyd-weight: using cached result; rate: -8.5 X-Greylist: delayed 399 seconds by postgrey-1.31 at albatross; Mon, 11 May 2009 20:48:19 CEST Received: from smtpauth02.prod.mesa1.secureserver.net (smtpauth02.prod.mesa1.secureserver.net [64.202.165.182]) by mail.python.org (Postfix) with SMTP for ; Mon, 11 May 2009 20:48:19 +0200 (CEST) Received: (qmail 26652 invoked from network); 11 May 2009 18:41:38 -0000 Received: from unknown (69.245.40.115) by smtpauth02.prod.mesa1.secureserver.net (64.202.165.182) with ESMTP; 11 May 2009 18:41:37 -0000 Mime-Version: 1.0 (Apple Message framework v753) Message-Id: <44D4029D-1B71-4C3F-A1E6-D2707D2DD707@dpss.bz> To: mailman-users@python.org From: Xxxx Xxxxx Date: Mon, 11 May 2009 13:41:29 -0500 X-Mailer: Apple Mail (2.753) Subject: [Mailman-Users] Can't Delete List Member X-BeenThere: mailman-users@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Mailman mailing list management users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes" Sender: mailman-users-bounces@python.org Errors-To: mailman-users-bounces@python.org -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 053BF690235 for ; Mon, 11 May 2009 15:05:53 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI2PU-0002TC-F2 for Mark@ms2.msapiro.net; Mon, 11 May 2009 15:05:54 -0700 Received: from web81602.mail.mud.yahoo.com (web81602.mail.mud.yahoo.com [68.142.199.154]) by sbh16.songbird.com (Postfix) with SMTP id 17584690235 for ; Mon, 11 May 2009 14:57:18 -0700 (PDT) Received: (qmail 35713 invoked by uid 60001); 11 May 2009 21:57:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1242079037; bh=T52UCMjqSGnpxc4pLAXOV/8U148vJm/LHkP+F45mHeg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xbP2zkluyfhD2mABz99IX0dsaWDssjF6ao+MdH83afbap5Aw+Tl3JcCbvadB2Zc+MqBteoONBXYpi8E2ZGnqG1QQm1KlcUTEHOCiK+wwGuIj+hiPbWJE+osezQ0giCsLwyryFO93VI0BxPOaMyoSI3gzO8nPVWFMiHw91Pb8+3M= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Hz3qwiFDzLpEu6zE4LbUQdzATLHHf1wW4Lv9MhqPiFXRooradxfVJrV3ePBUY+q0e5t+leOh3IQtE5lPaeX6GcsEmqSwpDeUHKbpsDUKrPH3/MoOkzLOrEPUJN1tbDPASoMppaBTu0+WwCwNHiyJ9iiIHlOqx4pgX10FPL/SYlw=; Message-ID: <761365.34416.qm@web81602.mail.mud.yahoo.com> X-YMail-OSG: vSmdbCMVM1mwE4Rs.lqgSytUNdf8MVREcFFRtq2R8cT6PmgJaMOD65DMVvEaKe0Uu0IjyaYCGlYT4VaV7xWixYkEHu8lvuvs8D0jZcmAHAZqfT.28PwX9QMxpiJdzYq7dCFyfy6NO2dHWLFziJE18.FOrdCVKuPrIvj0RjQII20YVTbXA737Fl_yQIlEZJF5AseP3W9yXZlA0rB9fEXycbHNSTp3Z8_6cj7_upYUZ2tppQUdh7NfiAB9Y6LQ4GAXDjES9CfLBu2qB6t5xOU8Nq1S0pbcgvAiamNo2_CC3XgPLKN3CcuEvU8XEodawAYURjShUE9hQUER8BnLYXiYAQUwKnKAHKxNliSE X-Mailer: YahooMailWebService/0.7.289.1 Date: Mon, 11 May 2009 14:57:17 -0700 (PDT) From: Xxxxxxx Xxxxxx To: Xxxxxxx Xxxxxxx In-Reply-To: <220C80D066AB437185E5D5961A51DF6B@JeffsGQ> MIME-Version: 1.0 Cc: gpc-century@grizz.org Subject: Re: [GPC-Century] Century First Aid X-BeenThere: gpc-century@grizz.org X-Mailman-Version: 2.2.0a0 Precedence: list Reply-To: patrick_garner@sbcglobal.net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: gpc-century-bounces+mark=msapiro.net@grizz.org Errors-To: gpc-century-bounces+mark=msapiro.net@grizz.org X-GPC-MailScanner-ID: 053BF690235.AE31E X-GPC-MailScanner: Found to be clean X-GPC-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=-0.25, required 5, BAYES_00 -0.75, BOTNET_SERVERWORDS 0.50) X-GPC-MailScanner-From: mark@msapiro.net X-Spam-Status: No -------------- next part -------------- Return-Path: X-Original-To: Mark@ms2.msapiro.net Delivered-To: msapiro_mark@sbh16.songbird.com Received: from msapiro.net (msapiro.net [68.183.193.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sbh16.songbird.com (Postfix) with ESMTP id 0799B690235 for ; Mon, 11 May 2009 15:01:38 -0700 (PDT) Received: from [127.0.0.1] (helo=msapiro) by msapiro.net with smtp (Exim 4.69) (envelope-from ) id KJI2IR-0000L4-GQ for Mark@ms2.msapiro.net; Mon, 11 May 2009 15:01:39 -0700 Received: from web81602.mail.mud.yahoo.com (web81602.mail.mud.yahoo.com [68.142.199.154]) by sbh16.songbird.com (Postfix) with SMTP id 17584690235 for ; Mon, 11 May 2009 14:57:18 -0700 (PDT) Received: (qmail 35713 invoked by uid 60001); 11 May 2009 21:57:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1242079037; bh=T52UCMjqSGnpxc4pLAXOV/8U148vJm/LHkP+F45mHeg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xbP2zkluyfhD2mABz99IX0dsaWDssjF6ao+MdH83afbap5Aw+Tl3JcCbvadB2Zc+MqBteoONBXYpi8E2ZGnqG1QQm1KlcUTEHOCiK+wwGuIj+hiPbWJE+osezQ0giCsLwyryFO93VI0BxPOaMyoSI3gzO8nPVWFMiHw91Pb8+3M= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Hz3qwiFDzLpEu6zE4LbUQdzATLHHf1wW4Lv9MhqPiFXRooradxfVJrV3ePBUY+q0e5t+leOh3IQtE5lPaeX6GcsEmqSwpDeUHKbpsDUKrPH3/MoOkzLOrEPUJN1tbDPASoMppaBTu0+WwCwNHiyJ9iiIHlOqx4pgX10FPL/SYlw=; Message-ID: <761365.34416.qm@web81602.mail.mud.yahoo.com> X-YMail-OSG: vSmdbCMVM1mwE4Rs.lqgSytUNdf8MVREcFFRtq2R8cT6PmgJaMOD65DMVvEaKe0Uu0IjyaYCGlYT4VaV7xWixYkEHu8lvuvs8D0jZcmAHAZqfT.28PwX9QMxpiJdzYq7dCFyfy6NO2dHWLFziJE18.FOrdCVKuPrIvj0RjQII20YVTbXA737Fl_yQIlEZJF5AseP3W9yXZlA0rB9fEXycbHNSTp3Z8_6cj7_upYUZ2tppQUdh7NfiAB9Y6LQ4GAXDjES9CfLBu2qB6t5xOU8Nq1S0pbcgvAiamNo2_CC3XgPLKN3CcuEvU8XEodawAYURjShUE9hQUER8BnLYXiYAQUwKnKAHKxNliSE Received: from [71.131.24.84] by web81602.mail.mud.yahoo.com via HTTP; Mon, 11 May 2009 14:57:17 PDT X-Mailer: YahooMailWebService/0.7.289.1 Date: Mon, 11 May 2009 14:57:17 -0700 (PDT) From: Xxxxxxx Xxxxxx To: Xxxxxxx Xxxxxxx In-Reply-To: <220C80D066AB437185E5D5961A51DF6B@JeffsGQ> MIME-Version: 1.0 Cc: gpc-century@grizz.org Subject: Re: [GPC-Century] Century First Aid X-BeenThere: gpc-century@grizz.org X-Mailman-Version: 2.2.0a0 Precedence: list Reply-To: patrick_garner@sbcglobal.net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: gpc-century-bounces+mark=msapiro.net@grizz.org Errors-To: gpc-century-bounces+mark=msapiro.net@grizz.org From mark at msapiro.net Mon May 11 23:32:41 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon May 11 23:33:07 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: Message-ID: Mark Sapiro wrote: [...] >Now I see the above analysis is probably wrong. I just received another >unscanned message. Headers are attached as scanned2.txt and >unscanned2.txt. Here again, I was able to get the message to be >scanned by removing a Received: header, but the header I removed >doesn't have any 'special' IP address in it. Further information. I replaced Postfix.pm with the one from 4.76.24 and the problem is gone. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Tue May 12 09:21:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:21:24 2009 Subject: Too Large or Too small or neither????? In-Reply-To: <4A08342A.7CBE.00FC.3@medicine.wisc.edu> References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086C04.5000602@ecs.soton.ac.uk><4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A08342A.7CBE.00FC.3@medicine.wisc.edu> <4A09316F.3010306@ecs.soton.ac.uk> Message-ID: Look in /usr/lib/MailScanner/MailScanner/SweepContent.pm. At or near line 308 you should find a line that looks like this: next if $safename =~ /^msg[-\d]+\.(txt|html)$/; Change this to say next if $safename =~ /^.msg[-\d]+\.(txt|html)$/; and the problem will be fixed. Thanks for reporting it! Note that to disable size checks, both the maximum and minimum should be set to -1. Cheers, Jules. On 11/05/2009 20:20, Michael Masse wrote: > Here are the queue files. Thank you for looking into this. > > -Mike > > > >>>> On 5/11/2009 at 1:18 PM, in message >>>> > @ecs.soton.ac.uk>, Julian Field wrote: > >> The df file is only half the story, and is useless without its >> corresponding qf file. >> Please zip up a qf+df pair that shows this problem, and email me the zip >> file. >> >> On 11/05/2009 18:44, Michael Masse wrote: >> >>>> Julian Field wrote: >>>> >>>> >>>> >>>>>> >>>>>> >>>>> I'll need to take a look at this, and try a 0-byte attachment and see >>>>> what happens. >>>>> To disable the tests, set >>>>> Maximum Attachment Size = -1 >>>>> Minimum Attachment Size = -1 >>>>> >>>>> Please read the docs carefully and ensure you are setting the values >>>>> appropriately. >>>>> What is the precise case that you think it is handling incorrectly? >>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>> I don't think testing it with a 0 byte attachment will help much, >>>> because a 0 byte attachment *should* get blocked when the min size is >>>> set to 1. The problem I'm having on 3 separate servers since upgrading >>>> to 4.76 is that it's blocking on the attachment rule even when there is >>>> no attachment. I'm not exactly sure how to proceed because one part of >>>> the error message says the attachment is too large, and another part >>>> says it's too small. Regardless there is no attachment so those errors >>>> are just unintentional red herrings. I have looked at numerous messages >>>> in the quarantine and cannot find anything that gives away why it thinks >>>> they have attachments to begin with. >>>> >>>> Like I said, I have been using MS for a number of years, have done >>>> numerous upgrades, have had the min attachment size setting at the >>>> default of 1 byte since it was available and have never had a problem >>>> before upgrading to 4.76. I just upgraded another server last night >>>> and made sure it wasn't having this problem before the upgrade, and as >>>> soon as I started MS after the upgrade it started having the same >>>> problem. I can provide more from the quarantine at pastbin.com if the >>>> original data I posted is not enough. >>>> >>>> Oh, and again: MailScanner --lint says no errors. >>>> >>>> >>>> >>>> >>>> >>> Latest Update: >>> >>> This problem really seems to me like a bug in 4.76.24-3. I can reproduce >>> >> this attachement size problem on every 4.76.24-3 system I can get my hands on >> with a specific df/qf file combo that has NO attachment associated with it. >> I've tried 3 more completely different systems with very different configs >> and it always fails. If I stick this same df/qf file pair into the >> mqueue.in on any 4.74 or 4.75 system, it processes them correctly. >> >>> I have posted a culprit df file at: >>> http://pastebin.com/m216927c >>> >>> Even after trying to sanitize the user's real info, this very file will >>> >> still cause an attachment size error. If you look at the file, you can see >> that there is nothing in it telling the system that there is an attachment >> associated with the email, yet mailscanner still trips on it saying that the >> attachment size is both too big and too small. >> >>> The problem seems to be related to whitespace in the original file, because >>> >> if I paste the text from that very pastebin back into a new df file, and then >> send it through mqueue.in, it will process correctly. >> >>> If you would like me to send an actual problematic df/qf file pair so you >>> >> can reproduce this yourself, I would be more then willing to do so. >> >>> Mike >>> >>> >>> >>> >>> >>> >>> >> Jules >> > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 12 09:31:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:31:37 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0933D5.1080107@ecs.soton.ac.uk> Message-ID: On 11/05/2009 23:32, Mark Sapiro wrote: > Mark Sapiro wrote: > > [...] > >> Now I see the above analysis is probably wrong. I just received another >> unscanned message. Headers are attached as scanned2.txt and >> unscanned2.txt. Here again, I was able to get the message to be >> scanned by removing a Received: header, but the header I removed >> doesn't have any 'special' IP address in it. >> > > Further information. I replaced Postfix.pm with the one from 4.76.24 > and the problem is gone. > Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have just released. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 12 09:31:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 09:31:54 2009 Subject: Too Large or Too small or neither????? In-Reply-To: References: <4A01E931.6070007@ecs.soton.ac.uk> <4A13FB27.7CBE.00FC.3@medicine.wisc.edu> <4A086B43.6050403@ecs.soton.ac.uk> <4A0933E7.7090702@ecs.soton.ac.uk> Message-ID: Fixed in 4.77.4 which I have just released. On 11/05/2009 19:15, Julian Field wrote: > > > On 11/05/2009 18:44, Michael Masse wrote: >>> Julian Field wrote: >>> >>>> I'll need to take a look at this, and try a 0-byte attachment and see >>>> what happens. >>>> To disable the tests, set >>>> Maximum Attachment Size = -1 >>>> Minimum Attachment Size = -1 >>>> >>>> Please read the docs carefully and ensure you are setting the values >>>> appropriately. >>>> What is the precise case that you think it is handling incorrectly? >>>> >>>> Jules >>>> >>> I don't think testing it with a 0 byte attachment will help much, >>> because a 0 byte attachment *should* get blocked when the min size is >>> set to 1. The problem I'm having on 3 separate servers since >>> upgrading >>> to 4.76 is that it's blocking on the attachment rule even when there is >>> no attachment. I'm not exactly sure how to proceed because one >>> part of >>> the error message says the attachment is too large, and another part >>> says it's too small. Regardless there is no attachment so those errors >>> are just unintentional red herrings. I have looked at numerous >>> messages >>> in the quarantine and cannot find anything that gives away why it >>> thinks >>> they have attachments to begin with. >>> >>> Like I said, I have been using MS for a number of years, have done >>> numerous upgrades, have had the min attachment size setting at the >>> default of 1 byte since it was available and have never had a problem >>> before upgrading to 4.76. I just upgraded another server last night >>> and made sure it wasn't having this problem before the upgrade, and as >>> soon as I started MS after the upgrade it started having the same >>> problem. I can provide more from the quarantine at pastbin.com if the >>> original data I posted is not enough. >>> >>> Oh, and again: MailScanner --lint says no errors. >>> >>> >>> >> Latest Update: >> >> This problem really seems to me like a bug in 4.76.24-3. I can >> reproduce this attachement size problem on every 4.76.24-3 system I >> can get my hands on with a specific df/qf file combo that has NO >> attachment associated with it. I've tried 3 more completely >> different systems with very different configs and it always fails. >> If I stick this same df/qf file pair into the mqueue.in on any 4.74 >> or 4.75 system, it processes them correctly. >> >> I have posted a culprit df file at: >> http://pastebin.com/m216927c >> >> Even after trying to sanitize the user's real info, this very file >> will still cause an attachment size error. If you look at the file, >> you can see that there is nothing in it telling the system that there >> is an attachment associated with the email, yet mailscanner still >> trips on it saying that the attachment size is both too big and too >> small. >> >> The problem seems to be related to whitespace in the original file, >> because if I paste the text from that very pastebin back into a new >> df file, and then send it through mqueue.in, it will process correctly. >> >> If you would like me to send an actual problematic df/qf file pair so >> you can reproduce this yourself, I would be more then willing to do so. > Please zip up a qf+df pair and mail it to me off-list at > mailscanner@ecs.soton.ac.uk. > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Tue May 12 11:22:48 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue May 12 11:22:57 2009 Subject: EmailBL plugin released Message-ID: <4A094DF8.40106@alexb.ch> X-post from Spammassin Users List - may be of interest _________________ From: Henrik K Hi, EmailBL plugin is now available for testing. Small test zone has been running for a while, it contains trapped addresses from some of the most popular freemail domains. http://sa.hege.li/EmailBL.pm (see inside for documentation) http://sa.hege.li/EmailBL.cf (contains the test zone) http://sa.hege.li/emailbl_lemfreemail.cf (needed for the test zone) Remember that the zone with this name WILL disappear after a month or so. Your feedback will contribute in whether it will be discarded or enhanced for wider use. Cheers, Henrik From MailScanner at ecs.soton.ac.uk Tue May 12 11:27:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 11:27:42 2009 Subject: 4.76.25 bug-fix release References: <4A094F0C.5050301@ecs.soton.ac.uk> Message-ID: To resolve the issues that have appeared since 4.76.24 on 1st May, I have just released a bug-fixed 4.76.25 which resolves the TNEF issue and the attachment-too-big-and-too-small issue that have appeared since its release. Note that 4.75 is still available as well, if you want it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Tue May 12 12:50:51 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Tue May 12 12:51:22 2009 Subject: 4.76.25 bug-fix release In-Reply-To: References: <4A094F0C.5050301@ecs.soton.ac.uk> Message-ID: <625385e30905120450w19effe7ckf1f5b2286670140d@mail.gmail.com> On Tue, May 12, 2009 at 12:27 PM, Julian Field wrote: > To resolve the issues that have appeared since 4.76.24 on 1st May, I have > just released a bug-fixed 4.76.25 which resolves the TNEF issue and the > attachment-too-big-and-too-small issue that have appeared since its release. I have an update for Solaris ready at http://mirror.opencsw.org/testing.html for immediate use. mailscanner-4.76.25.1,REV=2009.05.12-SunOS5.8-all-CSW.pkg.gz It will take some time (~12 hours) for it to spread to the normal mirrors. -- /peter From david at gnsa.us Tue May 12 14:39:27 2009 From: david at gnsa.us (David Nalley) Date: Tue May 12 14:39:55 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: On Sat, May 9, 2009 at 9:44 PM, David Nalley wrote: > On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: >> On Friday 08 May 2009 18:45:28 David Nalley wrote: >>> > PS: Everybody who wants to contribute (in packaging), please follow this: >>> > http://fedoraproject.org/wiki/PackageMaintainers/Join :-) >> >> I should find some time tommorrow to start woking on the documentation here. >> >> Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. >> >> Eli >> > > I'll create a resource request for a mailing list with infra tonight. > Here is the mailing list: https://admin.fedoraproject.org/mailman/listinfo/mailscanner-sig From e.mink at remote.nl Tue May 12 16:04:14 2009 From: e.mink at remote.nl (Eric Mink) Date: Tue May 12 16:04:21 2009 Subject: Spam problem Message-ID: Hello, A question about MailScanner-4.65.3-1 Is there a way to block url`s in mails? We have lot`s of spam coming in with urls like Http://docs.google.com There is a option for safe sites (phishing.safe.sites.conf) but none to block specific url`s? http://pastebin.com/d66e3e2af Thanks in advanced! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/f62c65ed/attachment.html From marco.barbero at gmail.com Tue May 12 16:59:55 2009 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue May 12 17:00:04 2009 Subject: some childrens are stuck on 'compressing attachment' Message-ID: Hi Mailscanner 4.70.7 Postfix 2.5.5 I experienced a strange issue: all my children stuck on 'compressing attachment' so mailscanner stop to process queue. Mailscanner was not able to restart children every 'time' set on Mailscanner.conf. So I had to kill processes and restart mailscanner. Debug mode (spamassassin and mailscanner) didn't show any problem. I have other installations like this but never suffered a similar issue. Any hints? At the moment I'm thinking about a workaround: kill mailscanner every 30 minutes and restart it. Is there any risk about mail and or bayes corruption? Thanks in advance From maxsec at gmail.com Tue May 12 17:14:52 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 12 17:15:01 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: References: Message-ID: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Turn off the compress attachments facility while you work it out?? 2009/5/12 Marco Barbero > Hi > Mailscanner 4.70.7 > Postfix 2.5.5 > > I experienced a strange issue: all my children stuck on 'compressing > attachment' so mailscanner stop to process queue. > Mailscanner was not able to restart children every 'time' set on > Mailscanner.conf. So I had to kill processes and restart mailscanner. > Debug mode (spamassassin and mailscanner) didn't show any problem. I > have other installations like this but never suffered a similar issue. > Any hints? > At the moment I'm thinking about a workaround: kill mailscanner every > 30 minutes and restart it. Is there any risk about mail and or bayes > corruption? > Thanks in advance > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/bc8f4d2d/attachment.html From marco.barbero at gmail.com Tue May 12 17:44:37 2009 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue May 12 17:44:46 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> References: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Message-ID: 2009/5/12 Martin Hepworth : > Turn off the compress attachments?facility?while you work it out?? If you are refferring to 'Zip Attachments' I have it set to 'no'. > > 2009/5/12 Marco Barbero >> >> Hi >> Mailscanner 4.70.7 >> Postfix 2.5.5 >> >> I experienced a strange issue: ?all my children stuck on 'compressing >> attachment' so mailscanner stop to process queue. >> Mailscanner was not able to restart children every 'time' set on >> Mailscanner.conf. ?So I had to kill processes and restart mailscanner. >> Debug mode (spamassassin and mailscanner) didn't show any problem. ?I >> have other installations like this but never suffered a similar issue. >> ?Any hints? >> At the moment I'm thinking about a workaround: ?kill mailscanner every >> 30 minutes and restart it. ?Is there any risk about mail and or bayes >> corruption? >> Thanks in advance >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From MailScanner at ecs.soton.ac.uk Tue May 12 20:34:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 12 20:34:39 2009 Subject: Spam problem In-Reply-To: References: <4A09CF3C.7010704@ecs.soton.ac.uk> Message-ID: On 12/05/2009 16:04, Eric Mink wrote: > > Hello, > > A question about MailScanner-4.65.3-1 > > Is there a way to block url`s in mails? We have lot`s of spam coming > in with urls like Http://docs.google.com > > There is a option for safe sites (phishing.safe.sites.conf) but none > to block specific url`s? > There is a phishing.bad.sites.conf which might do what you are after. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Carl.Andrews at crackerbarrel.com Tue May 12 20:44:37 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue May 12 20:45:03 2009 Subject: How are you catching these spam Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Anawaty.png Type: image/png Size: 10924 bytes Desc: Anawaty.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/44660f54/Anawaty.png -------------- next part -------------- A non-text attachment was scrubbed... Name: Kara.png Type: image/png Size: 10680 bytes Desc: Kara.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/44660f54/Kara.png From Kevin_Miller at ci.juneau.ak.us Tue May 12 21:08:23 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue May 12 21:08:40 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A09477D575C2C4B86497161427DD94C0D153E2AFF@city-exchange07> I'm using imageinfo.cf (http://www.rulesemporium.com/plugins.htm) which helps. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Tuesday, May 12, 2009 11:45 AM To: MailScanner discussion Subject: How are you catching these spam The two attached png's are samples of what we are getting as spam. The message has a random subject and the attachment name apears to be random with nothing in the body of the message. I have tried ocrtext-sa32.pm and FuzzyOCR.pm but when I run one of these through 'gocr' I get: (PICTURE)(PICTURE)(PICTURE)(PICTURE) Yl__J l',_N l_l_ I_' _.31-31.NET _(PICTURE) Eile Edit _iew F*vorites *ools _elp b8ac_ - _,, - _ _ 0 I _search gFavor: Q Thanks for your time, Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/53af5bf2/attachment.html From Carl.Andrews at crackerbarrel.com Tue May 12 22:04:57 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue May 12 22:05:09 2009 Subject: How are you catching these spam In-Reply-To: <4A09477D575C2C4B86497161427DD94C0D153E2AFF@city-exchange07> Message-ID: Thanks! ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Tuesday, May 12, 2009 3:08 PM To: 'MailScanner discussion' Subject: RE: How are you catching these spam I'm using imageinfo.cf (http://www.rulesemporium.com/plugins.htm) which helps. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Tuesday, May 12, 2009 11:45 AM To: MailScanner discussion Subject: How are you catching these spam The two attached png's are samples of what we are getting as spam. The message has a random subject and the attachment name apears to be random with nothing in the body of the message. I have tried ocrtext-sa32.pm and FuzzyOCR.pm but when I run one of these through 'gocr' I get: (PICTURE)(PICTURE)(PICTURE)(PICTURE) Yl__J l',_N l_l_ I_' _.31-31.NET _(PICTURE) Eile Edit _iew F*vorites *ools _elp b8ac_ - _,, - _ _ 0 I _search gFavor: Q Thanks for your time, Carl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090512/48b4d087/attachment.html From mi6 at orcon.net.nz Wed May 13 02:05:08 2009 From: mi6 at orcon.net.nz (Charlie) Date: Wed May 13 02:05:16 2009 Subject: removal of my email address from past posts Message-ID: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Hi, I have a huge favour to ask: I am currently receiving a lot of spam, so am trying to remove my email address from being seen online. It is only seen at a couple of websites: this one, and another one that mirrors this one (and says that I need to get it removed from this one before they can remove it from their one). So, I was wondering if someone could please remove all of the email addresses that are visible from this page on this site: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html It would be really appreciated! From mark at msapiro.net Wed May 13 05:14:32 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 13 05:14:49 2009 Subject: Issue with "Add Text Of Doc" feature Message-ID: I have been experimenting with the "Add Text Of Doc" feature. The issue I have come across is the output of antiword is in my case UTF-8 encoded (in the absense of a specific mapping provided to antiword, it's locale dependent), but the plain text attachment added by MailScanner doesn't specify a charset in its Content-Type. It would be nice if you could grok the encoding from the system locale and specify it, or barring that, provide a config option to set it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From john at tradoc.fr Wed May 13 08:11:17 2009 From: john at tradoc.fr (John Wilcock) Date: Wed May 13 08:11:30 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: <4A0A7295.2000609@tradoc.fr> Le 13/05/2009 03:05, Charlie a ?crit : > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. It is only seen at a couple of websites: Shutting the stable door after the horse has bolted... Now that "they" have got your address in their lists, removing it from sites will do little or no good. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From steveb_clamav at sanesecurity.com Wed May 13 09:01:42 2009 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed May 13 09:02:50 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <46675.93.97.28.110.1242201702.squirrel@saturn.dataflame.net> > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be random > with nothing in the body of the message. Slightly off-topic, but these are being caught with Sanesecurity signature, Sanesecurity.Spam.ldb.14 (spam.ldb database) Example stats: http://comms.oucs.ox.ac.uk/images/stats/relay/virus-month.png Cheers, Steve Sanesecurity From kse at hovmark.dk Wed May 13 09:10:03 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Wed May 13 09:10:16 2009 Subject: spamaction highscore rules. Message-ID: <1242202203.1013.30.camel@kse> So, i embarassed myself to my company yesterday. I managed to write a highscore rule that passed on all spam mails, that it should be dropping. But nevermind that. My problem is, i have two domains. eurocargoservices.de eurocargoservices.dk The .de company wants to receive all spam mails. They receive alot of mails from China and russia, which normally get tagged as spam (Since i took over the filter it now work quite well though, ignoring them). However, som spam mails are sent with both the .de and .dk domain in the 'to' header. And when the .de domain is in the recipient, the rule that delivers mail to .de takes action, and the spam is delivered to the .dk. It seems "Use Default Rules With Multiple Recipients = yes" does not work. These are the rules: To: @eurocargoservices.de deliver FromOrTo: default forward isspam@localhost Live long and prosper, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/457ecdd5/attachment.html From maxsec at gmail.com Wed May 13 09:59:10 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 13 09:59:19 2009 Subject: spamaction highscore rules. In-Reply-To: <1242202203.1013.30.camel@kse> References: <1242202203.1013.30.camel@kse> Message-ID: <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> Best way to avoid this situation is split the email up into individual recipients and then the rules on forwarding will work fine. The problem is if the 'to' contains multiple recipients and gives conflicting actions eg deliver and not-deliver which one should it obey???? MailScanner can't get which one is correct so uses the Envelope-To: as the overriding value. How to split the emails up is dependant on the MTA you use but sendmail, Exim and Postfix are covered in the wiki ( http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta ) -- Martin Hepworth Oxford, UK 2009/5/13 Kasper Sacharias Eenberg > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/dccb69af/attachment.html From ajcartmell at fonant.com Wed May 13 12:22:22 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed May 13 12:22:35 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be random > with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Wed May 13 12:24:04 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Wed May 13 12:24:18 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. If you're on the spammers' lists then it's probably too late... the page will be in Google's cache, etc, etc. My email address is very public (I want people to contact me!) but MailScanner keeps the spam out :) Anthony -- www.fonant.com - Quality web sites From housey at sme-ecom.co.uk Wed May 13 12:32:04 2009 From: housey at sme-ecom.co.uk (Paul Houselander) Date: Wed May 13 12:32:50 2009 Subject: More than one Custom Function Message-ID: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> Hi I have a mailscanner set up that uses the Always Looked Up Last directive to call a custom function I wrote that logs to a postgres database. I want to try to get it to now to ALSO log to a mysql database using mailwatch. Is it possible to run 2 CustomFunctions from the same directive? I seem to recall seeing something in the wiki but can't locate anything. Paul From alvaro at hostalia.com Wed May 13 12:53:23 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Wed May 13 12:53:34 2009 Subject: Delete with MailScanner based on header Message-ID: <4A0AB4B3.9070506@hostalia.com> Hello, I'm using a plugin in SA that does an "eval:check_msg()" and adds a header with add_header. In that header there is information about the scanned mail (if it's spam or a virus). I see that isn't any option in MailScanner's configuration to do an action based on a header added by SA, something like "SpamAssassin Rule Actions", so I've thought to do a custom function for MailScanner to do it. The idea is see if this header has "virus" as value, and if this occurs, delete the message. Is this possible? Where are SA's headers stored (I see that $message->{headers} are original ones only)? Thanks! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From oliver at linux-kernel.at Wed May 13 14:03:52 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Wed May 13 14:04:06 2009 Subject: MailScanner on Fedora SIG (Special Interest Group) In-Reply-To: References: <4A028E24.3050406@linux-kernel.at> <200905092302.57728.eli@orbsky.homelinux.org> Message-ID: <4A0AC538.6040307@linux-kernel.at> David Nalley wrote: > On Sat, May 9, 2009 at 9:44 PM, David Nalley wrote: >> On Sat, May 9, 2009 at 4:02 PM, Eli Wapniarski wrote: >>> On Friday 08 May 2009 18:45:28 David Nalley wrote: >>>>> PS: Everybody who wants to contribute (in packaging), please follow this: >>>>> http://fedoraproject.org/wiki/PackageMaintainers/Join :-) >>> I should find some time tommorrow to start woking on the documentation here. >>> >>> Something else that we may possibly need is some type of maiing list or forum in which to communciate. This particular thread will probably get a little lengthy. And it will be difficult to break things up according to topics of concern. >>> >>> Eli >>> >> I'll create a resource request for a mailing list with infra tonight. >> > > Here is the mailing list: > https://admin.fedoraproject.org/mailman/listinfo/mailscanner-sig Sorry for being quiet the last few days... I'm/we're currently in the middle of our office relocation and if I'm not packing my stuff, I'm attending some meetings. :-/ So. I'll look into this again next week! Sorry, -of From Carl.Andrews at crackerbarrel.com Wed May 13 14:45:11 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 14:45:26 2009 Subject: How are you catching these spam In-Reply-To: <46675.93.97.28.110.1242201702.squirrel@saturn.dataflame.net> Message-ID: Silly question but I have them installed and they are updating frequently. If I run 'clamscan *.png' should it report one of these as outside of a email message? Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Basford Sent: Wednesday, May 13, 2009 3:02 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. Slightly off-topic, but these are being caught with Sanesecurity signature, Sanesecurity.Spam.ldb.14 (spam.ldb database) Example stats: http://comms.oucs.ox.ac.uk/images/stats/relay/virus-month.png Cheers, Steve Sanesecurity -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steveb_clamav at sanesecurity.com Wed May 13 14:51:00 2009 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Wed May 13 14:52:13 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> > Silly question but I have them installed and they are updating > frequently. If I run 'clamscan *.png' should it report one of these as > outside of a email message? In short... No, it won't find anything, when just scanning the .png file... Cheers, Steve Sanesecurity From pumzika at gmail.com Wed May 13 15:02:31 2009 From: pumzika at gmail.com (Steve Barnes) Date: Wed May 13 15:02:41 2009 Subject: Using --debug and --debug-sa with Postfix Message-ID: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> Hi I'm trying to understand how to use --debug and --debug-sa with Postfix as the MTA to observe the processing of a single message. Having stoppped all MailScanner processes, I run: /opt/MailScanner/bin/MailScanner --debug --debug-sa I get lots of debug output on screen, with no discernable errors, which eventually stops at: "Building a message batch to scan..." Now at this point, I thought I could get away with doing: cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED /var/spool/postfix/hold And MS would come back to life and begin processing the message, but it doesn't. It just remains sat at "Building a message batch to scan..." MS runs as user Postfix, and the permissions on the file before and after cp are: -rw-rw---- 1 postfix mail What am I missing here? Does "Quarantine Whole Messages As Queue Files" have any bearing on what I'm trying to do? Thank you Steve PS, I'm using: MS 4.76.24, Perl 5.10.0, SA 3.2.5, FreeBSD 7.2, Postfix 2.5.6 and MailWatch 1.0.4. From Carl.Andrews at crackerbarrel.com Wed May 13 15:03:33 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:03:51 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Is there a spamassassin plugin I need to enable for this to work? I placed this in a file in /etc/mail/spamassassin and when I run spamassassin -D --lint I see that it is loading the file but 'spamassassin -t < spammy_email_message' does not return a spam report with MIME_PNG_IMAGE_ONLY. I updated the score line to be "score MIME_PNG_IMAGE_ONLY 4.01" but that did not get any hits either. Thanks again!!! Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell Sent: Wednesday, May 13, 2009 6:22 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Wed May 13 15:07:10 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:07:20 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Found it. When I pasted the code into the cf, vi commented every line since I started off with a comment. I missed one of the lines when I uncommented it. Thanks, Carl -----Original Message----- From: Andrews Carl 448 Sent: Wednesday, May 13, 2009 9:04 AM To: 'MailScanner discussion' Subject: RE: How are you catching these spam Is there a spamassassin plugin I need to enable for this to work? I placed this in a file in /etc/mail/spamassassin and when I run spamassassin -D --lint I see that it is loading the file but 'spamassassin -t < spammy_email_message' does not return a spam report with MIME_PNG_IMAGE_ONLY. I updated the score line to be "score MIME_PNG_IMAGE_ONLY 4.01" but that did not get any hits either. Thanks again!!! Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Anthony Cartmell Sent: Wednesday, May 13, 2009 6:22 AM To: MailScanner discussion Subject: Re: How are you catching these spam > The two attached png's are samples of what we are getting as spam. The > message has a random subject and the attachment name apears to be > random with nothing in the body of the message. I've had some success with a borrowed rule, modified to check for PNG images only (as they all seem to be in this format at the moment): header __CTYPE_MULTIPART_MXD Content-Type =~ /multipart\/mixed/i mimeheader __ANY_TEXT_ATTACH Content-Type =~ /text\/\w+/i mimeheader __MIME_PNG_ATTACH Content-Type =~ /image\/png/i meta MIME_PNG_IMAGE_ONLY (__CTYPE_MULTIPART_MXD && __MIME_PNG_ATTACH && !__ANY_TEXT_ATTACH) score MIME_PNG_MAGE_ONLY 4.01 describe MIME_PNG_IMAGE_ONLY PNG format image body part and no text body parts HTH, Anthony -- www.fonant.com - Quality web sites -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Wed May 13 15:27:09 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 15:27:21 2009 Subject: How are you catching these spam In-Reply-To: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> Message-ID: Silly me. Yep, I get a hit when I scan the enitre message file but there are no records in the log file for email that shows any hits to Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. What have I goofed up so that from the 'clamscan MESSAGE' will work but not when MailScanner runs it? I have sanesecurity files in /var/cache/sanesecurity and /usr/local/share/clamav. I am using clamd, should I switch to clamav or clamavmodule? Thanks again, Carl -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Basford Sent: Wednesday, May 13, 2009 8:51 AM To: MailScanner discussion Subject: RE: How are you catching these spam > Silly question but I have them installed and they are updating > frequently. If I run 'clamscan *.png' should it report one of these as > outside of a email message? In short... No, it won't find anything, when just scanning the .png file... Cheers, Steve Sanesecurity -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Wed May 13 15:44:37 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 13 15:44:46 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0ADCD5.8080503@alexb.ch> On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work but > not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? Is MailScanner feeding it enough of the message or maybe a chunk of it? Check your settings. Alex From Carl.Andrews at crackerbarrel.com Wed May 13 16:12:22 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 16:12:32 2009 Subject: How are you catching these spam In-Reply-To: <4A0ADCD5.8080503@alexb.ch> Message-ID: It should be getting all of it, here is all of the uncommented clam options. I just switched to clamavmodule and it did not catch sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message file with clam it does. Virus Scanners = clamavmodule Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Massage Scan = yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Wednesday, May 13, 2009 9:45 AM To: MailScanner discussion Subject: Re: How are you catching these spam On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work > but not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? Is MailScanner feeding it enough of the message or maybe a chunk of it? Check your settings. Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at tippingmar.com Wed May 13 19:46:44 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Wed May 13 19:47:21 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0B1594.7070608@tippingmar.com> Andrews Carl 448 wrote: > It should be getting all of it, here is all of the uncommented clam > options. I just switched to clamavmodule and it did not catch > sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message > file with clam it does. > > Virus Scanners = clamavmodule > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = # /var/lock/subsys/clamd > Clamd Use Threads = no > ClamAV Full Massage Scan = yes > > Current wisdom is that you should stick with Clamd. Is the value for Clamd Socket correct? It must match the one in /etc/clamd.conf. On my system it is /tmp/clamd.socket Mark Nienberg From Carl.Andrews at crackerbarrel.com Wed May 13 21:21:52 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Wed May 13 21:22:10 2009 Subject: How are you catching these spam In-Reply-To: <4A0B1594.7070608@tippingmar.com> Message-ID: Ok. Yep, one config pointed to /tmp/clamd.socket but another pointed to /tmp/clamd so I changed them both to /tmp/clamd and that is where it is placed. Using clamd (which I will switch back to) I am getting hits on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and possibly others. I have searched the system and I only see the sanesecurity files in the two places I think they are supposed to be. Could I have done something to make clamd and clamscan react differently to the same file? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 1:47 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > It should be getting all of it, here is all of the uncommented clam > options. I just switched to clamavmodule and it did not catch > sanesecurity.spam.ldb.14.UNOFFICIAL either but when I scan the message > file with clam it does. > > Virus Scanners = clamavmodule > Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = > 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd > Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd > Use Threads = no ClamAV Full Massage Scan = yes > > Current wisdom is that you should stick with Clamd. Is the value for Clamd Socket correct? It must match the one in /etc/clamd.conf. On my system it is /tmp/clamd.socket Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at tippingmar.com Wed May 13 22:21:41 2009 From: lists at tippingmar.com (Mark Nienberg) Date: Wed May 13 22:22:05 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: <4A0B39E5.2080700@tippingmar.com> Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it is > placed. Using clamd (which I will switch back to) I am getting hits on > other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and possibly > others. I have searched the system and I only see the sanesecurity files > in the two places I think they are supposed to be. Could I have done > something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg From MailScanner at ecs.soton.ac.uk Wed May 13 23:16:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:16:45 2009 Subject: More than one Custom Function In-Reply-To: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> Message-ID: On 13/05/2009 12:32, Paul Houselander wrote: > Hi > > I have a mailscanner set up that uses the Always Looked Up Last directive to > call a custom function I wrote that logs to a postgres database. > > I want to try to get it to now to ALSO log to a mysql database using > mailwatch. > > Is it possible to run 2 CustomFunctions from the same directive? > Why not just write a Custom Function that calls both bits of code? Just pass all the parameters to both functions, simple as that. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:18:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:19:11 2009 Subject: Delete with MailScanner based on header In-Reply-To: <4A0AB4B3.9070506@hostalia.com> References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> Message-ID: On 13/05/2009 12:53, Alvaro Mar?n wrote: > Hello, > > I'm using a plugin in SA that does an "eval:check_msg()" and adds a header > with add_header. In that header there is information about the scanned > mail (if it's spam > or a virus). > > I see that isn't any option in MailScanner's configuration to do an > action based on a header added by SA, something like "SpamAssassin Rule > Actions", so I've thought to do a custom function for MailScanner to do it. > The idea is see if this header has "virus" as value, and if this occurs, > delete the message. Is this possible? > Where are SA's headers stored (I see that $message->{headers} are > original ones only)? > MailScanner does not allow SpamAssassin to modify the message. However, you can have a SA rule and then have a "header" action in the SpamAssassin Rule Actions setup. SpamAssassin is the wrong tool for determining if a message is a virus. Maybe you want to use the "generic" virus scanner that MailScanner allows you to implement yourself? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:23:03 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:23:23 2009 Subject: Using --debug and --debug-sa with Postfix In-Reply-To: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> References: <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> <4A0B4847.1060905@ecs.soton.ac.uk> Message-ID: On 13/05/2009 15:02, Steve Barnes wrote: > Hi > > I'm trying to understand how to use --debug and --debug-sa with > Postfix as the MTA to observe the processing of a single message. > > Having stoppped all MailScanner processes, I run: > > /opt/MailScanner/bin/MailScanner --debug --debug-sa > > I get lots of debug output on screen, with no discernable errors, > which eventually stops at: > > "Building a message batch to scan..." > > Now at this point, I thought I could get away with doing: > > cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED > /var/spool/postfix/hold > For starters the filename MailScanner is expecting doesn't have the ".A78ED" on the end. > And MS would come back to life and begin processing the message, but > it doesn't. It just remains sat at "Building a message batch to > scan..." > > MS runs as user Postfix, and the permissions on the file before and > after cp are: > > -rw-rw---- 1 postfix mail > > What am I missing here? You may well be hitting the "processing-messages" database. If you let it pick up the message in a batch once and then kill it before it processes the message, it will eventually stop collecting that message file. Delete /var/spool/MailScanner/incoming/*db before running MailScanner each time, and make sure the filename is correct as above. Then it will pick up the message. > Does "Quarantine Whole Messages As Queue > Files" have any bearing on what I'm trying to do? > No, you want that. Just remove the dot and everything after that, as what you have now is not a valid Postfix queue filename, but one with extra entropy added by MailScanner to ensure the filenames are distinct. Without Postfix can use the same filename twice within a relatively short time period on some systems. > Thank you > > Steve > > PS, I'm using: > > MS 4.76.24, > Perl 5.10.0, > SA 3.2.5, > FreeBSD 7.2, > Postfix 2.5.6 and > MailWatch 1.0.4. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 13 23:29:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 13 23:29:22 2009 Subject: How are you catching these spam In-Reply-To: <4A0ADCD5.8080503@alexb.ch> References: <4A0ADCD5.8080503@alexb.ch> <4A0B49AC.2030808@ecs.soton.ac.uk> Message-ID: On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work but >> not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed May 13 23:47:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 13 23:48:25 2009 Subject: removal of my email address from past posts In-Reply-To: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> Message-ID: on 5-12-2009 6:05 PM Charlie spake the following: > Hi, > I have a huge favour to ask: > I am currently receiving a lot of spam, so am trying to remove my email > address from being seen online. It is only seen at a couple of websites: > this one, and another one that mirrors this one (and says that I need to > get it removed from this one before they can remove it from their one). > So, I was wondering if someone could please remove all of the email > addresses that are visible from this page on this site: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html > > It would be really appreciated! > > E-mail and news archives are forever! You will never get it all out. Easier to just change your address and use the old one as a spamtrap. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090513/9a9150fe/signature.bin From MailScanner at ecs.soton.ac.uk Thu May 14 00:11:43 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 14 00:12:01 2009 Subject: removal of my email address from past posts In-Reply-To: References: <01d001c9d366$dcacd910$0200a8c0@CharlieCompaq> <4A0B53AF.8050004@ecs.soton.ac.uk> Message-ID: On 13/05/2009 23:47, Scott Silva wrote: > on 5-12-2009 6:05 PM Charlie spake the following: > >> Hi, >> I have a huge favour to ask: >> I am currently receiving a lot of spam, so am trying to remove my email >> address from being seen online. It is only seen at a couple of websites: >> this one, and another one that mirrors this one (and says that I need to >> get it removed from this one before they can remove it from their one). >> So, I was wondering if someone could please remove all of the email >> addresses that are visible from this page on this site: >> http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080618/2cdfee93/attachment-0001.html >> >> It would be really appreciated! >> >> >> > E-mail and news archives are forever! You will never get it all out. > Precisely. You cannot delete stuff from the internet. Don't bother trying. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu May 14 05:57:52 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 14 05:58:01 2009 Subject: some childrens are stuck on 'compressing attachment' In-Reply-To: References: <72cf361e0905120914m49e13714w78f863c711f69ee2@mail.gmail.com> Message-ID: <223f97700905132157p6d562f28rf0900a9d4ef7c445@mail.gmail.com> 2009/5/12 Marco Barbero : > 2009/5/12 Martin Hepworth : >> Turn off the compress attachments?facility?while you work it out?? > > If you are refferring to 'Zip Attachments' ?I have it set to 'no'. > This all reminds me of some old error... Can't really remember what (was it the message explode bug == messages wiith zips containing likenamed zips? Perhaps, perhaps not.... someone else might have a better memory than I.... Or trawl the ml archive, I'm almost certain you'll find something relevant:-). Anyway, I'm pretty cerrtain that if you upgrade from your (oldish) version, the problem would be solved...;) > >> >> 2009/5/12 Marco Barbero >>> >>> Hi >>> Mailscanner 4.70.7 >>> Postfix 2.5.5 >>> >>> I experienced a strange issue: ?all my children stuck on 'compressing >>> attachment' so mailscanner stop to process queue. >>> Mailscanner was not able to restart children every 'time' set on >>> Mailscanner.conf. ?So I had to kill processes and restart mailscanner. >>> Debug mode (spamassassin and mailscanner) didn't show any problem. ?I >>> have other installations like this but never suffered a similar issue. >>> ?Any hints? >>> At the moment I'm thinking about a workaround: ?kill mailscanner every >>> 30 minutes and restart it. ?Is there any risk about mail and or bayes >>> corruption? >>> Thanks in advance >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu May 14 06:07:18 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu May 14 06:07:27 2009 Subject: Using --debug and --debug-sa with Postfix In-Reply-To: References: <4A0B4847.1060905@ecs.soton.ac.uk> <76f60d7e0905130702p77f13686u3dc10e0e81376f2e@mail.gmail.com> Message-ID: <223f97700905132207p1880152na258adeb55f197ca@mail.gmail.com> 2009/5/14 Julian Field : > > > On 13/05/2009 15:02, Steve Barnes wrote: >> >> Hi >> >> I'm trying to understand how to use --debug and --debug-sa with >> Postfix as the MTA to observe the processing of a single message. >> >> Having stoppped all MailScanner processes, I run: >> >> /opt/MailScanner/bin/MailScanner --debug --debug-sa >> >> I get lots of debug output on screen, with no discernable errors, >> which eventually stops at: >> >> "Building a message batch to scan..." >> >> Now at this point, I thought I could get away with doing: >> >> cp -p /var/spool/MailScanner/quarantine/20090512/spam/A8B5F1168A.A78ED >> /var/spool/postfix/hold >> > > For starters the filename MailScanner is expecting doesn't have the ".A78ED" > on the end. >> >> And MS would come back to life and begin processing the message, but >> it doesn't. It just remains sat at "Building a message batch to >> scan..." >> >> MS runs as user Postfix, and the permissions on the file before and >> after cp are: >> >> -rw-rw---- ?1 postfix ?mail chmod 0700 /path/to/queue/file All this (should be) in the wiki article on how to release quarantined messages. >> >> What am I missing here? > > You may well be hitting the "processing-messages" database. If you let it > pick up the message in a batch once and then kill it before it processes the > message, it will eventually stop collecting that message file. Delete > /var/spool/MailScanner/incoming/*db before running MailScanner each time, > and make sure the filename is correct as above. Then it will pick up the > message. >> >> ?Does "Quarantine Whole Messages As Queue >> Files" have any bearing on what I'm trying to do? >> > > No, you want that. Just remove the dot and everything after that, as what Well... if it is set to "no", then you don't have a queue file;-)... Then the spam quarantine is just the RFC822 message file named as the queuef file (with entropy), and he would need use a sendmail-command method of reintroducing the message... But you knew that Jules;-):-). > you have now is not a valid Postfix queue filename, but one with extra > entropy added by MailScanner to ensure the filenames are distinct. Without > Postfix can use the same filename twice within a relatively short time > period on some systems. Quite true. >> Thank you >> >> Steve >> >> PS, I'm using: >> >> MS 4.76.24, >> Perl 5.10.0, >> SA 3.2.5, >> FreeBSD 7.2, >> Postfix 2.5.6 and >> MailWatch 1.0.4. >> > > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From housey at sme-ecom.co.uk Thu May 14 08:57:06 2009 From: housey at sme-ecom.co.uk (Paul) Date: Thu May 14 08:58:01 2009 Subject: More than one Custom Function In-Reply-To: References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> Message-ID: <4A0BCED2.7020307@sme-ecom.co.uk> Julian Field wrote: > > > On 13/05/2009 12:32, Paul Houselander wrote: >> Hi >> >> I have a mailscanner set up that uses the Always Looked Up Last >> directive to >> call a custom function I wrote that logs to a postgres database. >> >> I want to try to get it to now to ALSO log to a mysql database using >> mailwatch. >> >> Is it possible to run 2 CustomFunctions from the same directive? >> > Why not just write a Custom Function that calls both bits of code? > Just pass all the parameters to both functions, simple as that. > > Jules > Hi Jules I did think about doing that, it was just I recalled someone writing a wrapper that allowed you to call 2 custom functions? I may well have drembt it as cant find anything via the wiki or searching through the archives! Paul From alvaro at hostalia.com Thu May 14 10:18:47 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Thu May 14 10:18:53 2009 Subject: Delete with MailScanner based on header In-Reply-To: References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> Message-ID: <4A0BE1F7.3070303@hostalia.com> Hi Jules, I'm using Cloudmark's plugin for SA. In SA, I configure: ifplugin Mail::SpamAssassin::Plugin::CMAE full CMAE_1 eval:check_msg() describe CMAE_1 Cloudmark CMAE detected spam score CMAE_1 5 add_header all CMAE-Analysis _CMAETAG_ endif that has a score of 5 if the message is cataloged like spam and adds a header like this: X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 The problem is that if the plugin detects a virus in the message, this header changes to: X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 xcat=Virus/CMU_7796_20090511 adding that "xcat" field. I want to delete messages with "xcat=Virus" and other messages, mark them with {Spam?}. If I could see in a MailScanner plugin this header that SA returns, I would be able to mark it to delete in case that has "xcat=Virus". Is it possible? Thanks! Julian Field escribi?: > > > On 13/05/2009 12:53, Alvaro Mar?n wrote: >> Hello, >> >> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >> header >> with add_header. In that header there is information about the scanned >> mail (if it's spam >> or a virus). >> >> I see that isn't any option in MailScanner's configuration to do an >> action based on a header added by SA, something like "SpamAssassin Rule >> Actions", so I've thought to do a custom function for MailScanner to >> do it. >> The idea is see if this header has "virus" as value, and if this occurs, >> delete the message. Is this possible? >> Where are SA's headers stored (I see that $message->{headers} are >> original ones only)? >> > MailScanner does not allow SpamAssassin to modify the message. However, > you can have a SA rule and then have a "header" action in the > SpamAssassin Rule Actions setup. > > SpamAssassin is the wrong tool for determining if a message is a virus. > Maybe you want to use the "generic" virus scanner that MailScanner > allows you to implement yourself? > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From MailScanner at ecs.soton.ac.uk Thu May 14 10:34:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu May 14 10:34:24 2009 Subject: Delete with MailScanner based on header In-Reply-To: <4A0BE1F7.3070303@hostalia.com> References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> <4A0BE1F7.3070303@hostalia.com> <4A0BE58D.6050801@ecs.soton.ac.uk> Message-ID: MailScanner doesn't allow SpamAssassin to modify the message, that would destroy the entire MIME structure and everything. It should be returning a rule hit for their plugin, not just adding a header. On 14/05/2009 10:18, Alvaro Mar?n wrote: > Hi Jules, > > I'm using Cloudmark's plugin for SA. In SA, I configure: > > ifplugin Mail::SpamAssassin::Plugin::CMAE > full CMAE_1 eval:check_msg() > describe CMAE_1 Cloudmark CMAE detected spam > score CMAE_1 5 > add_header all CMAE-Analysis _CMAETAG_ > endif > > that has a score of 5 if the message is cataloged like spam and adds a > header like this: > > X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 > p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 > > The problem is that if the plugin detects a virus in the message, this > header changes to: > > X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 > p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 > xcat=Virus/CMU_7796_20090511 > > adding that "xcat" field. > > I want to delete messages with "xcat=Virus" and other messages, mark > them with {Spam?}. > If I could see in a MailScanner plugin this header that SA returns, I > would be able to mark it to delete in case that has "xcat=Virus". Is it > possible? > > Thanks! > > > Julian Field escribi?: > >> >> On 13/05/2009 12:53, Alvaro Mar?n wrote: >> >>> Hello, >>> >>> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >>> header >>> with add_header. In that header there is information about the scanned >>> mail (if it's spam >>> or a virus). >>> >>> I see that isn't any option in MailScanner's configuration to do an >>> action based on a header added by SA, something like "SpamAssassin Rule >>> Actions", so I've thought to do a custom function for MailScanner to >>> do it. >>> The idea is see if this header has "virus" as value, and if this occurs, >>> delete the message. Is this possible? >>> Where are SA's headers stored (I see that $message->{headers} are >>> original ones only)? >>> >>> >> MailScanner does not allow SpamAssassin to modify the message. However, >> you can have a SA rule and then have a "header" action in the >> SpamAssassin Rule Actions setup. >> >> SpamAssassin is the wrong tool for determining if a message is a virus. >> Maybe you want to use the "generic" virus scanner that MailScanner >> allows you to implement yourself? >> >> Jules >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu May 14 12:42:57 2009 From: rcooper at dwford.com (Rick Cooper) Date: Thu May 14 12:43:14 2009 Subject: How are you catching these spam In-Reply-To: References: <53362.93.97.28.110.1242222660.squirrel@saturn.dataflame.net> Message-ID: <8942A5D9A8F644A1A5ABF948D2AC9F9F@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 448 Sent: Wednesday, May 13, 2009 10:27 AM To: MailScanner discussion Subject: RE: How are you catching these spam > Silly me. > Yep, I get a hit when I scan the enitre message file but there are no > records in the log file for email that shows any hits to > Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. > What have I goofed up so that from the 'clamscan MESSAGE' will work but > not when MailScanner runs it? > > I have sanesecurity files in /var/cache/sanesecurity and > /usr/local/share/clamav. > > I am using clamd, should I switch to clamav or clamavmodule? > > Thanks again, > Carl > [...] Make sure the entire message is being scanned, for instance in MailScanner.conf ClamAV Full Message Scan = yes It sounds suspiciously like clamd is not getting the entire message. Also make sure the clamd.conf line #ScanMail yes Is not set to no, the default is to scan mail. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu May 14 12:56:29 2009 From: rcooper at dwford.com (Rick Cooper) Date: Thu May 14 12:56:41 2009 Subject: More than one Custom Function In-Reply-To: <4A0BCED2.7020307@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> Message-ID: <23AEE393E2224410B6228743C96815DD@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Sent: Thursday, May 14, 2009 3:57 AM To: MailScanner discussion Subject: Re: More than one Custom Function > Julian Field wrote: >> >> >> On 13/05/2009 12:32, Paul Houselander wrote: >>> Hi >>> >>> I have a mailscanner set up that uses the Always Looked Up Last >>> directive to call a custom function I wrote that logs to a postgres >>> database. >>> >>> I want to try to get it to now to ALSO log to a mysql database using >>> mailwatch. >>> >>> Is it possible to run 2 CustomFunctions from the same directive? >>> >> Why not just write a Custom Function that calls both bits of code? >> Just pass all the parameters to both functions, simple as that. >> >> Jules >> > Hi Jules > > I did think about doing that, it was just I recalled someone writing a > wrapper that allowed you to call 2 custom functions? I may well have > drembt it as cant find anything via the wiki or searching through the > archives! I do this with a function called wrapper (not real unique) In MailScanner.conf # If you want to use it, read CustomConfig.pm. Always Looked Up Last = &Wrapper In CustomConfig.pm sub InitWrapper { InitExtendedLogger(); InitMailWatchLogging(); } sub Wrapper { my($msg) = @_; ExtendedLogger($msg); MailWatchLogging($msg); } sub EndWrapper { EndExtendedLogger(); EndMailWatchLogging(); } The sub Wrapper calls the functions, the InitWrapper calls the other Init functions and EndWrapper calls the other End functions Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Thu May 14 13:45:07 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 14 13:45:17 2009 Subject: Mail delay at MailScanner Message-ID: Hi All, I am using MailScanner with postfix and mail flow is normal till these days and now i am finding the mail delay's regularly , When i went through the log and found mails are going in hold after that a long delay and reque of the mail is happening and mail will sent successfully. here is the log smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], sasl_method=LOGIN, sasl_username=username@domain.com Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header Received: from usename (unknown [192.168.10.156])??(Authenticated sender: ,username>@)??by smtp.domain.com (Postfix) with ESMTP id B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; from= to= proto=ESMTP helo= Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: message-id=<003f01c9c7c0$5786f380$0694da80$@com> Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to 6E0A36130112 Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 to SQL Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to MailWatch SQL Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to 6E0A36130112 Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< user@domain.com>, size=495880, nrcpt=1 (queue active) Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=, relay=192.168.1.2[192.168.1.1]:25, *delay=16269, delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 qp 3538) Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed there is no problem in network since it is in private LAN. This is happening more frequently now a days, Also I checked on the receiving server i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD ,mailq etc .. at that point of time nothing found abnormal. Details : MailScanner --> Version installed (4.74.16) SpamAssassin version 3.2.5 running on Perl version 5.8.8 Postfix mail_version = 2.3.3 What would be the problem?? Is any one facing the same issue?? Thanks in advance. Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/b45d3dfd/attachment.html From alex at rtpty.com Thu May 14 16:27:32 2009 From: alex at rtpty.com (Alex Neuman) Date: Thu May 14 16:27:42 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> On Thu, May 14, 2009 at 7:45 AM, shyam hirurkar wrote: > Hi All, > > there is no problem in network since it is in private LAN. This is > happening more frequently now a days, Also I checked on the receiving server > i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD > ,mailq etc .. at that point of time nothing found abnormal. > While I can't personally help you since I'm not using Postfix, I can contribute something from my experience. Statements like "there is no problem in network since it is in private LAN" can sometimes come back and bite you in the rear. You shouldn't assume anything "works" because "it looks like it's working" or "it shouldn't be a problem". Usually these assumptions make you waste time and resources while you find that the problem is where you were "sure it couldn't happen". Question everything. Even if it's documented - conditions might have changed in unpredictable ways, so you may have to verify every process - like playing hopscotch from point to point in whatever process you're troubleshooting, but from both ends. You checked load and mailq, but you could tell us what "etc." means; you could also describe what "check" means for you - as well as what "nothing found abnormal" means for you. Good luck! > Shyam > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/680229b0/attachment.html From Carl.Andrews at crackerbarrel.com Thu May 14 17:12:11 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:12:23 2009 Subject: How are you catching these spam In-Reply-To: <4A0B39E5.2080700@tippingmar.com> Message-ID: Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 4:22 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it > is placed. Using clamd (which I will switch back to) I am getting hits > on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and > possibly others. I have searched the system and I only see the > sanesecurity files in the two places I think they are supposed to be. > Could I have done something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Carl.Andrews at crackerbarrel.com Thu May 14 17:16:32 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:16:44 2009 Subject: How are you catching these spam In-Reply-To: <4A0B39E5.2080700@tippingmar.com> Message-ID: Both clamdscan and clamscan found Sanesecurity.Spam.ldb.14.UNOFFICIAL FOUND. Very strange. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg Sent: Wednesday, May 13, 2009 4:22 PM To: MailScanner discussion Subject: Re: How are you catching these spam Andrews Carl 448 wrote: > Ok. > Yep, one config pointed to /tmp/clamd.socket but another pointed to > /tmp/clamd so I changed them both to /tmp/clamd and that is where it > is placed. Using clamd (which I will switch back to) I am getting hits > on other Sanesecurity.* but not the Sanesecurity.Spam.ldb.14 - and > possibly others. I have searched the system and I only see the > sanesecurity files in the two places I think they are supposed to be. > Could I have done something to make clamd and clamscan react differently to the same file? > does clamdscan messagefile (note the "d" in the middle) give the same result as clamscan messagefile That might tell you if it is a MailScanner config problem or a Clamd problem. Mark Nienberg -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Thu May 14 17:19:35 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu May 14 17:20:02 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: Message-ID: Julian Field wrote: > >On 11/05/2009 23:32, Mark Sapiro wrote: >> Mark Sapiro wrote: >> >> [...] >> >>> Now I see the above analysis is probably wrong. I just received another >>> unscanned message. Headers are attached as scanned2.txt and >>> unscanned2.txt. Here again, I was able to get the message to be >>> scanned by removing a Received: header, but the header I removed >>> doesn't have any 'special' IP address in it. >>> >> >> Further information. I replaced Postfix.pm with the one from 4.76.24 >> and the problem is gone. >> >Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have >just released. The fix in 4.77.4 goes too far. With that fix, my scan messages rules like # localhost From: 127.0.0.1 no # sbh16.songbird.com From: 72.52.113.16 no are not effective, and all messages are scanned. Note I have Read IP Address From Received Header = no in MailScanner.conf -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Carl.Andrews at crackerbarrel.com Thu May 14 17:28:28 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:28:36 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: That was my problem. I had "Massage" instead of "Message" -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 13, 2009 5:29 PM To: MailScanner discussion Subject: Re: How are you catching these spam On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work >> but not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve.freegard at fsl.com Thu May 14 17:28:37 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu May 14 17:28:47 2009 Subject: How are you catching these spam In-Reply-To: References: <4A0B39E5.2080700@tippingmar.com> Message-ID: <4A0C46B5.9080007@fsl.com> Andrews Carl 448 wrote: > Both clamdscan and clamscan found Sanesecurity.Spam.ldb.14.UNOFFICIAL > FOUND. > > Very strange. > Do you have the sanesecurity.ftm file in your ClamAV database directory?? - this file is required so that ClamAV detects the input as mail messages when the whole message is input from MailScanner to ClamD. Regards, Steve. From Carl.Andrews at crackerbarrel.com Thu May 14 17:29:01 2009 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Thu May 14 17:29:10 2009 Subject: How are you catching these spam In-Reply-To: Message-ID: Thanks. That was it. I had typed Message incorrectly, I had "Massage". :-< -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, May 13, 2009 5:29 PM To: MailScanner discussion Subject: Re: How are you catching these spam On 13/05/2009 15:44, Alex Broens wrote: > On 5/13/2009 4:27 PM, Andrews Carl 448 wrote: >> Silly me. >> Yep, I get a hit when I scan the enitre message file but there are no >> records in the log file for email that shows any hits to >> Sanesecurity.Spam.ldb.14 but there are other Sanesecurity entries. >> What have I goofed up so that from the 'clamscan MESSAGE' will work >> but not when MailScanner runs it? >> >> I have sanesecurity files in /var/cache/sanesecurity and >> /usr/local/share/clamav. >> >> I am using clamd, should I switch to clamav or clamavmodule? > > Is MailScanner feeding it enough of the message or maybe a chunk of it? > Check your settings. > Ensure you have ClamAV Full Message Scan = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Thu May 14 17:41:14 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu May 14 17:41:30 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: Message-ID: Mark Sapiro wrote: >I have been experimenting with the "Add Text Of Doc" feature. The issue >I have come across is the output of antiword is in my case UTF-8 >encoded (in the absense of a specific mapping provided to antiword, >it's locale dependent), but the plain text attachment added by >MailScanner doesn't specify a charset in its Content-Type. > >It would be nice if you could grok the encoding from the system locale >and specify it, or barring that, provide a config option to set it. Please note, in case it wasn't clear, the current behavior is a real problem. UTF-8 encoded data are being sent in a text/plain part with implicit charset us-ascii resulting in data being displayed in MUAs like the following: Lani Waller Presents ???A Steelheader???s Way??? ???A Steelheader???s Way??? is a presentation on the principles, tactics, techniques and philosophy of trophy steelhead fishing based on Lani???s new book of the same title. This personal look will include the ???common elements of the endeavor??? ... -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ssilva at sgvwater.com Thu May 14 18:06:37 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 14 18:07:08 2009 Subject: How are you catching these spam In-Reply-To: References: Message-ID: on 5-14-2009 9:28 AM Andrews Carl 448 spake the following: > That was my problem. > I had "Massage" instead of "Message" > I wish I had a "Massage" instead of a "Message" right now ;-P OK, I'm done... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090514/690fbfd7/signature.bin From housey at sme-ecom.co.uk Thu May 14 18:28:07 2009 From: housey at sme-ecom.co.uk (Paul) Date: Thu May 14 18:28:55 2009 Subject: More than one Custom Function In-Reply-To: <23AEE393E2224410B6228743C96815DD@SAHOMELT> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> Message-ID: <4A0C54A7.8060609@sme-ecom.co.uk> Julian Field wrote: >>> On 13/05/2009 12:32, Paul Houselander wrote: >>> >>>> Hi >>>> >>>> I have a mailscanner set up that uses the Always Looked Up Last >>>> directive to call a custom function I wrote that logs to a postgres >>>> database. >>>> >>>> I want to try to get it to now to ALSO log to a mysql database using >>>> mailwatch. >>>> >>>> Is it possible to run 2 CustomFunctions from the same directive? >>>> >>>> >>> Why not just write a Custom Function that calls both bits of code? >>> Just pass all the parameters to both functions, simple as that. >>> >>> Jules >>> >>> >> Hi Jules >> >> I did think about doing that, it was just I recalled someone writing a >> wrapper that allowed you to call 2 custom functions? I may well have >> drembt it as cant find anything via the wiki or searching through the >> archives! >> > > I do this with a function called wrapper (not real unique) > > In MailScanner.conf > > # If you want to use it, read CustomConfig.pm. > Always Looked Up Last = &Wrapper > > > In CustomConfig.pm > > sub InitWrapper { > InitExtendedLogger(); > InitMailWatchLogging(); > } > > sub Wrapper { > my($msg) = @_; > ExtendedLogger($msg); > MailWatchLogging($msg); > } > > sub EndWrapper { > EndExtendedLogger(); > EndMailWatchLogging(); > } > > The sub Wrapper calls the functions, the InitWrapper calls the other Init > functions and EndWrapper calls the other End functions > > Rick > Thanks Rick thats works like a treat - logging to both mysql and postgres! I just realised another issue I have, the postgres set up has to use Quarantine Whole Messages As Queue Files = yes as when it releases a message it just copies the qf and df file to the mqueue. Mailwatch requires Quarantine Whole Messages As Queue Files = no without changing to much code does anyone know how I can run with both? i.e. quarantine files as both qf df and also as one file? Cheers Paul From shyamph at gmail.com Fri May 15 04:54:46 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Fri May 15 04:54:59 2009 Subject: Mail delay at MailScanner In-Reply-To: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> References: <24e3d2e40905140827t5dd7bd0em5cad5e02b8661e49@mail.gmail.com> Message-ID: Hi Alex, Thanks for the inputs. 1. I checked the network connectivity --> Ping,telnet to port 25 --> getting response properly .i.e time=0.118 ms in ping and telnet response is really fast. --> This is from both ends 2. etc --> I meant is other than load or mailq like response from the smtp service from remote end and reverse way, ping,telnet. 3. Check --> SA debug ,Mail Scanner Debug (Commands are understood) 4. Abnormal --> Meant unusual activity refer point 1,2,3 Let me know any further inputs required from my end. Hope some one may help on this. Thanks in advance Shyam On Thu, May 14, 2009 at 8:57 PM, Alex Neuman wrote: > > > On Thu, May 14, 2009 at 7:45 AM, shyam hirurkar wrote: > >> Hi All, >> >> there is no problem in network since it is in private LAN. This is >> happening more frequently now a days, Also I checked on the receiving server >> i.e [192.168.1.1] in the above case it s working fine. Also check the LOAD >> ,mailq etc .. at that point of time nothing found abnormal. >> > > While I can't personally help you since I'm not using Postfix, I can > contribute something from my experience. Statements like "there is no > problem in network since it is in private LAN" can sometimes come back and > bite you in the rear. You shouldn't assume anything "works" because "it > looks like it's working" or "it shouldn't be a problem". Usually these > assumptions make you waste time and resources while you find that the > problem is where you were "sure it couldn't happen". > > Question everything. Even if it's documented - conditions might have > changed in unpredictable ways, so you may have to verify every process - > like playing hopscotch from point to point in whatever process you're > troubleshooting, but from both ends. You checked load and mailq, but you > could tell us what "etc." means; you could also describe what "check" means > for you - as well as what "nothing found abnormal" means for you. > > Good luck! > > >> Shyam >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/19c9070c/attachment.html From eli at orbsky.homelinux.org Fri May 15 05:48:18 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 15 05:48:45 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: <200905150748.19458.eli@orbsky.homelinux.org> >From the looks of things it looks like greylisting has been implemented on the receiving end. Which is a good thing and highly recommended. You should check this. If this indeed is the case and mail coming from your server is of a top priority for the receiving end then without a doubt an exception can be configured at the other end. Eli On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > Hi All, > > I am using MailScanner with postfix and mail flow is normal till these days > and now i am finding the mail delay's regularly , > > When i went through the log and found mails are going in hold after that a > long delay and reque of the mail is happening and mail will sent > successfully. > here is the log > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > sasl_method=LOGIN, sasl_username=username@domain.com > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; > from= to= proto=ESMTP helo= > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > 6E0A36130112 > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 to > SQL > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > MailWatch SQL > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > 6E0A36130112 > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > user@domain.com>, size=495880, nrcpt=1 (queue active) > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=, > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 qp > 3538) > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kse at hovmark.dk Fri May 15 07:34:01 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 07:33:55 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> Message-ID: <1242369241.15720.7.camel@kse> Thanks for the help. But i'm afraid this server is already way overloaded, and that this might kill it. Are there any alternatives to this? Any rules i can write? Adding "To: @eurocargoservices.dk delete" does not work, as you say. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The > problem is if the 'to' contains multiple recipients and gives > conflicting actions eg deliver and not-deliver which one should it > obey???? MailScanner can't get which one is correct so uses the > Envelope-To: as the overriding value. > > > > How to split the emails up is dependant on the MTA you use but > sendmail, Exim and Postfix are covered in the wiki > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > -- > Martin Hepworth > Oxford, UK > > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam > mails, that it should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive > alot of mails from China and russia, which normally get tagged > as spam (Since i took over the filter it now work quite well > though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk > domain in the 'to' header. > And when the .de domain is in the recipient, the rule that > delivers mail to .de takes action, and the spam is delivered > to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" > does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > > ______________________________________________________________ > > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/b2903c6c/attachment.html From maxsec at gmail.com Fri May 15 08:47:38 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 15 08:47:50 2009 Subject: spamaction highscore rules. In-Reply-To: <1242369241.15720.7.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> Message-ID: <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> Kasper I presume you do things like drop unknown users at the MTA? This can reduce the load by well over 50%. Also have a look in the wiki about performance tuning MailScanner - local caching nameserver, using only a few RBL's etc etc. -- Martin 2009/5/15 Kasper Sacharias Eenberg > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that this might > kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not work, as > you say. > > > With regards, > ------------------------------ > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The problem is > if the 'to' contains multiple recipients and gives conflicting actions eg > deliver and not-deliver which one should it obey???? MailScanner can't get > which one is correct so uses the Envelope-To: as the overriding value. > > > > How to split the emails up is dependant on the MTA you use but sendmail, > Exim and Postfix are covered in the wiki ( > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > -- > Martin Hepworth > Oxford, UK > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/ce042518/attachment.html From kse at hovmark.dk Fri May 15 09:31:38 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 09:31:31 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> Message-ID: <1242376298.15720.23.camel@kse> Unfortunately, we do not, completely that is. I implemented some user checking. But we have many mailservers running. Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. It's a pain gathering from that many servers. It's on my todo list though. I'll prioritize it up. The main problem however, might be that the server only has 1GB of ram, for some reason or other. The other spamfilters have better hardware, but this is used as our primary, until i set up replication of rules and such. And add more filters. Tuning has been done on all servers. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > Kasper > > > > I presume you do things like drop unknown users at the MTA? This can > reduce the load by well over 50%. Also have a look in the wiki about > performance tuning MailScanner - local caching nameserver, using only > a few RBL's etc etc. > > > -- > Martin > > > 2009/5/15 Kasper Sacharias Eenberg > > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that > this might kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not > work, as you say. > > > With regards, > > > > ______________________________________________________________ > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > > > > Best way to avoid this situation is split the email up into > > individual recipients and then the rules on forwarding will > > work fine. The problem is if the 'to' contains multiple > > recipients and gives conflicting actions eg deliver and > > not-deliver which one should it obey???? MailScanner can't > > get which one is correct so uses the Envelope-To: as the > > overriding value. > > > > > > How to split the emails up is dependant on the MTA you use > > but sendmail, Exim and Postfix are covered in the wiki > > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > > -- > > Martin Hepworth > > Oxford, UK > > > > 2009/5/13 Kasper Sacharias Eenberg > > > > So, i embarassed myself to my company yesterday. > > > > I managed to write a highscore rule that passed on > > all spam mails, that it should be dropping. > > But nevermind that. > > > > > > My problem is, i have two domains. > > eurocargoservices.de > > eurocargoservices.dk > > > > The .de company wants to receive all spam mails. > > They receive alot of mails from China and russia, > > which normally get tagged as spam (Since i took over > > the filter it now work quite well though, ignoring > > them). > > > > > > However, som spam mails are sent with both the .de > > and .dk domain in the 'to' header. > > And when the .de domain is in the recipient, the > > rule that delivers mail to .de takes action, and the > > spam is delivered to the .dk. > > > > It seems "Use Default Rules With Multiple Recipients > > = yes" does not work. > > > > These are the rules: > > To: @eurocargoservices.de deliver > > FromOrTo: default forward > > isspam@localhost > > > > > > Live long and prosper, > > > > ____________________________________________________ > > > > > > > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > -- > Martin Hepworth > Oxford, UK > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/807f4397/attachment-0001.html From maxsec at gmail.com Fri May 15 09:42:11 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 15 09:42:21 2009 Subject: spamaction highscore rules. In-Reply-To: <1242376298.15720.23.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> Message-ID: <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> Kasper You should be able to do a lookup on the fly (look-a-head). How you do this depends on the MTA but there are lots of info on this in the wiki. 1GB ram won't help - be careful on the number of children and batch size, with 1GB ram you'll need to keep that down. maybe 2 children and 20 as the batch size. -- Martin Hepworth Oxford, UK 2009/5/15 Kasper Sacharias Eenberg > Unfortunately, we do not, completely that is. > > I implemented some user checking. But we have many mailservers running. > Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. > It's a pain gathering from that many servers. > It's on my todo list though. > I'll prioritize it up. > > The main problem however, might be that the server only has 1GB of ram, for > some reason or other. > The other spamfilters have better hardware, but this is used as our > primary, until i set up replication of rules and such. And add more filters. > > Tuning has been done on all servers. > > > With regards, > ------------------------------ > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > > Kasper > > > > I presume you do things like drop unknown users at the MTA? This can > reduce the load by well over 50%. Also have a look in the wiki about > performance tuning MailScanner - local caching nameserver, using only a few > RBL's etc etc. > > > > -- > > Martin > > 2009/5/15 Kasper Sacharias Eenberg > > Thanks for the help. > > But i'm afraid this server is already way overloaded, and that this might > kill it. > Are there any alternatives to this? Any rules i can write? > > Adding "To: @eurocargoservices.dk delete" does not work, as > you say. > > > With regards, > > > ------------------------------ > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: > > > > Best way to avoid this situation is split the email up into individual > recipients and then the rules on forwarding will work fine. The problem is > if the 'to' contains multiple recipients and gives conflicting actions eg > deliver and not-deliver which one should it obey???? MailScanner can't get > which one is correct so uses the Envelope-To: as the overriding value. > > > How to split the emails up is dependant on the MTA you use but sendmail, > Exim and Postfix are covered in the wiki ( > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta > ) > > > -- > Martin Hepworth > Oxford, UK > > 2009/5/13 Kasper Sacharias Eenberg > > So, i embarassed myself to my company yesterday. > > I managed to write a highscore rule that passed on all spam mails, that it > should be dropping. > But nevermind that. > > > My problem is, i have two domains. > eurocargoservices.de > eurocargoservices.dk > > The .de company wants to receive all spam mails. They receive alot of mails > from China and russia, which normally get tagged as spam (Since i took over > the filter it now work quite well though, ignoring them). > > > However, som spam mails are sent with both the .de and .dk domain in the > 'to' header. > And when the .de domain is in the recipient, the rule that delivers mail to > .de takes action, and the spam is delivered to the .dk. > > It seems "Use Default Rules With Multiple Recipients = yes" does not work. > > These are the rules: > To: @eurocargoservices.de deliver > FromOrTo: default forward isspam@localhost > > > Live long and prosper, > ------------------------------ > > > > > > Kasper Eenberg > > *HOVMARK DATA* > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Martin Hepworth > Oxford, UK > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/3f9e0a7b/attachment.html From kse at hovmark.dk Fri May 15 09:49:25 2009 From: kse at hovmark.dk (Kasper Sacharias Eenberg) Date: Fri May 15 09:49:17 2009 Subject: spamaction highscore rules. In-Reply-To: <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> <72cf361e0905150142p315be761kfa78736c7e596b7e@mail.gmail.com> Message-ID: <1242377366.15720.26.camel@kse> The children and batch size are about what you said. That's awesome, thank you Martin. You've been good help. With regards, ________________________________________________________________________ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 09:42 +0100, Martin Hepworth wrote: > Kasper > > > > You should be able to do a lookup on the fly (look-a-head). How you do > this depends on the MTA but there are lots of info on this in the > wiki. > > > 1GB ram won't help - be careful on the number of children and batch > size, with 1GB ram you'll need to keep that down. maybe 2 children and > 20 as the batch size. > > > -- > Martin Hepworth > Oxford, UK > > > 2009/5/15 Kasper Sacharias Eenberg > > Unfortunately, we do not, completely that is. > > I implemented some user checking. But we have many mailservers > running. Lotus Domino, Microsoft Exchange, Zarafa and simply > postfix/dovecot. > It's a pain gathering from that many servers. > It's on my todo list though. > I'll prioritize it up. > > The main problem however, might be that the server only has > 1GB of ram, for some reason or other. > The other spamfilters have better hardware, but this is used > as our primary, until i set up replication of rules and such. > And add more filters. > > Tuning has been done on all servers. > > > > > With regards, > > ______________________________________________________________ > > > Kasper Eenberg > > HOVMARK DATA > Ravnevej 13 > dk-6705 Esbjerg ? > tlf: +45 76 12 59 04 > mobil: +45 40 70 69 63 > > > > > On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: > > > Kasper > > > > > > I presume you do things like drop unknown users at the MTA? > > This can reduce the load by well over 50%. Also have a look > > in the wiki about performance tuning MailScanner - local > > caching nameserver, using only a few RBL's etc etc. > > > > > > -- > > Martin > > > > 2009/5/15 Kasper Sacharias Eenberg > > > > Thanks for the help. > > > > But i'm afraid this server is already way > > overloaded, and that this might kill it. > > Are there any alternatives to this? Any rules i can > > write? > > > > Adding "To: @eurocargoservices.dk > > delete" does not work, as you say. > > > > > > With regards, > > > > > > ____________________________________________________ > > > > > > > > Kasper Eenberg > > > > HOVMARK DATA > > Ravnevej 13 > > dk-6705 Esbjerg ? > > tlf: +45 76 12 59 04 > > mobil: +45 40 70 69 63 > > > > > > > > > > On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth > > wrote: > > > > > > > > > > > Best way to avoid this situation is split the > > > email up into individual recipients and then the > > > rules on forwarding will work fine. The problem is > > > if the 'to' contains multiple recipients and gives > > > conflicting actions eg deliver and not-deliver > > > which one should it obey???? MailScanner can't get > > > which one is correct so uses the Envelope-To: as > > > the overriding value. > > > > > > > > > How to split the emails up is dependant on the MTA > > > you use but sendmail, Exim and Postfix are covered > > > in the wiki > > > (http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta) > > > > > > > > > -- > > > Martin Hepworth > > > Oxford, UK > > > > > > 2009/5/13 Kasper Sacharias Eenberg > > > > > > > > > So, i embarassed myself to my company > > > yesterday. > > > > > > I managed to write a highscore rule that > > > passed on all spam mails, that it should > > > be dropping. > > > But nevermind that. > > > > > > > > > My problem is, i have two domains. > > > eurocargoservices.de > > > eurocargoservices.dk > > > > > > The .de company wants to receive all spam > > > mails. They receive alot of mails from > > > China and russia, which normally get > > > tagged as spam (Since i took over the > > > filter it now work quite well though, > > > ignoring them). > > > > > > > > > However, som spam mails are sent with both > > > the .de and .dk domain in the 'to' header. > > > And when the .de domain is in the > > > recipient, the rule that delivers mail > > > to .de takes action, and the spam is > > > delivered to the .dk. > > > > > > It seems "Use Default Rules With Multiple > > > Recipients = yes" does not work. > > > > > > These are the rules: > > > To: @eurocargoservices.de > > > deliver > > > FromOrTo: default forward > > > isspam@localhost > > > > > > > > > Live long and prosper, > > > > > > __________________________________________ > > > > > > > > > > > > > > > > > > Kasper Eenberg > > > > > > HOVMARK DATA > > > Ravnevej 13 > > > dk-6705 Esbjerg ? > > > tlf: +45 76 12 59 04 > > > mobil: +45 40 70 69 63 > > > > > > > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read > > > http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the > > > book off the website! > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > > the website! > > > > > > > > > > > > -- > > Martin Hepworth > > Oxford, UK > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/f84c4c9e/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 15 10:12:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:13:09 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0D3210.1050800@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:19, Mark Sapiro wrote: > Julian Field wrote: > >> On 11/05/2009 23:32, Mark Sapiro wrote: >> >>> Mark Sapiro wrote: >>> >>> [...] >>> >>> >>>> Now I see the above analysis is probably wrong. I just received another >>>> unscanned message. Headers are attached as scanned2.txt and >>>> unscanned2.txt. Here again, I was able to get the message to be >>>> scanned by removing a Received: header, but the header I removed >>>> doesn't have any 'special' IP address in it. >>>> >>>> >>> Further information. I replaced Postfix.pm with the one from 4.76.24 >>> and the problem is gone. >>> >>> >> Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have >> just released. >> > > The fix in 4.77.4 goes too far. With that fix, my scan messages rules > like > > # localhost > From: 127.0.0.1 no > # sbh16.songbird.com > From: 72.52.113.16 no > > are not effective, and all messages are scanned. > > Note I have > > Read IP Address From Received Header = no > > in MailScanner.conf > I've re-written the relevant chunk of code to make it a whole lot simpler. Please try the attached (unzipped) in /usr/lib/MailScanner/MailScanner. Don't forget to restart MailScanner after inserting the file! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Postfix.pm.zip Type: application/x-zip-compressed Size: 18680 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/a059173f/Postfix.pm.bin From MailScanner at ecs.soton.ac.uk Fri May 15 10:14:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:14:47 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D3274.2050705@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:41, Mark Sapiro wrote: > Mark Sapiro wrote: > > >> I have been experimenting with the "Add Text Of Doc" feature. The issue >> I have come across is the output of antiword is in my case UTF-8 >> encoded (in the absense of a specific mapping provided to antiword, >> it's locale dependent), but the plain text attachment added by >> MailScanner doesn't specify a charset in its Content-Type. >> >> It would be nice if you could grok That word doesn't appear in my Oxford dictionary... >> the encoding from the system locale >> and specify it, or barring that, provide a config option to set it. >> Any idea how to get it from the Locale? Otherwise I'll just have to let you set it. > > Please note, in case it wasn't clear, the current behavior is a real > problem. UTF-8 encoded data are being sent in a text/plain part with > implicit charset us-ascii resulting in data being displayed in MUAs > like the following: > > Lani Waller Presents > “A Steelheader’s Way” > > “A Steelheader’s Way” is a presentation on the principles, > tactics, > techniques and philosophy of trophy steelhead fishing based on Lani’s > new > book of the same title. This personal look will include the “common > elements of the endeavor” ... > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 10:15:14 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:15:32 2009 Subject: More than one Custom Function In-Reply-To: <4A0C54A7.8060609@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> <4A0D32A2.8060205@ecs.soton.ac.uk> Message-ID: On 14/05/2009 18:28, Paul wrote: > Julian Field wrote: >>>> On 13/05/2009 12:32, Paul Houselander wrote: >>>>> Hi >>>>> >>>>> I have a mailscanner set up that uses the Always Looked Up Last >>>>> directive to call a custom function I wrote that logs to a postgres >>>>> database. >>>>> I want to try to get it to now to ALSO log to a mysql database using >>>>> mailwatch. >>>>> Is it possible to run 2 CustomFunctions from the same directive? >>>>> >>>> Why not just write a Custom Function that calls both bits of code? >>>> Just pass all the parameters to both functions, simple as that. >>>> >>>> Jules >>>> >>> Hi Jules >>> >>> I did think about doing that, it was just I recalled someone writing a >>> wrapper that allowed you to call 2 custom functions? I may well have >>> drembt it as cant find anything via the wiki or searching through the >>> archives! >> >> I do this with a function called wrapper (not real unique) >> >> In MailScanner.conf >> >> # If you want to use it, read CustomConfig.pm. >> Always Looked Up Last = &Wrapper >> >> >> In CustomConfig.pm >> >> sub InitWrapper { >> InitExtendedLogger(); >> InitMailWatchLogging(); >> } >> >> sub Wrapper { >> my($msg) = @_; >> ExtendedLogger($msg); >> MailWatchLogging($msg); >> } >> >> sub EndWrapper { >> EndExtendedLogger(); >> EndMailWatchLogging(); >> } >> >> The sub Wrapper calls the functions, the InitWrapper calls the other >> Init >> functions and EndWrapper calls the other End functions >> >> Rick > Thanks Rick thats works like a treat - logging to both mysql and > postgres! > > I just realised another issue I have, the postgres set up has to use > > Quarantine Whole Messages As Queue Files = yes > > as when it releases a message it just copies the qf and df file to the > mqueue. > > Mailwatch requires > > Quarantine Whole Messages As Queue Files = no > > without changing to much code does anyone know how I can run with > both? i.e. quarantine files as both qf df and also as one file? You have the source... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 10:25:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 10:25:24 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: On 14/05/2009 17:41, Mark Sapiro wrote: > Mark Sapiro wrote: > > >> I have been experimenting with the "Add Text Of Doc" feature. The issue >> I have come across is the output of antiword is in my case UTF-8 >> encoded (in the absense of a specific mapping provided to antiword, >> it's locale dependent), but the plain text attachment added by >> MailScanner doesn't specify a charset in its Content-Type. >> I currently set it to a text/plain with 8bit encoding. What options do you want me to provide that would solve your problem? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alvaro at hostalia.com Fri May 15 10:52:58 2009 From: alvaro at hostalia.com (=?ISO-8859-15?Q?Alvaro_Mar=EDn?=) Date: Fri May 15 11:17:29 2009 Subject: Delete with MailScanner based on header In-Reply-To: References: <4A0AB4B3.9070506@hostalia.com> <4A0B474A.5040705@ecs.soton.ac.uk> <4A0BE1F7.3070303@hostalia.com> <4A0BE58D.6050801@ecs.soton.ac.uk> Message-ID: <4A0D3B7A.10907@hostalia.com> Ops, that's true Julian. The header is added only if I run spamassassin from console, not when is executed by MailScanner. Sorry for that, I'll think in other solution. Julian Field escribi?: > MailScanner doesn't allow SpamAssassin to modify the message, that would > destroy the entire MIME structure and everything. It should be returning > a rule hit for their plugin, not just adding a header. > > On 14/05/2009 10:18, Alvaro Mar?n wrote: >> Hi Jules, >> >> I'm using Cloudmark's plugin for SA. In SA, I configure: >> >> ifplugin Mail::SpamAssassin::Plugin::CMAE >> full CMAE_1 eval:check_msg() >> describe CMAE_1 Cloudmark CMAE detected spam >> score CMAE_1 5 >> add_header all CMAE-Analysis _CMAETAG_ >> endif >> >> that has a score of 5 if the message is cataloged like spam and adds a >> header like this: >> >> X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 >> p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 >> >> The problem is that if the plugin detects a virus in the message, this >> header changes to: >> >> X-Spam-CMAE-Analysis: v=1.0 c=1 p=J1lT5JFMR5d2qjHey-wA:9 >> p=3b90pLas9PL642u5t7TVoAw98R4A:4 p=9d3U-zX9zcfjglhJKlcA:9 >> xcat=Virus/CMU_7796_20090511 >> >> adding that "xcat" field. >> >> I want to delete messages with "xcat=Virus" and other messages, mark >> them with {Spam?}. >> If I could see in a MailScanner plugin this header that SA returns, I >> would be able to mark it to delete in case that has "xcat=Virus". Is it >> possible? >> >> Thanks! >> >> >> Julian Field escribi?: >> >>> >>> On 13/05/2009 12:53, Alvaro Mar?n wrote: >>> >>>> Hello, >>>> >>>> I'm using a plugin in SA that does an "eval:check_msg()" and adds a >>>> header >>>> with add_header. In that header there is information about the scanned >>>> mail (if it's spam >>>> or a virus). >>>> >>>> I see that isn't any option in MailScanner's configuration to do an >>>> action based on a header added by SA, something like "SpamAssassin Rule >>>> Actions", so I've thought to do a custom function for MailScanner to >>>> do it. >>>> The idea is see if this header has "virus" as value, and if this >>>> occurs, >>>> delete the message. Is this possible? >>>> Where are SA's headers stored (I see that $message->{headers} are >>>> original ones only)? >>>> >>>> >>> MailScanner does not allow SpamAssassin to modify the message. However, >>> you can have a SA rule and then have a "header" action in the >>> SpamAssassin Rule Actions setup. >>> >>> SpamAssassin is the wrong tool for determining if a message is a virus. >>> Maybe you want to use the "generic" virus scanner that MailScanner >>> allows you to implement yourself? >>> >>> Jules >>> >>> >> >> > > Jules > -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From jonas at vrt.dk Fri May 15 11:54:29 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri May 15 11:54:44 2009 Subject: spamaction highscore rules. In-Reply-To: <1242376298.15720.23.camel@kse> References: <1242202203.1013.30.camel@kse> <72cf361e0905130159j110b9cf2x5dfb030badaeebd5@mail.gmail.com> <1242369241.15720.7.camel@kse> <72cf361e0905150047y320e43a2ifd767e0e25c5a44a@mail.gmail.com> <1242376298.15720.23.camel@kse> Message-ID: <006101c9d54b$85c08520$91418f60$@dk> Hi Kasper It really isn?t hard at all to do user checking. Instead of collecting the list of valid users via ldap or some sort of export or other tedious methods. You can simply do callout from your mta. Meaning your relay server (mailscanner) checks with the receiving smtp server if it wants to accept the mail address. Of course this requires that your customers mail servers reject unknown users, but unless they use wildcard mail addresses this is no problem at all. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kasper Sacharias Eenberg Sent: 15. maj 2009 10:32 To: MailScanner discussion Subject: Re: spamaction highscore rules. Unfortunately, we do not, completely that is. I implemented some user checking. But we have many mailservers running. Lotus Domino, Microsoft Exchange, Zarafa and simply postfix/dovecot. It's a pain gathering from that many servers. It's on my todo list though. I'll prioritize it up. The main problem however, might be that the server only has 1GB of ram, for some reason or other. The other spamfilters have better hardware, but this is used as our primary, until i set up replication of rules and such. And add more filters. Tuning has been done on all servers. With regards, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Fri, 2009-05-15 at 08:47 +0100, Martin Hepworth wrote: Kasper I presume you do things like drop unknown users at the MTA? This can reduce the load by well over 50%. Also have a look in the wiki about performance tuning MailScanner - local caching nameserver, using only a few RBL's etc etc. -- Martin 2009/5/15 Kasper Sacharias Eenberg Thanks for the help. But i'm afraid this server is already way overloaded, and that this might kill it. Are there any alternatives to this? Any rules i can write? Adding "To: @eurocargoservices.dk delete" does not work, as you say. With regards, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 On Wed, 2009-05-13 at 09:59 +0100, Martin Hepworth wrote: Best way to avoid this situation is split the email up into individual recipients and then the rules on forwarding will work fine. The problem is if the 'to' contains multiple recipients and gives conflicting actions eg deliver and not-deliver which one should it obey???? MailScanner can't get which one is correct so uses the Envelope-To: as the overriding value. How to split the emails up is dependant on the MTA you use but sendmail, Exim and Postfix are covered in the wiki (http://wiki.mailscanner.info/doku.php?id= &idx=documentation:configuration:mta) -- Martin Hepworth Oxford, UK 2009/5/13 Kasper Sacharias Eenberg So, i embarassed myself to my company yesterday. I managed to write a highscore rule that passed on all spam mails, that it should be dropping. But nevermind that. My problem is, i have two domains. eurocargoservices.de eurocargoservices.dk The .de company wants to receive all spam mails. They receive alot of mails from China and russia, which normally get tagged as spam (Since i took over the filter it now work quite well though, ignoring them). However, som spam mails are sent with both the .de and .dk domain in the 'to' header. And when the .de domain is in the recipient, the rule that delivers mail to .de takes action, and the spam is delivered to the .dk. It seems "Use Default Rules With Multiple Recipients = yes" does not work. These are the rules: To: @eurocargoservices.de deliver FromOrTo: default forward isspam@localhost Live long and prosper, _____ Kasper Eenberg HOVMARK DATA Ravnevej 13 dk-6705 Esbjerg ? tlf: +45 76 12 59 04 mobil: +45 40 70 69 63 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/527adb99/attachment-0001.html From ajcartmell at fonant.com Fri May 15 12:03:04 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 12:03:11 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: > I currently set it to a text/plain with 8bit encoding. What options do > you want me to provide that would solve your problem? Add Text Of Doc Charset = if set to something like "utf-8", would result in the attachment having: Content-type: text/plain; charset="utf-8" That would work for me, anyway, and would allow people to set it up to work for whatever character set they want the text to be in. The alternative would be to always use UTF-8 and call antiword with " -m UTF-8.txt" so that it outputs UTF-8 characters. Anthony -- www.fonant.com - Quality web sites From ajcartmell at fonant.com Fri May 15 12:07:54 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 12:08:01 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D3274.2050705@ecs.soton.ac.uk> Message-ID: > Any idea how to get it from the Locale? Otherwise I'll just have to let > you set it. From the docs: Antiword uses the environment variables ''LC_ALL'', ''LC_CTYPE'' and ''LANG'' (in that order) to get the current locale and uses this information to select the default mapping file. My value for LANG is en_US.UTF-8, so Antiword must parse that to extract the UTF-8 bit to choose UTF-8.txt as its mapping file. So probably easier to let the user set it? I'm not using this yet, but will be shortly. I have silly local councils sending replies to emails, that I want to read by machine, as Word RTF format attachments... :( Cheers! Anthony -- www.fonant.com - Quality web sites From MailScanner at ecs.soton.ac.uk Fri May 15 12:13:11 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 12:13:30 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D4E47.8000200@ecs.soton.ac.uk> Message-ID: On 15/05/2009 12:03, Anthony Cartmell wrote: >> I currently set it to a text/plain with 8bit encoding. What options >> do you want me to provide that would solve your problem? > The alternative would be to always use UTF-8 and call antiword with " > -m UTF-8.txt" so that it outputs UTF-8 characters. How about I do that instead? It would save yet another configuration option that no-one (except you) would understand or use. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 12:28:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 12:28:56 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> Message-ID: On 15/05/2009 12:03, Anthony Cartmell wrote: >> I currently set it to a text/plain with 8bit encoding. What options >> do you want me to provide that would solve your problem? > > Add Text Of Doc Charset = > > if set to something like "utf-8", would result in the attachment having: > > Content-type: text/plain; charset="utf-8" > > That would work for me, anyway, and would allow people to set it up to > work for whatever character set they want the text to be in. > > The alternative would be to always use UTF-8 and call antiword with " > -m UTF-8.txt" so that it outputs UTF-8 characters. You can make it always generate utf-8 by editing Antiword.pm and changing the text around line 200 to say this: $parententity->attach( Type => "text/plain", Charset => "utf-8", Encoding => "8bit", Disposition => "attachment", Filename => $attachfile, Path => "$dir/$unpackfile"); (note the "Charset" setting). Then just edit the setting in MailScanner.conf to say Antiword = /usr/bin/antiword -f -m UTF-8.txt and that's all you need to do. If you find this works okay, that's what will go in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Fri May 15 12:38:30 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Fri May 15 12:38:39 2009 Subject: Mail delay at MailScanner In-Reply-To: <200905150748.19458.eli@orbsky.homelinux.org> References: <200905150748.19458.eli@orbsky.homelinux.org> Message-ID: Hi Eli, Yes I am using grey listing. But i am not sure that is causing this because smtp check are happening fast and sending it to hold (which is mailscanner queue) and Maiscanner is taking time to process the message. Thanks in Advance. Shyam On Fri, May 15, 2009 at 10:18 AM, Eli Wapniarski wrote: > >From the looks of things it looks like greylisting has been implemented on > the receiving end. Which is a good thing and highly recommended. You should > check this. If this indeed is the case and mail coming from your server is > of a top priority for the receiving end then without a doubt an exception > can be configured at the other end. > > Eli > > On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > > Hi All, > > > > I am using MailScanner with postfix and mail flow is normal till these > days > > and now i am finding the mail delay's regularly , > > > > When i went through the log and found mails are going in hold after that > a > > long delay and reque of the mail is happening and mail will sent > > successfully. > > here is the log > > > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > > sasl_method=LOGIN, sasl_username=username@domain.com > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > > B5AD361300F7??for ; Tue, 2 from > unknown[192.168.1.1]; > > from= to= proto=ESMTP helo= > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > 6E0A36130112 > > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 > to > > SQL > > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > > MailWatch SQL > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > 6E0A36130112 > > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > > user@domain.com>, size=495880, nrcpt=1 (queue active) > > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=< > user@domain.com>, > > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 > qp > > 3538) > > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090515/9b8e5bf4/attachment.html From housey at sme-ecom.co.uk Fri May 15 14:39:27 2009 From: housey at sme-ecom.co.uk (Paul) Date: Fri May 15 14:40:13 2009 Subject: More than one Custom Function In-Reply-To: <4A0C54A7.8060609@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> Message-ID: <4A0D708F.3070000@sme-ecom.co.uk> > Thanks Rick thats works like a treat - logging to both mysql and > postgres! > > I just realised another issue I have, the postgres set up has to use > > Quarantine Whole Messages As Queue Files = yes > > as when it releases a message it just copies the qf and df file to the > mqueue. > > Mailwatch requires > > Quarantine Whole Messages As Queue Files = no > > without changing to much code does anyone know how I can run with > both? i.e. quarantine files as both qf df and also as one file? > > Cheers > > Paul > > Hi Julien I think you replied to this to say you have the source, i seem to have deleted your reply sorry! I use sendmail and I have altered the CopyEntireMessage subroutine in SMDiskStore.pm (bit I changed is noted by >>>>>) sub CopyEntireMessage { my $this = shift; my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; #my $hfile = $message->{headerspath}; #my $dfile = $this->{dpath}; #my $hpath = $this->{hpath}; # if (MailScanner::Config::Value('storeentireasdfqf')) { # Don't need cp or cat any more! Yay :-) #system($global::cp . " \"$hpath\" \"$dfile\" \"$targetdir\""); >>>>> my $target = new IO::File "$targetdir/$targetfile", "w"; >>>>> MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") >>>>> if not defined $target; >>>>> $this->WriteEntireMessage($message, $target); return $this->CopyToDir($targetdir, $targetfile, $uid, $gid, $changeowner); } else { #system($global::cat . " \"$hfile\" \"$dfile\" > \"$targetdir/$targetfile\""); my $target = new IO::File "$targetdir/$targetfile", "w"; MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") if not defined $target; $this->WriteEntireMessage($message, $target); return ($targetdir . '/' . $targetfile); } } All I did was copy the code minus the return from the else part of the routine. It seems to be working but I just wondered if you can think of anything else I may have broke by doing this? I only want to run it in tandom whilst I phase out the old system I have. Thanks Paul From ajcartmell at fonant.com Fri May 15 14:51:50 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 14:51:58 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> Message-ID: > You can make it always generate utf-8 by editing Antiword.pm and > changing the text around line 200 to say this: > $parententity->attach( Type => "text/plain", > Charset => "utf-8", > Encoding => "8bit", > Disposition => "attachment", > Filename => $attachfile, > Path => "$dir/$unpackfile"); > > (note the "Charset" setting). Then just edit the setting in > MailScanner.conf to say > Antiword = /usr/bin/antiword -f -m UTF-8.txt > > and that's all you need to do. If you find this works okay, that's what > will go in the next release. That would work, but the problem is that the "Charset" setting in $parententity->attach has to match the charset output from Antiword, set with the -m flag or defaulted from the LANG environment variables. If someone set Antiword = /usr/bin/antiword -f -m 8859-1.txt (or if they set Antiword = /usr/bin/antiword -f and had iso-8859-1 as their default character set) then the attachment headers would be specifying the wrong character set, resulting in corrupted text display. So if you hard-code the "utf-8" into the attachment headers in Antiword.pm, then you should probably also hard-code the "-m UTF-8.txt" into the calling of the antiword command. so line 120 in Antiword.pm would become: my $cmd = "$antiword -m UTF-8.txt '$dir/$docname' > '$dir/$unpackfile'"; to partner with line 200: Charset => "utf-8", Then the question is whether antiword always comes with UTF-8.txt, which I think it probably does. Choosing UTF-8 should be safe as it covers pretty-much any character, is the default for XML and modern Apache HTML, etc. HTH, Anthony -- www.fonant.com - Quality web sites From mikes at hartwellcorp.com Fri May 15 14:47:15 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 15:02:46 2009 Subject: "Can't set UID 8" errors Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> I'm having trouble with MailScanner halting its message processing periodically. When this happens and the hourly check to make sure it's still running takes place I get the following: /etc/cron.hourly/check_MailScanner: Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line 1479. Failed. This was happening with version 4.76.12-1 and also with version 4.76.25-1 after I upgraded to see if that would help (it has not). -- Michael St. Laurent IT Department Hartwell Corporation -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 15:08:36 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 15:08:58 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> <4A0D7764.1080008@ecs.soton.ac.uk> Message-ID: On 15/05/2009 14:51, Anthony Cartmell wrote: >> You can make it always generate utf-8 by editing Antiword.pm and >> changing the text around line 200 to say this: >> $parententity->attach( Type => "text/plain", >> Charset => "utf-8", >> Encoding => "8bit", >> Disposition => "attachment", >> Filename => $attachfile, >> Path => "$dir/$unpackfile"); >> >> (note the "Charset" setting). Then just edit the setting in >> MailScanner.conf to say >> Antiword = /usr/bin/antiword -f -m UTF-8.txt >> >> and that's all you need to do. If you find this works okay, that's >> what will go in the next release. > > That would work, but the problem is that the "Charset" setting in > $parententity->attach has to match the charset output from Antiword, > set with the -m flag or defaulted from the LANG environment variables. > > If someone set > > Antiword = /usr/bin/antiword -f -m 8859-1.txt > > (or if they set > Antiword = /usr/bin/antiword -f > and had iso-8859-1 as their default character set) > > then the attachment headers would be specifying the wrong character > set, resulting in corrupted text display. > > So if you hard-code the "utf-8" into the attachment headers in > Antiword.pm, then you should probably also hard-code the "-m > UTF-8.txt" into the calling of the antiword command. > > so line 120 in Antiword.pm would become: > > my $cmd = "$antiword -m UTF-8.txt '$dir/$docname' > '$dir/$unpackfile'"; > > to partner with line 200: > > Charset => "utf-8", > > Then the question is whether antiword always comes with UTF-8.txt, > which I think it probably does. Choosing UTF-8 should be safe as it > covers pretty-much any character, is the default for XML and modern > Apache HTML, etc. All done. It will be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 15 15:10:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 15 15:10:39 2009 Subject: More than one Custom Function In-Reply-To: <4A0D708F.3070000@sme-ecom.co.uk> References: <00e901c9d3be$70e5b8c0$52b12a40$@co.uk> <4A0B46B5.5010006@ecs.soton.ac.uk> <4A0BCED2.7020307@sme-ecom.co.uk> <23AEE393E2224410B6228743C96815DD@SAHOMELT> <4A0C54A7.8060609@sme-ecom.co.uk> <4A0D708F.3070000@sme-ecom.co.uk> <4A0D77CE.5090509@ecs.soton.ac.uk> Message-ID: On 15/05/2009 14:39, Paul wrote: > >> Thanks Rick thats works like a treat - logging to both mysql and >> postgres! >> >> I just realised another issue I have, the postgres set up has to use >> >> Quarantine Whole Messages As Queue Files = yes >> >> as when it releases a message it just copies the qf and df file to >> the mqueue. >> >> Mailwatch requires >> >> Quarantine Whole Messages As Queue Files = no >> >> without changing to much code does anyone know how I can run with >> both? i.e. quarantine files as both qf df and also as one file? >> >> Cheers >> >> Paul >> >> > > Hi Julien > > I think you replied to this to say you have the source, i seem to have > deleted your reply sorry! > > I use sendmail and I have altered the CopyEntireMessage subroutine in > SMDiskStore.pm (bit I changed is noted by >>>>>) > > sub CopyEntireMessage { > my $this = shift; > my($message, $targetdir, $targetfile, $uid, $gid, $changeowner) = @_; > > #my $hfile = $message->{headerspath}; > #my $dfile = $this->{dpath}; > #my $hpath = $this->{hpath}; > # > if (MailScanner::Config::Value('storeentireasdfqf')) { > # Don't need cp or cat any more! Yay :-) > #system($global::cp . " \"$hpath\" \"$dfile\" \"$targetdir\""); > >>>>> my $target = new IO::File "$targetdir/$targetfile", "w"; > >>>>> MailScanner::Log::DieLog("writing to $targetdir/$targetfile: > $!") > >>>>> if not defined $target; > >>>>> $this->WriteEntireMessage($message, $target); > return $this->CopyToDir($targetdir, $targetfile, $uid, $gid, > $changeowner); > } else { > #system($global::cat . " \"$hfile\" \"$dfile\" > > \"$targetdir/$targetfile\""); > my $target = new IO::File "$targetdir/$targetfile", "w"; > MailScanner::Log::DieLog("writing to $targetdir/$targetfile: $!") > if not defined $target; > $this->WriteEntireMessage($message, $target); > return ($targetdir . '/' . $targetfile); > } > } > > All I did was copy the code minus the return from the else part of the > routine. > > It seems to be working but I just wondered if you can think of > anything else I may have broke by doing this? I only want to run it in > tandom whilst I phase out the old system I have. I think that should work okay. They both rewind the file as needed anyway, so that shouldn't be a problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 15:20:53 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 15:21:03 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> Message-ID: <20090515142053.GA3848@msapiro> On Fri, May 15, 2009 at 10:25:04AM +0100, Julian Field wrote: > > > On 14/05/2009 17:41, Mark Sapiro wrote: > >Mark Sapiro wrote: > > > > > >>I have been experimenting with the "Add Text Of Doc" feature. The issue > >>I have come across is the output of antiword is in my case UTF-8 > >>encoded (in the absense of a specific mapping provided to antiword, > >>it's locale dependent), but the plain text attachment added by > >>MailScanner doesn't specify a charset in its Content-Type. > >> > I currently set it to a text/plain with 8bit encoding. What options do > you want me to provide that would solve your problem? I want the Content-Type: to include a charset= parameter. The output of antiword is in the charset of the system locale. Ideally you would use that as the value of the charset= parameter. Barring that, you could add a config setting Add Text Of Doc Charset = utf-8 Note that it would be fine with me if you just hard coded charset=utf-8, but that wouldn't work for everyone. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mikes at hartwellcorp.com Fri May 15 15:53:33 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 15:54:14 2009 Subject: "Can't set UID 8" errors References: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689C3@hcex.hartwellcorp.com> > I'm having trouble with MailScanner halting its message processing > periodically. When this happens and the hourly check to make sure it's > still running takes place I get the following: > > /etc/cron.hourly/check_MailScanner: > > Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line > 1479. > Failed. > > > This was happening with version 4.76.12-1 and also with version > 4.76.25-1 after I upgraded to see if that would help (it has not). I am also seeing entries such as the following in the /var/log/messages file: May 15 06:49:38 hcfw1 MailScanner: Process did not exit cleanly, returned 11 wit h signal 0 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 16:06:13 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 16:06:22 2009 Subject: MailScanner 4.77.3 fails to scan some messages In-Reply-To: References: <4A0D3210.1050800@ecs.soton.ac.uk> Message-ID: <20090515150613.GB3848@msapiro> On Fri, May 15, 2009 at 10:12:48AM +0100, Julian Field wrote: > > > On 14/05/2009 17:19, Mark Sapiro wrote: > >Julian Field wrote: > > > >>On 11/05/2009 23:32, Mark Sapiro wrote: > >> > >>>Mark Sapiro wrote: > >>> > >>>[...] > >>> > >>> > >>>>Now I see the above analysis is probably wrong. I just received another > >>>>unscanned message. Headers are attached as scanned2.txt and > >>>>unscanned2.txt. Here again, I was able to get the message to be > >>>>scanned by removing a Received: header, but the header I removed > >>>>doesn't have any 'special' IP address in it. > >>>> > >>>> > >>>Further information. I replaced Postfix.pm with the one from 4.76.24 > >>>and the problem is gone. > >>> > >>> > >>Thanks for that info, it greatly helped. Fixed in 4.77.4 which I have > >>just released. > >> > > > >The fix in 4.77.4 goes too far. With that fix, my scan messages rules > >like > > > ># localhost > >From: 127.0.0.1 no > ># sbh16.songbird.com > >From: 72.52.113.16 no > > > >are not effective, and all messages are scanned. > > > >Note I have > > > >Read IP Address From Received Header = no > > > >in MailScanner.conf > > > I've re-written the relevant chunk of code to make it a whole lot > simpler. Please try the attached (unzipped) in > /usr/lib/MailScanner/MailScanner. Don't forget to restart MailScanner > after inserting the file! I have installed the Postfix.pm from the attached zip and so far it seems to be working. I.e., I tested a few mails and they were all scanned or not as expected. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ajcartmell at fonant.com Fri May 15 16:48:46 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri May 15 16:48:53 2009 Subject: Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0D34F0.6080802@ecs.soton.ac.uk> <4A0D51E3.2040706@ecs.soton.ac.uk> <4A0D7764.1080008@ecs.soton.ac.uk> Message-ID: > All done. It will be in the next release. Luvverly, thanks! I like responsive developers :) Anthony -- www.fonant.com - Quality web sites From eli at orbsky.homelinux.org Fri May 15 17:59:20 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Fri May 15 17:59:42 2009 Subject: Mail delay at MailScanner In-Reply-To: References: <200905150748.19458.eli@orbsky.homelinux.org> Message-ID: <200905151959.20942.eli@orbsky.homelinux.org> Looking at MailScanner's configuration there is an option there Max Normal Queue Size The speed of your mail delivery. If you could check how many messages are sitting in your queue then maybe we can get to the bottom of it. If I understand the explanation correctly and the delay is not being caused by misconfigured greylisting then I would think you've got alot of ping ponging. This can be dealt with, but it would take some work. Eli On Friday 15 May 2009 14:38:30 shyam hirurkar wrote: > Hi Eli, > > Yes I am using grey listing. But i am not sure that is causing this because > smtp check are happening fast and sending it to hold (which is mailscanner > queue) and Maiscanner is taking time to process the message. > > Thanks in Advance. > Shyam > > On Fri, May 15, 2009 at 10:18 AM, Eli Wapniarski > wrote: > > > >From the looks of things it looks like greylisting has been implemented on > > the receiving end. Which is a good thing and highly recommended. You should > > check this. If this indeed is the case and mail coming from your server is > > of a top priority for the receiving end then without a doubt an exception > > can be configured at the other end. > > > > Eli > > > > On Thursday 14 May 2009 15:45:07 shyam hirurkar wrote: > > > Hi All, > > > > > > I am using MailScanner with postfix and mail flow is normal till these > > days > > > and now i am finding the mail delay's regularly , > > > > > > When i went through the log and found mails are going in hold after that > > a > > > long delay and reque of the mail is happening and mail will sent > > > successfully. > > > here is the log > > > > > > smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > > > sasl_method=LOGIN, sasl_username=username@domain.com > > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > > > Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > > > ,username>@)??by smtp.domain.com (Postfix) with ESMTP id > > > B5AD361300F7??for ; Tue, 2 from > > unknown[192.168.1.1]; > > > from= to= proto=ESMTP helo= > > > Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > > > message-id=<003f01c9c7c0$5786f380$0694da80$@com> > > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > > 6E0A36130112 > > > Apr 28 15:16:54 smtp MailScanner[598]: Logging message B5AD361300F7.C8111 > > to > > > SQL > > > Apr 28 15:16:54 smtp MailScanner[11594]: B5AD361300F7.C8111: Logged to > > > MailWatch SQL > > > Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > > > 6E0A36130112 > > > Apr 28 15:16:54 smtp postfix/qmgr[11586]: 6E0A36130112: from=< > > > user@domain.com>, size=495880, nrcpt=1 (queue active) > > > Apr 28 15:16:55 smtp postfix/smtp[1116]: 6E0A36130112: to=< > > user@domain.com>, > > > relay=192.168.1.2[192.168.1.1]:25, *delay=16269, > > > delays=16268/0.43/0.42/0.23, *dsn=2.0.0, status=sent (250 ok 1240912019 > > qp > > > 3538) > > > Apr 28 15:16:55 smtp postfix/qmgr[11586]: 6E0A36130112: removed > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikes at hartwellcorp.com Fri May 15 18:35:59 2009 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri May 15 18:36:32 2009 Subject: "Can't set UID 8" errors References: <3BF93070B3D1B047BA7ABF612958950D057689AA@hcex.hartwellcorp.com> <3BF93070B3D1B047BA7ABF612958950D057689C3@hcex.hartwellcorp.com> Message-ID: <3BF93070B3D1B047BA7ABF612958950D057689F9@hcex.hartwellcorp.com> > > I'm having trouble with MailScanner halting its message processing > > periodically. When this happens and the hourly check to make sure > it's > > still running takes place I get the following: > > > > /etc/cron.hourly/check_MailScanner: > > > > Starting MailScanner...Can't set UID 8 at /usr/sbin/MailScanner line > > 1479. > > Failed. > > > > > > This was happening with version 4.76.12-1 and also with version > > 4.76.25-1 after I upgraded to see if that would help (it has not). > > I am also seeing entries such as the following in the /var/log/messages > file: > > May 15 06:49:38 hcfw1 MailScanner: Process did not exit cleanly, > returned 11 with signal 0 Am I looking at the same issue as the dead child process thread? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Fri May 15 19:52:23 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri May 15 19:52:35 2009 Subject: OT - Issue with "Add Text Of Doc" feature In-Reply-To: Message-ID: Julian Field wrote: > >On 14/05/2009 17:41, Mark Sapiro wrote: >> Mark Sapiro wrote: >> >>> It would be nice if you could grok >That word doesn't appear in my Oxford dictionary... >>> the encoding from the system locale >>> and specify it, or barring that, provide a config option to set it. It's a reference from Robert Heinlein's 1961 novel _Stranger in a Strange Land_. See for example which, interestingly, claims it is in the Oxford English Dictionary. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gdoris at rogers.com Fri May 15 20:41:00 2009 From: gdoris at rogers.com (Gerry Doris) Date: Fri May 15 20:40:49 2009 Subject: US Military Looking for Email Spam Solution Message-ID: <4A0DC54C.8050307@rogers.com> http://tech.slashdot.org/article.pl?sid=09/05/15/1633204&from=rss From jaearick at colby.edu Fri May 15 21:01:05 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri May 15 21:01:51 2009 Subject: US Military Looking for Email Spam Solution In-Reply-To: <4A0DC54C.8050307@rogers.com> References: <4A0DC54C.8050307@rogers.com> Message-ID: Gerry, To quote Lyndon Johnson... "Power? The only power I have is nuclear power, and I can't use that!" Sounds similar here... On Fri, 15 May 2009, Gerry Doris wrote: > Date: Fri, 15 May 2009 15:41:00 -0400 > From: Gerry Doris > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: US Military Looking for Email Spam Solution > > http://tech.slashdot.org/article.pl?sid=09/05/15/1633204&from=rss > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailscanner at barendse.to Sat May 16 11:46:57 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sat May 16 11:47:29 2009 Subject: Bug in install-Clam-0.95.1-SA-3.2.5 ? Message-ID: My SpamAssassin stopped working, when doing : spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf it just hangs after : [5501] dbg: dns: no ipv6 [5501] dbg: dns: is Net::DNS::Resolver available? yes [5501] dbg: dns: Net::DNS version: 0.65 So i tried updating the SA package. However when i run ./install.sh on a CentOS 4.7 box Mail-ClamAV-0.22 doesn't build, it uses the wrong path for a start. I untarred the tarball to /tmp/install-Clam-0.95.1-SA-3.2.5 which means that Mail-ClamAV is here : /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 but as per the output below it expects it to be /tmp/Mail-ClamAV-0.22 Simply copying the folder to /tmp didn't help. I'm running CentOS 4.7 with clamav 0.95.1 /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/tmp/Mail-ClamAV-0.22 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c ClamAV.xs:33: error: field `limits' has incomplete type ClamAV.xs: In function `clamav_perl__scanfd': ClamAV.xs:206: error: too many arguments to function `cl_scandesc' ClamAV.xs: In function `clamav_perl__scanfile': ClamAV.xs:247: error: too many arguments to function `cl_scanfile' ClamAV.xs: In function `clamav_perl_constant': ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) ClamAV.xs:298: error: (Each undeclared identifier is reported only once ClamAV.xs:298: error: for each function it appears in.) ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this function) ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this function) ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this function) ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this function) ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this function) ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this function) ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 175 BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 534. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 From MailScanner at ecs.soton.ac.uk Sat May 16 13:37:15 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 16 13:37:29 2009 Subject: OT - Issue with "Add Text Of Doc" feature In-Reply-To: References: <4A0EB37B.3020008@ecs.soton.ac.uk> Message-ID: On 15/05/2009 19:52, Mark Sapiro wrote: > Julian Field wrote: > >> On 14/05/2009 17:41, Mark Sapiro wrote: >> >>> Mark Sapiro wrote: >>> >>> >>>> It would be nice if you could grok >>>> >> That word doesn't appear in my Oxford dictionary... >> >>>> the encoding from the system locale >>>> and specify it, or barring that, provide a config option to set it. >>>> > > It's a reference from Robert Heinlein's 1961 novel _Stranger in a > Strange Land_. See for example > which, interestingly, claims it is in the Oxford English Dictionary. > You're absolutely right, it is in the Oxford English Dictionary, 11th Edition Revised. However, listed in the etymology of the word is "1960s: invented word". So I reserve the right not to use it :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sat May 16 19:07:24 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat May 16 19:07:39 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >I am using MailScanner with postfix and mail flow is normal till these days >and now i am finding the mail delay's regularly , > >When i went through the log and found mails are going in hold after that a >long delay and reque of the mail is happening and mail will sent >successfully. > here is the log > >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], >sasl_method=LOGIN, sasl_username=username@domain.com >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: >,username>@)??by smtp.domain.com (Postfix) with ESMTP id >B5AD361300F7??for ; Tue, 2 from unknown[192.168.1.1]; >from= to= proto=ESMTP helo= What are the MailScanner log entries between here and the Requeue at 15:16:48? >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: >message-id=<003f01c9c7c0$5786f380$0694da80$@com> >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to >6E0A36130112 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Sun May 17 09:13:59 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 09:14:19 2009 Subject: Mail-ClamAV-0.22 won't build Message-ID: My yesterdays' mail was more a Mail-ClamAV bug rather than install-clamav-spamassassin problem. When trying to compile the package : [root Mail-ClamAV-0.22]# perl Makefile.PL ; make ; make test ; make install i get this as output on the make command : Starting Build Compile Stage Starting "perl Makefile.PL" Stage Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c ClamAV.xs:33: error: field `limits' has incomplete type ClamAV.xs: In function `clamav_perl__scanfd': ClamAV.xs:206: error: too many arguments to function `cl_scandesc' ClamAV.xs: In function `clamav_perl__scanfile': ClamAV.xs:247: error: too many arguments to function `cl_scanfile' ClamAV.xs: In function `clamav_perl_constant': ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) ClamAV.xs:298: error: (Each undeclared identifier is reported only once ClamAV.xs:298: error: for each function it appears in.) ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this function) ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this function) ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this function) ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this function) ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this function) ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this function) ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this function) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 175 BEGIN failed--compilation aborted at /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm line 534. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 I checked if the patch included is the tarball was applied, so from /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 i tried : [root Mail-ClamAV-0.22]# patch -p0 < ../Mail-ClamAV-0.22.patch patching file ./t/Mail-ClamAV.t Reversed (or previously applied) patch detected! Assume -R? [n] so i just left things as they are. Google revealed that there are newer packages of Mail-ClamAV available however i guess there is a reason for including 0.22 in the mailscanner package rather than the latest version so i'm hesitating to go down that path. Any hints / pointers / tips on how to get Mail-ClamAV-0.22 to compile? Thanks! From MailScanner at ecs.soton.ac.uk Sun May 17 11:06:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 17 11:07:10 2009 Subject: Mail-ClamAV-0.22 won't build In-Reply-To: References: <4A0FE1B8.9010802@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just upgraded the ClamAV+SpamAssassin package to include Mail::ClamAV 0.29 for you. On 17/05/2009 09:13, Remco Barendse wrote: > My yesterdays' mail was more a Mail-ClamAV bug rather than > install-clamav-spamassassin problem. > > When trying to compile the package : > [root Mail-ClamAV-0.22]# perl Makefile.PL ; make ; make test ; make > install > > i get this as output on the make command : > Starting Build Compile Stage > Starting "perl Makefile.PL" Stage > Writing Makefile for Mail::ClamAV > Finished "perl Makefile.PL" Stage > > Starting "make" Stage > make[1]: Entering directory > `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' > > /usr/bin/perl /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -typemap > /usr/lib/perl5/5.8.8/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv > ClamAV.xsc ClamAV.c > gcc -c -I/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 > -I/usr/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe > -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -m32 > -march=i386 -mtune=pentium4 -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\" > -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" ClamAV.c > ClamAV.xs:33: error: field `limits' has incomplete type > ClamAV.xs: In function `clamav_perl__scanfd': > ClamAV.xs:206: error: too many arguments to function `cl_scandesc' > ClamAV.xs: In function `clamav_perl__scanfile': > ClamAV.xs:247: error: too many arguments to function `cl_scanfile' > ClamAV.xs: In function `clamav_perl_constant': > ClamAV.xs:298: error: `CL_ERAR' undeclared (first use in this function) > ClamAV.xs:298: error: (Each undeclared identifier is reported only once > ClamAV.xs:298: error: for each function it appears in.) > ClamAV.xs:299: error: `CL_EZIP' undeclared (first use in this function) > ClamAV.xs:300: error: `CL_EGZIP' undeclared (first use in this function) > ClamAV.xs:301: error: `CL_EBZIP' undeclared (first use in this function) > ClamAV.xs:302: error: `CL_EOLE2' undeclared (first use in this function) > ClamAV.xs:303: error: `CL_EMSCOMP' undeclared (first use in this > function) > ClamAV.xs:304: error: `CL_EMSCAB' undeclared (first use in this function) > ClamAV.xs:311: error: `CL_EPATSHORT' undeclared (first use in this > function) > ClamAV.xs:314: error: `CL_ECVDEXTR' undeclared (first use in this > function) > ClamAV.xs:315: error: `CL_EMD5' undeclared (first use in this function) > ClamAV.xs:316: error: `CL_EDSIG' undeclared (first use in this function) > ClamAV.xs:317: error: `CL_EIO' undeclared (first use in this function) > ClamAV.xs:319: error: `CL_ESUPPORT' undeclared (first use in this > function) > ClamAV.xs:329: error: `CL_DB_ACONLY' undeclared (first use in this > function) > ClamAV.xs:354: error: `CL_RAW' undeclared (first use in this function) > ClamAV.xs:355: error: `CL_ARCHIVE' undeclared (first use in this > function) > ClamAV.xs:356: error: `CL_MAIL' undeclared (first use in this function) > ClamAV.xs:357: error: `CL_OLE2' undeclared (first use in this function) > ClamAV.xs:358: error: `CL_ENCRYPTED' undeclared (first use in this > function) > make[1]: *** [ClamAV.o] Error 1 > make[1]: Leaving directory > `/tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV' > > > A problem was encountered while attempting to compile and install your > Inline > C code. The command that failed was: > make > > The build directory was: > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/_Inline/build/Mail/ClamAV > > > To debug the problem, cd to the build directory, and inspect the > output files. > > at > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm > line 175 > BEGIN failed--compilation aborted at > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22/blib/lib/Mail/ClamAV.pm > line 534. > Compilation failed in require. > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 25 > > > > I checked if the patch included is the tarball was applied, so from > /tmp/install-Clam-0.95.1-SA-3.2.5/perl-tar/Mail-ClamAV-0.22 > > i tried : > [root Mail-ClamAV-0.22]# patch -p0 < ../Mail-ClamAV-0.22.patch > patching file ./t/Mail-ClamAV.t > Reversed (or previously applied) patch detected! Assume -R? [n] > > so i just left things as they are. > > Google revealed that there are newer packages of Mail-ClamAV available > however i guess there is a reason for including 0.22 in the > mailscanner package rather than the latest version so i'm hesitating > to go down that path. > > Any hints / pointers / tips on how to get Mail-ClamAV-0.22 to compile? > > Thanks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKD+G5EfZZRxQVtlQRAtkhAJwMDk+S0qrp2ao644jh9Ev4oh49pQCfX3Jl urY5/CqttMh1lMOWOo8Uw9w= =9Lbi -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Sun May 17 12:20:41 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 12:21:00 2009 Subject: Mail-ClamAV-0.22 won't build In-Reply-To: References: <4A0FE1B8.9010802@ecs.soton.ac.uk> Message-ID: Great, this one builds fine, thanks!! On Sun, 17 May 2009, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just upgraded the ClamAV+SpamAssassin package to include > Mail::ClamAV 0.29 for you. > From mailscanner at barendse.to Sun May 17 12:38:50 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 12:39:12 2009 Subject: SpamAssassin 3.2.5 problem? Message-ID: Hi list! I am trying to verify my installation of SpamAssassin because i still get lots of spam. As i understood the way to test old versions of SA is this: spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf which runs fine and doesn't generate any errors. However when i try : spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf [8595] dbg: logger: adding facilities: all [8595] dbg: logger: logging level is DBG [8595] dbg: generic: SpamAssassin version 3.2.5 [8595] dbg: config: score set 0 chosen. [8595] dbg: util: running in taint mode? yes [8595] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [8595] dbg: util: PATH included '/usr/kerberos/sbin', keeping [8595] dbg: util: PATH included '/usr/kerberos/bin', keeping [8595] dbg: util: PATH included '/usr/local/sbin', keeping [8595] dbg: util: PATH included '/usr/local/bin', keeping [8595] dbg: util: PATH included '/sbin', keeping [8595] dbg: util: PATH included '/bin', keeping [8595] dbg: util: PATH included '/usr/sbin', keeping [8595] dbg: util: PATH included '/usr/bin', keeping [8595] dbg: util: PATH included '/usr/X11R6/bin', keeping [8595] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [8595] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [8595] dbg: dns: no ipv6 [8595] dbg: dns: is Net::DNS::Resolver available? yes [8595] dbg: dns: Net::DNS version: 0.65 and here it seems to hang endlessly, whereas --lint continues there with : [8614] dbg: dns: Net::DNS version: 0.65 [8614] dbg: diag: perl platform: 5.008008 linux [8614] dbg: diag: module installed: Digest::SHA1, version 2.11 I have no idea where to look for the problem if even debug mode hangs From steve.freegard at fsl.com Sun May 17 14:24:15 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun May 17 14:24:26 2009 Subject: SpamAssassin 3.2.5 problem? In-Reply-To: References: Message-ID: <4A100FFF.6090407@fsl.com> Remco Barendse wrote: > Hi list! > > I am trying to verify my installation of SpamAssassin because i still > get lots of spam. > > As i understood the way to test old versions of SA is this: > spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf > which runs fine and doesn't generate any errors. > > However when i try : > spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf > [8595] dbg: logger: adding facilities: all > [8595] dbg: logger: logging level is DBG > [8595] dbg: generic: SpamAssassin version 3.2.5 > [8595] dbg: config: score set 0 chosen. > [8595] dbg: util: running in taint mode? yes > [8595] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [8595] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [8595] dbg: util: PATH included '/usr/kerberos/bin', keeping > [8595] dbg: util: PATH included '/usr/local/sbin', keeping > [8595] dbg: util: PATH included '/usr/local/bin', keeping > [8595] dbg: util: PATH included '/sbin', keeping > [8595] dbg: util: PATH included '/bin', keeping > [8595] dbg: util: PATH included '/usr/sbin', keeping > [8595] dbg: util: PATH included '/usr/bin', keeping > [8595] dbg: util: PATH included '/usr/X11R6/bin', keeping > [8595] dbg: util: PATH included '/root/bin', which doesn't exist, dropping > [8595] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > [8595] dbg: dns: no ipv6 > [8595] dbg: dns: is Net::DNS::Resolver available? yes > [8595] dbg: dns: Net::DNS version: 0.65 > > and here it seems to hang endlessly, whereas --lint continues there with : That's user error - it hangs because it's waiting for the message on STDIN: spamassassin -D -t -p /etc/MailScanner/spam.assassin.prefs.conf < /path/to/test/message or /dev/null Regards, Steve. From ljosnet at gmail.com Sun May 17 16:17:20 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Sun May 17 16:17:29 2009 Subject: Blocking by character set In-Reply-To: <4A08793C.3070707@rma.edu> References: <4A087554.4090806@tmcaz.com> <4A08774A.7050507@USherbrooke.ca> <4A08793C.3070707@rma.edu> Message-ID: <910ee2ac0905170817m18906a41qfa9aa22beeced364@mail.gmail.com> If you use sendmail: LOCAL_CONFIG dnl # dnl regex map for character sets (not case-sensitive) KCharsetKorean regex -a@MATCH charset=.*(euc-kr|korean|ks.*c|koi8|iso-2022-kr|KS_C_5601-1987) KCharsetChinese regex -a@MATCH charset=.*(big5|Chinese|cn|gb|koi8|iso-2022-jp|EUC-TW) dnl # LOCAL_RULESETS dnl # ################################################################## # Local ruleset - Check Content-Type: # ################################################################## dnl Reject based on Content-Type header HContent-Type: $>CheckContentType D{NoKoreanMsg}Korean not spoken here. D{NoChineseMsg}Chinese not spoken here. SCheckContentType R$* $: $(CharsetKorean $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoKoreanMsg} R$* $: $(CharsetChinese $&{currHeader} $) R@MATCH $#error $: 550 5.7.0 ${NoChineseMsg} On Mon, May 11, 2009 at 7:15 PM, Brendan Pirie wrote: > Denis Beauchemin wrote: >> >> Paul Lemmons a ?crit : >>> >>> Is there any way to recognize a particular character set in a message and >>> block based on it. We are a non-international company and 100% of the email >>> containing non-English characters is spam. I would like to use that to my >>> advantage and simply block mail containing (to us) foreign character sets. >> >> Paul, >> >> Maybe this SA option could do the trick (from man >> Mail::SpamAssassin::Conf): >> ok_locales xx [ yy zz ... ] (default: all) >> ? This option is used to specify which locales are considered OK for >> incoming mail. Mail using the character sets that are allowed by this option >> will not be marked as possibly being spam in a foreign language. >> >> ? If you receive lots of spam in foreign languages, and never get any >> non-spam in these languages, this may help. Note that all ISO-8859-* >> character sets, and Windows code page character sets, are always permitted >> by default. >> >> ? Set this to all to allow all character sets. This is the default. >> >> ? The rules CHARSET_FARAWAY, CHARSET_FARAWAY_BODY, and >> CHARSET_FARAWAY_HEADERS are triggered based on how this is set. >> >> ? Examples: >> >> ? ? ok_locales all ? ? ? ? (allow all locales) >> ? ? ok_locales en ? ? ? ? ?(only allow English) >> ? ? ok_locales en ja zh ? ?(allow English, Japanese, and Chinese) >> >> ? Note: if there are multiple ok_locales lines, only the last one is used. >> >> ? Select the locales to allow from the list below: >> >> en - Western character sets in general >> ja - Japanese character sets >> ko - Korean character sets >> ru - Cyrillic character sets >> th - Thai character sets >> zh - Chinese (both simplified and traditional) character sets >> >> normalize_charset ( 0 | 1) (default: 0) >> ? Whether to detect character sets and normalize message content to >> Unicode. Requires the Encode::Detect module, HTML::Parser version 3.46 or >> later, and Perl 5.8.5 or later. >> >> Denis >> > > Another possible option is the TextCat plugin included with spamassassin. > > Brendan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mailscanner at barendse.to Sun May 17 20:25:37 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 17 20:25:54 2009 Subject: Using archive rule for spam gathering? Message-ID: On my quest to fight spam i would like to feed sa-learn with more guaranteed positives. I have some mail servers that relay e-mail for a domain for which those servers never locally receive mail. Under that domain however there are several addresses that are not active anymore for some years but still do get lots and lots o spam. Is using an archive rule a good idea to 'snatch' these mails from the flow and send them to my local spam box? I would use a rule like this : Fromorto: gimmesome@vaag.nu spam@barendse.to I would prefer delivering it to the spam box immediately (similar like using a .forward rule but this obviously doesn't work when mail is not delivered locally. Will using the archive rule create an endless loop resulting in storm of more and more e-mails or is there another (better) way? Is there anything other i need to consider? Should i white or blacklist something? Thanks! From shyamph at gmail.com Mon May 18 08:40:45 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Mon May 18 08:40:54 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: Hi , Between the actual time and and the re-queue time there are lot mails delivered, Sorry I can not take the log as it is huge or give me some time i will paste. mailq was 60. Thanks in advance Shyam On Sat, May 16, 2009 at 11:37 PM, Mark Sapiro wrote: > shyam hirurkar wrote: > > > >I am using MailScanner with postfix and mail flow is normal till these > days > >and now i am finding the mail delay's regularly , > > > >When i went through the log and found mails are going in hold after that a > >long delay and reque of the mail is happening and mail will sent > >successfully. > > here is the log > > > >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], > >sasl_method=LOGIN, sasl_username=username@domain.com > >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header > >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: > >,username>@)??by smtp.domain.com (Postfix) with ESMTP id > >B5AD361300F7??for ; Tue, 2 from > unknown[192.168.1.1]; > >from= to= proto=ESMTP helo= > > > What are the MailScanner log entries between here and the Requeue at > 15:16:48? > > > >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: > >message-id=<003f01c9c7c0$5786f380$0694da80$@com> > >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to > >6E0A36130112 > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/717bdcc9/attachment.html From nelsonduvall at gmail.com Mon May 18 10:28:04 2009 From: nelsonduvall at gmail.com (Nelson Vale) Date: Mon May 18 10:28:13 2009 Subject: Warning Is Attachment Message-ID: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> Hi all, I've got MailScanner 4.58.9 running on my system and I'am having some trouble with the "Warning Is Attachment" option, because no matter the value in it I always receive warnings as attachments. Is there anything I can do to fix this? Tanks in advance for any help Nelson Vale My configuration is as follows: %org-name% = MailScanner %org-long-name% = MailScanner %web-site% = www.mailscanner.info %etc-dir% = /usr/lib/mailscanner/etc %report-dir% = /usr/lib/mailscanner/etc/reports/en %rules-dir% = /usr/lib/mailscanner/etc/rules %mcp-dir% = /usr/lib/mailscanner/etc/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 10 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = no Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 5 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/lib/sav Sophos Lib Dir = /usr/lib Monitors For Sophos Updates = /usr/lib/sav/*ides.zip ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = no ###########Log IFrame Tags = no Allow Form Tags = no Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = no Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = us-ascii Archive Mail = Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\ nwww.mailscanner.info Notices From = MailScanner Notices To = nelsonduvall@gmail.com Local Postmaster = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = A0 A1 A2 A3 A4 Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 5 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = no Max SpamAssassin Size = 40k Required SpamAssassin Score = 5 High SpamAssassin Score = 20 SpamAssassin Auto Whitelist = yes #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Always Include SpamAssassin Report = no SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = # /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/mailscanner/lib/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/c553b3a7/attachment.html From J.Ede at birchenallhowden.co.uk Mon May 18 10:53:38 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon May 18 10:54:10 2009 Subject: Warning Is Attachment In-Reply-To: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> References: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> Message-ID: <1213490F1F316842A544A850422BFA96500989E0@BHLSBS.bhl.local> Hi, 4.58 is ancient (Feb 2007?). I suspect the general response will be to upgrade to the lastest version. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Nelson Vale Sent: 18 May 2009 10:28 To: mailscanner@lists.mailscanner.info Subject: Warning Is Attachment Hi all, I've got MailScanner 4.58.9 running on my system and I'am having some trouble with the "Warning Is Attachment" option, because no matter the value in it I always receive warnings as attachments. Is there anything I can do to fix this? Tanks in advance for any help Nelson Vale My configuration is as follows: %org-name% = MailScanner %org-long-name% = MailScanner %web-site% = www.mailscanner.info %etc-dir% = /usr/lib/mailscanner/etc %report-dir% = /usr/lib/mailscanner/etc/reports/en %rules-dir% = /usr/lib/mailscanner/etc/rules %mcp-dir% = /usr/lib/mailscanner/etc/mcp Max Children = 5 Run As User = Run As Group = Queue Scan Interval = 10 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = no Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 5 Find Archives By Content = yes Virus Scanning = yes Virus Scanners = clamav Virus Scanner Timeout = 300 Deliver Disinfected Files = yes Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/lib/sav Sophos Lib Dir = /usr/lib Monitors For Sophos Updates = /usr/lib/sav/*ides.zip ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = no ###########Log IFrame Tags = no Allow Form Tags = no Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = no Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = yes Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = no Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = us-ascii Archive Mail = Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = nelsonduvall@gmail.com Local Postmaster = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = A0 A1 A2 A3 A4 Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 5 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 150000 Use SpamAssassin = no Max SpamAssassin Size = 40k Required SpamAssassin Score = 5 High SpamAssassin Score = 20 SpamAssassin Auto Whitelist = yes #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf Always Include SpamAssassin Report = no SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = # /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.58.9 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/mailscanner/lib/MailScanner/CustomFunctions Lock Type = Minimum Code Status = supported -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/87bbf556/attachment.html From mikael at syska.dk Mon May 18 11:40:39 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 11:41:02 2009 Subject: Some messages dont get scanned ... how to debug it? Message-ID: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Hi list, I have some problems with my MailScanner installation. OS: FreeBSD 7.0 MailScanner: MailScanner-4.75.11 SpamAssassin: SpamAssassin-3.2.5 Some mails dont get tagged as spam ... but if I run: spamassassin -t < email Most if not all messages get a score over 30 ... so its not all the time the messages dont get scanned. How did it start: Updated sa-rules official rules Installed FuzzyOcr witch is disabled now ... I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this would maybe solve the problem, but no luck ... So ... how do I start debugging it ... I'm lost here. Since its not all messages that dont get scanned. mvh From MailScanner at ecs.soton.ac.uk Mon May 18 11:54:48 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 18 11:55:20 2009 Subject: Warning Is Attachment In-Reply-To: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> References: <38a4524a0905180228l5dfd5f2bs52f8d47913d0b8a7@mail.gmail.com> <4A113E78.8020904@ecs.soton.ac.uk> Message-ID: This appears this way in Outlook due to faulty inline-file handling in Outlook. On 18/05/2009 10:28, Nelson Vale wrote: > Hi all, > > I've got MailScanner 4.58.9 running on my system and I'am having some > trouble with the "Warning Is Attachment" option, because no matter the > value in it I always receive warnings as attachments. > > Is there anything I can do to fix this? > > > Tanks in advance for any help > > > Nelson Vale > > > > My configuration is as follows: > > %org-name% = MailScanner > %org-long-name% = MailScanner > %web-site% = www.mailscanner.info > %etc-dir% = /usr/lib/mailscanner/etc > %report-dir% = /usr/lib/mailscanner/etc/reports/en > %rules-dir% = /usr/lib/mailscanner/etc/rules > %mcp-dir% = /usr/lib/mailscanner/etc/mcp > Max Children = 5 > Run As User = > Run As Group = > Queue Scan Interval = 10 > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = sendmail > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 800 > Scan Messages = yes > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = no > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 5 > Find Archives By Content = yes > Virus Scanning = yes > Virus Scanners = clamav > Virus Scanner Timeout = 300 > Deliver Disinfected Files = yes > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = yes > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/lib/sav > Sophos Lib Dir = /usr/lib > Monitors For Sophos Updates = /usr/lib/sav/*ides.zip > ###Monitors for ClamAV Updates = /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = no > ###########Log IFrame Tags = no > Allow Form Tags = no > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Web Bug Replacement = > http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif > Allow Object Codebase Tags = no > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.rules.conf > Allow Filetypes = > Deny Filetypes = > Filetype Rules = %etc-dir%/filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = > %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > Stored Bad Content Message Report = > %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet > E-Mail Service Provider for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = yes > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Modify Subject = no # end > Scanned Subject Text = {Scanned} > Virus Modify Subject = yes > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = yes > High Scoring Spam Subject Text = {Spam?} > Warning Is Attachment = no > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = us-ascii > Archive Mail = > Send Notices = no > Notices Include Full Headers = no > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus > Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = nelsonduvall@gmail.com > Local Postmaster = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = A0 A1 A2 A3 A4 > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 5 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 20 > Max Spam Check Size = 150000 > Use SpamAssassin = no > Max SpamAssassin Size = 40k > Required SpamAssassin Score = 5 > High SpamAssassin Score = 20 > SpamAssassin Auto Whitelist = yes > #SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf > Always Include SpamAssassin Report = no > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = no > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver > High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = # /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Local State Dir = # /var/lib/spamassassin > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = start > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.58.9 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = no > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = > /usr/lib/mailscanner/lib/MailScanner/CustomFunctions > Lock Type = > Minimum Code Status = supported Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Mon May 18 12:08:00 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Mon May 18 12:08:19 2009 Subject: Virus slipped through this morning Message-ID: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> Hello, just wanted to check if anyone here had this one coming through today, it seems neither MailScanner og clamav catched it. Fortunately nod32 blocked it on my computer. http://pastebin.com/m5c3f87bd Inside this zip file is a .exe virus. :) From ms-list at alexb.ch Mon May 18 12:16:57 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon May 18 12:17:11 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <4A1143A9.30503@alexb.ch> On 5/18/2009 12:40 PM, Mikael Syska wrote: > Hi list, > > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 > > Some mails dont get tagged as spam ... but if I run: > spamassassin -t < email > > Most if not all messages get a score over 30 ... so its not all the > time the messages dont get scanned. > > How did it start: > Updated sa-rules official rules > Installed FuzzyOcr witch is disabled now ... > > I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this > would maybe solve the problem, but no luck ... > > So ... how do I start debugging it ... I'm lost here. Since its not > all messages that dont get scanned. Is there a pattern in the msg size? Alex From cobalt-users1 at fishnet.co.uk Mon May 18 12:22:43 2009 From: cobalt-users1 at fishnet.co.uk (Ian) Date: Mon May 18 12:23:09 2009 Subject: OT: (Fwd) Evasion with OLE2 Fragmentation Message-ID: <4A115313.13953.1A33707E@cobalt-users1.fishnet.co.uk> Hi, I saw this on the Security Focus PenTest list and thought it may be relevant here. It describes a technique to evade Virus Scanners using MS Office Documents. Regards Ian -- ------- Forwarded message follows ------- Date sent: Fri, 15 May 2009 08:40:27 -0500 To: pen-test@securityfocus.com Subject: Evasion with OLE2 Fragmentation From: "H D Moore" Date forwarded: Fri, 15 May 2009 21:37:44 -0600 (MDT) Something to keep in mind when using Office doc exploits during penetration tests: - http://www.breakingpointsystems.com/community/blog/evasion-with-ole2-fragmentation (links active within in the article itself) -- At BreakingPoint, we provide comprehensive coverage of Microsoft Tuesday patches. This Tuesday was no different and we released StrikePacks 45799 and 45800 to cover MS09-017 (the PowerPoint vulnerabilities). In addition to writing exploits for these flaws, we also research application-specific evasion methods. In the case of file format flaws, we support evasion at every level, including techniques like IP fragmentation, alternate MIME encodings, HTTP compression, and data randomization within the files themselves. While working on Strike coverage for MS09-017, we discovered a simple way to bypass mainstream anti-virus and IPS signatures for malicious Office documents. This post talks about the method we used and some of our test results against popular anti-virus products. Microsoft Office documents have been abused by security researchers and malware writers for many years. In 1999, Melissa, one of the first email viruses, used Visual Basic macros to send itself to all addresses in the victim's address book. Since then, macro security has been greatly improved, and attackers have moved on to exploiting parsing flaws in the Office software itself. This month, Microsoft released patches to address 14 vulnerabilities in the PowerPoint document parsers. Unlike traditional network attacks, file format flaws are notoriously difficult for IPS vendors to identify accurately. To remedy this, the anti-virus industry has added file format exploit detection into both desktop and network gateway scanning products. Office documents are some of the most convoluted file formats in wide-spread use. The basic structure of these files is based on the Compound Document Format (OLE2 Structured Storage). This format is essentially a block-based filesystem with specific files and directories for each type and version of Office document. The actual "file" entries within these documents are also proprietary and change based on the version and features of the Office software used to create them. In order to detect a file format exploit, the parsing software needs to understand OLE2, locate the correct entry containing the document contents, and parse through that content to locate the specific structure that triggers the exploit. This process is CPU intensive and requires the parsing software to have a deep understanding of the version-specific Office document data inside of the OLE2 container. Creating software to do this correctly is expensive and time consuming, so the easy solution is to ignore the document format entirely and just scan for exploit-specific signatures. This is what most anti-virus and IPS products do today. Just like most block-based filesystems, the OLE2 format is susceptible to fragmentation. When the Office software wants to write data, it tries to consume any available free blocks before allocating new ones. The OLE2 format has two different block tables; one for small entries (normally set to be less than 4096 bytes), and another for larger contiguous segments. Although fragmentation can occur during normal editing of an Office document, it is rare for documents to be heavily fragmented. It turns out that there is an excellent OLE library for Ruby, written by a developer who goes by aquasync. This library makes it easy to create and modify Compound Document files. With a little bit of scripting, we were able to create a tool (available below) to force heavy fragmentation of Office documents. Out first test of this tool used a Melissa variant as the base document. Uploading the raw Melissa Word document to VirusTotal.com resulted in 39 out of 40 AV products recognizing the document as malicious. After running this file through the refragmenter script, the results were only 10 out of 40. This is horrible coverage for a file that had the exact same OLE2 contents as the original sample, albeit in a different block order. Any product able to parse OLE2 streams correctly should be able to identify this file just as accurately as the non-fragmented version. Once we modifed the script to use 64 byte writes instead of 512, we only see detection in 7 out of 40 products. Keep in mind that this malware was originally released in 1999! Melissa may not be the best choice for testing modern anti-virus capabilities. Instead, lets look at a live sample of the Microsoft Word exploit for CVE-2007-0515 (MS07-014). The original, unmodified version of this document is detected by 25 out of 40 anti-virus products. Using the refragmenter script with 64 byte writes, only 1 out of 40 products detected the file as malicious, and this detection was for a different vulnerability (MS06-060). IPS and IDS developers have a great excuse for poor Office document coverage - this type of analysis is difficult and processor intensive. However, this is precisely the area where anti-virus products are supposed to succeed. Its embarrassing that so many products fail to detect known threats that have the exact same byte stream, just reordered using a mechanism that occurs in real documents. In our testing, the only public tool that can accurately identify fragmented Office documents is Office Cat, written by Lurene Grenier of the Sourcefire VRT. This tool uses the Windows OLE API to parse each stream, regardless of fragmentation, and scans deep into the document format to detect individual exploits. All BreakingPoint Strikes that target Office document flaws have been updated to support the OLE::RefragmentData option, which performs an operation similar to the refragmenter Ruby script below. The refragmenter script can be downloaded from: http://www.breakingpointsystems.com/community/files/refragmenter.rb This script depends on the ruby-ole library, which can be found online at http://code.google.com/p/ruby-ole/ For more information about Office document flaws and exploitation methods, we recommend Bruce Dang's Black Hat USA 2008 presentation Methods for Understanding Targeted Attacks with Office Documents (http://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html). -HD ------- End of forwarded message ------- -------------- next part -------------- A non-text attachment was scrubbed... Name: WPM$33C5.PM$ Type: application/octet-stream Size: 7013 bytes Desc: Mail message body Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/ca92612d/WPM33C5.obj From maxsec at gmail.com Mon May 18 13:14:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon May 18 13:14:51 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> In the messages that aren't being trapped, are the X-MailScanner headers present? 2009/5/18 Mikael Syska > Hi list, > > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 > > Some mails dont get tagged as spam ... but if I run: > spamassassin -t < email > > Most if not all messages get a score over 30 ... so its not all the > time the messages dont get scanned. > > How did it start: > Updated sa-rules official rules > Installed FuzzyOcr witch is disabled now ... > > I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this > would maybe solve the problem, but no luck ... > > So ... how do I start debugging it ... I'm lost here. Since its not > all messages that dont get scanned. > > mvh > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/0c1e400d/attachment.html From campbell at cnpapers.com Mon May 18 19:30:59 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Mon May 18 19:31:18 2009 Subject: OT sendmail wildcard aliases Message-ID: <4A11A963.1010008@cnpapers.com> I've done a little research on my own, but am not understanding what all I've read. I've got a request to set up all email that goes to userXX@mydomain.com to go to user@mydomain.com. (The XX is a random number between 00-99. How would this be done and in which table should I place it if it's do-able? Thanks Steve Campbell From bpirie at rma.edu Mon May 18 20:16:39 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Mon May 18 20:16:58 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11A963.1010008@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> Message-ID: <4A11B417.7060908@rma.edu> Sounds like a job for virtusertable. Steve Campbell wrote: > I've done a little research on my own, but am not understanding what > all I've read. I've got a request to set up all email that goes to > userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > number between 00-99. > > How would this be done and in which table should I place it if it's > do-able? > > Thanks > > Steve Campbell > > > From campbell at cnpapers.com Mon May 18 20:19:33 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Mon May 18 20:19:47 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11A963.1010008@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> Message-ID: <4A11B4C5.9040507@cnpapers.com> Steve Campbell wrote: > I've done a little research on my own, but am not understanding what > all I've read. I've got a request to set up all email that goes to > userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > number between 00-99. > > How would this be done and in which table should I place it if it's > do-able? > > Thanks > > Steve Campbell To make this simpler for the group of people here, is there a way to do this in MailScanner (hadn't thought of that during the first post)? I don't want to whitelist them, so putting them in spam.whitelist .rules is not an optionl. Does MS have a generic place to put things like this for this situation? Creating the rulesets, etc for sendmail seems overkill, but might work better. Something maybe like To: user[0-9][0-9] /@mydomain.com user@mydomain.com Not sure that's the proper syntax, and I don't think it would cover user4 either, but where might I put this to still get just the redirection? Thanks. steve > > > From mikael at syska.dk Mon May 18 21:04:00 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 21:04:10 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <4A1143A9.30503@alexb.ch> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> Message-ID: <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Hi On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: > On 5/18/2009 12:40 PM, Mikael Syska wrote: >> >> Hi list, >> >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 >> >> Some mails dont get tagged as spam ... but if I run: >> spamassassin -t < email >> >> Most if not all messages get a score over 30 ... so its not all the >> time the messages dont get scanned. >> >> How did it start: >> Updated sa-rules official rules >> Installed FuzzyOcr witch is disabled now ... >> >> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >> would maybe solve the problem, but no luck ... >> >> So ... how do I start debugging it ... I'm lost here. Since its not >> all messages that dont get scanned. > > Is there a pattern in the msg size? There are not any patern in the size ... as most spam we get are below 10 kbyte ... so are the size of all the spam mails that are not tagged with anything ... not even BAYES :-s > > Alex > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ka at pacific.net Mon May 18 21:09:30 2009 From: ka at pacific.net (Ken A) Date: Mon May 18 21:09:51 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11B4C5.9040507@cnpapers.com> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> Message-ID: <4A11C07A.9060305@pacific.net> Steve Campbell wrote: > > > Steve Campbell wrote: >> I've done a little research on my own, but am not understanding what >> all I've read. I've got a request to set up all email that goes to >> userXX@mydomain.com to go to user@mydomain.com. (The XX is a random >> number between 00-99. >> >> How would this be done and in which table should I place it if it's >> do-able? Could you approach it using user+detail addressing? ie: user+[00-99]@domain.com ? Then you wouldn't have to do anything. :-) Ken >> >> Thanks >> >> Steve Campbell > > To make this simpler for the group of people here, is there a way to do > this in MailScanner (hadn't thought of that during the first post)? I > don't want to whitelist them, so putting them in spam.whitelist .rules > is not an optionl. Does MS have a generic place to put things like this > for this situation? Creating the rulesets, etc for sendmail seems > overkill, but might work better. > > Something maybe like > > To: user[0-9][0-9] /@mydomain.com user@mydomain.com > > Not sure that's the proper syntax, and I don't think it would cover > user4 either, but where might I put this to still get just the redirection? > > Thanks. > > steve > >> >> >> > -- Ken Anderson Pacific Internet - http://www.pacific.net From mikael at syska.dk Mon May 18 21:12:48 2009 From: mikael at syska.dk (Mikael Syska) Date: Mon May 18 21:13:02 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <72cf361e0905180514t2da00cferab05556c521a160d@mail.gmail.com> Message-ID: <6beca9db0905181312u373e2463vc47c511a61cdcd64@mail.gmail.com> Hi, ( The problem is kind a solved ... removed all rules from: saupdates.openprotect.com sought.rules.yerp.org only using: updates.spamassassin.org disabled FuzzyOcr ... now I will try and enable them one by one ... and see what might cause the problem ... Hate to do spam debugging on demand :-) *hehe* No, the mails does not contain any X-MailScanner headers as I can see from the mailwatch interface. Or ... the spamassassin get a error/fault and MailScanner just passes the messege through the system ... but its random, scanning them from the command line does not trigger any errors I will post a few headers of the ones that does not get scanned... maybe there are a pattern I dont see: ( out domain names are masked out with xxx.xx ) Received: from pbmakefk (81.203.175.46.dyn.user.ono.com [81.203.175.46]) by spam02.xxx.xx (Postfix) with ESMTP id 2E8F419457E; Mon, 18 May 2009 12:34:34 +0200 (CEST) Date: Mon, 18 May 2009 02:39:44 -0700 To: From: "Olinda Viki" Message-ID: <1242639584.4739@jathomas.com> Subject: 2009 Latest Models Best Quality Rep1icaWatches from $200, nRolex, Breitling, Chanel, Cartier, Omega and more. hicx j65 Sender: X-Sender: Reply-To: "Olinda Viki" Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit Received: from c5850-2.222.sinor.ru (unknown [90.189.167.222]) by spam02.xxx.xx (Postfix) with ESMTP id A2143194540 for ; Mon, 18 May 2009 12:34:22 +0200 (CEST) From: "Petet Danilo" To: ionelcostelloshinbone@xxx.xx Subject: Watched that site? Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20090518103422.A2143194540@spam02.xxx.xx> Date: Mon, 18 May 2009 12:34:22 +0200 (CEST) Received: from vs186.mirohost.net (vs186.mirohost.net [193.178.144.55]) by spam02.xxx.xx(Postfix) with SMTP id CA3D019452D for ; Mon, 18 May 2009 12:33:34 +0200 (CEST) X-Priority: 3 (Normal) Date: Mon, 18 May 2009 13:33:35 +0300 Message-ID: <01C9D7A4.547E7A1E@vs186.mirohost.net> From: To: Subject: There's nothing so good for a Pobble's toes! Reply-To: X-Mailer: Sendmail Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit On Mon, May 18, 2009 at 2:14 PM, Martin Hepworth wrote: > In the messages that aren't being trapped, are the X-MailScanner headers > present? > > 2009/5/18 Mikael Syska >> >> Hi list, >> >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 >> >> Some mails dont get tagged as spam ... but if I run: >> spamassassin -t < email >> >> Most if not all messages get a score over 30 ... so its not all the >> time the messages dont get scanned. >> >> How did it start: >> Updated sa-rules official rules >> Installed FuzzyOcr witch is disabled now ... >> >> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >> would maybe solve the problem, but no luck ... >> >> So ... how do I start debugging it ... I'm lost here. Since its not >> all messages that dont get scanned. >> >> mvh >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ssilva at sgvwater.com Mon May 18 22:36:12 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon May 18 22:40:13 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Message-ID: on 5-18-2009 1:04 PM Mikael Syska spake the following: > Hi > > On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: >> On 5/18/2009 12:40 PM, Mikael Syska wrote: >>> Hi list, >>> >>> I have some problems with my MailScanner installation. >>> >>> OS: FreeBSD 7.0 >>> MailScanner: MailScanner-4.75.11 >>> SpamAssassin: SpamAssassin-3.2.5 >>> >>> Some mails dont get tagged as spam ... but if I run: >>> spamassassin -t < email >>> >>> Most if not all messages get a score over 30 ... so its not all the >>> time the messages dont get scanned. >>> >>> How did it start: >>> Updated sa-rules official rules >>> Installed FuzzyOcr witch is disabled now ... >>> >>> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >>> would maybe solve the problem, but no luck ... >>> >>> So ... how do I start debugging it ... I'm lost here. Since its not >>> all messages that dont get scanned. >> Is there a pattern in the msg size? > > There are not any patern in the size ... as most spam we get are below > 10 kbyte ... so are the size of all the spam mails that are not tagged > with anything ... not even BAYES :-s > Any "spamassassin timed out..." messages in the logs? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090518/877d92f1/signature.bin From ajcartmell at fonant.com Mon May 18 22:48:52 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon May 18 22:49:07 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11C07A.9060305@pacific.net> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: > Could you approach it using user+detail addressing? > ie: user+[00-99]@domain.com ? > Then you wouldn't have to do anything. :-) +1 This is what I do for my web application that needs many unique addresses delivered to a single mailbox. Cheers! Anthony -- www.fonant.com - Quality web sites From csags0 at prodigy.net.mx Mon May 18 23:43:27 2009 From: csags0 at prodigy.net.mx (Jorge Arenas) Date: Mon May 18 23:43:40 2009 Subject: jpg file quarantined like program References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: Hi: I hope someone can help me, MailScanner is stopping jpg files because filetype found a program in the file Logs: May 18 08:05:40 MailScanner[26740]: Filetype Checks: No executables (n4ID5VeT032705 166245Delfines.jpg) May 18 08:05:40 MailScanner[26740]: Other Checks: Found 1 problems May 18 08:05:40 MailScanner[26740]: Virus and Content Scanning: Starting May 18 08:05:44 MailScanner[26740]: Virus Scanning completed at 161379 bytes per second May 18 08:05:44 MailScanner[26740]: Saved entire message to /var/spool/MailScanner/quarantine/20090518/n4ID5VeT032705 May 18 08:05:44 MailScanner[26740]: Saved infected "166245Delfines.jpg" to /var/spool/MailScanner/quarantine/20090518/n4ID5VeT032705 I believe MS uses file to determine the type so, I execute: # file 166245Delfines.jpg 166245Delfines.jpg: JPEG image data, JFIF standard 1.01, comment: " " I do not know why MS detect an Executable in this type of file can anyone help me thanks in advance Jorge Arenas From hvdkooij at vanderkooij.org Tue May 19 00:12:44 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 19 00:12:54 2009 Subject: Virus slipped through this morning In-Reply-To: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> Message-ID: <4A11EB6C.3000100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lj?snet wrote: > Hello, just wanted to check if anyone here had this one coming through > today, it seems neither MailScanner og clamav catched it. > > Fortunately nod32 blocked it on my computer. > > http://pastebin.com/m5c3f87bd > > Inside this zip file is a .exe virus. :) There is nothing usefull there. Where is the ZIP file? I like to see if I can test it against a bunch of scanners. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO =1Hbe -----END PGP SIGNATURE----- From mikael at syska.dk Tue May 19 00:17:33 2009 From: mikael at syska.dk (Mikael Syska) Date: Tue May 19 00:17:41 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A1143A9.30503@alexb.ch> <6beca9db0905181304j72118c48ja059d76914c1a33d@mail.gmail.com> Message-ID: <6beca9db0905181617qd8fda83jce78f830fa3c7c73@mail.gmail.com> On Mon, May 18, 2009 at 11:36 PM, Scott Silva wrote: > on 5-18-2009 1:04 PM Mikael Syska spake the following: >> Hi >> >> On Mon, May 18, 2009 at 1:16 PM, Alex Broens wrote: >>> On 5/18/2009 12:40 PM, Mikael Syska wrote: >>>> Hi list, >>>> >>>> I have some problems with my MailScanner installation. >>>> >>>> OS: FreeBSD 7.0 >>>> MailScanner: MailScanner-4.75.11 >>>> SpamAssassin: SpamAssassin-3.2.5 >>>> >>>> Some mails dont get tagged as spam ... but if I run: >>>> spamassassin -t < email >>>> >>>> Most if not all messages get a score over 30 ... so its not all the >>>> time the messages dont get scanned. >>>> >>>> How did it start: >>>> Updated sa-rules official rules >>>> Installed FuzzyOcr witch is disabled now ... >>>> >>>> I have updated from mailscanner version 46.7.x to 4.75.11 ( hoped this >>>> would maybe solve the problem, but no luck ... >>>> >>>> So ... how do I start debugging it ... I'm lost here. Since its not >>>> all messages that dont get scanned. >>> Is there a pattern in the msg size? >> >> There are not any patern in the size ... as most spam we get are below >> 10 kbyte ... so are the size of all the spam mails that are not tagged >> with anything ... not even BAYES :-s >> > Any "spamassassin timed out..." messages in the logs? Not that I can see ... I guess "timeout" from spamassassin should show up in the logs per default without turning DEBUG on for either MS or SA ... I saw some: May 18 09:52:04 spam02 MailScanner[1220]: Disabled RBL DSBL as reached 7/10 timeouts But ... it just disables that RBL list ... it was DSBL and I know its dead now ... 2 month ago, but now its gone. But this have not been the problem. So ... I'm still trying to figure out what went wrong ... :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From ljosnet at gmail.com Tue May 19 00:23:47 2009 From: ljosnet at gmail.com (=?ISO-8859-1?Q?Lj=F3snet?=) Date: Tue May 19 00:24:08 2009 Subject: Virus slipped through this morning In-Reply-To: <4A11EB6C.3000100@vanderkooij.org> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org> Message-ID: <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> www.efnet.is/Info08.zip On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Lj?snet wrote: >> Hello, just wanted to check if anyone here had this one coming through >> today, it seems neither MailScanner og clamav catched it. >> >> Fortunately nod32 blocked it on my computer. >> >> http://pastebin.com/m5c3f87bd >> >> Inside this zip file is a .exe virus. :) > > There is nothing usefull there. Where is the ZIP file? I like to see if > I can test it against a bunch of scanners. > > Hugo > > > - -- > hvdkooij@vanderkooij.org ? ? ? ? ? ? ? http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > ? ? ? ?A: Yes. > ? ? ? ?>Q: Are you sure? > ? ? ? ?>>A: Because it reverses the logical flow of conversation. > ? ? ? ?>>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi > Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO > =1Hbe > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From campbell at cnpapers.com Tue May 19 01:01:22 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Tue May 19 01:01:41 2009 Subject: OT sendmail wildcard aliases In-Reply-To: <4A11C07A.9060305@pacific.net> References: <4A11A963.1010008@cnpapers.com> <4A11B4C5.9040507@cnpapers.com> <4A11C07A.9060305@pacific.net> Message-ID: <1242691282.4a11f6d29dc24@perdition.cnpapers.net> Quoting Ken A : > Steve Campbell wrote: > > > > > > Steve Campbell wrote: > >> I've done a little research on my own, but am not understanding what > >> all I've read. I've got a request to set up all email that goes to > >> userXX@mydomain.com to go to user@mydomain.com. (The XX is a random > >> number between 00-99. > >> > >> How would this be done and in which table should I place it if it's > >> do-able? > > Could you approach it using user+detail addressing? > ie: user+[00-99]@domain.com ? > Then you wouldn't have to do anything. :-) > Ken > > >> > >> Thanks > >> > >> Steve Campbell > > > > To make this simpler for the group of people here, is there a way to do > > this in MailScanner (hadn't thought of that during the first post)? I > > don't want to whitelist them, so putting them in spam.whitelist .rules > > is not an optionl. Does MS have a generic place to put things like this > > for this situation? Creating the rulesets, etc for sendmail seems > > overkill, but might work better. > > > > Something maybe like > > > > To: user[0-9][0-9] /@mydomain.com user@mydomain.com > > > > Not sure that's the proper syntax, and I don't think it would cover > > user4 either, but where might I put this to still get just the > redirection? > > > > Thanks. > > > > steve > > > >> > >> > >> > > > > > -- > Ken Anderson > Pacific Internet - http://www.pacific.net > -- Ken, Yeah, I thought about that. I'm not designing the system that will generate these addresses. If I can convince them to use the "+number" stuff, it'd be a piece of cake. Thanks for the tip. steve ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From ms-list at alexb.ch Tue May 19 05:58:38 2009 From: ms-list at alexb.ch (Alex Broens) Date: Tue May 19 05:58:48 2009 Subject: Virus slipped through this morning In-Reply-To: <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org> <910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> Message-ID: <4A123C7E.8080407@alexb.ch> On 5/19/2009 1:23 AM, Lj?snet wrote: > www.efnet.is/Info08.zip clamdscan Info08.zip /tmp/virus/Info08.zip: Broken.Executable FOUND > On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Lj?snet wrote: >>> Hello, just wanted to check if anyone here had this one coming through >>> today, it seems neither MailScanner og clamav catched it. >>> >>> Fortunately nod32 blocked it on my computer. >>> >>> http://pastebin.com/m5c3f87bd >>> >>> Inside this zip file is a .exe virus. :) >> There is nothing usefull there. Where is the ZIP file? I like to see if >> I can test it against a bunch of scanners. >> >> Hugo >> >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi >> Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO >> =1Hbe >> -----END PGP SIGNATURE----- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> From hvdkooij at vanderkooij.org Tue May 19 06:44:52 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue May 19 06:45:01 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> Message-ID: <4A124754.6080603@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: > I have some problems with my MailScanner installation. > > OS: FreeBSD 7.0 > MailScanner: MailScanner-4.75.11 > SpamAssassin: SpamAssassin-3.2.5 Just curious if the MTA isn' t considered rather vital informmation any more. After all your MTA might just bypasing the lot. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkoSR1IACgkQBvzDRVjxmYH3hQCfaQ8p4vO27gfJU15/iW37nj9t 3foAn1ff8S3TO0dGGW52C1b0PTV2gd4y =onct -----END PGP SIGNATURE----- From shyamph at gmail.com Tue May 19 08:21:14 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Tue May 19 08:21:24 2009 Subject: skippedastoobig MailScanner Message-ID: Hi All, I am using the MailScanner+postfix+clamav Details about installed versions. MailScanner Version : 4.55.3 SpamAssassin version 3.2.4 running on Perl version 5.8.5 Every thing is working fine and scanning are happening smoothly, All of sudden some mails are not scanning and when i see in the mailwatch "skippedastoobig " and the message size is within the specified limit i.e 60KB. Is there any thing else need to be done at MailScanner configuration or I am not able to debug this issue. Thanks in advance. Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/f3d8ceb7/attachment.html From mikael at syska.dk Tue May 19 09:58:35 2009 From: mikael at syska.dk (Mikael Syska) Date: Tue May 19 09:58:44 2009 Subject: Some messages dont get scanned ... how to debug it? In-Reply-To: <4A124754.6080603@vanderkooij.org> References: <6beca9db0905180340h78cdd23am7ef051ac07104ff5@mail.gmail.com> <4A124754.6080603@vanderkooij.org> Message-ID: <6beca9db0905190158l297d7dbbuc86801c79f5f54fa@mail.gmail.com> Hi On Tue, May 19, 2009 at 7:44 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mikael Syska wrote: > >> I have some problems with my MailScanner installation. >> >> OS: FreeBSD 7.0 >> MailScanner: MailScanner-4.75.11 >> SpamAssassin: SpamAssassin-3.2.5 > > Just curious if the MTA isn' t considered rather vital informmation any > more. After all your MTA might just bypasing the lot. Well ... I dont thinks its bypassing the MS as I can see the mail in mailwatch ... then I guess it is handed over to MS from my MTA ( Postfix ) mvh > Hugo. > > - -- > hvdkooij@vanderkooij.org ? ? ? ? ? ? ? http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > ? ? ? ?A: Yes. > ? ? ? ?>Q: Are you sure? > ? ? ? ?>>A: Because it reverses the logical flow of conversation. > ? ? ? ?>>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkoSR1IACgkQBvzDRVjxmYH3hQCfaQ8p4vO27gfJU15/iW37nj9t > 3foAn1ff8S3TO0dGGW52C1b0PTV2gd4y > =onct > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From rcooper at dwford.com Tue May 19 15:51:21 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue May 19 15:51:36 2009 Subject: Virus slipped through this morning In-Reply-To: <4A123C7E.8080407@alexb.ch> References: <910ee2ac0905180408s57c4c78cma312de6a696c867e@mail.gmail.com> <4A11EB6C.3000100@vanderkooij.org><910ee2ac0905181623k23e1becau46f3923be93382a6@mail.gmail.com> <4A123C7E.8080407@alexb.ch> Message-ID: <58228B5605A149AFAF0AF53C703CBD85@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Tuesday, May 19, 2009 12:59 AM To: MailScanner discussion Subject: Re: Virus slipped through this morning > On 5/19/2009 1:23 AM, Lj?snet wrote: >> www.efnet.is/Info08.zip > > clamdscan Info08.zip > /tmp/virus/Info08.zip: Broken.Executable FOUND Detect Broken Executables is not on by default so it has to be enabled in clamd.conf But that virus is now detected thanks to the nice fellow at SaneSecurity as Sanesecurity.Malware.8871.UNOFFICIAL > > > >> On Mon, May 18, 2009 at 11:12 PM, Hugo van der Kooij >> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Lj?snet wrote: >>>> Hello, just wanted to check if anyone here had this one coming through >>>> today, it seems neither MailScanner og clamav catched it. >>>> >>>> Fortunately nod32 blocked it on my computer. >>>> >>>> http://pastebin.com/m5c3f87bd >>>> >>>> Inside this zip file is a .exe virus. :) >>> There is nothing usefull there. Where is the ZIP file? I like to see if >>> I can test it against a bunch of scanners. >>> >>> Hugo >>> >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN >>> PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) >>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >>> >>> iEYEARECAAYFAkoR62oACgkQBvzDRVjxmYHOMQCdFHh6p7QJw1Pu8UlD4uTM2eSi >>> Dg0AoK0BY/xIemt5wBXqcYJBxBCS+2HO >>> =1Hbe >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gafaith at asdm.net Tue May 19 15:54:24 2009 From: gafaith at asdm.net (Gary Faith) Date: Tue May 19 15:54:41 2009 Subject: Disable scanning for a client that connects via SMTP-AUTH Message-ID: <4A128FE00200002D000066D2@sparky.asdm.net> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/6fe1fda5/attachment.html From ssilva at sgvwater.com Tue May 19 18:22:25 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 19 18:22:43 2009 Subject: skippedastoobig MailScanner In-Reply-To: References: Message-ID: on 5-19-2009 12:21 AM shyam hirurkar spake the following: > Hi All, > > I am using the MailScanner+postfix+clamav > > Details about installed versions. > MailScanner Version : 4.55.3 > SpamAssassin version 3.2.4 > ?running on Perl version 5.8.5 > > Every thing is working fine and scanning are happening smoothly, All of > sudden some mails are not scanning and when i see in the mailwatch > "skippedastoobig " and the message size is within the specified limit > i.e 60KB. > > Is there any thing else need to be done at MailScanner configuration or > I am not able to debug this issue. > You must be running Debian, or you wouldn't have such an ancient version of MailScanner. Much improvement has been done with the interaction between mailscanner and postfix in the last 3 or 4 years since that version came out. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/683e9194/signature.bin From hilario at soliton.com.br Tue May 19 21:37:02 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Tue May 19 21:39:38 2009 Subject: Bug Report: Remove These Headers Message-ID: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Hello, This was supposed to be a support request, but as I made many tests, I decide to post it as bug report: If it is something I've made by mistake, please explain. If you set Remove These Headers = %rules-dir%/remove.headers.rules And includes the following rules, it just does not work: # Begin of remove.headers.rules file. # These used to work before Version 4.75.11-1 but does not work any more: To: *@soliton.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: # These causes NO ERROR but DO NOT WORK to: hilario@soliton.com.br Confirm-Reading-To: To: *@soliton.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: To: *@soliton.com.br (Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:) To: *@soliton.com.br /(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:)/ # These causes errors when you reload configurations. To:\s*@soliton.com.br\s(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:) To:\s*@soliton.com.br\s/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ To:\s*@soliton.com.br\s/(Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:)/ To:\shilario@soliton.com.br\s/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:/ # End of rules file Please let me know if you have a work around. And, if you are going to work on the code to fix this, let me add a wish list: When we send emails with receipt request to mail accounts outside our server and with copies to accounts inside our servers, it cleans the headers to every email. I wish we could selectively clear headers only to emails to our own accounts and not to outside accounts. If we send separate emails to outside and to inside accounts, it works. This problem occurs only when a single email is sent to both inside and outside accounts at once. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: hilario@soliton.com.br The SSD Drives Inc. (formerly Eurotherm Drives), Eurotherm Controls, Action Instruments, Montalvo, Koyo and Sharp distributors in Brazil www.soliton.com.br www.eurotherm.com.br www.actionio.com.br www.montalvo.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/dcc8386f/attachment.html From alex at rtpty.com Tue May 19 21:52:56 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 19 21:53:06 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <200905192039.n4JKdSbS030810@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Message-ID: <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> Do you have the proper settings in place to separate recipients when more than one recipient "hits"? If you don't separate "those whom the rules apply to" and "those whom the rules don't apply to" (hope the grammar police don't kill me for that one) then, if I recall correctly, the "don't" part "wins". On Tue, May 19, 2009 at 3:37 PM, Hilario Fochi Silveira < hilario@soliton.com.br> wrote: > > If we send separate emails to outside and to inside accounts, it works. > This problem occurs only when a single email is sent to both inside and > outside accounts at once. > > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/816bdccd/attachment.html From submit at zuka.net Tue May 19 23:11:05 2009 From: submit at zuka.net (Dave Filchak) Date: Tue May 19 23:11:50 2009 Subject: cannot send or receive mail Message-ID: <4A132E79.4090404@zuka.net> Hi folks, Today a problem arose in my mail setup that I am trying to track down. I can no longer send or receive emails. I think it has something to do with mysql but I have had little luck so far. Here is my systems specs: 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML And before you say it, I know the OS is old but we had an application running on this machine that did not allow us to update. I think we could now so maybe I should do that. But let me finish describing the issue. Today I started getting these in my logs: May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix (80) May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line 116 May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm I get: Useless use of hash element in void context at /usr/lib/MailScanner/MailScanner/Config.pm line 892. Use of implicit split to @_ is deprecated at /usr/lib/MailScanner/MailScanner/Config.pm line 2085. /usr/lib/MailScanner/MailScanner/Config.pm syntax OK and more logs: May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking to service rewrite: Connection reset by peer May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to service rewrite: Success The mysql.sock file does exist at this location with appropriate ownership and permissions. I have tried recreating it as well. Upon restart of MailScanner, it seems to start but MailWatch seems to be dead. However, I can still not send or receive emails. Anyone see anything that might give me a hint? Dave From ssilva at sgvwater.com Tue May 19 23:28:14 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue May 19 23:28:37 2009 Subject: cannot send or receive mail In-Reply-To: <4A132E79.4090404@zuka.net> References: <4A132E79.4090404@zuka.net> Message-ID: on 5-19-2009 3:11 PM Dave Filchak spake the following: > Hi folks, > > Today a problem arose in my mail setup that I am trying to track down. I > can no longer send or receive emails. > > I think it has something to do with mysql but I have had little luck so > far. Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 > GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an application > running on this machine that did not allow us to update. I think we > could now so maybe I should do that. But let me finish describing the > issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix > (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm > line 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could not be > "eval"ed. Make sure the module is correct with perl -wc at > /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: > connect to mysql server localhost: Can't connect to local MySQL server > through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: > connect to mysql server localhost: Can't connect to local MySQL server > through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem > talking to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking > to service rewrite: Success > > The mysql.sock file does exist at this location with appropriate > ownership and permissions. I have tried recreating it as well. > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > If you stop mysql, does the socket file go away? If not you have a dead socket file. Delete it and restart mysql and see if it comes back. Otherwise it sounds like one of the databases might be corrupt. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/34f13db8/signature.bin From hilario at soliton.com.br Tue May 19 23:34:36 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Tue May 19 23:36:44 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> Message-ID: <200905192236.n4JMaa2j002569@safir.blacknight.ie> Before the bug, what I had was a remove.headers.rules file with instructions like the ones bellow for each domain: # For each domain: From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: # And again, for each domain: To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: MDRcpt-To: MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL: When I created those rules a year ago, I thought that as the "From" rules do not exclude the receipt requests headers, it should allow our hosted domains to request receive receipt, but silently remove those headers on reception. It works (worked before the bug) for every emails received as well as all emails sent UNLESS the sent email also has a copy to some of the domains we host. In that case all headers are removed on the OUTGOING emails as well. But that we did not wanted ! But my biggest problem is that the file does not work anymore at all. As far as I can tell it is a bug or incompatibility introduced in version 4.75.11-1 Regards, Hil?rio P.S. Is this the correct place to report MailScanner bugs? At 17:52 2009-05-19, you wrote: >Do you have the proper settings in place to >separate recipients when more than one recipient >"hits"? If you don't separate "those whom the >rules apply to" and "those whom the rules don't >apply to" (hope the grammar police don't kill me >for that one) then, if I recall correctly, the "don't" part "wins". > >On Tue, May 19, 2009 at 3:37 PM, Hilario Fochi >Silveira <hilario@soliton.com.br> wrote: >If we send separate emails to outside and to >inside accounts, it works. This problem occurs >only when a single email is sent to both inside and outside accounts at once. > > > >-- >Alex Neuman van der Hans >Reliant Technologies >+507 6781-9505 >+507 202-1525 >alex@rtpty.com >Skype: alexneuman >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/05ffb79d/attachment.html From alex at rtpty.com Tue May 19 23:52:17 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 19 23:52:27 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <200905192236.n4JMaa2j002569@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> <200905192236.n4JMaa2j002569@safir.blacknight.ie> Message-ID: <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.com> On Tue, May 19, 2009 at 5:34 PM, Hilario Fochi Silveira < hilario@soliton.com.br> wrote: > > P.S. Is this the correct place to report MailScanner bugs? > It *is* - you just have to provide enough information to corroborate that, in fact, it's a bug; otherwise people have to guess what the problem is. Most of the time problems like the one you describe are due to misunderstanding the configuration files, lack of "tab" characters in some config files, or something like that - not bugs per se. Please don't take it the wrong way, but look into * http://tinyurl.com/questionformat in regards to ways you can phrase your questions so that people will be more inclined to help. I'm not saying you're asking the wrong way, I'm just saying you could ask for help in a slightly different way and have a better chance of getting help. * -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/d8f1c905/attachment.html From submit at zuka.net Wed May 20 01:31:39 2009 From: submit at zuka.net (Dave Filchak) Date: Wed May 20 01:32:14 2009 Subject: apparently not sending or receiving emails Message-ID: <4A134F6B.9030602@zuka.net> Hi folks, Today a problem arose in my mail setup that I am trying to track down. I can no longer send or receive emails. I think it has something to do with mysql but I have had little luck so far. Mysql is running and I can log in and select and search tables. But, as you will see below, the logs indicate that there are issues connecting through the mysql.sock. You will also note that the path it is trying to connect to is /var/run/mysql.sock while the actual location is at /var/run/mysqld/mysql.sock Here is my systems specs: 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML And before you say it, I know the OS is old but we had an application running on this machine that did not allow us to update. I think we could now so maybe I should do that. But let me finish describing the issue. Today I started getting these in my logs: May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix (80) May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line 116 May 19 08:29:12 rosewood MailScanner: Unable to initialise database connection: Can't connect to local MySQL server through socket '/var/run/mysql.sock' (2) at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. Make sure the module is correct with perl -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm I get: Useless use of hash element in void context at /usr/lib/MailScanner/MailScanner/Config.pm line 892. Use of implicit split to @_ is deprecated at /usr/lib/MailScanner/MailScanner/Config.pm line 2085. /usr/lib/MailScanner/MailScanner/Config.pm syntax OK and more logs: May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysql.so ck' (2) May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup problem May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature end-of-input on private/rewrite socket while reading input attribute name May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking to service rewrite: Connection reset by peer May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to service rewrite: Success Upon restart of MailScanner, it seems to start but MailWatch seems to be dead. However, I can still not send or receive emails. Anyone see anything that might give me a hint? Dave From hilario at soliton.com.br Wed May 20 01:54:18 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Wed May 20 01:59:07 2009 Subject: Bug Report: Remove These Headers In-Reply-To: <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.co m> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <24e3d2e40905191352sf1d878x115a44c1a26d42f2@mail.gmail.com> <200905192236.n4JMaa2j002569@safir.blacknight.ie> <24e3d2e40905191552o3c5c5a6cle724cea37d2f221c@mail.gmail.com> Message-ID: <200905200059.n4K0wwrr008029@safir.blacknight.ie> Hi, It is a long time since I first read http://tinyurl.com/questionformat and http://wiki.mailscanner.info/posting . Probably I had forgotten something. I did my homework and just finished reading both pages again (spent an hour and half on that cause I'm not fluent in English). I'm going to post it again in a new format, and I hope this won't be felt as more noise on the list. That is not my intention. If I make any mistake, please pinpoint it and I'll try to learn as fast as possible. Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. At 19:52 2009-05-19, Alex Neuman wrote: >On Tue, May 19, 2009 at 5:34 PM, Hilario Fochi Silveira ><hilario@soliton.com.br> wrote: >P.S. Is this the correct place to report MailScanner bugs? > > >It *is* - you just have to provide enough information to corroborate >that, in fact, it's a bug; otherwise people have to guess what the >problem is. Most of the time problems like the one you describe are >due to misunderstanding the configuration files, lack of "tab" >characters in some config files, or something like that - not bugs per se. > >Please don't take it the wrong way, but look into >MailScanner has detected definite >fraud in the website at "tinyurl.com". Do not trust this website: >http://tinyurl.com/questionformat in regards to ways you can phrase >your questions so that people will be more inclined to help. I'm not >saying you're asking the wrong way, I'm just saying you could ask >for help in a slightly different way and have a better chance of getting help. > > >-- >Alex Neuman van der Hans >Reliant Technologies >+507 6781-9505 >+507 202-1525 >alex@rtpty.com >Skype: alexneuman >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/e5205df2/attachment.html From hilario at soliton.com.br Wed May 20 02:58:44 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Wed May 20 02:59:15 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905192039.n4JKdSbS030810@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> Message-ID: <200905200159.n4K1x67u010236@safir.blacknight.ie> Hello, Installation details: RHEL5.3 with cPanel and MailScanner Front End (configserver.com) MailScanner is running ok for more than one year. Our server uses the "Remove These Headers = %rules-dir%/remove.headers.rules" setting to eliminate inbound return receipts requests while allowing outbound receipts headers to stay intact. Two weeks ago after upgrading to version MailScanner - v4.76.24 we begun to notice that some inbound emails were asking for return receipts. We played a lot with the rules file without success and as a temporary solution, we replaced the per domain rules file with the the following single line instruction: Remove These Headers = /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ This solution is working, we have no receipts at all both inbound and outbound, but we wish to regain the fine granularity control we once had. The original rules file uses spaces to separate the headers. The typical per domain lines we had in the remove.headers.rules file were: # For each domain: From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: MDRcpt-To: MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL: Those instructions used worked ok with previous MailScanner versions. During the tests we have done with these files, we noticed that Mailscanner does not complain (it does not report errors in the log file) with the above described lines, but it also does not remove the required headers. We tried a variety of combination of regex construction substituting the spaces with \s and also using the | but none of the tried combinations worked. We will appreciate any hint provided on how to build a working per domain regex in the remove headers file using the new Mailscanner version regex rules. Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090519/3f71b366/attachment.html From dave.filchak at senecac.on.ca Wed May 20 05:03:43 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Wed May 20 05:04:15 2009 Subject: cannot send or receive mail References: <4A132E79.4090404@zuka.net> Message-ID: <4A13811F.3030505@senecac.on.ca> Scott Silva responded: > > > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > > dead. However, I can still not send or receive emails. > > > > Anyone see anything that might give me a hint? > > > > Dave > > > If you stop mysql, does the socket file go away? > If not you have a dead socket file. Delete it and restart mysql and > see if it > comes back. > > Otherwise it sounds like one of the databases might be corrupt. > Scott, when I stop mysql the socket file goes away and comes back when I start it again. So, you mentioned a corrupt database. How would I test for this? Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From mailbag at partnersolutions.ca Wed May 20 05:07:26 2009 From: mailbag at partnersolutions.ca (PSI Mailbag) Date: Wed May 20 05:07:32 2009 Subject: Possible config option to skip filename/filettype checks for the message body? Message-ID: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> Hey Jules + List, What do you guys/gals think about a config option to bypass the filename/filetype checks on the message body? Very frequently, I get messages being blocked because "file" (and even when used in the mime only option) detects regular chatter as being a file that shouldn't be sent: [root@psimf001 0114C74652C.B6E83]# file -i msg-27860-603.txt msg-27860-603.txt: video/quicktime [root@psimf001 0114C74652C.B6E83]# head -1 msg-27860-603.txt Re: skipping ropes - would you want singles or the extra long ones for Is it feasible to find a way to bypass the checks on the extracted message body content? I've stripped down my magic file of a lot of the more common FP's, but lately I seem to be hitting new ones every other week. In my mind I see a config option that would allow you to bypass the "file" results from the content extracted from the message body (msg-*.txt), while still allowing it to properly run against regular attachments. Thoughts? Cheers, -Joshua From maxsec at gmail.com Wed May 20 08:54:30 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 20 08:54:40 2009 Subject: apparently not sending or receiving emails In-Reply-To: <4A134F6B.9030602@zuka.net> References: <4A134F6B.9030602@zuka.net> Message-ID: <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> 2009/5/20 Dave Filchak > Hi folks, > > Today a problem arose in my mail setup that I am trying to track down. I > can no longer send or receive emails. > > I think it has something to do with mysql but I have had little luck so > far. > > Mysql is running and I can log in and select and search tables. But, as you > will see below, the logs indicate that there are issues connecting through > the mysql.sock. You will also note that the path it is trying to connect to > is /var/run/mysql.sock while the actual location is at > /var/run/mysqld/mysql.sock > > Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 > GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an application > running on this machine that did not allow us to update. I think we could > now so maybe I should do that. But let me finish describing the issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to postfix > (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm line > 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise database > connection: Can't connect to local MySQL server through socket > '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom Function code > MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed. > Make sure the module is correct with perl -wc at > /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: connect > to mysql server localhost: Can't connect to local MySQL server through > socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: connect > to mysql server localhost: Can't connect to local MySQL server through > socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf(0,lock|fold_fix): table lookup > problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem talking > to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem talking to > service rewrite: Success > > > Upon restart of MailScanner, it seems to start but MailWatch seems to be > dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Dave anything in the mysql logs? Can you connect to mysql on the command line - ie is mysql actually running? -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/b30baf18/attachment-0001.html From paul.hutchings at mira.co.uk Wed May 20 08:57:28 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 08:57:43 2009 Subject: Mailscanner's stopped signing messages? Message-ID: As subject - it used to and other than a recent upgrade I don't believe I've changed anything. How can I debug this on a production box to find out why it's not doing it please? Mailscanner.conf contains: Sign Clean Messages = %rules-dir%/signature.rules And [root@relay log]# cat /etc/MailScanner/rules/signature.rules # Only sign outbound mail From: someaddress@us co.uk no From: 193.35.217.x yes From: *@ us co.uk and From: 193.35.217.x yes FromOrTo: default no Cheers, Paul From shyamph at gmail.com Wed May 20 09:03:18 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 20 09:03:28 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: Hi All, Any other possibilities for the delay in MailScanner. How do i check how many mails are there in HOLD state of MailScanner. Thanks in Advance. Shyam On Mon, May 18, 2009 at 1:10 PM, shyam hirurkar wrote: > Hi , > > Between the actual time and and the re-queue time there are lot mails > delivered, Sorry I can not take the log as it is huge or give me some time i > will paste. > > mailq was 60. > > Thanks in advance > > Shyam > > > > On Sat, May 16, 2009 at 11:37 PM, Mark Sapiro wrote: > >> shyam hirurkar wrote: >> > >> >I am using MailScanner with postfix and mail flow is normal till these >> days >> >and now i am finding the mail delay's regularly , >> > >> >When i went through the log and found mails are going in hold after that >> a >> >long delay and reque of the mail is happening and mail will sent >> >successfully. >> > here is the log >> > >> >smtp postfix/smtpd[7879]: B5AD361300F7: client=unknown[192.168.1.1], >> >sasl_method=LOGIN, sasl_username=username@domain.com >> >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: hold: header >> >Received: from usename (unknown [192.168.10.156])??(Authenticated sender: >> >,username>@)??by smtp.domain.com (Postfix) with ESMTP id >> >B5AD361300F7??for ; Tue, 2 from >> unknown[192.168.1.1]; >> >from= to= proto=ESMTP helo= >> >> >> What are the MailScanner log entries between here and the Requeue at >> 15:16:48? >> >> >> >Apr 28 10:45:46 smtp postfix/cleanup[9753]: B5AD361300F7: >> >message-id=<003f01c9c7c0$5786f380$0694da80$@com> >> >Apr 28 15:16:48 smtp MailScanner[598]: Requeue: B5AD361300F7.C8111 to >> >6E0A36130112 >> >> >> -- >> Mark Sapiro The highway is for gamblers, >> San Francisco Bay Area, California better use your sense - B. Dylan >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/8dc0f19d/attachment.html From garry at glendown.de Wed May 20 12:05:30 2009 From: garry at glendown.de (Garry) Date: Wed May 20 12:06:38 2009 Subject: OT: Mail Archiving Message-ID: <4A13E3FA.5070100@glendown.de> Hi, We were thinking about setting up mail archiving for business email - has anybody here had any (positive) experiences with any products? (F/OSS preferred) If it would integrate with MailScanner it would definitely be a plus ... Tnx, -garry From ms-list at alexb.ch Wed May 20 12:21:06 2009 From: ms-list at alexb.ch (Alex Broens) Date: Wed May 20 12:21:15 2009 Subject: OT: Mail Archiving In-Reply-To: <4A13E3FA.5070100@glendown.de> References: <4A13E3FA.5070100@glendown.de> Message-ID: <4A13E7A2.2000708@alexb.ch> On 5/20/2009 1:05 PM, Garry wrote: > Hi, > > We were thinking about setting up mail archiving for business email - > has anybody here had any (positive) experiences with any products? > (F/OSS preferred) If it would integrate with MailScanner it would > definitely be a plus ... can recommend MailArchiva http://www.mailarchiva.com/ From simon.walter at hp-factory.de Wed May 20 13:35:43 2009 From: simon.walter at hp-factory.de (Simon Walter) Date: Wed May 20 13:36:02 2009 Subject: Bug#529358: mailscanner: MailScanner dies an ugly death when using perl 5.10.0-22 In-Reply-To: <20090518202114.18810.13764.reportbug@mailkeeper> References: <20090518202114.18810.13764.reportbug@mailkeeper> Message-ID: <20090520143543.5671d3ae@hp-factory.de> Hello, > # dpkg -l perl > ii perl 5.10.0-22 > # dpkg -l mailscanner > ii mailscanner 4.74.16-1 > > Afterwards, debugging mailscanner showed it dying with the error > message "Insecure dependency in chown while running with the -T > switch in /usr/share/MailScanner//MailScanner/Message.pm on line > 2407". It appears to be while calling the perl chown function to set > the permissions on an exploded message in the "incoming" work > directory. I have noticed this bug[1] myself some days ago while trying to package 4.76.25-1. I have fixed this bug, but have not tested the bugfix yet. Your solution[3] to this problem is not every generic. Users would have to edit /etc/ini.d/mailscanner depending on the mailserver they are using. There is also a problem when using clamavd, it crash and complains about missing permission for lstat on the unpacked mail, no matter how I configure "Incoming Work User/Group/Permission". I currently don't have the time to track down the problem, find a solution and test the -T patch. If anyone else has some spare time, feel free to help out. I have uploaded the current state to mentors[2]. I have added mailscanner-ml to CC because there are probably other debian-users out there... -- Regards Simon Walter [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+529358 [2] http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=mailscanner [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+529358#10 From dcurtis at sbschools.net Wed May 20 13:42:44 2009 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed May 20 13:45:59 2009 Subject: OT: Mail Archiving In-Reply-To: <4A13E7A2.2000708@alexb.ch> References: <4A13E3FA.5070100@glendown.de> <4A13E7A2.2000708@alexb.ch> Message-ID: <24AAD26C88B9534093235DD9C02F4D170368BD44@exchangesrvr.sbschools.net> I would second that. We have been using it for quite a while now. It started pretty shaky, but it became stable very quickly. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Wednesday, May 20, 2009 7:21 AM To: MailScanner discussion Subject: Re: OT: Mail Archiving On 5/20/2009 1:05 PM, Garry wrote: > Hi, > > We were thinking about setting up mail archiving for business email - > has anybody here had any (positive) experiences with any products? > (F/OSS preferred) If it would integrate with MailScanner it would > definitely be a plus ... can recommend MailArchiva http://www.mailarchiva.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From submit at zuka.net Wed May 20 15:19:31 2009 From: submit at zuka.net (Dave Filchak) Date: Wed May 20 15:19:59 2009 Subject: apparently not sending or receiving emails In-Reply-To: <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> References: <4A134F6B.9030602@zuka.net> <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> Message-ID: <4A141173.3070307@zuka.net> Martin Hepworth wrote: > > > 2009/5/20 Dave Filchak > > > Hi folks, > > Today a problem arose in my mail setup that I am trying to track > down. I can no longer send or receive emails. > > I think it has something to do with mysql but I have had little > luck so far. > > Mysql is running and I can log in and select and search tables. > But, as you will see below, the logs indicate that there are > issues connecting through the mysql.sock. You will also note that > the path it is trying to connect to is /var/run/mysql.sock while > the actual location is at /var/run/mysqld/mysql.sock > > Here is my systems specs: > > 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 > x86_64 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.74.15 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.22 bignum > 1.03 Carp > 1.41 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.87 Math::BigInt > 0.20 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.13 Storable > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.26 Test::Pod > 0.7 Test::Simple > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.22 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.58 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.64 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > > And before you say it, I know the OS is old but we had an > application running on this machine that did not allow us to > update. I think we could now so maybe I should do that. But let me > finish describing the issue. > > Today I started getting these in my logs: > > May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to > postfix (80) > May 19 08:29:12 rosewood MailScanner: Unable to initialise > database connection: Can't connect to local MySQL server through > socket '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm > line 116 > May 19 08:29:12 rosewood MailScanner: Unable to initialise > database connection: Can't connect to local MySQL server through > socket '/var/run/mysql.sock' (2) at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 > May 19 08:29:12 rosewood MailScanner: Could not use Custom > Function code MailScanner::CustomConfig::InitMailWatchLogging, it > could not be "eval"ed. Make sure the module is correct with perl > -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 > > When I run perl -wc perl -wc > /usr/lib/MailScanner/MailScanner/Config.pm > > I get: > > Useless use of hash element in void context at > /usr/lib/MailScanner/MailScanner/Config.pm line 892. > Use of implicit split to @_ is deprecated at > /usr/lib/MailScanner/MailScanner/Config.pm line 2085. > /usr/lib/MailScanner/MailScanner/Config.pm syntax OK > > > and more logs: > > May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: > connect to mysql server localhost: Can't connect to local MySQL > server through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: > connect to mysql server localhost: Can't connect to local MySQL > server through socket '/var/run/mysql.so > ck' (2) > May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: > mysql:/etc/postfix/maps/sql-aliases.cf > (0,lock|fold_fix): table lookup problem > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: > premature end-of-input on private/rewrite socket while reading > input attribute name > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature > end-of-input on private/rewrite socket while reading input > attribute name > May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem > talking to service rewrite: Connection reset by peer > May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem > talking to service rewrite: Success > > > Upon restart of MailScanner, it seems to start but MailWatch seems > to be dead. However, I can still not send or receive emails. > > Anyone see anything that might give me a hint? > > Dave > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Dave > > anything in the mysql logs? Can you connect to mysql on the command > line - ie is mysql actually running? > > -- > Martin Hepworth > Oxford, UK Martin, Yes, mysql was running but it turns out it was a problem with the mysql.sock file. I am still scratching my head over this one but the mail system used to look for this file at /var/run/mysqld/mysql.sock However, my ISP had a huge problem with their UPS backup generators and power went down rather abruptly yesterday. When the server came up, it was looking for this file at /var/run/mysql.sock. And, for the life of me, I could not get it to look for it in the original location. So, I finally gave up and moved the location to /var/run/ However, I had to set the permissions of that directory to allow write access for the world ... possibly not a good thing. Is there a stand location for this and what permissions are normal. At any rate .. I do have mail flowing again but would love to know why the location shifted. Probably a misconfiguration somewhere. Dave From mark at msapiro.net Wed May 20 16:25:18 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 20 16:25:32 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >Between the actual time and and the re-queue time there are lot mails >delivered, Sorry I can not take the log as it is huge or give me some time i >will paste. If all these mails are similarly delayed, it sounds like some kind of backlog. >mailq was 60. However, only 60 messages in the queue should clear quickly unless you are being bombarded continuously with mail and MailScanner doesn't process FIFO (I don't know if it does or not. Careful analysis of the maillog should tell you what's happening. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From paul.hutchings at mira.co.uk Wed May 20 16:36:14 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 16:36:35 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: Message-ID: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: From: *@us co.uk yes And restarting MailScanner (I did a restart without changing anything) has made it work. Has something changed with regard to the values that can be used in rules (the IP address of the server hasn't changed!)? Cheers, Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 08:57 To: MailScanner discussion Subject: Mailscanner's stopped signing messages? As subject - it used to and other than a recent upgrade I don't believe I've changed anything. How can I debug this on a production box to find out why it's not doing it please? Mailscanner.conf contains: Sign Clean Messages = %rules-dir%/signature.rules And [root@relay log]# cat /etc/MailScanner/rules/signature.rules # Only sign outbound mail From: someaddress@us co.uk no From: 193.35.217.x yes From: *@ us co.uk and From: 193.35.217.x yes FromOrTo: default no Cheers, Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From mark at msapiro.net Wed May 20 16:38:59 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed May 20 16:39:11 2009 Subject: Mail delay at MailScanner In-Reply-To: Message-ID: shyam hirurkar wrote: > >How do i check how many mails are there in HOLD state of MailScanner. ls /var/spool/postfix/hold | wc -l or mailq | grep ! -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alex at rtpty.com Wed May 20 16:43:18 2009 From: alex at rtpty.com (Alex Neuman) Date: Wed May 20 16:43:28 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: Message-ID: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/7c7a5764/attachment.html From paul.hutchings at mira.co.uk Wed May 20 16:55:45 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 16:56:00 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/9815a198/attachment.html From paul.hutchings at mira.co.uk Wed May 20 17:05:19 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed May 20 17:05:33 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Sorry I should clarify - I didn't literally have a "x" at the end, habit I guess even though the IP is in the headers of this email J From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 16:56 To: MailScanner discussion Subject: RE: Mailscanner's stopped signing messages? Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/5bbbfc1e/attachment.html From ssilva at sgvwater.com Wed May 20 17:47:46 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 17:48:10 2009 Subject: cannot send or receive mail In-Reply-To: <4A13811F.3030505@senecac.on.ca> References: <4A132E79.4090404@zuka.net> <4A13811F.3030505@senecac.on.ca> Message-ID: on 5-19-2009 9:03 PM Dave Filchak spake the following: > Scott Silva responded: > >> > >> > Upon restart of MailScanner, it seems to start but MailWatch seems >> to be >> > dead. However, I can still not send or receive emails. >> > >> > Anyone see anything that might give me a hint? >> > >> > Dave >> > >> If you stop mysql, does the socket file go away? >> If not you have a dead socket file. Delete it and restart mysql and >> see if it >> comes back. >> >> Otherwise it sounds like one of the databases might be corrupt. >> > Scott, when I stop mysql the socket file goes away and comes back when I > start it again. So, you mentioned a corrupt database. How would I test > for this? > > Dave > http://dev.mysql.com/doc/refman/5.1/en/repair.html Gives some details for Mysql 5.1. If you have an older version, navigate to the same place in the older docs. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/4023c86f/signature.bin From ssilva at sgvwater.com Wed May 20 17:59:13 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 17:59:38 2009 Subject: apparently not sending or receiving emails In-Reply-To: <4A141173.3070307@zuka.net> References: <4A134F6B.9030602@zuka.net> <72cf361e0905200054jba5c125o9f99ac6ec602a774@mail.gmail.com> <4A141173.3070307@zuka.net> Message-ID: on 5-20-2009 7:19 AM Dave Filchak spake the following: > Martin Hepworth wrote: >> >> >> 2009/5/20 Dave Filchak > >> >> Hi folks, >> >> Today a problem arose in my mail setup that I am trying to track >> down. I can no longer send or receive emails. >> >> I think it has something to do with mysql but I have had little >> luck so far. >> >> Mysql is running and I can log in and select and search tables. >> But, as you will see below, the logs indicate that there are >> issues connecting through the mysql.sock. You will also note that >> the path it is trying to connect to is /var/run/mysql.sock while >> the actual location is at /var/run/mysqld/mysql.sock >> >> Here is my systems specs: >> >> 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 >> x86_64 GNU/Linux >> This is CentOS release 4.3 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.74.15 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.22 bignum >> 1.03 Carp >> 1.41 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.20 File::Temp >> 0.78 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.04 Mail::Header >> 1.87 Math::BigInt >> 0.20 Math::BigRat >> 3.05 MIME::Base64 >> 5.427 MIME::Decoder >> 5.427 MIME::Decoder::UU >> 5.427 MIME::Head >> 5.427 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.427 MIME::Tools >> 0.11 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.13 Storable >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.26 Test::Pod >> 0.7 Test::Simple >> 1.9707 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.22 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.58 DBI >> 1.15 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> 0.31 Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.64 Test::Harness >> 0.95 Test::Manifest >> 1.95 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> >> And before you say it, I know the OS is old but we had an >> application running on this machine that did not allow us to >> update. I think we could now so maybe I should do that. But let me >> finish describing the issue. >> >> Today I started getting these in my logs: >> >> May 19 08:29:10 rosewood MailScanner: MailScanner setting UID to >> postfix (80) >> May 19 08:29:12 rosewood MailScanner: Unable to initialise >> database connection: Can't connect to local MySQL server through >> socket '/var/run/mysql.sock' (2) at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm >> line 116 >> May 19 08:29:12 rosewood MailScanner: Unable to initialise >> database connection: Can't connect to local MySQL server through >> socket '/var/run/mysql.sock' (2) at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 82 >> May 19 08:29:12 rosewood MailScanner: Could not use Custom >> Function code MailScanner::CustomConfig::InitMailWatchLogging, it >> could not be "eval"ed. Make sure the module is correct with perl >> -wc at /usr/lib/MailScanner/MailScanner/Config.pm line 873 >> >> When I run perl -wc perl -wc >> /usr/lib/MailScanner/MailScanner/Config.pm >> >> I get: >> >> Useless use of hash element in void context at >> /usr/lib/MailScanner/MailScanner/Config.pm line 892. >> Use of implicit split to @_ is deprecated at >> /usr/lib/MailScanner/MailScanner/Config.pm line 2085. >> /usr/lib/MailScanner/MailScanner/Config.pm syntax OK >> >> >> and more logs: >> >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31466]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: warning: >> connect to mysql server localhost: Can't connect to local MySQL >> server through socket '/var/run/mysql.so >> ck' (2) >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31467]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: warning: >> connect to mysql server localhost: Can't connect to local MySQL >> server through socket '/var/run/mysql.so >> ck' (2) >> May 19 13:16:56 rosewood postfix/trivial-rewrite[31468]: fatal: >> mysql:/etc/postfix/maps/sql-aliases.cf >> (0,lock|fold_fix): table lookup problem >> May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: >> premature end-of-input on private/rewrite socket while reading >> input attribute name >> May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: premature >> end-of-input on private/rewrite socket while reading input >> attribute name >> May 19 13:16:57 rosewood postfix/cleanup[28938]: warning: problem >> talking to service rewrite: Connection reset by peer >> May 19 13:16:57 rosewood postfix/smtpd[29109]: warning: problem >> talking to service rewrite: Success >> >> >> Upon restart of MailScanner, it seems to start but MailWatch seems >> to be dead. However, I can still not send or receive emails. >> >> Anyone see anything that might give me a hint? >> >> Dave >> >> >> >> >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Dave >> >> anything in the mysql logs? Can you connect to mysql on the command >> line - ie is mysql actually running? >> >> -- >> Martin Hepworth >> Oxford, UK > Martin, > > Yes, mysql was running but it turns out it was a problem with the > mysql.sock file. I am still scratching my head over this one but the > mail system used to look for this file at /var/run/mysqld/mysql.sock > However, my ISP had a huge problem with their UPS backup generators and > power went down rather abruptly yesterday. When the server came up, it > was looking for this file at /var/run/mysql.sock. And, for the life of > me, I could not get it to look for it in the original location. So, I > finally gave up and moved the location to /var/run/ However, I had to > set the permissions of that directory to allow write access for the > world ... possibly not a good thing. Is there a stand location for this > and what permissions are normal. > > At any rate .. I do have mail flowing again but would love to know why > the location shifted. Probably a misconfiguration somewhere. > > Dave The actual location is set in the my.cnf file, but I am not sure where MailScanner and mailwatch might be finding this at. Maybe there are 2 copies of my.cnf on the system, and MailScanner is picking up the wrong one. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/edbafa8e/signature.bin From ssilva at sgvwater.com Wed May 20 18:22:16 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 20 18:22:41 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: on 5-20-2009 8:43 AM Alex Neuman spake the following: > Are you sure the syntax isn't supposed to be: > > From:?? 193.35.217.???? yes > (no x at the end) > I would assume that the X was just a sanitizing step to hide the real number that he didn't want to post to a mailing list. Just like the way he sanitized e-mail addresses. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/095593a8/signature.bin From simon.walter at hp-factory.de Wed May 20 22:51:44 2009 From: simon.walter at hp-factory.de (Simon Walter) Date: Wed May 20 22:52:02 2009 Subject: Bug#529358: mailscanner: MailScanner dies an ugly death when using perl 5.10.0-22 In-Reply-To: <94029a830905200654n7953738dv813ea7708ef38349@mail.gmail.com> References: <20090518202114.18810.13764.reportbug@mailkeeper> <20090520143543.5671d3ae@hp-factory.de> <94029a830905200654n7953738dv813ea7708ef38349@mail.gmail.com> Message-ID: <20090520235144.2dac35fd@hp-factory.de> On Wed, 20 May 2009 16:54:59 +0300 Gerasimos Melissaratos wrote: > On Wed, May 20, 2009 at 3:35 PM, Simon Walter > wrote: > > There is also a problem when using clamavd, it crash and complains > > about missing permission for lstat on the unpacked mail, no matter > > how I configure "Incoming Work User/Group/Permission". > > That's an easy one, just change the antivirus from "auto" to "clamav" > in MailScanner.conf and ... you have disabled clamd usage, using clamav as standalone scanner and lost a considerable amount of processing performance. It's a workaround but not a solution. -- Regards Simon Walter From gafaith at asdm.net Thu May 21 02:50:33 2009 From: gafaith at asdm.net (Gary Faith) Date: Thu May 21 02:50:56 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Message-ID: <4A147B290200002D00006737@sparky.asdm.net> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090520/982ee28f/attachment.html From eli at orbsky.homelinux.org Thu May 21 05:54:04 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Thu May 21 05:54:29 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A147B290200002D00006737@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> Message-ID: <200905210754.04555.eli@orbsky.homelinux.org> Gary... With all due respect. Assuming that the mail coming from your servers is not affected by something bad is a mistake. Not to mention, spam that uses your domain as email addresses in the to / from to get around just the kind of scenario is also makes your strategy a mistake. What harm besides having your server do some work would be caused by having all the mail scanned? On Thursday 21 May 2009 04:50:33 Gary Faith wrote: > I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. > > From: domain.com no > > This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. > > What is required: > 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. > 2. All other mail scanned (like normal). > > I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? > > Thanks, > > Gary Faith > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brent.addis at spit.gen.nz Thu May 21 06:25:04 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Thu May 21 06:26:55 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A147B290200002D00006737@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> Message-ID: <1242883504.23783.16.camel@baddis-laptop> Why don't you use SPF on your domains? -----Original Message----- From: Gary Faith Reply-to: MailScanner discussion To: mailscanner@lists.mailscanner.info Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Date: Wed, 20 May 2009 21:50:33 -0400 I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/6a85afca/attachment.html From shyamph at gmail.com Thu May 21 09:39:52 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 09:48:19 2009 Subject: Cached Timeout MailScanner Message-ID: Hi All, I am using MailScanner with postfix+clamav and scanning is happening properly, now a days i am seeing some time spam mails gets through and if i see the log or mailwatch it says *"cached timeout". *what could be the reason or is there any configuration tuning needs to be done. Let me know what are the input required from my end to debug the same. Mail Scanner Version :4.74.16 postfix : 2.2.11 SpamAssassin version 3.2.5 running on Perl version 5.8.5 OS : CentOS 4.7 Thanks in advance Shyam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/6dbeac56/attachment.html From maxsec at gmail.com Thu May 21 11:10:42 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 21 11:10:50 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: Message-ID: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> there's problems with the spamassassin cache - stop mailscanner - delete the spamassassin cache (you'll find in in the "Incoming Work Dir" as mentioned in MailScanner.conf") and then start Mailscanner. 2009/5/21 shyam hirurkar > Hi All, > > > I am using MailScanner with postfix+clamav and scanning is happening > properly, now a days i am seeing some time spam mails gets through and if i > see the log or mailwatch it says *"cached timeout". > > *what could be the reason or is there any configuration tuning needs to be > done. > > Let me know what are the input required from my end to debug the same. > > Mail Scanner Version :4.74.16 > postfix : 2.2.11 > SpamAssassin version 3.2.5 > running on Perl version 5.8.5 > OS : CentOS 4.7 > > Thanks in advance > > Shyam > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/96289fc4/attachment-0001.html From shyamph at gmail.com Thu May 21 11:17:09 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 11:17:18 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hi , Thanks for the input but small question how often i need to do is there any automation for this. Thanks in advance.. Shyam On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: > there's problems with the spamassassin cache - stop mailscanner - delete > the spamassassin cache (you'll find in in the "Incoming Work Dir" as > mentioned in MailScanner.conf") and then start Mailscanner. > > 2009/5/21 shyam hirurkar > >> Hi All, >> >> >> I am using MailScanner with postfix+clamav and scanning is happening >> properly, now a days i am seeing some time spam mails gets through and if i >> see the log or mailwatch it says *"cached timeout". >> >> *what could be the reason or is there any configuration tuning needs to >> be done. >> >> Let me know what are the input required from my end to debug the same. >> >> Mail Scanner Version :4.74.16 >> postfix : 2.2.11 >> SpamAssassin version 3.2.5 >> running on Perl version 5.8.5 >> OS : CentOS 4.7 >> >> Thanks in advance >> >> Shyam >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/4560ca17/attachment.html From shyamph at gmail.com Thu May 21 11:19:16 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 21 11:19:26 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hope the below parameter will solve my problem SpamAssassin Cache Timings (mailScanner.conf) Shyam On Thu, May 21, 2009 at 3:47 PM, shyam hirurkar wrote: > Hi , > > Thanks for the input but small question how often i need to do is there any > automation for this. > > Thanks in advance.. > Shyam > > > On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: > >> there's problems with the spamassassin cache - stop mailscanner - delete >> the spamassassin cache (you'll find in in the "Incoming Work Dir" as >> mentioned in MailScanner.conf") and then start Mailscanner. >> >> 2009/5/21 shyam hirurkar >> >>> Hi All, >>> >>> >>> I am using MailScanner with postfix+clamav and scanning is happening >>> properly, now a days i am seeing some time spam mails gets through and if i >>> see the log or mailwatch it says *"cached timeout". >>> >>> *what could be the reason or is there any configuration tuning needs to >>> be done. >>> >>> Let me know what are the input required from my end to debug the same. >>> >>> Mail Scanner Version :4.74.16 >>> postfix : 2.2.11 >>> SpamAssassin version 3.2.5 >>> running on Perl version 5.8.5 >>> OS : CentOS 4.7 >>> >>> Thanks in advance >>> >>> Shyam >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> -- >> Martin Hepworth >> Oxford, UK >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/b925752f/attachment.html From maxsec at gmail.com Thu May 21 11:58:01 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 21 11:58:10 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: <72cf361e0905210358w18b00076h9117fe9c95b1a9f3@mail.gmail.com> You shouldn't need to alter this - this are how long for various items to live in the cache. it sound like the cache has become corrupt if it's timing out - so as it's purely a performance cache its quite safe to delete it and let it rebuild itself. a good check is make sure it's growing and growing, after a few hours the cache should settle into a size (give or take a few MB). 2009/5/21 shyam hirurkar > Hope the below parameter will solve my problem > > SpamAssassin Cache Timings (mailScanner.conf) > > Shyam > > > > > On Thu, May 21, 2009 at 3:47 PM, shyam hirurkar wrote: > >> Hi , >> >> Thanks for the input but small question how often i need to do is there >> any automation for this. >> >> Thanks in advance.. >> Shyam >> >> >> On Thu, May 21, 2009 at 3:40 PM, Martin Hepworth wrote: >> >>> there's problems with the spamassassin cache - stop mailscanner - delete >>> the spamassassin cache (you'll find in in the "Incoming Work Dir" as >>> mentioned in MailScanner.conf") and then start Mailscanner. >>> >>> 2009/5/21 shyam hirurkar >>> >>>> Hi All, >>>> >>>> >>>> I am using MailScanner with postfix+clamav and scanning is happening >>>> properly, now a days i am seeing some time spam mails gets through and if i >>>> see the log or mailwatch it says *"cached timeout". >>>> >>>> *what could be the reason or is there any configuration tuning needs to >>>> be done. >>>> >>>> Let me know what are the input required from my end to debug the same. >>>> >>>> Mail Scanner Version :4.74.16 >>>> postfix : 2.2.11 >>>> SpamAssassin version 3.2.5 >>>> running on Perl version 5.8.5 >>>> OS : CentOS 4.7 >>>> >>>> Thanks in advance >>>> >>>> Shyam >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/7b323cd1/attachment.html From ssilva at sgvwater.com Thu May 21 16:48:07 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 21 16:48:32 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: on 5-21-2009 3:17 AM shyam hirurkar spake the following: > Hi , > > Thanks for the input but small question how often i need to do is there > any automation for this. > You only need to do this if the cache becomes corrupt. It could be days or years, you never know when a db can get corrupted. I'm not sure if you could automate this. I guess if there is a utility in sqlite that can check for corruption and exit with an errorlevel, you could automate this in a startup script. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/b1e1efcf/signature.bin From paul.hutchings at mira.co.uk Thu May 21 20:34:02 2009 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Thu May 21 20:34:19 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: Ermm.. well sorry but does anyone have any ideas on this at all please? All I know is that it used to work, now it only works when I use rules such as "From: *@domain com". Cheers, Paul -- Paul Hutchings From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings Sent: 20 May 2009 16:56 To: MailScanner discussion Subject: RE: Mailscanner's stopped signing messages? Thanks for the reply. If the syntax has changed I've had this config for a couple of years so it must be very recent - plus that would sign all messages from a subnet/ip range, I only want to target specific source IP address? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 20 May 2009 16:43 To: MailScanner discussion Subject: Re: Mailscanner's stopped signing messages? Are you sure the syntax isn't supposed to be: From: 193.35.217. yes (no x at the end) On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings wrote: OK it would appear that removing the line: From: 193.35.217.x yes And replacing it with: -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/edc71914/attachment.html From ssilva at sgvwater.com Thu May 21 21:02:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 21 21:03:07 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> Message-ID: on 5-21-2009 12:34 PM Paul Hutchings spake the following: > Ermm.. well sorry but does anyone have any ideas on this at all please? > > > > All I know is that it used to work, now it only works when I use rules > such as ?From: *@domain com?. > Remember that MailScanner usually works on the envelope address. Does this mail go through another gateway on the way in? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090521/99b74974/signature.bin From MailScanner at ecs.soton.ac.uk Fri May 22 09:40:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:40:32 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905200159.n4K1x67u010236@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> Message-ID: On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > Hello, > > Installation details: RHEL5.3 with cPanel and MailScanner Front End > (configserver.com) > MailScanner is running ok for more than one year. > Our server uses the "Remove These Headers = > %rules-dir%/remove.headers.rules" setting to eliminate inbound return > receipts requests while allowing outbound receipts headers to stay intact. > > Two weeks ago after upgrading to version MailScanner - v4.76.24 we > begun to notice that some inbound emails were asking for return receipts. > > We played a lot with the rules file without success and as a temporary > solution, we replaced the per domain rules file with the the following > single line instruction: > > Remove These Headers = > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > > This solution is working, we have no receipts at all both inbound and > outbound, but we wish to regain the fine granularity control we once had. That should definitely not work, and it was a small bug that was allowing it to work. The spec in the MailScanner.conf file clearly states that: # Each header should end in a ":", but MailScanner will add it if you forget. # Headers should be separated by commas or spaces. > > The original rules file uses spaces to separate the headers. That was correct. > The typical per domain lines we had in the remove.headers.rules file were: > > # For each domain: > From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > X-Spam-Processed: > To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > Disposition-Notification-To: Errors-To: MDRcpt-To: > MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > X-Status: X-UID: X-UIDL: > > Those instructions used worked ok with previous MailScanner versions. And I have just tried a system with a rules file very much like yours and it works just fine. Sorry, but I cannot reproduce the problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:42:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:42:56 2009 Subject: Possible config option to skip filename/filettype checks for the message body? In-Reply-To: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> References: <0A5EC380C825E440B3BB048CDE603A1659F0@PSIMS002.pshosting.intranet> <4A16657A.2010906@ecs.soton.ac.uk> Message-ID: Just use a ruleset on "Allow Filenames" and "Allow Filetypes", with "." as the value for messages you don't want to check. That will allow any filename containing any character. On 20/05/2009 05:07, PSI Mailbag wrote: > Hey Jules + List, > > What do you guys/gals think about a config option to bypass the > filename/filetype checks on the message body? Very frequently, I get > messages being blocked because "file" (and even when used in the mime > only option) detects regular chatter as being a file that shouldn't be > sent: > > [root@psimf001 0114C74652C.B6E83]# file -i msg-27860-603.txt > msg-27860-603.txt: video/quicktime > [root@psimf001 0114C74652C.B6E83]# head -1 msg-27860-603.txt > Re: skipping ropes - would you want singles or the extra long ones for > > Is it feasible to find a way to bypass the checks on the extracted > message body content? I've stripped down my magic file of a lot of the > more common FP's, but lately I seem to be hitting new ones every other > week. > > In my mind I see a config option that would allow you to bypass the > "file" results from the content extracted from the message body > (msg-*.txt), while still allowing it to properly run against regular > attachments. > > Thoughts? > > > Cheers, > -Joshua > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:45:25 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:45:43 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <4A166625.8090705@ecs.soton.ac.uk> Message-ID: Please can you try 4.77.5 which I am about to publish. On 20/05/2009 16:36, Paul Hutchings wrote: > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: > > From: *@us co.uk yes > > And restarting MailScanner (I did a restart without changing anything) > has made it work. > > Has something changed with regard to the values that can be used in > rules (the IP address of the server hasn't changed!)? > > Cheers, > Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Hutchings > Sent: 20 May 2009 08:57 > To: MailScanner discussion > Subject: Mailscanner's stopped signing messages? > > As subject - it used to and other than a recent upgrade I don't believe > I've changed anything. > > How can I debug this on a production box to find out why it's not doing > it please? > > Mailscanner.conf contains: > > Sign Clean Messages = %rules-dir%/signature.rules > > And > > [root@relay log]# cat /etc/MailScanner/rules/signature.rules > # Only sign outbound mail > From: someaddress@us co.uk no > From: 193.35.217.x yes > From: *@ us co.uk and From: 193.35.217.x yes > FromOrTo: default no > > Cheers, > Paul > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri May 22 09:46:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 09:47:14 2009 Subject: Mailscanner's stopped signing messages? In-Reply-To: References: <24e3d2e40905200843y5e391940jc649f75822a4de64@mail.gmail.com> <4A16667A.2020206@ecs.soton.ac.uk> Message-ID: Please try 4.77.5. On 21/05/2009 20:34, Paul Hutchings wrote: > > Ermm.. well sorry but does anyone have any ideas on this at all please? > > All I know is that it used to work, now it only works when I use rules > such as ?From: *@domain com?. > > Cheers, > > Paul > > -- > > Paul Hutchings > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Paul Hutchings > *Sent:* 20 May 2009 16:56 > *To:* MailScanner discussion > *Subject:* RE: Mailscanner's stopped signing messages? > > Thanks for the reply. If the syntax has changed I?ve had this config > for a couple of years so it must be very recent ? plus that would sign > all messages from a subnet/ip range, I only want to target specific > source IP address? > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Alex Neuman > *Sent:* 20 May 2009 16:43 > *To:* MailScanner discussion > *Subject:* Re: Mailscanner's stopped signing messages? > > Are you sure the syntax isn't supposed to be: > > From: 193.35.217. yes > (no x at the end) > > On Wed, May 20, 2009 at 10:36 AM, Paul Hutchings > > wrote: > > OK it would appear that removing the line: > > From: 193.35.217.x yes > > And replacing it with: > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman > > ------------------------------------------------------------------------ > > *MIRA Ltd* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us > either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > > ------------------------------------------------------------------------ > > *MIRA Ltd* > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us > either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the > e-mail as this is prohibited. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eddie at emcuk.com Fri May 22 10:13:30 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Fri May 22 10:13:58 2009 Subject: Commit ineffective error Message-ID: <4A166CBA.60002@emcuk.com> Hi All, I'm getting the below errors on a few of our servers when we moved to the newer mailscanner on them; commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 939. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 939. Any idea how to sort them out? Regards -- Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. From maxsec at gmail.com Fri May 22 10:22:50 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri May 22 10:23:00 2009 Subject: Commit ineffective error In-Reply-To: <4A166CBA.60002@emcuk.com> References: <4A166CBA.60002@emcuk.com> Message-ID: <72cf361e0905220222g77ca22a1n21a3cb15b7252500@mail.gmail.com> This is a well known 'error' with mailwatch see http://markmail.org/message/lan2mga2nghqk3ud#query:autocommit%20mailwatch+page:1+mid:m3j6otkwbtb5xq2k+state:resultsfor a 'fix' to keep the warning out of the logs etc. 2009/5/22 Eddie Hallahan > Hi All, > > I'm getting the below errors on a few of our servers when we moved to > the newer mailscanner on them; > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > > > Any idea how to sort them out? > > Regards > > -- > Eddie Hallahan > Enterprise Management Consulting > www.emcuk.com > > Enterprise Management Consulting is a company registered in England and > Wales with company number 3134544. VAT registration number is 681038440. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/4e3b6041/attachment.html From marc at marcsnet.com Fri May 22 10:26:24 2009 From: marc at marcsnet.com (Marc Lucke) Date: Fri May 22 10:26:57 2009 Subject: Commit ineffective error In-Reply-To: <4A166CBA.60002@emcuk.com> References: <4A166CBA.60002@emcuk.com> Message-ID: <4A166FC0.9060109@marcsnet.com> I get those too. I wasn't too worried because it is only MailWatch which still seems to be OK. But am interested. Eddie Hallahan wrote: > Hi All, > > I'm getting the below errors on a few of our servers when we moved to > the newer mailscanner on them; > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 939. > > > Any idea how to sort them out? > > Regards > > From sandro at e-den.it Fri May 22 10:50:51 2009 From: sandro at e-den.it (Alessandro Dentella) Date: Fri May 22 10:51:27 2009 Subject: spamassassin from MailScanner & dns Message-ID: <20090522095051.GA12888@ubuntu> Hi, I'm trying to study all the possible tuning for MailScanner. It I run su postfix -p -c 'spamassassin -x -D -C \ /etc/MailScanner/spam.assassin.prefs.conf --lint' I get among the rest: ... [2173] dbg: dns: is Net::DNS::Resolver available? yes ... [2173] dbg: dns: is DNS available? 0 [2173] dbg: rules: local tests only, ignoring RBL eval that appears contraddictory to me... what's the explanation? does the second 'dns' line means it doesn't understand the line in /etc/MailScanner/spam.assassin.prefs.conf: # grep dns /etc/MailScanner/spam.assassin.prefs.conf dns_available yes How should I enable non local test? Thanks *:-) From kalle at idlar.nu Fri May 22 13:22:23 2009 From: kalle at idlar.nu (kalle@idlar.nu) Date: Fri May 22 13:22:32 2009 Subject: per domain/user rules with MailScanner and Spamassassin Message-ID: <4A1698FF.7050607@idlar.nu> Hi! Sorry if this has been asked before, but I've searched around and can't find any good answers. We have been running MailScanner for some years now and it's working great. However I would like to setup a more dynamic system that can handle diffrent rules for diffrent users/domains both in MailScanner and Spamassassin. I would like to have all the settings/rules in an sql-database. Is there any documentation around of a setup like that? /Kalle From ismail at ismailozatay.net Fri May 22 13:58:21 2009 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Fri May 22 13:58:35 2009 Subject: Can not release mail from the quarantine Message-ID: <4A16A16D.80500@ismailozatay.net> Hi , Today I could not relase some e-mails from the quarantine to user. Normaly every time it works without any problem. I am trying to release this mail with mailwatch interface then then from the command line like this; sendmail -t -i < /var/spool/MailScanner/quarantine/20090522/spam/n4M6sPZS032539. But it could not send. When i checked the maillog i saw that ; "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: lost input channel from localhost.localdomain [127.0.0.1] to MTA after mail" "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: from=x@y.edu, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]" I have just tried to release a different quarantined mail and it worked properly. What is happening ? Thanks ismail From hilario at soliton.com.br Fri May 22 14:26:01 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 14:26:29 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> Message-ID: <200905221326.n4MDQK9A003574@safir.blacknight.ie> Good Morning Thus of course I have done some kind of mistake that I still did not pinpoint. I will try again to double check where I may have done the mistake. Is there any additional possibilities like user:group or permission related issues? Is the following example line correct? To: *@domain1.com.br \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ Till now I am just looking at the log tail for file load fails and sending outside emails to myself with return receipts to check if it is working. Is there a more intelligent way to test or generate more log details? Thanks for taking your time to help. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 At 05:40 2009-05-22, Julian Field wrote: >On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>Hello, >> >>Installation details: RHEL5.3 with cPanel and MailScanner Front End >>(configserver.com) >>MailScanner is running ok for more than one year. >>Our server uses the "Remove These Headers = >>%rules-dir%/remove.headers.rules" setting to eliminate inbound >>return receipts requests while allowing outbound receipts headers >>to stay intact. >> >>Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>begun to notice that some inbound emails were asking for return receipts. >> >>We played a lot with the rules file without success and as a >>temporary solution, we replaced the per domain rules file with the >>following single line instruction: >> >>Remove These Headers = >>/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >> >>This solution is working, we have no receipts at all both inbound >>and outbound, but we wish to regain the fine granularity control we once had. >That should definitely not work, and it was a small bug that was >allowing it to work. The spec in the MailScanner.conf file clearly states that: ># Each header should end in a ":", but MailScanner will add it if you forget. ># Headers should be separated by commas or spaces. >> >>The original rules file uses spaces to separate the headers. >That was correct. >>The typical per domain lines we had in the remove.headers.rules file were: >> >># For each domain: >>From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: >>To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>Disposition-Notification-To: Errors-To: MDRcpt-To: >>MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>X-Status: X-UID: X-UIDL: >> >>Those instructions used worked ok with previous MailScanner versions. >And I have just tried a system with a rules file very much like >yours and it works just fine. > >Sorry, but I cannot reproduce the problem. > >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >Need help customising MailScanner? >Contact me! >Need help fixing or optimising your systems? >Contact me! >Need help getting you started solving new requirements from your boss? >Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/867dfbfa/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 22 14:43:45 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 14:44:10 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905221326.n4MDQK9A003574@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> Message-ID: On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > Good Morning > > Thus of course I have done some kind of mistake that I still did not > pinpoint. I will try again to double check where I may have done the > mistake. > > Is there any additional possibilities like user:group or permission > related issues? > Is the following example line correct? > To: *@domain1.com.br > \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ That's wrong. The list, as I said, should be a space separated list of header names. So you should just put it like that, such as To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: No \ or | or anything like that at all. > > Till now I am just looking at the log tail for file load fails and > sending outside emails to myself with return receipts to check if it > is working. > Is there a more intelligent way to test or generate more log details? > > Thanks for taking your time to help. > > Best Regards, > > *Hilario Fochi Silveira > **Soliton Controles Industriais Ltda. > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > > > > *At 05:40 2009-05-22, Julian Field wrote: > > >> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>> Hello, >>> >>> Installation details: RHEL5.3 with cPanel and MailScanner Front End >>> (configserver.com) >>> MailScanner is running ok for more than one year. >>> Our server uses the "Remove These Headers = >>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >>> return receipts requests while allowing outbound receipts headers to >>> stay intact. >>> >>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>> begun to notice that some inbound emails were asking for return >>> receipts. >>> >>> We played a lot with the rules file without success and as a >>> temporary solution, we replaced the per domain rules file with the >>> following single line instruction: >>> >>> Remove These Headers = >>> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>> >>> This solution is working, we have no receipts at all both inbound >>> and outbound, but we wish to regain the fine granularity control we >>> once had. >> That should definitely not work, and it was a small bug that was >> allowing it to work. The spec in the MailScanner.conf file clearly >> states that: >> # Each header should end in a ":", but MailScanner will add it if you >> forget. >> # Headers should be separated by commas or spaces. >>> >>> The original rules file uses spaces to separate the headers. >> That was correct. >>> The typical per domain lines we had in the remove.headers.rules file >>> were: >>> >>> # For each domain: >>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >>> X-Spam-Processed: >>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>> Disposition-Notification-To: Errors-To: MDRcpt-To: >>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>> X-Status: X-UID: X-UIDL: >>> >>> Those instructions used worked ok with previous MailScanner versions. >> And I have just tried a system with a rules file very much like >> yours and it works just fine. >> >> Sorry, but I cannot reproduce the problem. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hilario at soliton.com.br Fri May 22 18:11:54 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 18:12:13 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> Message-ID: <200905221712.n4MHC3Pj014070@safir.blacknight.ie> Interesting ! If it still accepts the old configuration way, I am really curious to learn what happened in my box for it to stop accepting the old configuration file. I will have to work on it this week end ! When/How should I use the new regex feature in the remove.headers.rules file? Thanks, Hil?rio At 10:43 2009-05-22, you wrote: >On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >>Good Morning >> >>Thus of course I have done some kind of mistake >>that I still did not pinpoint. I will try again >>to double check where I may have done the mistake. >> >>Is there any additional possibilities like >>user:group or permission related issues? >>Is the following example line correct? >>To: *@domain1.com.br >>\Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >That's wrong. The list, as I said, should be a >space separated list of header names. So you >should just put it like that, such as >To: *@domain1.com.br Confirm-Reading-To: >Delivery-Receipt-To: Disposition-Notification-To: > >No \ or | or anything like that at all. >> >>Till now I am just looking at the log tail for >>file load fails and sending outside emails to >>myself with return receipts to check if it is working. >>Is there a more intelligent way to test or generate more log details? >> >>Thanks for taking your time to help. >> >>Best Regards, >> >>*Hilario Fochi Silveira >>**Soliton Controles Industriais Ltda. >>Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >> >> >> >>*At 05:40 2009-05-22, Julian Field wrote: >> >> >>>On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>>>Hello, >>>> >>>>Installation details: RHEL5.3 with cPanel and >>>>MailScanner Front End (configserver.com) >>>>MailScanner is running ok for more than one year. >>>>Our server uses the "Remove These Headers = >>>>%rules-dir%/remove.headers.rules" setting to >>>>eliminate inbound return receipts requests >>>>while allowing outbound receipts headers to stay intact. >>>> >>>>Two weeks ago after upgrading to version >>>>MailScanner - v4.76.24 we begun to notice >>>>that some inbound emails were asking for return receipts. >>>> >>>>We played a lot with the rules file without >>>>success and as a temporary solution, we >>>>replaced the per domain rules file with the following single line instruction: >>>> >>>>Remove These Headers = >>>>/Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>>> >>>>This solution is working, we have no receipts >>>>at all both inbound and outbound, but we wish >>>>to regain the fine granularity control we once had. >>>That should definitely not work, and it was a >>>small bug that was allowing it to work. The >>>spec in the MailScanner.conf file clearly states that: >>># Each header should end in a ":", but >>>MailScanner will add it if you forget. >>># Headers should be separated by commas or spaces. >>>> >>>>The original rules file uses spaces to separate the headers. >>>That was correct. >>>>The typical per domain lines we had in the remove.headers.rules file were: >>>> >>>># For each domain: >>>>From: *@domain1.com.br X-Mozilla-Status: >>>>X-Mozilla-Status2: X-Spam-Processed: >>>>To: *@domain1.com.br Confirm-Reading-To: >>>>Delivery-Receipt-To: >>>>Disposition-Notification-To: Errors-To: >>>>MDRcpt-To: MDSend-Notifications-To: >>>>Read-Receipt-To: Receipt-Requested-To: >>>>Return-Receipt-To: Status: Smtp-Rcpt-To: >>>>X-Acknowledge-To: X-Confirm-Reading-To: >>>>X-IMAPBase: X-IMAP: X-Keywords: >>>>X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: >>>>X-Spam-Processed: X-Status: X-UID: X-UIDL: >>>> >>>>Those instructions used worked ok with previous MailScanner versions. >>>And I have just tried a system with a rules >>>file very much like yours and it works just fine. >>> >>>Sorry, but I cannot reproduce the problem. >>> >>>Jules >>> >>>-- >>>Julian Field MEng CITP CEng >>>www.MailScanner.info >>>Buy the MailScanner book at >>>www.MailScanner.info/store >>> >>>Need help customising MailScanner? >>>Contact me! >>>Need help fixing or optimising your systems? >>>Contact me! >>>Need help getting you started solving new requirements from your boss? >>>Contact me! >>> >>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! > >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >Need help customising MailScanner? >Contact me! >Need help fixing or optimising your systems? >Contact me! >Need help getting you started solving new requirements from your boss? >Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! Atenciosamente, Hil?rio Fochi Silveira Soliton Controles Industriais Ltda. 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: hilario@soliton.com.br Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm Controls, Action Instruments, Montalvo, Koyo, Sharp www.soliton.com.br www.eurotherm.com.br www.actionio.com.br www.montalvo.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/b4d37031/attachment.html From ssilva at sgvwater.com Fri May 22 18:52:32 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 22 18:52:54 2009 Subject: Commit ineffective error In-Reply-To: <4A166FC0.9060109@marcsnet.com> References: <4A166CBA.60002@emcuk.com> <4A166FC0.9060109@marcsnet.com> Message-ID: on 5-22-2009 2:26 AM Marc Lucke spake the following: > I get those too. I wasn't too worried because it is only MailWatch > which still seems to be OK. But am interested. > > You would either have to turn off autocommit in mysql, or find and remove the commits in the mailwatch modules. It is a harmless side effect, except for the log space it takes. http://mailwatch.sourceforge.net/doku.php?id=mailwatch:tipandtricks:autocommit_error -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/3f37293f/signature.bin From ssilva at sgvwater.com Fri May 22 18:54:20 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri May 22 18:55:14 2009 Subject: spamassassin from MailScanner & dns In-Reply-To: <20090522095051.GA12888@ubuntu> References: <20090522095051.GA12888@ubuntu> Message-ID: on 5-22-2009 2:50 AM Alessandro Dentella spake the following: > Hi, > > I'm trying to study all the possible tuning for MailScanner. It I run > > su postfix -p -c 'spamassassin -x -D -C \ > /etc/MailScanner/spam.assassin.prefs.conf --lint' > > I get among the rest: > > ... > [2173] dbg: dns: is Net::DNS::Resolver available? yes > ... > [2173] dbg: dns: is DNS available? 0 > [2173] dbg: rules: local tests only, ignoring RBL eval > > > that appears contraddictory to me... what's the explanation? > does the second 'dns' line means it doesn't understand the line in > /etc/MailScanner/spam.assassin.prefs.conf: > > # grep dns /etc/MailScanner/spam.assassin.prefs.conf > dns_available yes > > How should I enable non local test? > > Thanks > *:-) You can only enable network tests by piping a message into spamassassin. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/8ccadca3/signature.bin From rlopezcnm at gmail.com Fri May 22 19:34:03 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri May 22 19:34:14 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) Message-ID: I would like to try out mailscanner on Debian Lenny. My senior administrator does not want to try mailscanner on Debian unless it is using postfix instead of exim4. This brings up something I do not know how to do: I access MailScanner discussion list via Gmail to read the current email. I can use google to find discussions archived at http://lists.mailscanner.info/... It I go directly to http://lists.mailscanner.info/... and sort the lists But I can not figure out how to search there for discussion on my current project. Is there a direct way to search the email archives? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/5d3c3863/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 22 20:00:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 22 20:00:47 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905221712.n4MHC3Pj014070@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > Interesting ! > If it still accepts the old configuration way, I am really curious to > learn what happened in my box for it to stop accepting the old > configuration file. I will have to work on it this week end ! > When/How should I use the new regex feature in the > remove.headers.rules file? What new regex feature? There never was one! Not in my book anyway. What you may have exploited due to poor syntax checking on my part was never in any way a supported feature, the feature is as documented in the MailScanner.conf file, ie. a space-separated list of header names. > > Thanks, > > Hil?rio > > At 10:43 2009-05-22, you wrote: > > >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >>> Good Morning >>> >>> Thus of course I have done some kind of mistake that I still did not >>> pinpoint. I will try again to double check where I may have done the >>> mistake. >>> >>> Is there any additional possibilities like user:group or permission >>> related issues? >>> Is the following example line correct? >>> To: *@domain1.com.br >>> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >> That's wrong. The list, as I said, should be a space separated list >> of header names. So you should just put it like that, such as >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> Disposition-Notification-To: >> >> No \ or | or anything like that at all. >>> >>> Till now I am just looking at the log tail for file load fails and >>> sending outside emails to myself with return receipts to check if it >>> is working. >>> Is there a more intelligent way to test or generate more log details? >>> >>> Thanks for taking your time to help. >>> >>> Best Regards, >>> >>> *Hilario Fochi Silveira >>> **Soliton Controles Industriais Ltda. >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >>> >>> >>> >>> *At 05:40 2009-05-22, Julian Field wrote: >>> >>> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >>>>> Hello, >>>>> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front >>>>> End (configserver.com) >>>>> MailScanner is running ok for more than one year. >>>>> Our server uses the "Remove These Headers = >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >>>>> return receipts requests while allowing outbound receipts headers >>>>> to stay intact. >>>>> >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we >>>>> begun to notice that some inbound emails were asking for return >>>>> receipts. >>>>> >>>>> We played a lot with the rules file without success and as a >>>>> temporary solution, we replaced the per domain rules file with the >>>>> following single line instruction: >>>>> >>>>> Remove These Headers = >>>>> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >>>>> >>>>> This solution is working, we have no receipts at all both inbound >>>>> and outbound, but we wish to regain the fine granularity control >>>>> we once had. >>>> That should definitely not work, and it was a small bug that was >>>> allowing it to work. The spec in the MailScanner.conf file clearly >>>> states that: >>>> # Each header should end in a ":", but MailScanner will add it if >>>> you forget. >>>> # Headers should be separated by commas or spaces. >>>>> >>>>> The original rules file uses spaces to separate the headers. >>>> That was correct. >>>>> The typical per domain lines we had in the remove.headers.rules >>>>> file were: >>>>> >>>>> # For each domain: >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >>>>> X-Spam-Processed: >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >>>>> X-Status: X-UID: X-UIDL: >>>>> >>>>> Those instructions used worked ok with previous MailScanner versions. >>>> And I have just tried a system with a rules file very much like >>>> yours and it works just fine. >>>> >>>> Sorry, but I cannot reproduce the problem. >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info < >>>> http://www.mailscanner.info/> >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> < >>>> http://www.mailscanner.info/store> >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Atenciosamente, > > *Hil?rio Fochi Silveira > **Soliton Controles Industriais Ltda. > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > hilario@soliton.com.br > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm > Controls, Action Instruments, Montalvo, Koyo, Sharp > www.soliton.com.br www.eurotherm.com.br > www.actionio.com.br > www.montalvo.com.br > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G +QTTpHrgwHz371bPuVpt6bE= =Qvgv -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hilario at soliton.com.br Fri May 22 20:35:12 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Fri May 22 20:35:44 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> Message-ID: <200905221935.n4MJZYi3020712@safir.blacknight.ie> Wow, Now I am really confused ! The following are the instructions I interpreted as new regex feature for "Remove These Headers" I see them in two different places: the changelog and the instructions in the MailScanner.conf file inside the MailScanner-4.77.5-1.rpm.tar.gz And the new instructions prohibit the use of spaces in the new regex mode. a) The changelog file Reference: http://www.mailscanner.info/ChangeLog 1/4/2009 New in Version 4.75.11-1 ================================= ... 9 Added support for regular expressions in "Remove These Headers". Note that the expression is matched against the whole header line, not just the name of the header. Note that the expressions must not contain any spaces, so use '\s' instead of ' '. The match is done case-insensitive in all cases. ... b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz). Reference: ... # If any of these headers are included in a a message, they will be deleted. # This is a space-separated list of a mixture of any combination of # 1. Names of headers, optionally ending with a ':' # (the ':' will be added if not supplied) # 2. Regular expressions starting and ending with a '/'. # These regular expressions are matched against the entire header line, # not just the name of the header. # **NOTE** The regular expressions must *not* contain spaces, # so use '\s' instead of ' '. # This is very useful for removing return-receipt requests and any headers ... I really thought it was a new regex feature to remove headers and/or additional information. It works as a line in the Mailscanner.conf file, but I am not able to have my old per domain file working anymore. I just do not know how to use it correctly and my server does not accept the file with spaces any more. Thanks again for helping. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 At 16:00 2009-05-22, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > > >On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > > Interesting ! > > If it still accepts the old configuration way, I am really curious to > > learn what happened in my box for it to stop accepting the old > > configuration file. I will have to work on it this week end ! > > When/How should I use the new regex feature in the > > remove.headers.rules file? >What new regex feature? There never was one! Not in my book anyway. What >you may have exploited due to poor syntax checking on my part was never >in any way a supported feature, the feature is as documented in the >MailScanner.conf file, ie. a space-separated list of header names. > > > > Thanks, > > > > Hil?rio > > > > At 10:43 2009-05-22, you wrote: > > > > > >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > >>> Good Morning > >>> > >>> Thus of course I have done some kind of mistake that I still did not > >>> pinpoint. I will try again to double check where I may have done the > >>> mistake. > >>> > >>> Is there any additional possibilities like user:group or permission > >>> related issues? > >>> Is the following example line correct? > >>> To: *@domain1.com.br > >>> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ > >> That's wrong. The list, as I said, should be a space separated list > >> of header names. So you should just put it like that, such as > >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> Disposition-Notification-To: > >> > >> No \ or | or anything like that at all. > >>> > >>> Till now I am just looking at the log tail for file load fails and > >>> sending outside emails to myself with return receipts to check if it > >>> is working. > >>> Is there a more intelligent way to test or generate more log details? > >>> > >>> Thanks for taking your time to help. > >>> > >>> Best Regards, > >>> > >>> *Hilario Fochi Silveira > >>> **Soliton Controles Industriais Ltda. > >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > >>> > >>> > >>> > >>> *At 05:40 2009-05-22, Julian Field wrote: > >>> > >>> > >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > >>>>> Hello, > >>>>> > >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front > >>>>> End (configserver.com) > >>>>> MailScanner is running ok for more than one year. > >>>>> Our server uses the "Remove These Headers = > >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound > >>>>> return receipts requests while allowing outbound receipts headers > >>>>> to stay intact. > >>>>> > >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we > >>>>> begun to notice that some inbound emails were asking for return > >>>>> receipts. > >>>>> > >>>>> We played a lot with the rules file without success and as a > >>>>> temporary solution, we replaced the per domain rules file with the > >>>>> following single line instruction: > >>>>> > >>>>> Remove These Headers = > >>>>> > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > >>>>> > >>>>> This solution is working, we have no receipts at all both inbound > >>>>> and outbound, but we wish to regain the fine granularity control > >>>>> we once had. > >>>> That should definitely not work, and it was a small bug that was > >>>> allowing it to work. The spec in the MailScanner.conf file clearly > >>>> states that: > >>>> # Each header should end in a ":", but MailScanner will add it if > >>>> you forget. > >>>> # Headers should be separated by commas or spaces. > >>>>> > >>>>> The original rules file uses spaces to separate the headers. > >>>> That was correct. > >>>>> The typical per domain lines we had in the remove.headers.rules > >>>>> file were: > >>>>> > >>>>> # For each domain: > >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > >>>>> X-Spam-Processed: > >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: > >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > >>>>> X-Status: X-UID: X-UIDL: > >>>>> > >>>>> Those instructions used worked ok with previous MailScanner versions. > >>>> And I have just tried a system with a rules file very much like > >>>> yours and it works just fine. > >>>> > >>>> Sorry, but I cannot reproduce the problem. > >>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP CEng > >>>> www.MailScanner.info < > >>>> http://www.mailscanner.info/> > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> < > >>>> http://www.mailscanner.info/store> > >>>> > >>>> Need help customising MailScanner? > >>>> Contact me! > >>>> Need help fixing or optimising your systems? > >>>> Contact me! > >>>> Need help getting you started solving new requirements from your boss? > >>>> Contact me! > >>>> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > Atenciosamente, > > > > *Hil?rio Fochi Silveira > > **Soliton Controles Industriais Ltda. > > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > > hilario@soliton.com.br > > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm > > Controls, Action Instruments, Montalvo, Koyo, Sharp > > www.soliton.com.br www.eurotherm.com.br > > www.actionio.com.br > > www.montalvo.com.br > > > > > >Jules > >- -- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Follow me at twitter.com/JulesFM > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >PGP public key: http://www.jules.fm/julesfm.asc > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.10.0 (Build 500) >Comment: Use PGP or Thunderbird Enigmail to verify this message >Charset: ISO-8859-1 > >wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G >+QTTpHrgwHz371bPuVpt6bE= >=Qvgv >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/008f9745/attachment.html From gafaith at asdm.net Sat May 23 01:27:28 2009 From: gafaith at asdm.net (Gary Faith) Date: Sat May 23 01:27:51 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <1242883504.23783.16.camel@baddis-laptop> References: <4A147B290200002D00006737@sparky.asdm.net> <1242883504.23783.16.camel@baddis-laptop> Message-ID: <4A170AB00200002D00006768@sparky.asdm.net> I do use SPF for my domains and I am using v=spf1 a mx -all for the domain and v=spf1 a -all for the mail server. >>> Brent Addis 5/21/2009 1:25 AM >>> Why don't you use SPF on your domains? -----Original Message----- From: Gary Faith Reply-to: MailScanner discussion To: mailscanner@lists.mailscanner.info Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH Date: Wed, 20 May 2009 21:50:33 -0400 I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. From: domain.com no This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. What is required: 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. 2. All other mail scanned (like normal). I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? Thanks, Gary Faith -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/3ad951ff/attachment-0001.html From gafaith at asdm.net Sat May 23 01:47:50 2009 From: gafaith at asdm.net (Gary Faith) Date: Sat May 23 01:48:10 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <200905210754.04555.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> Message-ID: <4A170F760200002D0000676D@sparky.asdm.net> I am trying to get around the problem of whitelisting my entire domain which is what I did earlier by allowing any message FROM my domain name without scanning. As I said earlier, this caused problems because people were using my server to send spam using my domain. I only want it to not scan e-mail when it is from the server that authenticates. The server that I am talking about is a mail server, which used to have a static IP, I use for another unrelated business and my personal e-mail. Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. I need a solutions and I thought someone on this list would have a brilliant idea on how to do this. It can't be that hard, can it? >>> Eli Wapniarski 5/21/2009 12:54 AM >>> Gary... With all due respect. Assuming that the mail coming from your servers is not affected by something bad is a mistake. Not to mention, spam that uses your domain as email addresses in the to / from to get around just the kind of scenario is also makes your strategy a mistake. What harm besides having your server do some work would be caused by having all the mail scanned? On Thursday 21 May 2009 04:50:33 Gary Faith wrote: > I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a situation where I am relaying e-mail for a trusted mail server with a dynamic IP who connects to my mail scanner via SMTP Auth. I don't have a need for scanning the outbound e-mail from this server but I do need to have the inbound mail scanned. So I figured I would add the domain to scan.messages.rules. > > From: domain.com no > > This had the effect of stopping scanning of the mail which was desired but now spam is coming in with the From addresss the same as the To address like: xyz@domain.com to xyz@domain.com. These messages are not being scanned and getting passed through due to the rule above. Obviously, I didn't think this through correctly and I need a better solution. > > What is required: > 1. Outbound mail from the server with a dynamic IP which authenticates to the mail scanner via SMTP Auth = Not Scanned. I wouldn't care if it just goes from sendmail-in to sendmail-out and not even go through mailscanner but I don't know if that is possible. > 2. All other mail scanned (like normal). > > I know I can't base a rule on the IP address since it is dynamic but I am unsure of any other way to accomplish this. Any thoughts on how I can accomplish this? > > Thanks, > > Gary Faith > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090522/fd5e4976/attachment.html From eli at orbsky.homelinux.org Sat May 23 05:57:00 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 23 05:57:33 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A170F760200002D0000676D@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> Message-ID: <200905230757.01173.eli@orbsky.homelinux.org> On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat May 23 11:03:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 23 11:03:50 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905221935.n4MJZYi3020712@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> <200905221935.n4MJZYi3020712@safir.blacknight.ie> <4A17C9DB.1040707@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My intention was that you would present a list of regexps for header names, so you could do things like Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/ and things like that, not one big regexp that covered everything. On 22/05/2009 20:35, Hilario Fochi Silveira wrote: > Wow, Now I am really confused ! > > The following are the instructions I interpreted as new regex feature > for " > Remove These Headers > " > I see them in two different places: the changelog and the instructions > in the MailScanner.conf file inside the MailScanner-4.77.5-1.rpm.tar.gz > And the new instructions prohibit the use of spaces in the new regex mode. > > a) The changelog file > > Reference: http://www.mailscanner.info/ChangeLog > 1/4/2009 New in Version 4.75.11-1 > > ================================= > ... > 9 Added support for regular expressions in "Remove These > Headers". Note that > > the expression is matched against the whole header line, not > just the name > > of the header. Note that the expressions must not contain any > spaces, so > > use '\s' instead of ' '. The match is done case-insensitive in > all cases. > > ... > > > b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz ). > > Reference: > ... > # If any of these headers are included in a a message, they will > be deleted. > # This is a space-separated list of a mixture of any combination of > # 1. Names of headers, optionally ending with a ':' > # (the ':' will be added if not supplied) > # 2. Regular expressions starting and ending with a '/'. > # These regular expressions are matched against the entire > header line, > # not just the name of the header. > # **NOTE** The regular expressions must *not* contain spaces, > # so use '\s' instead of ' '. > # This is very useful for removing return-receipt requests and any > headers > ... > > I really thought it was a new regex feature to remove headers and/or > additional information. > It works as a line in the Mailscanner.conf file, but I am not able to > have my old per domain file working anymore. > I just do not know how to use it correctly and my server does not > accept the file with spaces any more. > > Thanks again for helping. > > Best Regards, > > *Hilario Fochi Silveira > **Soliton Controles Industriais Ltda. > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > > > > *At 16:00 2009-05-22, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 22/05/2009 18:11, Hilario Fochi Silveira wrote: >> > Interesting ! >> > If it still accepts the old configuration way, I am really curious to >> > learn what happened in my box for it to stop accepting the old >> > configuration file. I will have to work on it this week end ! >> > When/How should I use the new regex feature in the >> > remove.headers.rules file? >> What new regex feature? There never was one! Not in my book anyway. What >> you may have exploited due to poor syntax checking on my part was never >> in any way a supported feature, the feature is as documented in the >> MailScanner.conf file, ie. a space-separated list of header names. >> > >> > Thanks, >> > >> > Hil?rio >> > >> > At 10:43 2009-05-22, you wrote: >> > >> > >> >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >> >>> Good Morning >> >>> >> >>> Thus of course I have done some kind of mistake that I still did not >> >>> pinpoint. I will try again to double check where I may have done the >> >>> mistake. >> >>> >> >>> Is there any additional possibilities like user:group or permission >> >>> related issues? >> >>> Is the following example line correct? >> >>> To: *@domain1.com.br >> >>> >> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >> >> That's wrong. The list, as I said, should be a space separated list >> >> of header names. So you should just put it like that, such as >> >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> >> Disposition-Notification-To: >> >> >> >> No \ or | or anything like that at all. >> >>> >> >>> Till now I am just looking at the log tail for file load fails and >> >>> sending outside emails to myself with return receipts to check if it >> >>> is working. >> >>> Is there a more intelligent way to test or generate more log details? >> >>> >> >>> Thanks for taking your time to help. >> >>> >> >>> Best Regards, >> >>> >> >>> *Hilario Fochi Silveira >> >>> **Soliton Controles Industriais Ltda. >> >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >> >>> >> >>> >> >>> >> >>> *At 05:40 2009-05-22, Julian Field wrote: >> >>> >> >>> >> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >> >>>>> Hello, >> >>>>> >> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front >> >>>>> End (configserver.com) >> >>>>> MailScanner is running ok for more than one year. >> >>>>> Our server uses the "Remove These Headers = >> >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >> >>>>> return receipts requests while allowing outbound receipts headers >> >>>>> to stay intact. >> >>>>> >> >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we >> >>>>> begun to notice that some inbound emails were asking for return >> >>>>> receipts. >> >>>>> >> >>>>> We played a lot with the rules file without success and as a >> >>>>> temporary solution, we replaced the per domain rules file with the >> >>>>> following single line instruction: >> >>>>> >> >>>>> Remove These Headers = >> >>>>> >> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >> >>>>> >> >>>>> This solution is working, we have no receipts at all both inbound >> >>>>> and outbound, but we wish to regain the fine granularity control >> >>>>> we once had. >> >>>> That should definitely not work, and it was a small bug that was >> >>>> allowing it to work. The spec in the MailScanner.conf file clearly >> >>>> states that: >> >>>> # Each header should end in a ":", but MailScanner will add it if >> >>>> you forget. >> >>>> # Headers should be separated by commas or spaces. >> >>>>> >> >>>>> The original rules file uses spaces to separate the headers. >> >>>> That was correct. >> >>>>> The typical per domain lines we had in the remove.headers.rules >> >>>>> file were: >> >>>>> >> >>>>> # For each domain: >> >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >> >>>>> X-Spam-Processed: >> >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: >> >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >> >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >> >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >> >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >> >>>>> X-Status: X-UID: X-UIDL: >> >>>>> >> >>>>> Those instructions used worked ok with previous MailScanner >> versions. >> >>>> And I have just tried a system with a rules file very much like >> >>>> yours and it works just fine. >> >>>> >> >>>> Sorry, but I cannot reproduce the problem. >> >>>> >> >>>> Jules >> >>>> >> >>>> -- >> >>>> Julian Field MEng CITP CEng >> >>>> www.MailScanner.info < >> http://www.mailscanner.info/> < >> >>>> http://www.mailscanner.info/> >> >>>> Buy the MailScanner book at www.MailScanner.info/store >> >> >>>> < http://www.mailscanner.info/store> < >> >>>> http://www.mailscanner.info/store> >> >>>> >> >>>> Need help customising MailScanner? >> >>>> Contact me! >> >>>> Need help fixing or optimising your systems? >> >>>> Contact me! >> >>>> Need help getting you started solving new requirements from your >> boss? >> >>>> Contact me! >> >>>> >> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >>>> >> >>>> >> >>>> -- >> >>>> This message has been scanned for viruses and >> >>>> dangerous content by MailScanner, and is >> >>>> believed to be clean. >> >>>> >> >>>> -- >> >>>> MailScanner mailing list >> >>>> mailscanner@lists.mailscanner.info >> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>>> >> >>>> Before posting, read http://wiki.mailscanner.info/posting >> >>>> >> >>>> Support MailScanner development - buy the book off the website! >> >> >> >> Jules >> >> >> >> -- >> >> Julian Field MEng CITP CEng >> >> www.MailScanner.info < >> http://www.mailscanner.info/> >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> < http://www.mailscanner.info/store> >> >> >> >> Need help customising MailScanner? >> >> Contact me! >> >> Need help fixing or optimising your systems? >> >> Contact me! >> >> Need help getting you started solving new requirements from your boss? >> >> Contact me! >> >> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> >> >> >> -- >> >> This message has been scanned for viruses and >> >> dangerous content by MailScanner, and is >> >> believed to be clean. >> >> >> >> -- >> >> MailScanner mailing list >> >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> Support MailScanner development - buy the book off the website! >> > >> > Atenciosamente, >> > >> > *Hil?rio Fochi Silveira >> > **Soliton Controles Industriais Ltda. >> > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil >> > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: >> > hilario@soliton.com.br >> > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm >> > Controls, Action Instruments, Montalvo, Koyo, Sharp >> > www.soliton.com.br < >> http://www.soliton.com.br/> www.eurotherm.com.br >> >> > < http://www.eurotherm.com.br/> www.actionio.com.br >> >> > < http://www.actionio.com.br/> www.montalvo.com.br >> >> > < http://www.montalvo.com.br/> >> > >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Follow me at twitter.com/JulesFM >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.10.0 (Build 500) >> Comment: Use PGP or Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G >> +QTTpHrgwHz371bPuVpt6bE= >> =Qvgv >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKF8nsEfZZRxQVtlQRApzAAJ9FkThuK2sojwjemn4byMCtH0tF4QCgj9P8 i/yXi7l76D6QCNylWxApkQs= =xPP8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kit at simplysites.co.uk Sat May 23 11:17:53 2009 From: Kit at simplysites.co.uk (Kit Wong) Date: Sat May 23 11:18:19 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <200905230757.01173.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net><200905210754.04555.eli@orbsky.homelinux.org><4A170F760200002D0000676D@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> Message-ID: I have had the same problem. The work around I am using is rough and not really what some of the experts would recommend. I am using greylisting which has the ability to tell if an email has come from smtp authed connections. This adds a header to say that. I then create a rule to read that bit of the header to match the header and then give it a -100 score. This also helps with spamassassin auto-learn for the bayes db. (not sure but maybe you can change the default header message generated by greylisting to be more specific to you so your rule-set will pick that up). Its been working fine for me. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eli Wapniarski Sent: 23 May 2009 05:57 To: mailscanner@lists.mailscanner.info Subject: Re: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Scanned by MailScanner. -- Scanned by MailScanner. From hilario at soliton.com.br Sat May 23 14:55:21 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Sat May 23 14:55:51 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> <200905221935.n4MJZYi3020712@safir.blacknight.ie> <4A17C9DB.1040707@ecs.soton.ac.uk> Message-ID: <200905231355.n4NDtgec027408@safir.blacknight.ie> humm... your example is interesting. As regex uses "I" and the original system used "spaces" for the "or" function, I had interpreted that the instructions texts in MailScanner.conf were not fully updated and that the spaces were not allowed anymore at all ! It looked like the old and the new system were incompatible with each other. May I kindly suggest that you insert your example in the MailScanner.conf file if possible with an \s anywhere that would make clear the correct usage of regex. Either way it is an incredible coincidence that my box stopped working with the rules file just when the new regex feature was added. As I still continue to have the failures and I am not able to check what is wrong, I am considering uninstalling everything and make a clean install of MailScanner. Thanks, Hil?rio At 07:03 2009-05-23, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >My intention was that you would present a list of regexps for header >names, so you could do things like >Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/ >and things like that, not one big regexp that covered everything. > >On 22/05/2009 20:35, Hilario Fochi Silveira wrote: > > Wow, Now I am really confused ! > > > > The following are the instructions I interpreted as new regex feature > > for " > > Remove These Headers > > " > > I see them in two different places: the changelog and the instructions > > in the MailScanner.conf file inside the MailScanner-4.77.5-1.rpm.tar.gz > > And the new instructions prohibit the use of spaces in the new regex mode. > > > > a) The changelog file > > > > Reference: http://www.mailscanner.info/ChangeLog > > 1/4/2009 New in Version 4.75.11-1 > > > > ================================= > > ... > > 9 Added support for regular expressions in "Remove These > > Headers". Note that > > > > the expression is matched against the whole header line, not > > just the name > > > > of the header. Note that the expressions must not contain any > > spaces, so > > > > use '\s' instead of ' '. The match is done case-insensitive in > > all cases. > > > > ... > > > > > > b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz ). > > > > Reference: > > ... > > # If any of these headers are included in a a message, they will > > be deleted. > > # This is a space-separated list of a mixture of any combination of > > # 1. Names of headers, optionally ending with a ':' > > # (the ':' will be added if not supplied) > > # 2. Regular expressions starting and ending with a '/'. > > # These regular expressions are matched against the entire > > header line, > > # not just the name of the header. > > # **NOTE** The regular expressions must *not* contain spaces, > > # so use '\s' instead of ' '. > > # This is very useful for removing return-receipt requests and any > > headers > > ... > > > > I really thought it was a new regex feature to remove headers and/or > > additional information. > > It works as a line in the Mailscanner.conf file, but I am not able to > > have my old per domain file working anymore. > > I just do not know how to use it correctly and my server does not > > accept the file with spaces any more. > > > > Thanks again for helping. > > > > Best Regards, > > > > *Hilario Fochi Silveira > > **Soliton Controles Industriais Ltda. > > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > > > > > > > > *At 16:00 2009-05-22, Julian Field wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > >> > Interesting ! > >> > If it still accepts the old configuration way, I am really curious to > >> > learn what happened in my box for it to stop accepting the old > >> > configuration file. I will have to work on it this week end ! > >> > When/How should I use the new regex feature in the > >> > remove.headers.rules file? > >> What new regex feature? There never was one! Not in my book anyway. What > >> you may have exploited due to poor syntax checking on my part was never > >> in any way a supported feature, the feature is as documented in the > >> MailScanner.conf file, ie. a space-separated list of header names. > >> > > >> > Thanks, > >> > > >> > Hil?rio > >> > > >> > At 10:43 2009-05-22, you wrote: > >> > > >> > > >> >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > >> >>> Good Morning > >> >>> > >> >>> Thus of course I have done some kind of mistake that I still did not > >> >>> pinpoint. I will try again to double check where I may have done the > >> >>> mistake. > >> >>> > >> >>> Is there any additional possibilities like user:group or permission > >> >>> related issues? > >> >>> Is the following example line correct? > >> >>> To: *@domain1.com.br > >> >>> > >> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ > >> >> That's wrong. The list, as I said, should be a space separated list > >> >> of header names. So you should just put it like that, such as > >> >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> >> Disposition-Notification-To: > >> >> > >> >> No \ or | or anything like that at all. > >> >>> > >> >>> Till now I am just looking at the log tail for file load fails and > >> >>> sending outside emails to myself with return receipts to check if it > >> >>> is working. > >> >>> Is there a more intelligent way to test or generate more log details? > >> >>> > >> >>> Thanks for taking your time to help. > >> >>> > >> >>> Best Regards, > >> >>> > >> >>> *Hilario Fochi Silveira > >> >>> **Soliton Controles Industriais Ltda. > >> >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > >> >>> > >> >>> > >> >>> > >> >>> *At 05:40 2009-05-22, Julian Field wrote: > >> >>> > >> >>> > >> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > >> >>>>> Hello, > >> >>>>> > >> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front > >> >>>>> End (configserver.com) > >> >>>>> MailScanner is running ok for more than one year. > >> >>>>> Our server uses the "Remove These Headers = > >> >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound > >> >>>>> return receipts requests while allowing outbound receipts headers > >> >>>>> to stay intact. > >> >>>>> > >> >>>>> Two weeks ago after upgrading to version MailScanner - v4.76.24 we > >> >>>>> begun to notice that some inbound emails were asking for return > >> >>>>> receipts. > >> >>>>> > >> >>>>> We played a lot with the rules file without success and as a > >> >>>>> temporary solution, we replaced the per domain rules file with the > >> >>>>> following single line instruction: > >> >>>>> > >> >>>>> Remove These Headers = > >> >>>>> > >> > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > >> >>>>> > >> >>>>> This solution is working, we have no receipts at all both inbound > >> >>>>> and outbound, but we wish to regain the fine granularity control > >> >>>>> we once had. > >> >>>> That should definitely not work, and it was a small bug that was > >> >>>> allowing it to work. The spec in the MailScanner.conf file clearly > >> >>>> states that: > >> >>>> # Each header should end in a ":", but MailScanner will add it if > >> >>>> you forget. > >> >>>> # Headers should be separated by commas or spaces. > >> >>>>> > >> >>>>> The original rules file uses spaces to separate the headers. > >> >>>> That was correct. > >> >>>>> The typical per domain lines we had in the remove.headers.rules > >> >>>>> file were: > >> >>>>> > >> >>>>> # For each domain: > >> >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > >> >>>>> X-Spam-Processed: > >> >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: > >> >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > >> >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > >> >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > >> >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > >> >>>>> X-Status: X-UID: X-UIDL: > >> >>>>> > >> >>>>> Those instructions used worked ok with previous MailScanner > >> versions. > >> >>>> And I have just tried a system with a rules file very much like > >> >>>> yours and it works just fine. > >> >>>> > >> >>>> Sorry, but I cannot reproduce the problem. > >> >>>> > >> >>>> Jules > >> >>>> > >> >>>> -- > >> >>>> Julian Field MEng CITP CEng > >> >>>> www.MailScanner.info < > >> http://www.mailscanner.info/> < > >> >>>> http://www.mailscanner.info/> > >> >>>> Buy the MailScanner book at www.MailScanner.info/store > >> > >> >>>> < http://www.mailscanner.info/store> < > >> >>>> http://www.mailscanner.info/store> > >> >>>> > >> >>>> Need help customising MailScanner? > >> >>>> Contact me! > >> >>>> Need help fixing or optimising your systems? > >> >>>> Contact me! > >> >>>> Need help getting you started solving new requirements from your > >> boss? > >> >>>> Contact me! > >> >>>> > >> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> >>>> > >> >>>> > >> >>>> -- > >> >>>> This message has been scanned for viruses and > >> >>>> dangerous content by MailScanner, and is > >> >>>> believed to be clean. > >> >>>> > >> >>>> -- > >> >>>> MailScanner mailing list > >> >>>> mailscanner@lists.mailscanner.info > >> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >>>> > >> >>>> Before posting, read http://wiki.mailscanner.info/posting > >> >>>> > >> >>>> Support MailScanner development - buy the book off the website! > >> >> > >> >> Jules > >> >> > >> >> -- > >> >> Julian Field MEng CITP CEng > >> >> www.MailScanner.info < > >> http://www.mailscanner.info/> > >> >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> >> < http://www.mailscanner.info/store> > >> >> > >> >> Need help customising MailScanner? > >> >> Contact me! > >> >> Need help fixing or optimising your systems? > >> >> Contact me! > >> >> Need help getting you started solving new requirements from your boss? > >> >> Contact me! > >> >> > >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> >> > >> >> > >> >> -- > >> >> This message has been scanned for viruses and > >> >> dangerous content by MailScanner, and is > >> >> believed to be clean. > >> >> > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner@lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> >> Before posting, read http://wiki.mailscanner.info/posting > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> > > >> > Atenciosamente, > >> > > >> > *Hil?rio Fochi Silveira > >> > **Soliton Controles Industriais Ltda. > >> > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > >> > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > >> > hilario@soliton.com.br > >> > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), Eurotherm > >> > Controls, Action Instruments, Montalvo, Koyo, Sharp > >> > www.soliton.com.br < > >> http://www.soliton.com.br/> www.eurotherm.com.br > >> > >> > < http://www.eurotherm.com.br/> www.actionio.com.br > >> > >> > < http://www.actionio.com.br/> www.montalvo.com.br > >> > >> > < http://www.montalvo.com.br/> > >> > > >> > >> Jules > >> > >> - -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Follow me at twitter.com/JulesFM > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> PGP public key: http://www.jules.fm/julesfm.asc > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.10.0 (Build 500) > >> Comment: Use PGP or Thunderbird Enigmail to verify this message > >> Charset: ISO-8859-1 > >> > >> wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G > >> +QTTpHrgwHz371bPuVpt6bE= > >> =Qvgv > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >Jules > >- -- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Follow me at twitter.com/JulesFM > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >PGP public key: http://www.jules.fm/julesfm.asc > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.10.0 (Build 500) >Comment: Use PGP or Thunderbird Enigmail to verify this message >Charset: ISO-8859-1 > >wj8DBQFKF8nsEfZZRxQVtlQRApzAAJ9FkThuK2sojwjemn4byMCtH0tF4QCgj9P8 >i/yXi7l76D6QCNylWxApkQs= >=xPP8 >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat May 23 18:01:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 23 18:01:38 2009 Subject: "Remove These Headers" not working In-Reply-To: <200905231355.n4NDtgec027408@safir.blacknight.ie> References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> <200905221935.n4MJZYi3020712@safir.blacknight.ie> <4A17C9DB.1040707@ecs.soton.ac.uk> <200905231355.n4NDtgec027408@safir.blacknight.ie> <4A182BDF.8080400@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/05/2009 14:55, Hilario Fochi Silveira wrote: > humm... your example is interesting. > > As regex uses "I" and the original system used "spaces" for the "or" > function, I had interpreted that the instructions texts in > MailScanner.conf were not fully updated and that the spaces were not > allowed anymore at all ! Spaces are not allowed in the regexps, correct. So you need to use \s in your regexp instead of a space character. That is explained in the docs as shown below. > It looked like the old and the new system were incompatible with each > other. > May I kindly suggest that you insert your example in the > MailScanner.conf file if possible with an \s anywhere that would make > clear the correct usage of regex. Okay, I'll try to improve the docs example a bit. It does already make it very clear that it mustn't contain spaces, and that you should use \s instead of the space character. So if you think my docs can be agreed, please do suggest an improvement. So you can insert comments and additions of your own, here is the bulk of the documentation for this setting: # If any of these headers are included in a a message, they will be deleted. # This is a space-separated list of a mixture of any combination of # 1. Names of headers, optionally ending with a ':' # (the ':' will be added if not supplied) # 2. Regular expressions starting and ending with a '/'. # These regular expressions are matched against the entire header line, # not just the name of the header. # **NOTE** The regular expressions must *not* contain spaces, # so use '\s' instead of ' '. # This is very useful for removing return-receipt requests and any headers # which mean special things to your email client application. # X-Mozilla-Status is bad as it allows spammers to make a message appear to # have already been read, which is believed to bypass some naive spam # filtering systems. # Receipt requests are bad as they give any attacker confirmation that an # account is active and being read. You don't want this sort of information # to leak outside your corporation. So you might want to remove (long list of header names removed) # If you are having problems with duplicate message-id headers when you # release spam from the quarantine and send it to an Exchange server, then add # Message-Id. # Each header should end in a ":", but MailScanner will add it if you forget. # Headers should be separated by commas or spaces. Please add comments and suggestions for new docs or changes to existing info above. > Either way it is an incredible coincidence that my box stopped working > with the rules file just when the new regex feature was added. If the regexp is not surrounded by / characters then it will be treated the same way the header names always used to be handled. So it should be compatible with the old system. That was certainly my intention anyway. The great advantage of using a regexp is that it is matched against the *entire* header line, and not just the name of the header, so you can use it to remove a header if its value contains a particular word or something like that. > At 07:03 2009-05-23, you wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> My intention was that you would present a list of regexps for header >> names, so you could do things like >> Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/ >> and things like that, not one big regexp that covered everything. >> >> On 22/05/2009 20:35, Hilario Fochi Silveira wrote: >> > Wow, Now I am really confused ! >> > >> > The following are the instructions I interpreted as new regex feature >> > for " >> > Remove These Headers >> > " >> > I see them in two different places: the changelog and the instructions >> > in the MailScanner.conf file inside the >> MailScanner-4.77.5-1.rpm.tar.gz >> > And the new instructions prohibit the use of spaces in the new >> regex mode. >> > >> > a) The changelog file >> > >> > Reference: http://www.mailscanner.info/ChangeLog >> > 1/4/2009 New in Version 4.75.11-1 >> > >> > ================================= >> > ... >> > 9 Added support for regular expressions in "Remove These >> > Headers". Note that >> > >> > the expression is matched against the whole header line, >> not >> > just the name >> > >> > of the header. Note that the expressions must not >> contain any >> > spaces, so >> > >> > use '\s' instead of ' '. The match is done >> case-insensitive in >> > all cases. >> > >> > ... >> > >> > >> > b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz ). >> > >> > Reference: >> > ... >> > # If any of these headers are included in a a message, they will >> > be deleted. >> > # This is a space-separated list of a mixture of any >> combination of >> > # 1. Names of headers, optionally ending with a ':' >> > # (the ':' will be added if not supplied) >> > # 2. Regular expressions starting and ending with a '/'. >> > # These regular expressions are matched against the entire >> > header line, >> > # not just the name of the header. >> > # **NOTE** The regular expressions must *not* contain spaces, >> > # so use '\s' instead of ' '. >> > # This is very useful for removing return-receipt requests and any >> > headers >> > ... >> > >> > I really thought it was a new regex feature to remove headers and/or >> > additional information. >> > It works as a line in the Mailscanner.conf file, but I am not able to >> > have my old per domain file working anymore. >> > I just do not know how to use it correctly and my server does not >> > accept the file with spaces any more. >> > >> > Thanks again for helping. >> > >> > Best Regards, >> > >> > *Hilario Fochi Silveira >> > **Soliton Controles Industriais Ltda. >> > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >> > >> > >> > >> > *At 16:00 2009-05-22, Julian Field wrote: >> > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> >> >> >> >> On 22/05/2009 18:11, Hilario Fochi Silveira wrote: >> >> > Interesting ! >> >> > If it still accepts the old configuration way, I am really >> curious to >> >> > learn what happened in my box for it to stop accepting the old >> >> > configuration file. I will have to work on it this week end ! >> >> > When/How should I use the new regex feature in the >> >> > remove.headers.rules file? >> >> What new regex feature? There never was one! Not in my book >> anyway. What >> >> you may have exploited due to poor syntax checking on my part was >> never >> >> in any way a supported feature, the feature is as documented in the >> >> MailScanner.conf file, ie. a space-separated list of header names. >> >> > >> >> > Thanks, >> >> > >> >> > Hil?rio >> >> > >> >> > At 10:43 2009-05-22, you wrote: >> >> > >> >> > >> >> >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: >> >> >>> Good Morning >> >> >>> >> >> >>> Thus of course I have done some kind of mistake that I still >> did not >> >> >>> pinpoint. I will try again to double check where I may have >> done the >> >> >>> mistake. >> >> >>> >> >> >>> Is there any additional possibilities like user:group or >> permission >> >> >>> related issues? >> >> >>> Is the following example line correct? >> >> >>> To: *@domain1.com.br >> >> >>> >> >> >> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ >> >> >> That's wrong. The list, as I said, should be a space separated >> list >> >> >> of header names. So you should just put it like that, such as >> >> >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> >> >> Disposition-Notification-To: >> >> >> >> >> >> No \ or | or anything like that at all. >> >> >>> >> >> >>> Till now I am just looking at the log tail for file load fails >> and >> >> >>> sending outside emails to myself with return receipts to check >> if it >> >> >>> is working. >> >> >>> Is there a more intelligent way to test or generate more log >> details? >> >> >>> >> >> >>> Thanks for taking your time to help. >> >> >>> >> >> >>> Best Regards, >> >> >>> >> >> >>> *Hilario Fochi Silveira >> >> >>> **Soliton Controles Industriais Ltda. >> >> >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 >> >> >>> >> >> >>> >> >> >>> >> >> >>> *At 05:40 2009-05-22, Julian Field wrote: >> >> >>> >> >> >>> >> >> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: >> >> >>>>> Hello, >> >> >>>>> >> >> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front >> >> >>>>> End (configserver.com) >> >> >>>>> MailScanner is running ok for more than one year. >> >> >>>>> Our server uses the "Remove These Headers = >> >> >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound >> >> >>>>> return receipts requests while allowing outbound receipts >> headers >> >> >>>>> to stay intact. >> >> >>>>> >> >> >>>>> Two weeks ago after upgrading to version MailScanner - >> v4.76.24 we >> >> >>>>> begun to notice that some inbound emails were asking for return >> >> >>>>> receipts. >> >> >>>>> >> >> >>>>> We played a lot with the rules file without success and as a >> >> >>>>> temporary solution, we replaced the per domain rules file >> with the >> >> >>>>> following single line instruction: >> >> >>>>> >> >> >>>>> Remove These Headers = >> >> >>>>> >> >> >> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ >> >> >> >>>>> >> >> >>>>> This solution is working, we have no receipts at all both >> inbound >> >> >>>>> and outbound, but we wish to regain the fine granularity >> control >> >> >>>>> we once had. >> >> >>>> That should definitely not work, and it was a small bug that was >> >> >>>> allowing it to work. The spec in the MailScanner.conf file >> clearly >> >> >>>> states that: >> >> >>>> # Each header should end in a ":", but MailScanner will add >> it if >> >> >>>> you forget. >> >> >>>> # Headers should be separated by commas or spaces. >> >> >>>>> >> >> >>>>> The original rules file uses spaces to separate the headers. >> >> >>>> That was correct. >> >> >>>>> The typical per domain lines we had in the remove.headers.rules >> >> >>>>> file were: >> >> >>>>> >> >> >>>>> # For each domain: >> >> >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: >> >> >>>>> X-Spam-Processed: >> >> >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: >> >> >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: >> >> >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: >> >> >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: >> >> >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: >> >> >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: >> >> >>>>> X-Status: X-UID: X-UIDL: >> >> >>>>> >> >> >>>>> Those instructions used worked ok with previous MailScanner >> >> versions. >> >> >>>> And I have just tried a system with a rules file very much like >> >> >>>> yours and it works just fine. >> >> >>>> >> >> >>>> Sorry, but I cannot reproduce the problem. >> >> >>>> >> >> >>>> Jules >> >> >>>> >> >> >>>> -- >> >> >>>> Julian Field MEng CITP CEng >> >> >>>> www.MailScanner.info < >> >> http://www.mailscanner.info/> < >> >> >>>> http://www.mailscanner.info/> >> >> >>>> Buy the MailScanner book at www.MailScanner.info/store >> >> >> >> >>>> < http://www.mailscanner.info/store> < >> >> >>>> http://www.mailscanner.info/store> >> >> >>>> >> >> >>>> Need help customising MailScanner? >> >> >>>> Contact me! >> >> >>>> Need help fixing or optimising your systems? >> >> >>>> Contact me! >> >> >>>> Need help getting you started solving new requirements from your >> >> boss? >> >> >>>> Contact me! >> >> >>>> >> >> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >>>> >> >> >>>> >> >> >>>> -- >> >> >>>> This message has been scanned for viruses and >> >> >>>> dangerous content by MailScanner, and is >> >> >>>> believed to be clean. >> >> >>>> >> >> >>>> -- >> >> >>>> MailScanner mailing list >> >> >>>> mailscanner@lists.mailscanner.info >> >> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >>>> >> >> >>>> Before posting, read http://wiki.mailscanner.info/posting >> >> >>>> >> >> >>>> Support MailScanner development - buy the book off the website! >> >> >> >> >> >> Jules >> >> >> >> >> >> -- >> >> >> Julian Field MEng CITP CEng >> >> >> www.MailScanner.info < >> >> http://www.mailscanner.info/> >> >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> >> >> < http://www.mailscanner.info/store> >> >> >> >> >> >> Need help customising MailScanner? >> >> >> Contact me! >> >> >> Need help fixing or optimising your systems? >> >> >> Contact me! >> >> >> Need help getting you started solving new requirements from >> your boss? >> >> >> Contact me! >> >> >> >> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> >> >> >> >> >> >> -- >> >> >> This message has been scanned for viruses and >> >> >> dangerous content by MailScanner, and is >> >> >> believed to be clean. >> >> >> >> >> >> -- >> >> >> MailScanner mailing list >> >> >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> >> >> Support MailScanner development - buy the book off the website! >> >> > >> >> > Atenciosamente, >> >> > >> >> > *Hil?rio Fochi Silveira >> >> > **Soliton Controles Industriais Ltda. >> >> > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil >> >> > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: >> >> > hilario@soliton.com.br >> >> > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), >> Eurotherm >> >> > Controls, Action Instruments, Montalvo, Koyo, Sharp >> >> > www.soliton.com.br < >> >> http://www.soliton.com.br/> www.eurotherm.com.br >> >> >> >> > < http://www.eurotherm.com.br/> www.actionio.com.br >> >> >> >> > < http://www.actionio.com.br/> www.montalvo.com.br >> >> >> >> > < http://www.montalvo.com.br/> >> >> > >> >> >> >> Jules >> >> >> >> - -- >> >> Julian Field MEng CITP CEng >> >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> >> Follow me at twitter.com/JulesFM >> >> >> >> MailScanner customisation, or any advanced system administration >> help? >> >> Contact me at Jules@Jules.FM >> >> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: PGP Desktop 9.10.0 (Build 500) >> >> Comment: Use PGP or Thunderbird Enigmail to verify this message >> >> Charset: ISO-8859-1 >> >> >> >> wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G >> >> +QTTpHrgwHz371bPuVpt6bE= >> >> =Qvgv >> >> -----END PGP SIGNATURE----- >> >> >> >> -- >> >> This message has been scanned for viruses and >> >> dangerous content by MailScanner, and is >> >> believed to be clean. >> >> >> >> -- >> >> MailScanner mailing list >> >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> >> >> Support MailScanner development - buy the book off the website! >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Follow me at twitter.com/JulesFM >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.10.0 (Build 500) >> Comment: Use PGP or Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFKF8nsEfZZRxQVtlQRApzAAJ9FkThuK2sojwjemn4byMCtH0tF4QCgj9P8 >> i/yXi7l76D6QCNylWxApkQs= >> =xPP8 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKGCvgEfZZRxQVtlQRAp1GAJkBcbObXYgGW6zHo97sZOflX7JBBwCgyKsR v+Eaju7OiKjyDpNfqYe3kJ0= =976l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sat May 23 19:21:28 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat May 23 19:21:43 2009 Subject: Minor issue with "Add Text Of Doc" feature Message-ID: Jules, I have installed MailScanner 4.77.5 which adds the charset="utf-8" on the Content-Type: header and the "-m UTF-8.txt" option to the antiword command, and all that works well. Thank you for those changes. I have noticed a couple of things however. I received a message with an MS-Word attachment named "JALAPENO.DOC". MailScanner added the text/plain part just fine, but gave it a name "nJALAPENO.DOC". It does rename the extension from .doc to .txt if the original .doc is lower case, but not if it is upper or mixed case. Also, in the case of the above message, MailScanner logged May 23 10:19:15 sbh16 MailScanner[10908]: Message BEEA26900B9.AF697 added Microsoft Word doc 'JALAPENO.DOC' text as nJALAPENO1.DOC I.e. the log said it gave the text/plain part the name "nJALAPENO1.DOC" when in fact, it didn't add the "1" to the name in the delivered message. Looking at the code, I don't understand where the "1" in the log message came from, but the attached Antiword.patch.txt seems to fix both issues. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- --- MS-4.77.5/MailScanner/Antiword.pm 2009-05-22 01:53:28.000000000 -0700 +++ /usr/lib/MailScanner/MailScanner/Antiword.pm 2009-05-23 11:03:50.000000000 -0700 @@ -109,7 +109,7 @@ # Create the subdir to unpack it into my $unpackfile = $docname; - $unpackfile =~ s/\.doc$/.txt$1/; + $unpackfile =~ s/\.doc$/.txt$1/i; my $attachfile = $unpackfile; # Normal attachment so starts with an 'n'. $unpackfile = $message->MakeNameSafe('n'.$unpackfile, $dir); From MailScanner at ecs.soton.ac.uk Sat May 23 20:26:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 23 20:26:48 2009 Subject: Minor issue with "Add Text Of Doc" feature In-Reply-To: References: <4A184DE4.4090905@ecs.soton.ac.uk> Message-ID: Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 259 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090523/718bc461/PGP.bin From mailscanner at barendse.to Sun May 24 00:12:15 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Sun May 24 00:12:31 2009 Subject: MailScanner on RHEL 3 / CentOS 3? Message-ID: I still have one server running CentOS 3.9 (yes, i should nuke and upgrade that box, i know) which comes with perl 5.8.0 Many of the perl modules included in the latest MailScanner version seem to require at least perl 5.8.1 CPAN.pm: Going to build M/MA/MARKOV/MailTools-2.04.tar.gz Perl v5.8.1 required--this is only v5.8.0, stopped at Makefile.PL line 1. Is there any way to install MailScanner on a RHEL3 box? Or is the only way really to nuke that box and upgrade it to something less antique? Thanks! From gafaith at asdm.net Sun May 24 02:13:41 2009 From: gafaith at asdm.net (Gary Faith) Date: Sun May 24 02:14:08 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <200905230757.01173.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> Message-ID: <4A1867050200002D00006786@sparky.asdm.net> My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? >>> Eli Wapniarski 5/23/2009 12:57 AM >>> On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090523/8662ed75/attachment.html From gafaith at asdm.net Sun May 24 02:19:38 2009 From: gafaith at asdm.net (Gary Faith) Date: Sun May 24 02:19:57 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: References: <4A147B290200002D00006737@sparky.asdm.net><200905210754.04555.eli@orbsky.homelinux.org><4A170F760200002D0000676D@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> Message-ID: <4A18686A0200002D0000678B@sparky.asdm.net> Interesting. I am using greylisting too but the problem is that I don't need to adjust the spamassassin score. Every message that is scanned via MailScannner is saved into a MySQL database & quarantined for 30-days. I use MailWatch to allow people to release messages, whitelist/blacklist, etc. What I need is to make it so that mailscanner/spamassassin does not scan this specific mail, period. >>> "Kit Wong" 5/23/2009 6:17 AM >>> I have had the same problem. The work around I am using is rough and not really what some of the experts would recommend. I am using greylisting which has the ability to tell if an email has come from smtp authed connections. This adds a header to say that. I then create a rule to read that bit of the header to match the header and then give it a -100 score. This also helps with spamassassin auto-learn for the bayes db. (not sure but maybe you can change the default header message generated by greylisting to be more specific to you so your rule-set will pick that up). Its been working fine for me. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eli Wapniarski Sent: 23 May 2009 05:57 To: mailscanner@lists.mailscanner.info Subject: Re: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Scanned by MailScanner. -- Scanned by MailScanner. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090523/8c4eb056/attachment.html From eli at orbsky.homelinux.org Sun May 24 06:06:02 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sun May 24 06:06:30 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <4A1867050200002D00006786@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> <4A1867050200002D00006786@sparky.asdm.net> Message-ID: <200905240806.02474.eli@orbsky.homelinux.org> Now I don't understand at all. Your business is a hosting service? Providing ip addresses to subscribers? Is your secondary mailserver acquiring its ip from an internal dhcp server. If so can you not make a reservation? If your dynamic ip internet connection is aquired from an external source, does that account not have it own mail box (pop / imap) which a client can access with authentication? Eli On Sunday 24 May 2009 04:13:41 Gary Faith wrote: > My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? > > >>> Eli Wapniarski 5/23/2009 12:57 AM >>> > On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > > > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. > > You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. > > Eli > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simon at kmun.gov.kw Sun May 24 13:32:33 2009 From: simon at kmun.gov.kw (Benedict simon) Date: Sun May 24 13:10:15 2009 Subject: advice on upgrade Message-ID: Dear All, I Have the following setup running fine for about a year or so on a single server. Centos 5 (final) DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server sendmail-8.13.8-2.el5 as my mail server MailScanner ver 4.66.5 jules easy package Clam-0.92-SA-3.2.4 pyzor-0.4.0 razor-agents-2.84 mailwatch-1.0.4 httpd-2.2.3-11.el5_1 all the above is workin fine . now i would like to upgrde to the latest MS stable version and also the stable clamav 0.94 nd SA 3.2.5 package since this is live server i would highly apprecite if cd get some advice and steps about upgrading the MS version to the latest stable version and also the other required pckages basically i would 1) stop sendmail and mailscanner 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin 3.2.5 easy installation package) 3) download and install mailscanner(4.76.25-1) 4) run command upgrade_MailScanner_conf 5) run command upgrade_language_conf jus wann know if latest clam av + SA will run on my current OS or do i have to upgrade any OS related files MS was installed from tar.gz package Thanks and reallly wd apprecite your advice regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simon at kmun.gov.kw Sun May 24 13:39:16 2009 From: simon at kmun.gov.kw (Benedict simon) Date: Sun May 24 13:16:54 2009 Subject: advice on upgrade-- missed somethin Message-ID: <45104ab33900e6dfefc5283178c3af8c.squirrel@webmail.baladia.gov.kw> Dear All, I Have the following setup running fine for about a year or so on a single server. Centos 5 (final) DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server sendmail-8.13.8-2.el5 as my mail server MailScanner ver 4.66.5 jules easy package Clam-0.92-SA-3.2.4 pyzor-0.4.0 razor-agents-2.84 mailwatch-1.0.4 httpd-2.2.3-11.el5_1 all the above is workin fine . now i would like to upgrde to the latest MS stable version and also the stable clamav 0.94 nd SA 3.2.5 package since this is live server i would highly apprecite if cd get some advice and steps about upgrading the MS version to the latest stable version and also the other required pckages basically i would 1) stop sendmail and mailscanner 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin 3.2.5 easy installation package) 3) download and install mailscanner(4.76.25-1) 4) run command upgrade_MailScanner_conf 5) run command upgrade_language_conf 1)jus wann know if latest clam av + SA will run on my current OS or do i have to upgrade any OS related files 2) had missed out in my earlier post. do i need to uninstall mailscanner or clam av+SA or i could jus install on top of the curent versions MS was installed from tar.gz package Thanks and reallly wd apprecite your advice regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mr.jarry at gmail.com Sun May 24 15:31:01 2009 From: mr.jarry at gmail.com (Jarry) Date: Sun May 24 15:30:57 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting Message-ID: <4A195A25.7000209@gmail.com> Hi, For whatever reason I can not stop/start MailScanner cleanly: # /etc/init.d/MailScanner stop * Stopping MailScanner... * MailScanner: caught SIGTERM, aborting # /etc/init.d/MailScanner start * WARNING: MailScanner has already been started Actually, MailScanner stops, but sendmail which has been started by MailScanner init script is still there running: # ps -e | grep sendmail 18676 ? 00:00:00 sendmail 18679 ? 00:00:00 sendmail Even when I killall sendmail, I still get the above mentioned warning, and can not start MailScanner. And that is a problem, because MailScanner is restarted (in my case, just want to be restarted, but is not) every hour to prevent eating all resources (which it keeps eating anyway, read next). I checked /var/run and /var/lock, there is no trace of MailScanner or sendmail running, yet I can not re-start Mailscanner. How can I fix this problem? And the 2nd problem, MailScanner is eating too much memory: # ps aux | grep MailScanner root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: master waiting for children, sleeping root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: waiting for messages root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: waiting for messages root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: waiting for messages root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: waiting for messages root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: waiting for messages ~330 MB RESS, ~1GB VIRTS, is *this* normal? Unbelievable. I see it for the first time, that my server does not have enough physical memory and is forced to use swap. I'm affraid, I can not spend so much memory just for MailScanner... Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. From MailScanner at ecs.soton.ac.uk Sun May 24 18:23:31 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 24 18:23:53 2009 Subject: advice on upgrade-- missed somethin In-Reply-To: <45104ab33900e6dfefc5283178c3af8c.squirrel@webmail.baladia.gov.kw> References: <45104ab33900e6dfefc5283178c3af8c.squirrel@webmail.baladia.gov.kw> <4A198293.8030206@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would keep your MailScanner.conf somewhere to point upgrade_MailScanner_conf at, and replace your tar.gz of MailScanner with the RPM for RedHat distribution of MailScanner. If you copy your /opt/MailScanner/etc directory to /etc/MailScanner before you start, and set the %rules-dir% path and other paths at the top of MailScanner.conf to point to /etc/MailScanner directories, then moving to the RPM distribution should be much easier. This is assuming you meant you just did a non-RPM install of MailScanner before, for some reason, and didn't do an RPM install of MailScanner. On 24/05/2009 13:39, Benedict simon wrote: > Dear All, > > I Have the following setup running fine for about a year or so on a > single server. > > Centos 5 (final) > DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server > sendmail-8.13.8-2.el5 as my mail server > MailScanner ver 4.66.5 > jules easy package Clam-0.92-SA-3.2.4 > pyzor-0.4.0 > razor-agents-2.84 > mailwatch-1.0.4 > httpd-2.2.3-11.el5_1 > > all the above is workin fine . > > now i would like to upgrde to the latest MS stable version and also the > stable clamav 0.94 nd SA 3.2.5 package > > since this is live server i would highly apprecite if cd get some advice > and steps about upgrading the MS version to the latest stable version and > also the other required pckages > basically i would > > 1) stop sendmail and mailscanner > 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin 3.2.5 > easy installation package) > 3) download and install mailscanner(4.76.25-1) > 4) run command upgrade_MailScanner_conf > 5) run command upgrade_language_conf > > 1)jus wann know if latest clam av + SA will run on my current OS or do i > have to upgrade any OS related files > > 2) had missed out in my earlier post. > > do i need to uninstall mailscanner or clam av+SA or i could jus install on > top of the curent versions > > MS was installed from tar.gz package > > > Thanks and reallly wd apprecite your advice > > regards > > > simon > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKGYKVEfZZRxQVtlQRAjGqAKDReA0rcQsniU/J2oOBD9d5pqTdcACcDNCB RhjPnkcmEJYPVSvq4KbK03k= =a/kG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sun May 24 18:27:08 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 24 18:27:17 2009 Subject: Minor issue with "Add Text Of Doc" feature In-Reply-To: References: <4A184DE4.4090905@ecs.soton.ac.uk> Message-ID: <20090524172708.GA2724@msapiro> On Sat, May 23, 2009 at 08:26:28PM +0100, Julian Field wrote: > Please try the attached (gzipped) Antiword.pm file in place of your > current /usr/lib/MailScanner/MailScanner/Antiword.pm. > > This should incorporate your fix, and also fix the problem with the "n" > on the front of the filenames. Thanks Jules, Yes, the Antiword.pm you sent fixes both issues. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Sun May 24 18:42:43 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun May 24 18:42:51 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <4A1867050200002D00006786@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> <4A1867050200002D00006786@sparky.asdm.net> Message-ID: <20090524174243.GB2724@msapiro> On Sat, May 23, 2009 at 09:13:41PM -0400, Gary Faith wrote: > My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? I use Postfix and am not really familiar with how MailScanner works with sendmail, but can't you just do something in the sendmail configuration to identify the SMTP-AUTH mail and queue or deliver it in a way that bypasses MailScanner? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From simon at kmun.gov.kw Sun May 24 20:05:41 2009 From: simon at kmun.gov.kw (Benedict simon) Date: Sun May 24 19:43:24 2009 Subject: Thanks. and appreciteadvice on upgrade-- missed somethin In-Reply-To: References: <45104ab33900e6dfefc5283178c3af8c.squirrel@webmail.baladia.gov.kw> <4A198293.8030206@ecs.soton.ac.uk> Message-ID: Thanks for your quick reply i do really apprecite regards simon > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I would keep your MailScanner.conf somewhere to point > upgrade_MailScanner_conf at, and replace your tar.gz of MailScanner with > the RPM for RedHat distribution of MailScanner. If you copy your > /opt/MailScanner/etc directory to /etc/MailScanner before you start, and > set the %rules-dir% path and other paths at the top of MailScanner.conf > to point to /etc/MailScanner directories, then moving to the RPM > distribution should be much easier. > > This is assuming you meant you just did a non-RPM install of MailScanner > before, for some reason, and didn't do an RPM install of MailScanner. > > On 24/05/2009 13:39, Benedict simon wrote: >> Dear All, >> >> I Have the following setup running fine for about a year or so on a >> single server. >> >> Centos 5 (final) >> DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server >> sendmail-8.13.8-2.el5 as my mail server >> MailScanner ver 4.66.5 >> jules easy package Clam-0.92-SA-3.2.4 >> pyzor-0.4.0 >> razor-agents-2.84 >> mailwatch-1.0.4 >> httpd-2.2.3-11.el5_1 >> >> all the above is workin fine . >> >> now i would like to upgrde to the latest MS stable version and also the >> stable clamav 0.94 nd SA 3.2.5 package >> >> since this is live server i would highly apprecite if cd get some >> advice >> and steps about upgrading the MS version to the latest stable version >> and >> also the other required pckages >> basically i would >> >> 1) stop sendmail and mailscanner >> 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin >> 3.2.5 >> easy installation package) >> 3) download and install mailscanner(4.76.25-1) >> 4) run command upgrade_MailScanner_conf >> 5) run command upgrade_language_conf >> >> 1)jus wann know if latest clam av + SA will run on my current OS or do i >> have to upgrade any OS related files >> >> 2) had missed out in my earlier post. >> >> do i need to uninstall mailscanner or clam av+SA or i could jus install >> on >> top of the curent versions >> >> MS was installed from tar.gz package >> >> >> Thanks and reallly wd apprecite your advice >> >> regards >> >> >> simon >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Follow me at twitter.com/JulesFM > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.10.0 (Build 500) > Comment: Use PGP or Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFKGYKVEfZZRxQVtlQRAjGqAKDReA0rcQsniU/J2oOBD9d5pqTdcACcDNCB > RhjPnkcmEJYPVSvq4KbK03k= > =a/kG > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Sun May 24 23:23:02 2009 From: davejones70 at gmail.com (Dave Jones) Date: Sun May 24 23:23:11 2009 Subject: (2nd Request) Disable scanning for a client that connects Message-ID: <67a55ed50905241523y325fbc82ndebdba53bfd673af@mail.gmail.com> 1. You should smarthost your MailScanner server to your ISP now that you are on DSL and considered "dialup" by most receiving Internet mail servers. This may require setting up authentication with your ISP account. 2. You should still scan your authenticated email since it's possible for one of your authenticated machines to get infected with an email worm. Do your part to prevent SPAM/viruses/worms from coming out of your system. 3. Setup your SpamAssassin rules to subtract a few points from email originating on your MailScanner server to "trust" your authenticated users slightly. 4. Never whitelist an entire domain unless it is your last option. If some spammer ever finds this out, they can wear you out by spoofing this domain. If you have to do this, don't do it for common domains -- only unique/specific ones. Dave -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eli Wapniarski Sent: 23 May 2009 05:57 To: mailscanner@lists.mailscanner.info Subject: Re: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. Eli -- Dave Jones From gafaith at asdm.net Mon May 25 02:33:25 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 25 02:33:46 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: <20090524174243.GB2724@msapiro> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> <4A1867050200002D00006786@sparky.asdm.net> <20090524174243.GB2724@msapiro> Message-ID: <4A19BD250200002D00006795@sparky.asdm.net> That is exactly what I want to do but I am not a sendmail expert and I don't know how. I was hoping someone would know how to do this. >>> Mark Sapiro 5/24/2009 1:42 PM >>> On Sat, May 23, 2009 at 09:13:41PM -0400, Gary Faith wrote: > My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? I use Postfix and am not really familiar with how MailScanner works with sendmail, but can't you just do something in the sendmail configuration to identify the SMTP-AUTH mail and queue or deliver it in a way that bypasses MailScanner? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090524/7d180e9c/attachment.html From gafaith at asdm.net Mon May 25 02:46:22 2009 From: gafaith at asdm.net (Gary Faith) Date: Mon May 25 02:46:42 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: <200905240806.02474.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net> <200905230757.01173.eli@orbsky.homelinux.org> <4A1867050200002D00006786@sparky.asdm.net> <200905240806.02474.eli@orbsky.homelinux.org> Message-ID: <4A19C02E0200002D0000679A@sparky.asdm.net> Business A - ISP located in a co-lo with fast internet and static IP's. It does web hosting, dial-up internet and mail scanning. Business B & My Personal Internet - Used to be a T1 with static IPs but is now a third party sucky Dynamic DSL. Now that it is dynamic DSL, I need to relay this mail through the mail scanner at Business A without the other people I have designated as MailWatch Admins in Business A, having the ability see this e-mail at all. I have an account in the mail scanner setup so I can do SMTP AUTH with TLS. That works great but ALL incoming mail is scanned unless I add FROM: domain.com no to the scan.messages.rules. When I do that I get spam from outside sources because it isn't being scanned. I need a sendmail or mailscanner option so that I can bypass scanning for the e-mail from this source only! Gary >>> Eli Wapniarski 5/24/2009 1:06 AM >>> Now I don't understand at all. Your business is a hosting service? Providing ip addresses to subscribers? Is your secondary mailserver acquiring its ip from an internal dhcp server. If so can you not make a reservation? If your dynamic ip internet connection is aquired from an external source, does that account not have it own mail box (pop / imap) which a client can access with authentication? Eli On Sunday 24 May 2009 04:13:41 Gary Faith wrote: > My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? > > >>> Eli Wapniarski 5/23/2009 12:57 AM >>> > On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > > > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. > > You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. > > Eli > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090524/c08fac88/attachment.html From eli at orbsky.homelinux.org Mon May 25 05:52:42 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Mon May 25 05:53:06 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: <4A19C02E0200002D0000679A@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905240806.02474.eli@orbsky.homelinux.org> <4A19C02E0200002D0000679A@sparky.asdm.net> Message-ID: <200905250752.42509.eli@orbsky.homelinux.org> I still think this is a very very bad idea but why not use a list of full email addresses instead of just the domain. That is FROM: user1@domain.com FROM: user2@domain.com etc. Do yourself a favor. If possible set up an effective MailScanner Instalation over on the server at Business B. Eli On Monday 25 May 2009 04:46:22 Gary Faith wrote: > Business A - ISP located in a co-lo with fast internet and static IP's. It does web hosting, dial-up internet and mail scanning. > > Business B & My Personal Internet - Used to be a T1 with static IPs but is now a third party sucky Dynamic DSL. Now that it is dynamic DSL, I need to relay this mail through the mail scanner at Business A without the other people I have designated as MailWatch Admins in Business A, having the ability see this e-mail at all. I have an account in the mail scanner setup so I can do SMTP AUTH with TLS. That works great but ALL incoming mail is scanned unless I add FROM: domain.com no to the scan.messages.rules. When I do that I get spam from outside sources because it isn't being scanned. > > I need a sendmail or mailscanner option so that I can bypass scanning for the e-mail from this source only! > > Gary > > >>> Eli Wapniarski 5/24/2009 1:06 AM >>> > Now I don't understand at all. Your business is a hosting service? Providing ip addresses to subscribers? Is your secondary mailserver acquiring its ip from an internal dhcp server. If so can you not make a reservation? If your dynamic ip internet connection is aquired from an external source, does that account not have it own mail box (pop / imap) which a client can access with authentication? > > Eli > > On Sunday 24 May 2009 04:13:41 Gary Faith wrote: > > My business that has the mail scanner is my ISP and all my personal outbound mail will be going through that mail scanner. Discussing whether I can relay through someone or another is pointless. What I need is a way to not scan e-mail when it comes from a trusted source. Do you know how I can do this? > > > > >>> Eli Wapniarski 5/23/2009 12:57 AM >>> > > On Saturday 23 May 2009 03:47:50 Gary Faith wrote: > > > > > Due to circumstances, I had to move the server to dynamic DSL (YUCK!) and now I need to relay the mail through the mail scanner because outbound mail would be blocked by RBL's and I have no option to add another mail scanner server at this time. There are other people that I need to have admin access to mailwatch & mailscanner giving them the ability to add users, change configuration, read & release messages, etc. I do not want others to be able to read my other business & personal e-mails, etc. So you see that is why I don't want all mail scanned. > > > > You wouldn't need to worry about outbound mail if you configured sendmail to relay your outbound mail through your isp. This of course is assuming that your isp's standing is good. > > > > Eli > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Mon May 25 13:53:57 2009 From: davejones70 at gmail.com (Dave Jones) Date: Mon May 25 13:54:06 2009 Subject: (2nd Request) Disable scanning for a client that connects Message-ID: <67a55ed50905250553p2011a1bavd515e8ea9c747aab@mail.gmail.com> >Business A - ISP located in a co-lo with fast internet and static IP's. It does web hosting, dial-up internet and mail scanning. >Business B & My Personal Internet - Used to be a T1 with static IPs but is now a third party >sucky Dynamic DSL. Now that it is dynamic DSL, I need to relay this mail through the mail >scanner at Business A without the other people I have designated as MailWatch Admins in >Business A, having the ability see this e-mail at all. I have an account in the mail scanner >setup so I can do SMTP AUTH with TLS. That works great but ALL incoming mail is >scanned unless I add FROM: domain.com no to the scan.messages.rules. When I do that I >get spam from outside sources because it isn't being scanned. >I need a sendmail or mailscanner option so that I can bypass scanning for the e-mail from this source only! >Gary I would setup a second instance of MailScanner at Business B and smarthost to their ISP. I have over a dozen businesses with MailScanner servers and I definitely keep them all separate. At least setup another instance for Business B and the Business A location if they don't mind hosting it and have a spare IP address for B's MX record. -- Dave Jones From alex at rtpty.com Mon May 25 14:49:00 2009 From: alex at rtpty.com (Alex Neuman) Date: Mon May 25 14:49:10 2009 Subject: MailScanner on RHEL 3 / CentOS 3? In-Reply-To: References: Message-ID: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> How about running a virtual machine inside that old CentOS 3.9 that runs CentOS 5.3? That should work! All kidding aside, I'd like to know - if only for informational purposes - what a good solution for this would be. On Sat, May 23, 2009 at 6:12 PM, Remco Barendse wrote: > I still have one server running CentOS 3.9 (yes, i should nuke and upgrade > that box, i know) which comes with perl 5.8.0 > > Many of the perl modules included in the latest MailScanner version seem to > require at least perl 5.8.1 > > CPAN.pm: Going to build M/MA/MARKOV/MailTools-2.04.tar.gz > > Perl v5.8.1 required--this is only v5.8.0, stopped at Makefile.PL line 1. > > > Is there any way to install MailScanner on a RHEL3 box? Or is the only way > really to nuke that box and upgrade it to something less antique? > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090525/eebc263d/attachment.html From glenn.steen at gmail.com Mon May 25 15:11:19 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 25 15:11:27 2009 Subject: Can not release mail from the quarantine In-Reply-To: <4A16A16D.80500@ismailozatay.net> References: <4A16A16D.80500@ismailozatay.net> Message-ID: <223f97700905250711g7fe066a8k63e6ac9486574720@mail.gmail.com> 2009/5/22 Ismail OZATAY : > Hi , > > Today I could not relase some e-mails from the quarantine to user. Normaly > every time it works without any problem. I am trying to release this mail > with mailwatch interface then then from the command line like this; > > sendmail -t -i < > /var/spool/MailScanner/quarantine/20090522/spam/n4M6sPZS032539. > > But it could not send. When i checked the maillog i saw that ; > > "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: lost input channel > from localhost.localdomain [127.0.0.1] to MTA after mail" > "May 22 15:45:44 avgw sendmail[15702]: n4MCifOl015702: from=x@y.edu, size=0, > class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=localhost.localdomain > [127.0.0.1]" > > I have just tried to release a different quarantined mail and it worked > properly. What is happening ? > > Thanks > > ismail Perhaps something is funny with that file, making your sendmail command choke. Is it exceptional in any way? Very long lines, single line ".", very large or containing some 8-bit ... or perhaps isn't a real message at all? If nothing pops out, put it in a pastebin for us to look at. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon May 25 15:15:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 25 15:16:27 2009 Subject: MailScanner on RHEL 3 / CentOS 3? In-Reply-To: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> References: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> <4A1AA81D.50807@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You don't need the latest versions of the Perl modules for MailScanner to work. I just try to package it up with the latest versions so we have all the bug-fixes which might otherwise bite us. So try putting together the newest version you can get of each module that will (a) work with each other and (b) work on CentOS 3.9. Then you'll probably find it all actually works just fine. Good luck! Jules. On 25/05/2009 14:49, Alex Neuman wrote: > How about running a virtual machine inside that old CentOS 3.9 that > runs CentOS 5.3? That should work! > > All kidding aside, I'd like to know - if only for informational > purposes - what a good solution for this would be. > > On Sat, May 23, 2009 at 6:12 PM, Remco Barendse > > wrote: > > I still have one server running CentOS 3.9 (yes, i should nuke and > upgrade that box, i know) which comes with perl 5.8.0 > > Many of the perl modules included in the latest MailScanner > version seem to require at least perl 5.8.1 > > CPAN.pm: Going to build M/MA/MARKOV/MailTools-2.04.tar.gz > > Perl v5.8.1 required--this is only v5.8.0, stopped at Makefile.PL > line 1. > > > Is there any way to install MailScanner on a RHEL3 box? Or is the > only way really to nuke that box and upgrade it to something less > antique? > > Thanks! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Alex Neuman van der Hans > Reliant Technologies > +507 6781-9505 > +507 202-1525 > alex@rtpty.com > Skype: alexneuman Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKGqgeEfZZRxQVtlQRAm+LAKCfM82Te82BPNpkraI0dWxlsHwGcwCgiB4B f73Haw6j/RuacWgEN4/DrG4= =jswH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Mon May 25 18:28:27 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Mon May 25 18:28:41 2009 Subject: MailScanner install problem x86_64 Message-ID: I decided to ditch the RHEL3 box and try my luck with CentOS 5.3 on an x86_64 architecture, and there seems to be a small bug related to installing the packages on x86_64 Installing tnef decoder error: File not found by glob: tnef*.x86_64x86_64.rpm Manual install seems to work fine : [root@linuxgw MailScanner-4.76.25-1]# rpm -ivh tnef-1.4.5-1.x86_64.rpm Preparing... ########################################### [100%] 1:tnef ########################################### [100%] And looking at the logs there are some more similar errors : Missing file /usr/src/redhat/RPMS/x86_64x86_64/perl-HTML-Parser-3.56-2.x86_64x86_64.rpm. Missing file /usr/src/redhat/RPMS/x86_64x86_64/perl-Compress-Zlib-1.41-2.x86_64x86_64.rpm. But both modules did build and are there [root@linuxgw MailScanner-4.76.25-1]# rpm -ivh /usr/src/redhat/RPMS/x86_64/perl-HTML-Parser-3.56-2.x86_64.rpm Preparing... ########################################### [100%] 1:perl-HTML-Parser ########################################### [100%] Not a real showstopper but perhaps something that could be fixed :) Thanks! From MailScanner at ecs.soton.ac.uk Mon May 25 19:30:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 25 19:31:11 2009 Subject: MailScanner install problem x86_64 In-Reply-To: References: <4A1AE3DB.2020406@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you run this command for me please? rpm -q --queryformat='%{ARCH}' perl and tell me what it says? It's an easy fix once I've seen that. I suspect I already know the answer. :-) On 25/05/2009 18:28, Remco Barendse wrote: > I decided to ditch the RHEL3 box and try my luck with CentOS 5.3 on an > x86_64 architecture, and there seems to be a small bug related to > installing the packages on x86_64 > > > Installing tnef decoder > > error: File not found by glob: tnef*.x86_64x86_64.rpm > > Manual install seems to work fine : > [root@linuxgw MailScanner-4.76.25-1]# rpm -ivh tnef-1.4.5-1.x86_64.rpm > Preparing... ########################################### [100%] > 1:tnef ########################################### [100%] > > > And looking at the logs there are some more similar errors : > Missing file > /usr/src/redhat/RPMS/x86_64x86_64/perl-HTML-Parser-3.56-2.x86_64x86_64.rpm. > > Missing file > /usr/src/redhat/RPMS/x86_64x86_64/perl-Compress-Zlib-1.41-2.x86_64x86_64.rpm. > > > But both modules did build and are there > [root@linuxgw MailScanner-4.76.25-1]# rpm -ivh > /usr/src/redhat/RPMS/x86_64/perl-HTML-Parser-3.56-2.x86_64.rpm > Preparing... ########################################### [100%] > 1:perl-HTML-Parser ########################################### [100%] > > > Not a real showstopper but perhaps something that could be fixed :) > > Thanks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKGuPcEfZZRxQVtlQRAn83AJ93vYW4nJvKcvi5QpKd/uLKTKSVRQCg3Zht pgU0MwsfdXRWAmQ3THa4/jE= =4K5o -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Mon May 25 20:03:15 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Mon May 25 20:03:28 2009 Subject: MailScanner install problem x86_64 In-Reply-To: References: <4A1AE3DB.2020406@ecs.soton.ac.uk> Message-ID: On Mon, 25 May 2009, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you run this command for me please? > rpm -q --queryformat='%{ARCH}' perl > and tell me what it says? The output is a bit strange (no line break) but i will just paste it like it prints on my screen : [root@linuxgw etc]# rpm -q --queryformat='%{ARCH}' perl x86_64x86_64[root@linuxgw etc]# (Quite weird how it repeats the architecture twice) Thanks! From MailScanner at ecs.soton.ac.uk Mon May 25 20:51:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 25 20:51:54 2009 Subject: MailScanner install problem x86_64 In-Reply-To: References: <4A1AE3DB.2020406@ecs.soton.ac.uk> <4A1AF6C6.6060104@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25/05/2009 20:03, Remco Barendse wrote: > On Mon, 25 May 2009, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Can you run this command for me please? >> rpm -q --queryformat='%{ARCH}' perl >> and tell me what it says? > The output is a bit strange (no line break) but i will just paste it > like it prints on my screen : > > [root@linuxgw etc]# rpm -q --queryformat='%{ARCH}' perl > x86_64x86_64[root@linuxgw etc]# > > (Quite weird how it repeats the architecture twice) > > Thanks! In which case my guess was right, and the new version is already on the website (as a beta). Jules. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKGvbHEfZZRxQVtlQRAgimAKDrvKHBv3XvRIA+ql17h0f9b+dORgCgyp0V PxrHUfMzmkNU2Tez+pgc6TE= =rfp4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon May 25 22:19:27 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon May 25 22:19:36 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: Message-ID: <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> 2009/5/22 Robert Lopez : > I would like to try out mailscanner on Debian Lenny. > My senior administrator does not want to try mailscanner on Debian unless it > is using postfix instead of exim4. > > This brings up something I do not know how to do: > I access MailScanner discussion list via Gmail to read the current email. > I can use google to find discussions archived at > http://lists.mailscanner.info/... > It I go directly to http://lists.mailscanner.info/... and sort the lists > But I can not figure out how to search there for discussion on my current > project. > > Is there a direct way to search the email archives? 1) Use gmane to do your list serching. 2) DON'T use that debian package provided... 4.55.10 is severely out of date. It will likely end you in trouble. You can't fight bleeding edge SPAM/malware with trailing edge versions;). AFAICS the best otpion is to use the "source"/Solaris/... tarball from www.mailscanner.info ... You should be able to find an init script to use there to. Then use the usual postfix instructions (look through the ones on the official site, read the MAQ (everyone should do that at least once:) and finally the relevant wiki pages... It sounds a lot, but really isn't that much). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mark at msapiro.net Tue May 26 00:31:29 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue May 26 00:31:54 2009 Subject: Problem with CENTOS RPM install of 4.76.6-3 Message-ID: Judging from the changelog, this also affects 4.76.6-2. The install.sh script attempts to install perl-DBD-SQLite-1.25-1 and says Attempting to build and install perl-DBD-SQLite-1.25-1 Missing file perl-DBD-SQLite-1.25-1.src.rpm. Are you in the right directory? because the tarball contained perl-DBD-SQLite-1.25-1.noarch.rpm rather than perl-DBD-SQLite-1.25-1.src.rpm. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mailscanner at barendse.to Tue May 26 08:50:34 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Tue May 26 08:50:45 2009 Subject: Problem with CENTOS RPM install of 4.76.6-3 In-Reply-To: References: Message-ID: Hi MArk! Is this in reply to the message i sent to Julian's mail address directly? In the latest MailScanner install package version 1.21 is included, this version doesn't build on an updated installation of CentOS 4. The bug bites because it seems newer installl files remove all required perl packages before re-installing them. The removal works, the rebuild doesn't :) Attempting to build and install perl-DBD-SQLite-1.21-1 Installing perl-DBD-SQLite-1.21-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.53496 Failed 1/46 test scripts, 97.83% okay. 1/624 subtests failed, 99.84% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.46050 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.21-1.noarch.rpm. Maybe it did not build correctly? => Yes!! The installer is right! It didn't build correctly It's a known bug in 1.21, installing 1.25 from rpmforge solved my problem. On Mon, 25 May 2009, Mark Sapiro wrote: > Judging from the changelog, this also affects 4.76.6-2. > > The install.sh script attempts to install perl-DBD-SQLite-1.25-1 and > says > > Attempting to build and install perl-DBD-SQLite-1.25-1 > Missing file perl-DBD-SQLite-1.25-1.src.rpm. Are you in the right > directory? > > because the tarball contained perl-DBD-SQLite-1.25-1.noarch.rpm rather > than perl-DBD-SQLite-1.25-1.src.rpm. > > From support-lists at petdoctors.co.uk Tue May 26 09:41:11 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue May 26 09:41:51 2009 Subject: Mail delay at MailScanner In-Reply-To: References: Message-ID: <51B4428DF2D148C7975BB288FE719CC8@SUPPORT01V> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark Sapiro Sent: Wednesday, May 20, 2009 4:39 PM To: MailScanner List Subject: Re: Mail delay at MailScanner shyam hirurkar wrote: > >How do i check how many mails are there in HOLD state of MailScanner. ls /var/spool/postfix/hold | wc -l or mailq | grep ! There's a nice utility that will let you view & manipulate the messages in a Postfix queue - Google for pfqueue From MailScanner at ecs.soton.ac.uk Tue May 26 09:54:09 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 09:54:29 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> References: <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1BAE31.6090206@ecs.soton.ac.uk> Message-ID: On 25/05/2009 22:19, Glenn Steen wrote: > 2009/5/22 Robert Lopez: > >> I would like to try out mailscanner on Debian Lenny. >> My senior administrator does not want to try mailscanner on Debian unless it >> is using postfix instead of exim4. >> >> This brings up something I do not know how to do: >> I access MailScanner discussion list via Gmail to read the current email. >> I can use google to find discussions archived at >> http://lists.mailscanner.info/... >> It I go directly to http://lists.mailscanner.info/... and sort the lists >> But I can not figure out how to search there for discussion on my current >> project. >> >> Is there a direct way to search the email archives? >> > 1) Use gmane to do your list serching. > 2) DON'T use that debian package provided... 4.55.10 is severely out > of date. It will likely end you in trouble. You can't fight bleeding > edge SPAM/malware with trailing edge versions;). > For starters it won't work with the latest version of ClamAV, unless they have been back-porting changes again. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 26 09:58:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 09:58:52 2009 Subject: Problem with CENTOS RPM install of 4.76.6-3 In-Reply-To: References: <4A1BAF3A.8020201@ecs.soton.ac.uk> Message-ID: On 26/05/2009 00:31, Mark Sapiro wrote: > Judging from the changelog, this also affects 4.76.6-2. > > The install.sh script attempts to install perl-DBD-SQLite-1.25-1 and > says > > Attempting to build and install perl-DBD-SQLite-1.25-1 > Missing file perl-DBD-SQLite-1.25-1.src.rpm. Are you in the right > directory? > > because the tarball contained perl-DBD-SQLite-1.25-1.noarch.rpm rather > than perl-DBD-SQLite-1.25-1.src.rpm. > Bother, sorry, working too late. I have just fixed that mistake. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Tue May 26 10:55:53 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Tue May 26 10:56:06 2009 Subject: spamhaus-ZEN is found but no points are awarded? Message-ID: I did a bare metal new installation of MailScanner. Everything seems to work ok but i am curious about one thing. MailScanner checks the message against spamhaus-ZEN and finds it is listed but there is no score awarded to the e-mail. Why is this? Now the spams are scoring lower than they should and they are now slipping through because they are just below the high scoring mark : X-linuxgw-MailScanner-SpamCheck: spam, spamhaus-ZEN, SpamAssassin (not cached, score=9.763, required 6, DCC_CHECK 3.00, FH_HELO_EQ_D_D_D_D 0.50, FH_HOST_EQ_VERIZON_P 1.10, HELO_DYNAMIC_IPADDR 2.94, HTML_MESSAGE 0.00, RCVD_IN_PBL 0.51, RCVD_IN_SORBS_DUL 1.61, RDNS_DYNAMIC 0.10) And i guess that adding some points for ZEN listing should also help in getting the database improved? Then a slightly different question, is using use_auto_whitelist a good idea? Thanks list! From maxsec at gmail.com Tue May 26 12:35:18 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 26 12:35:27 2009 Subject: spamhaus-ZEN is found but no points are awarded? In-Reply-To: References: Message-ID: <72cf361e0905260435t4eca064s131eb5e1ac0a33ff@mail.gmail.com> Remco This is because MaiLScanner is doing the spamhaus check and not spamassaddin - ie it's defined in Mailscanner.conf in the "Spam List" option. Autowhitelist results vary - I find for a large ( > 10) mixed user base it's not good and soon false positives badly. -- Martin Hepworth Oxford, UK 2009/5/26 Remco Barendse > I did a bare metal new installation of MailScanner. Everything seems to > work ok but i am curious about one thing. > > MailScanner checks the message against spamhaus-ZEN and finds it is listed > but there is no score awarded to the e-mail. > > Why is this? Now the spams are scoring lower than they should and they are > now slipping through because they are just below the high scoring mark : > > X-linuxgw-MailScanner-SpamCheck: spam, spamhaus-ZEN, > SpamAssassin (not cached, score=9.763, required 6, DCC_CHECK 3.00, > FH_HELO_EQ_D_D_D_D 0.50, FH_HOST_EQ_VERIZON_P 1.10, > HELO_DYNAMIC_IPADDR 2.94, HTML_MESSAGE 0.00, RCVD_IN_PBL 0.51, > RCVD_IN_SORBS_DUL 1.61, RDNS_DYNAMIC 0.10) > > And i guess that adding some points for ZEN listing should also help in > getting the database improved? > > Then a slightly different question, is using use_auto_whitelist a good > idea? > > Thanks list! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090526/0f9903ee/attachment.html From MailScanner at ecs.soton.ac.uk Tue May 26 13:48:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 13:49:11 2009 Subject: spamhaus-ZEN is found but no points are awarded? In-Reply-To: <72cf361e0905260435t4eca064s131eb5e1ac0a33ff@mail.gmail.com> References: <72cf361e0905260435t4eca064s131eb5e1ac0a33ff@mail.gmail.com> <4A1BE532.9030602@ecs.soton.ac.uk> Message-ID: Also, by doing a SpamAssassin check on a message which was already found in a "Spam List", you are just wasting CPU and network resources doing a large check on a message, for which you then ignore the result anyway (normally). So you might want to consider switching off the SpamAssassin check on hosts found in Spam Lists. On 26/05/2009 12:35, Martin Hepworth wrote: > Remco > > This is because MaiLScanner is doing the spamhaus check and not > spamassaddin - ie it's defined in Mailscanner.conf in the "Spam List" > option. > > Autowhitelist results vary - I find for a large ( > 10) mixed user > base it's not good and soon false positives badly. > > -- > Martin Hepworth > Oxford, UK > > 2009/5/26 Remco Barendse > > > I did a bare metal new installation of MailScanner. Everything > seems to work ok but i am curious about one thing. > > MailScanner checks the message against spamhaus-ZEN and finds it > is listed but there is no score awarded to the e-mail. > > Why is this? Now the spams are scoring lower than they should and > they are now slipping through because they are just below the high > scoring mark : > > X-linuxgw-MailScanner-SpamCheck: spam, spamhaus-ZEN, > SpamAssassin (not cached, score=9.763, required 6, > DCC_CHECK 3.00, > FH_HELO_EQ_D_D_D_D 0.50, FH_HOST_EQ_VERIZON_P 1.10, > HELO_DYNAMIC_IPADDR 2.94, HTML_MESSAGE 0.00, RCVD_IN_PBL 0.51, > RCVD_IN_SORBS_DUL 1.61, RDNS_DYNAMIC 0.10) > > And i guess that adding some points for ZEN listing should also > help in getting the database improved? > > Then a slightly different question, is using use_auto_whitelist a > good idea? > > Thanks list! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Tue May 26 14:47:59 2009 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Tue May 26 14:48:36 2009 Subject: MailScanner on RHEL 3 / CentOS 3? In-Reply-To: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> References: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> Message-ID: <200905260947.59790.dyioulos@firstbhph.com> On Monday 25 May 2009 9:49:00 am Alex Neuman wrote: > How about running a virtual machine inside that > old CentOS 3.9 that runs CentOS 5.3? That > should work! > > All kidding aside, I'd like to know - if only > for informational purposes - what a good > solution for this would be. > > On Sat, May 23, 2009 at 6:12 PM, Remco Barendse wrote: > > I still have one server running CentOS 3.9 > > (yes, i should nuke and upgrade that box, i > > know) which comes with perl 5.8.0 > > > > Many of the perl modules included in the > > latest MailScanner version seem to require at > > least perl 5.8.1 > > > > CPAN.pm: Going to build > > M/MA/MARKOV/MailTools-2.04.tar.gz > > > > Perl v5.8.1 required--this is only v5.8.0, > > stopped at Makefile.PL line 1. > > > > > > Is there any way to install MailScanner on a > > RHEL3 box? Or is the only way really to nuke > > that box and upgrade it to something less > > antique? > > > > Thanks! > > -- I've been running MS, along with sendmail, mailwatch, SA, and clamav, on a CentOS 3.x box for the past 5+ years. I see no reason to ditch the current setup by upgrading the OS at this point, and so continue to maintain this mail server. The box is running perl-5.8.0. I've obtained most of the perl modules that MS uses from the Dag repository, which I've added the yum's list of repos. These have served me well. I did run into an issue installing MailScanner-4.76. IIRC (and this is a bit iffy, as 1) I was under the gun to get the server back to good ASAP and wasn't taking notes, and; 2) I burned up all but about three brain cells years ago), the update to 4.76 looked to also update various of the perl modules, causing incompatibilities. To fix, I believe I made sure all of the latest perl modules were installed, then simply ran the MailScanner RPM by itself. HTH Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Tue May 26 15:21:57 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Tue May 26 15:22:19 2009 Subject: spamhaus-ZEN is found but no points are awarded? In-Reply-To: References: <72cf361e0905260435t4eca064s131eb5e1ac0a33ff@mail.gmail.com> <4A1BE532.9030602@ecs.soton.ac.uk> Message-ID: Actually, in my sendmail configuration i use bl.spamcop.net cbl.abuseat.org dnsbl.njabl.org chinanet.blackholes.us to completely block e-mail coming from these sources (hope i am not overblocking but no complaints so far). I included spamhaus-ZEN in my MailScanner.conf (to avoid generating too many lookups which might block me from using the free use policy as i heard that people get blocked for anything way below the limits posted on their website) and i was hoping that it would improve the accuracy of my bayes database. This means that effectively i only have one list to check by SpamAssassin but it should score it. If nobody is including any scores for ZEN, should i also include that in my block lists then instead of using it from MailScanner? I would prefer to not stop blocking spam at MTA level to avoid the spam "hold" storage from overflowing (the mail partition only has 2TB of free space) :) On Tue, 26 May 2009, Julian Field wrote: > Also, by doing a SpamAssassin check on a message which was already found in a > "Spam List", you are just wasting CPU and network resources doing a large > check on a message, for which you then ignore the result anyway (normally). > So you might want to consider switching off the SpamAssassin check on hosts > found in Spam Lists. > > On 26/05/2009 12:35, Martin Hepworth wrote: >> Remco >> >> This is because MaiLScanner is doing the spamhaus check and not >> spamassaddin - ie it's defined in Mailscanner.conf in the "Spam List" >> option. >> >> Autowhitelist results vary - I find for a large ( > 10) mixed user base >> it's not good and soon false positives badly. >> >> -- >> Martin Hepworth >> Oxford, UK >> >> 2009/5/26 Remco Barendse > > >> >> I did a bare metal new installation of MailScanner. Everything >> seems to work ok but i am curious about one thing. >> >> MailScanner checks the message against spamhaus-ZEN and finds it >> is listed but there is no score awarded to the e-mail. >> >> Why is this? Now the spams are scoring lower than they should and >> they are now slipping through because they are just below the high >> scoring mark : >> >> X-linuxgw-MailScanner-SpamCheck: spam, spamhaus-ZEN, >> SpamAssassin (not cached, score=9.763, required 6, >> DCC_CHECK 3.00, >> FH_HELO_EQ_D_D_D_D 0.50, FH_HOST_EQ_VERIZON_P 1.10, >> HELO_DYNAMIC_IPADDR 2.94, HTML_MESSAGE 0.00, RCVD_IN_PBL 0.51, >> RCVD_IN_SORBS_DUL 1.61, RDNS_DYNAMIC 0.10) >> >> And i guess that adding some points for ZEN listing should also >> help in getting the database improved? >> >> Then a slightly different question, is using use_auto_whitelist a >> good idea? >> >> Thanks list! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules > > From MailScanner at ecs.soton.ac.uk Tue May 26 16:00:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 16:01:01 2009 Subject: Bug#529358: mailscanner: MailScanner dies an ugly death when using perl 5.10.0-22 In-Reply-To: <20090520235144.2dac35fd@hp-factory.de> References: <20090518202114.18810.13764.reportbug@mailkeeper> <20090520143543.5671d3ae@hp-factory.de> <94029a830905200654n7953738dv813ea7708ef38349@mail.gmail.com> <20090520235144.2dac35fd@hp-factory.de> <4A1C040B.8060408@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20/05/2009 22:51, Simon Walter wrote: > On Wed, 20 May 2009 16:54:59 +0300 > Gerasimos Melissaratos wrote: > >> On Wed, May 20, 2009 at 3:35 PM, Simon Walter >> wrote: >> >>> There is also a problem when using clamavd, it crash and complains >>> about missing permission for lstat on the unpacked mail, no matter >>> how I configure "Incoming Work User/Group/Permission". >>> >> That's an easy one, just change the antivirus from "auto" to "clamav" >> in MailScanner.conf and >> > ... you have disabled clamd usage, using clamav as standalone scanner > and lost a considerable amount of processing performance. > > It's a workaround but not a solution. > In the MailScanner.conf file, I specifically tell you (in *2* different places) exactly what to set for the Incoming Work User, Group, and Permission in this exact scenario. I followed the same instructions myself setting up clamd for someone, it all works just fine. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHAQPEfZZRxQVtlQRAvu8AJ0bRSyYLV0k0pMkwmSGob1PM3AyKgCgk2eM etvdhpjhvWWsHcM3QasW1U4= =hpIa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From wallis at math.wichita.edu Tue May 26 16:24:41 2009 From: wallis at math.wichita.edu (Thomas W Wallis) Date: Tue May 26 16:25:07 2009 Subject: Broken PGP signature links? Message-ID: <4A1C09B9.3050301@math.wichita.edu> Hello! I found some broken links on the download page for MailScanner. http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.25-1.rpm.tar.gz.sig http://www.mailscanner.info/files/4/suse/MailScanner-4.76.25-1.suse.tar.gz.sig http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.25-1.tar.gz.sig Thanks in advance! Tom W. -------------------- Disclaimer: All opinions expressed here are my own and not those of WSU. EMAIL address: wallis@math.wichita.edu From maxsec at gmail.com Tue May 26 16:02:02 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue May 26 16:30:43 2009 Subject: spamhaus-ZEN is found but no points are awarded? In-Reply-To: References: <72cf361e0905260435t4eca064s131eb5e1ac0a33ff@mail.gmail.com> <4A1BE532.9030602@ecs.soton.ac.uk> Message-ID: <72cf361e0905260802p2db1b06cx1409a2627d3d4335@mail.gmail.com> 2009/5/26 Remco Barendse > Actually, in my sendmail configuration i use > bl.spamcop.net > cbl.abuseat.org > dnsbl.njabl.org > chinanet.blackholes.us > to completely block e-mail coming from these sources (hope i am not > overblocking but no complaints so far). > > I included spamhaus-ZEN in my MailScanner.conf (to avoid generating too > many lookups which might block me from using the free use policy as i heard > that people get blocked for anything way below the limits posted on their > website) and i was hoping that it would improve the accuracy of my bayes > database. > > This means that effectively i only have one list to check by SpamAssassin > but it should score it. > > If nobody is including any scores for ZEN, should i also include that in my > block lists then instead of using it from MailScanner? > > I would prefer to not stop blocking spam at MTA level to avoid the spam > "hold" storage from overflowing (the mail partition only has 2TB of free > space) :) > > > > On Tue, 26 May 2009, Julian Field wrote: > > Also, by doing a SpamAssassin check on a message which was already found >> in a "Spam List", you are just wasting CPU and network resources doing a >> large check on a message, for which you then ignore the result anyway >> (normally). So you might want to consider switching off the SpamAssassin >> check on hosts found in Spam Lists. >> >> On 26/05/2009 12:35, Martin Hepworth wrote: >> >>> Remco >>> >>> This is because MaiLScanner is doing the spamhaus check and not >>> spamassaddin - ie it's defined in Mailscanner.conf in the "Spam List" >>> option. >>> >>> Autowhitelist results vary - I find for a large ( > 10) mixed user base >>> it's not good and soon false positives badly. >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> 2009/5/26 Remco Barendse >> > >>> >>> I did a bare metal new installation of MailScanner. Everything >>> seems to work ok but i am curious about one thing. >>> >>> MailScanner checks the message against spamhaus-ZEN and finds it >>> is listed but there is no score awarded to the e-mail. >>> >>> Why is this? Now the spams are scoring lower than they should and >>> they are now slipping through because they are just below the high >>> scoring mark : >>> >>> X-linuxgw-MailScanner-SpamCheck: spam, spamhaus-ZEN, >>> SpamAssassin (not cached, score=9.763, required 6, >>> DCC_CHECK 3.00, >>> FH_HELO_EQ_D_D_D_D 0.50, FH_HOST_EQ_VERIZON_P 1.10, >>> HELO_DYNAMIC_IPADDR 2.94, HTML_MESSAGE 0.00, RCVD_IN_PBL 0.51, >>> RCVD_IN_SORBS_DUL 1.61, RDNS_DYNAMIC 0.10) >>> >>> And i guess that adding some points for ZEN listing should also >>> help in getting the database improved? >>> >>> Then a slightly different question, is using use_auto_whitelist a >>> good idea? >>> >>> Thanks list! >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >>> >> Jules >> >> >> -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Remco Adding that info in MailScanner.conf does NOT affect spamassassin in anyway at all. This is purely for MailScanner to call the RBL and will have zero effect on spamassassin's view of the email. If you want spamassassin to call the rbl then you need to make sure you are calling the RBL feature within spamassassin and also I suggest you turn off most of the other RBL's (by giving them a zero score) to save alot of time. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090526/2e8a87b2/attachment.html From rlopezcnm at gmail.com Tue May 26 16:42:39 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Tue May 26 16:42:49 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> Message-ID: On Tue, May 26, 2009 at 2:54 AM, Julian Field wrote: > > > On 25/05/2009 22:19, Glenn Steen wrote: >> >> 2009/5/22 Robert Lopez: >> >>> >>> I would like to try out mailscanner on Debian Lenny. >>> My senior administrator does not want to try mailscanner on Debian unless >>> it >>> is using postfix instead of exim4. >>> >>> This brings up something I do not know how to do: >>> I access MailScanner discussion list via Gmail to read the current email. >>> I can use google to find discussions archived at >>> http://lists.mailscanner.info/... >>> It I go directly to http://lists.mailscanner.info/... and sort the lists >>> But I can not figure out how to search there for discussion on my current >>> project. >>> >>> Is there a direct way to search the email archives? >>> >> >> 1) Use gmane to do your list serching. >> 2) DON'T use that debian package provided... 4.55.10 is severely out >> of date. It will likely end you in trouble. You can't fight bleeding >> edge SPAM/malware with trailing edge versions;). >> > > For starters it won't work with the latest version of ClamAV, unless they > have been back-porting changes again. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Glenn: Thank you I was not aware of gmane. Julian: "For starters it won't work with the latest version of ClamAV, ..." I am assuming the "it" you refer to is the debian package 4.55.10. correct? How far back must I go with ClamAV? It looks like the current is 0.95.1, would I go back to 0.95.0 or earlier? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From MailScanner at ecs.soton.ac.uk Tue May 26 16:58:13 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 16:58:37 2009 Subject: Broken PGP signature links? In-Reply-To: <4A1C09B9.3050301@math.wichita.edu> References: <4A1C09B9.3050301@math.wichita.edu> <4A1C1195.2030303@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I rarely get around to putting the sigs on the beta versions, don't worry! I guess I should remove the text that links to them too... On 26/05/2009 16:24, Thomas W Wallis wrote: > Hello! > > I found some broken links on the download page for MailScanner. > http://www.mailscanner.info/files/4/rpm/MailScanner-4.76.25-1.rpm.tar.gz.sig > > > http://www.mailscanner.info/files/4/suse/MailScanner-4.76.25-1.suse.tar.gz.sig > > > http://www.mailscanner.info/files/4/tar/MailScanner-install-4.76.25-1.tar.gz.sig > > > Thanks in advance! > > Tom W. > > -------------------- > > > Disclaimer: All opinions expressed here are my own and not those of WSU. > > EMAIL address: wallis@math.wichita.edu > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHBGWEfZZRxQVtlQRAgGcAJ9MTz6ocz8g1xUhrUOUi3mN1pwR5QCguk0f yYGdgeU22JAhezsMUE2m9cQ= =HcO3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 26 17:02:59 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 17:03:42 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1C12B3.1060207@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/05/2009 16:42, Robert Lopez wrote: > On Tue, May 26, 2009 at 2:54 AM, Julian Field > wrote: > >> >> On 25/05/2009 22:19, Glenn Steen wrote: >> >>> 2009/5/22 Robert Lopez: >>> >>> >>>> I would like to try out mailscanner on Debian Lenny. >>>> My senior administrator does not want to try mailscanner on Debian unless >>>> it >>>> is using postfix instead of exim4. >>>> >>>> This brings up something I do not know how to do: >>>> I access MailScanner discussion list via Gmail to read the current email. >>>> I can use google to find discussions archived at >>>> http://lists.mailscanner.info/... >>>> It I go directly to http://lists.mailscanner.info/... and sort the lists >>>> But I can not figure out how to search there for discussion on my current >>>> project. >>>> >>>> Is there a direct way to search the email archives? >>>> >>>> >>> 1) Use gmane to do your list serching. >>> 2) DON'T use that debian package provided... 4.55.10 is severely out >>> of date. It will likely end you in trouble. You can't fight bleeding >>> edge SPAM/malware with trailing edge versions;). >>> >>> >> For starters it won't work with the latest version of ClamAV, unless they >> have been back-porting changes again. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Glenn: Thank you I was not aware of gmane. > > Julian: "For starters it won't work with the latest version of ClamAV, ..." > I am assuming the "it" you refer to is the debian package 4.55.10. correct? > Yes. > How far back must I go with ClamAV? It looks like the current is > 0.95.1, would I go back to 0.95.0 or earlier? > Something earlier than 0.94, so 0.93 would be the latest that will be supported by a MailScanner that old. And I strongly suspect the current ClamAV signatures won't work correctly with 0.93 any more, they don't tend to support more than one or two previous versions on the whole. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHBK1EfZZRxQVtlQRAr8lAJ9hnpYmzLhFQ/e0nvrZ2G+SlDxlvgCgkhBZ 67jT592NgYey3pGpegTA96g= =VKLT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue May 26 17:09:03 2009 From: alex at rtpty.com (Alex Neuman) Date: Tue May 26 17:09:12 2009 Subject: MailScanner on RHEL 3 / CentOS 3? In-Reply-To: <200905260947.59790.dyioulos@firstbhph.com> References: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> <200905260947.59790.dyioulos@firstbhph.com> Message-ID: <24e3d2e40905260909w691c53faq28816a68a5113fc5@mail.gmail.com> On Tue, May 26, 2009 at 8:47 AM, Dimitri Yioulos wrote: > To fix, I believe I made sure > all of the latest perl modules were installed, > then simply ran the MailScanner RPM by itself. > > A couple of times I've done this when faced with dependency issues on really old servers. In fact, when possible, I try to list all the modules with MailScanner -V and make sure they're all updated, then run the rpm manually - followed by update_mailscanner_blablah... -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090526/ce328ad7/attachment.html From rlopezcnm at gmail.com Tue May 26 17:12:56 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Tue May 26 17:13:06 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1C12B3.1060207@ecs.soton.ac.uk> Message-ID: On Tue, May 26, 2009 at 10:02 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 26/05/2009 16:42, Robert Lopez wrote: >> On Tue, May 26, 2009 at 2:54 AM, Julian Field >> ?wrote: >> >>> >>> On 25/05/2009 22:19, Glenn Steen wrote: >>> >>>> 2009/5/22 Robert Lopez: >>>> >>>> >>>>> I would like to try out mailscanner on Debian Lenny. >>>>> My senior administrator does not want to try mailscanner on Debian unless >>>>> it >>>>> is using postfix instead of exim4. >>>>> >>>>> This brings up something I do not know how to do: >>>>> I access MailScanner discussion list via Gmail to read the current email. >>>>> I can use google to find discussions archived at >>>>> http://lists.mailscanner.info/... >>>>> It I go directly to http://lists.mailscanner.info/... and sort the lists >>>>> But I can not figure out how to search there for discussion on my current >>>>> project. >>>>> >>>>> Is there a direct way to search the email archives? >>>>> >>>>> >>>> 1) Use gmane to do your list serching. >>>> 2) DON'T use that debian package provided... 4.55.10 is severely out >>>> of date. It will likely end you in trouble. You can't fight bleeding >>>> edge SPAM/malware with trailing edge versions;). >>>> >>>> >>> For starters it won't work with the latest version of ClamAV, unless they >>> have been back-porting changes again. >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> Glenn: Thank you I was not aware of gmane. >> >> Julian: "For starters it won't work with the latest version of ClamAV, ..." >> I am assuming the "it" you refer to is the debian package 4.55.10. correct? >> > Yes. >> How far back must I go with ClamAV? It looks like the current is >> 0.95.1, would I go back to 0.95.0 or earlier? >> > Something earlier than 0.94, so 0.93 would be the latest that will be > supported by a MailScanner that old. > And I strongly suspect the current ClamAV signatures won't work > correctly with 0.93 any more, they don't tend to support more than one > or two previous versions on the whole. > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Follow me at twitter.com/JulesFM > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.10.0 (Build 500) > Comment: Use PGP or Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFKHBK1EfZZRxQVtlQRAr8lAJ9hnpYmzLhFQ/e0nvrZ2G+SlDxlvgCgkhBZ > 67jT592NgYey3pGpegTA96g= > =VKLT > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Let me back up. My senior administrator will approve my testing MailScanner on any of RHEL, Debian, or Ubuntu and he insists we use Postfix not Exim. He also insists we must use Spamassassin, ClamAV, and Anomy. Given those constraints, on which of those OS will MailScanner perform best? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From ismail at ismailozatay.net Tue May 26 17:21:31 2009 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue May 26 17:21:45 2009 Subject: Mailscanner Gold Message-ID: <4A1C170B.40909@ismailozatay.net> Hi , I am using MailScanner for 3 years. Now i want to buy mailscanner gold for a enterprise project. But i want to know that does it include any web interface like mailwatch or offer continue to use mailwatch again ? Thanks. ismail From lists at elasticmind.net Tue May 26 17:21:35 2009 From: lists at elasticmind.net (mog) Date: Tue May 26 17:22:06 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1C12B3.1060207@ecs.soton.ac.uk> Message-ID: <4A1C170F.4080406@elasticmind.net> Robert Lopez wrote: > On Tue, May 26, 2009 at 10:02 AM, Julian Field > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 26/05/2009 16:42, Robert Lopez wrote: >> >>> On Tue, May 26, 2009 at 2:54 AM, Julian Field >>> wrote: >>> >>> >>>> On 25/05/2009 22:19, Glenn Steen wrote: >>>> >>>> >>>>> 2009/5/22 Robert Lopez: >>>>> >>>>> >>>>> >>>>>> I would like to try out mailscanner on Debian Lenny. >>>>>> My senior administrator does not want to try mailscanner on Debian unless >>>>>> it >>>>>> is using postfix instead of exim4. >>>>>> >>>>>> This brings up something I do not know how to do: >>>>>> I access MailScanner discussion list via Gmail to read the current email. >>>>>> I can use google to find discussions archived at >>>>>> http://lists.mailscanner.info/... >>>>>> It I go directly to http://lists.mailscanner.info/... and sort the lists >>>>>> But I can not figure out how to search there for discussion on my current >>>>>> project. >>>>>> >>>>>> Is there a direct way to search the email archives? >>>>>> >>>>>> >>>>>> >>>>> 1) Use gmane to do your list serching. >>>>> 2) DON'T use that debian package provided... 4.55.10 is severely out >>>>> of date. It will likely end you in trouble. You can't fight bleeding >>>>> edge SPAM/malware with trailing edge versions;). >>>>> >>>>> >>>>> >>>> For starters it won't work with the latest version of ClamAV, unless they >>>> have been back-porting changes again. >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> Glenn: Thank you I was not aware of gmane. >>> >>> Julian: "For starters it won't work with the latest version of ClamAV, ..." >>> I am assuming the "it" you refer to is the debian package 4.55.10. correct? >>> >>> >> Yes. >> >>> How far back must I go with ClamAV? It looks like the current is >>> 0.95.1, would I go back to 0.95.0 or earlier? >>> >>> >> Something earlier than 0.94, so 0.93 would be the latest that will be >> supported by a MailScanner that old. >> And I strongly suspect the current ClamAV signatures won't work >> correctly with 0.93 any more, they don't tend to support more than one >> or two previous versions on the whole. >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Follow me at twitter.com/JulesFM >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.10.0 (Build 500) >> Comment: Use PGP or Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFKHBK1EfZZRxQVtlQRAr8lAJ9hnpYmzLhFQ/e0nvrZ2G+SlDxlvgCgkhBZ >> 67jT592NgYey3pGpegTA96g= >> =VKLT >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Let me back up. My senior administrator will approve my testing > MailScanner on any of RHEL, Debian, or Ubuntu and he insists we use > Postfix not Exim. > He also insists we must use Spamassassin, ClamAV, and Anomy. > Given those constraints, on which of those OS will MailScanner perform best? > > FreeBSD :) From steve at fsl.com Tue May 26 17:38:20 2009 From: steve at fsl.com (Stephen Swaney) Date: Tue May 26 17:38:29 2009 Subject: Mailscanner Gold In-Reply-To: <4A1C170B.40909@ismailozatay.net> References: <4A1C170B.40909@ismailozatay.net> Message-ID: <4A1C1AFC.9000001@fsl.com> Ismail OZATAY wrote: > Hi , > > I am using MailScanner for 3 years. Now i want to buy mailscanner gold > for a enterprise project. But i want to know that does it include any > web interface like mailwatch or offer continue to use mailwatch again ? > > Thanks. > > ismail MailScanner Gold does not include a web interface but will work fine with a normal MailWatch installation. Please contact me off list if you need more information. Best regards, Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available From MailScanner at ecs.soton.ac.uk Tue May 26 17:39:44 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 17:40:06 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1C12B3.1060207@ecs.soton.ac.uk> <4A1C1B50.8090008@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/05/2009 17:12, Robert Lopez wrote: > On Tue, May 26, 2009 at 10:02 AM, Julian Field > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 26/05/2009 16:42, Robert Lopez wrote: >> >>> On Tue, May 26, 2009 at 2:54 AM, Julian Field >>> wrote: >>> >>> >>>> On 25/05/2009 22:19, Glenn Steen wrote: >>>> >>>> >>>>> 2009/5/22 Robert Lopez: >>>>> >>>>> >>>>> >>>>>> I would like to try out mailscanner on Debian Lenny. >>>>>> My senior administrator does not want to try mailscanner on Debian unless >>>>>> it >>>>>> is using postfix instead of exim4. >>>>>> >>>>>> This brings up something I do not know how to do: >>>>>> I access MailScanner discussion list via Gmail to read the current email. >>>>>> I can use google to find discussions archived at >>>>>> http://lists.mailscanner.info/... >>>>>> It I go directly to http://lists.mailscanner.info/... and sort the lists >>>>>> But I can not figure out how to search there for discussion on my current >>>>>> project. >>>>>> >>>>>> Is there a direct way to search the email archives? >>>>>> >>>>>> >>>>>> >>>>> 1) Use gmane to do your list serching. >>>>> 2) DON'T use that debian package provided... 4.55.10 is severely out >>>>> of date. It will likely end you in trouble. You can't fight bleeding >>>>> edge SPAM/malware with trailing edge versions;). >>>>> >>>>> >>>>> >>>> For starters it won't work with the latest version of ClamAV, unless they >>>> have been back-porting changes again. >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> Glenn: Thank you I was not aware of gmane. >>> >>> Julian: "For starters it won't work with the latest version of ClamAV, ..." >>> I am assuming the "it" you refer to is the debian package 4.55.10. correct? >>> >>> >> Yes. >> >>> How far back must I go with ClamAV? It looks like the current is >>> 0.95.1, would I go back to 0.95.0 or earlier? >>> >>> >> Something earlier than 0.94, so 0.93 would be the latest that will be >> supported by a MailScanner that old. >> And I strongly suspect the current ClamAV signatures won't work >> correctly with 0.93 any more, they don't tend to support more than one >> or two previous versions on the whole. >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Follow me at twitter.com/JulesFM >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.10.0 (Build 500) >> Comment: Use PGP or Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFKHBK1EfZZRxQVtlQRAr8lAJ9hnpYmzLhFQ/e0nvrZ2G+SlDxlvgCgkhBZ >> 67jT592NgYey3pGpegTA96g= >> =VKLT >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Let me back up. My senior administrator will approve my testing > MailScanner on any of RHEL, Debian, or Ubuntu and he insists we use > Postfix not Exim. > He also insists we must use Spamassassin, ClamAV, and Anomy. > Given those constraints, on which of those OS will MailScanner perform best? > > I would go for RHEL as that is the main distribution I work with and build for. I can assist you with far more issues on RHEL than any other distribution. Both the Debian and Ubuntu builds are done by other people and, let's say, I have a few problems with the quality and timeliness of those builds. I would get ClamAV from rpmforge (or packages.sw.be), and I always install my own build of SpamAssassin from my ClamAV+SpamAssassin package (you tell it not to install ClamAV when it asks you). I know nothing about Anomy, so you're on your own there. Postfix is fine, I strongly recommend you use the latest beta of MailScanner as 4.76 had one or two minor Postfix problems which I have since fixed. I will release a new stable release of 4.77 on 1st July anyway, and that will be very close to the current beta as it is working so nicely. Hope that helps you! If you have any problems, questions, requests or suggestions, please do get in touch straight away and I will help you as much as I can. Others here can help you with Postfix questions better than I can, as I use sendmail myself. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHBtSEfZZRxQVtlQRAj5hAJ4wi9dQ9zgohqCn0OqsOU4vkf+sogCgr9xg wg+2L5zan75g7D6bsZmhu54= =EXu8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue May 26 17:40:56 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue May 26 17:41:20 2009 Subject: Mailscanner Gold In-Reply-To: <4A1C170B.40909@ismailozatay.net> References: <4A1C170B.40909@ismailozatay.net> <4A1C1B98.9090404@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MailScanner Gold questions should be directed to Fort Systems Ltd at www.fsl.com. They have support contact addresses on their website. On 26/05/2009 17:21, Ismail OZATAY wrote: > Hi , > > I am using MailScanner for 3 years. Now i want to buy mailscanner gold > for a enterprise project. But i want to know that does it include any > web interface like mailwatch or offer continue to use mailwatch again ? > > Thanks. > > ismail Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-9 wj8DBQFKHBuZEfZZRxQVtlQRAjFpAKD0QaWz980J44hqqVwa6QPh/MrjOACg1n2b mKDLOPHMqddn+LNstkxiYx8= =grQQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at barendse.to Tue May 26 20:21:01 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Tue May 26 20:21:14 2009 Subject: MailScanner on RHEL 3 / CentOS 3? In-Reply-To: <200905260947.59790.dyioulos@firstbhph.com> References: <24e3d2e40905250649n7ad04610v2ed629611da93584@mail.gmail.com> <200905260947.59790.dyioulos@firstbhph.com> Message-ID: On Tue, 26 May 2009, Dimitri Yioulos wrote: > I've been running MS, along with sendmail, > mailwatch, SA, and clamav, on a CentOS 3.x box > for the past 5+ years. I see no reason to ditch > the current setup by upgrading the OS at this > point, and so continue to maintain this mail > server. > > The box is running perl-5.8.0. I've obtained most > of the perl modules that MS uses from the Dag > repository, which I've added the yum's list of > repos. These have served me well. > > I did run into an issue installing > MailScanner-4.76. IIRC (and this is a bit iffy, > as 1) I was under the gun to get the server back > to good ASAP and wasn't taking notes, and; 2) I > burned up all but about three brain cells years > ago), the update to 4.76 looked to also update > various of the perl modules, causing > incompatibilities. To fix, I believe I made sure > all of the latest perl modules were installed, > then simply ran the MailScanner RPM by itself. > > HTH > > Dimitri I admire your perseverance! I didn't say it isn't possible, i just noticed that most of the provided perl modules will no longer build on RHEL3. Having said that, in the long run, i decided to take the plunge in the deep and replace the box with CentOS 5. Doing a bare metal install cost me 2 days but trying to keep RHEL3 alive in the long run would cost me more. And i love how clamd automatically gets updated from rpmforge instead of downloading and compiling by hand. Who knows, maybe now i will even have time to sleep :) Thanks for sharing your solution! From paul.welsh.3 at googlemail.com Tue May 26 23:28:41 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Tue May 26 23:28:50 2009 Subject: Problems with SQLite and 4.76.25-1 Message-ID: <49df20710905261528v2444df5cjb395a3e46df03af8@mail.gmail.com> Hi all My server is running CentOS 4 and it has SQLite 3.3.6 installed. My upgrade from version 4.74.16-1 to 4.76.25-1 failed because of a SQLite related error. I include part of the install.log below. I've disabled the MailScanner.conf options related to the SQLite databases so I'm no longer getting errors but does anyone have any advice for me on how to fix it? Thanks Paul Attempting to build and install perl-DBD-SQLite-1.21-1 Installing perl-DBD-SQLite-1.21-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.17926 ... + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness$ t/01_compile.............................# $DBI::VERSION=1.607 ok t/02_logon...............................# sqlite_version=3.6.12 ok ... t/09_create_function..................... # Failed test 'SELECT my_defined(NULL)' # at t/09_create_function.t line 104. # Structures begin differing at: # $got->[0] = '' # $expected->[0] = '0' # Looks like you failed 1 test of 18. dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED test 14 Failed 1/18 tests, 94.44% okay From shyamph at gmail.com Wed May 27 06:06:30 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 06:06:42 2009 Subject: Mail delay at MailScanner In-Reply-To: <51B4428DF2D148C7975BB288FE719CC8@SUPPORT01V> References: <51B4428DF2D148C7975BB288FE719CC8@SUPPORT01V> Message-ID: Hi , Thanks for the pfqueue, Problem here is not with postfix. once postfix hands over mail to MailScanner queue (hold) then from hold to deliver it takes quite some time say 30 min or more than that, How do i debug this, even i enable the debug option in mailscanner but not found much infromation from that. Thanks and Regards Shyam On Tue, May 26, 2009 at 2:11 PM, Nigel Kendrick < support-lists@petdoctors.co.uk> wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark > Sapiro > Sent: Wednesday, May 20, 2009 4:39 PM > To: MailScanner List > Subject: Re: Mail delay at MailScanner > > shyam hirurkar wrote: > > > >How do i check how many mails are there in HOLD state of MailScanner. > > ls /var/spool/postfix/hold | wc -l > > or > > mailq | grep ! > > > > > There's a nice utility that will let you view & manipulate the messages in > a > Postfix queue - Google for pfqueue > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/d66de72d/attachment.html From paulo.sedrez at gmail.com Wed May 27 07:07:05 2009 From: paulo.sedrez at gmail.com (Paulo Francisco Sedrez) Date: Wed May 27 07:07:27 2009 Subject: UTF-8 error in SweepViruses.pm Message-ID: <4A1CD889.8030906@gmail.com> In what now (v 4.76) is in line 3441 of the file SweepViruses.pm, sub ProcessesetsOutput, last "if" block, there is something strange: --- $filename =~ s/ ? .*$//; # Delete rest of archive internal names --- Perl (5.8.0) complains abous this "?" as an invalid or incomplete UTF-8 sequence, on start (I am using mailscanner 4.73, so it is in line 3303): --- Malformed UTF-8 character (unexpected continuation byte 0xbb, with no preceding start byte) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3303. Malformed UTF-8 character (unexpected continuation byte 0xbb, with no preceding start byte) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3303. --- It looks like this lines were introduced in version 4.71, with this caracter already. Is this a typo or was it intentional? System: CentOS 3.9 @x86 that cannot be upgraded any time soon. -- Paulo Sedrez From glenn.steen at gmail.com Wed May 27 08:53:05 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 08:53:14 2009 Subject: Search archives for Package: mailscanner (4.55.10-3) for postfix (not exim4) In-Reply-To: References: <4A1BAE31.6090206@ecs.soton.ac.uk> <223f97700905251419o612843d0v7d0b9f1cbdd8df1e@mail.gmail.com> <4A1C12B3.1060207@ecs.soton.ac.uk> <4A1C1B50.8090008@ecs.soton.ac.uk> Message-ID: <223f97700905270053v36a05cebs391f924ff56b47dd@mail.gmail.com> 2009/5/26 Julian Field : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 26/05/2009 17:12, Robert Lopez wrote: >> On Tue, May 26, 2009 at 10:02 AM, Julian Field >> ?wrote: >> (snip) >> Let me back up. My senior administrator will approve my testing >> MailScanner on any of RHEL, Debian, or Ubuntu and he insists we use >> Postfix not Exim. >> He also insists we must use Spamassassin, ClamAV, and Anomy. >> Given those constraints, on which of those OS will MailScanner perform best? >> >> > I would go for RHEL as that is the main distribution I work with and > build for. I can assist you with far more issues on RHEL than any other > distribution. Both the Debian and Ubuntu builds are done by other people > and, let's say, I have a few problems with the quality and timeliness of > those builds. > > I would get ClamAV from rpmforge (or packages.sw.be), and I always > install my own build of SpamAssassin from my ClamAV+SpamAssassin package > (you tell it not to install ClamAV when it asks you). I know nothing > about Anomy, so you're on your own there. > Seerms like Anomy (http://mailtools.anomy.net/ or perhaps http://freshmeat.net/projects/theanomymailsanitizer/) tries, or rather tried, to do pretty much the same job that mailScanner does... Can't really see any benefit in using that, and might get ... interesting... trying to incorporate it:-). Anyway... it seems dead, so rather pointless to use...?! > Postfix is fine, I strongly recommend you use the latest beta of > MailScanner as 4.76 had one or two minor Postfix problems which I have > since fixed. I will release a new stable release of 4.77 on 1st July > anyway, and that will be very close to the current beta as it is working > so nicely. > > Hope that helps you! > > If you have any problems, questions, requests or suggestions, please do > get in touch straight away and I will help you as much as I can. Others > here can help you with Postfix questions better than I can, as I use > sendmail myself. Well... We'll be here, day-job-willing:-) > Jules > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed May 27 09:23:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 09:23:29 2009 Subject: Problems with SQLite and 4.76.25-1 In-Reply-To: <49df20710905261528v2444df5cjb395a3e46df03af8@mail.gmail.com> References: <49df20710905261528v2444df5cjb395a3e46df03af8@mail.gmail.com> <4A1CF869.2030005@ecs.soton.ac.uk> Message-ID: Download and install the latest beta instead, that includes a new SQLite perl module that fixes this problem. On 26/05/2009 23:28, Paul Welsh wrote: > Hi all > > My server is running CentOS 4 and it has SQLite 3.3.6 installed. > > My upgrade from version 4.74.16-1 to 4.76.25-1 failed because of a > SQLite related error. I include part of the install.log below. > > I've disabled the MailScanner.conf options related to the SQLite > databases so I'm no longer getting errors but does anyone have any > advice for me on how to fix it? > > Thanks > > Paul > > > Attempting to build and install perl-DBD-SQLite-1.21-1 > Installing perl-DBD-SQLite-1.21-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.17926 > ... > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness$ > t/01_compile.............................# $DBI::VERSION=1.607 > ok > t/02_logon...............................# sqlite_version=3.6.12 > ok > ... > t/09_create_function..................... > # Failed test 'SELECT my_defined(NULL)' > # at t/09_create_function.t line 104. > # Structures begin differing at: > # $got->[0] = '' > # $expected->[0] = '0' > # Looks like you failed 1 test of 18. > dubious > Test returned status 1 (wstat 256, 0x100) > DIED. FAILED test 14 > Failed 1/18 tests, 94.44% okay > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 27 09:33:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 09:33:38 2009 Subject: UTF-8 error in SweepViruses.pm In-Reply-To: <4A1CD889.8030906@gmail.com> References: <4A1CD889.8030906@gmail.com> <4A1CFAC4.6000701@ecs.soton.ac.uk> Message-ID: I am reluctant to change this without being able to test the "eset" virus scanner. And I haven't got a licence for it any more. If you can find someone with a trial licence for eset I will gladly attempt to fix it. In the mean time I will look back to 4.71 and see if there's any info there that will help me. On 27/05/2009 07:07, Paulo Francisco Sedrez wrote: > In what now (v 4.76) is in line 3441 of the file SweepViruses.pm, sub > ProcessesetsOutput, last "if" block, there is something strange: > > --- > $filename =~ s/ ? .*$//; # Delete rest of archive internal names > --- > > Perl (5.8.0) complains abous this "?" as an invalid or incomplete > UTF-8 sequence, on start (I am using mailscanner 4.73, so it is in > line 3303): > > --- > Malformed UTF-8 character (unexpected continuation byte 0xbb, with no > preceding start byte) at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3303. > Malformed UTF-8 character (unexpected continuation byte 0xbb, with no > preceding start byte) at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3303. > --- > > It looks like this lines were introduced in version 4.71, with this > caracter already. > > Is this a typo or was it intentional? > > System: CentOS 3.9 @x86 that cannot be upgraded any time soon. > > -- > Paulo Sedrez Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed May 27 10:02:44 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 10:03:07 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <4A195A25.7000209@gmail.com> References: <4A195A25.7000209@gmail.com> Message-ID: <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> 2009/5/24 Jarry : > Hi, > For whatever reason I can not stop/start MailScanner cleanly: > > # /etc/init.d/MailScanner stop > * Stopping MailScanner... > * MailScanner: caught SIGTERM, aborting > > # /etc/init.d/MailScanner start > * WARNING: MailScanner has already been started > > Actually, MailScanner stops, but sendmail which has been > started by MailScanner init script is still there running: > > # ps -e | grep sendmail > 18676 ? ? ? ? ?00:00:00 sendmail > 18679 ? ? ? ? ?00:00:00 sendmail > > Even when I killall sendmail, I still get the above mentioned > warning, and can not start MailScanner. And that is a problem, > because MailScanner is restarted (in my case, just want to be > restarted, but is not) every hour to prevent eating all resources > (which it keeps eating anyway, read next). I checked /var/run and > /var/lock, there is no trace of MailScanner or sendmail running, > yet I can not re-start Mailscanner. ?How can I fix this problem? > What version of MailScanner, what version of what OS? It's rather like impossible to help you without those tidbits;-) > > And the 2nd problem, MailScanner is eating too much memory: > > # ps aux | grep MailScanner > root ?8047 ?0.0 ?0.7 ?93148 31084 ? ?Ss ? 13:53 ? 0:00 MailScanner: master > waiting for children, sleeping > root ?8048 ?0.0 ?1.5 140136 64692 ? ?S ? ?13:53 ? 0:00 MailScanner: waiting > for messages > root ?8140 ?0.0 ?1.5 140136 64696 ? ?S ? ?13:54 ? 0:00 MailScanner: waiting > for messages > root ?8173 ?0.0 ?1.5 140136 64696 ? ?S ? ?13:54 ? 0:00 MailScanner: waiting > for messages > root ?8176 ?0.0 ?1.5 140140 64696 ? ?S ? ?13:54 ? 0:00 MailScanner: waiting > for messages > root ?8177 ?0.0 ?1.5 140140 64696 ? ?S ? ?13:54 ? 0:00 MailScanner: waiting > for messages > > ~330 MB RESS, ~1GB VIRTS, is *this* normal? Unbelievable. I see it for > the first time, that my server does not have enough physical memory > and is forced to use swap. I'm affraid, I can not spend so much memory > just for MailScanner... > > Jarry > Are you perhaps using the clamavmodule? That would have a big impact on the RAM usage. Use the clamd virus scanner instead (look in the wiki for info on how to set it up), and you'll get the same nice speed benefit (or better) that clamavmodule give you without the memory footprint issue. Other things that eat at your memory would be related to SpamAssassin, likely. Anyway, without info about the system (like how much RAM it has, to start with;-), it's kind of impossible to determine if you are "right-sized"...;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed May 27 10:19:36 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 10:19:45 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: <200905250752.42509.eli@orbsky.homelinux.org> References: <4A147B290200002D00006737@sparky.asdm.net> <200905240806.02474.eli@orbsky.homelinux.org> <4A19C02E0200002D0000679A@sparky.asdm.net> <200905250752.42509.eli@orbsky.homelinux.org> Message-ID: <223f97700905270219i523d1123n4d194d7b4d746feb@mail.gmail.com> 2009/5/25 Eli Wapniarski : > I still think this is a very very bad idea but why not use a list of full email addresses instead of just the domain. That is FROM: user1@domain.com FROM: user2@domain.com etc. Do yourself a favor. If possible set up an effective MailScanner Instalation over on the server at Business B. > > El Because those are as easily forged? That would be my reason to not do it that way. Gary, I'm a PF type too, and can think of numerous ways of bypassing MS with that, but... that's no help to you:-)... I do know that this topic has been touched before (IIRC numerous times), although then mostly for roadrunners/roaming users needing to relay through the MS host. Try a little list searchuing over at Gmane ... Scott Silva (among others) have this for Sendmail. > On Monday 25 May 2009 04:46:22 Gary Faith wrote: >> Business A - ISP located in a co-lo with fast internet and static IP's. ?It does web hosting, dial-up internet and mail scanning. >> >> Business B & My Personal Internet - Used to be a T1 with static IPs but is now a third party sucky Dynamic DSL. ?Now that it is dynamic DSL, I need to relay this mail through the mail scanner at Business A without the other people I have designated as MailWatch Admins in Business A, having the ability see this e-mail at all. ?I have an account in the mail scanner setup so I can do SMTP AUTH with TLS. ?That works great but ALL incoming mail is scanned unless I add FROM: domain.com no to the scan.messages.rules. ?When I do that I get spam from outside sources because it isn't being scanned. >> >> I need a sendmail or mailscanner option so that I can bypass scanning for the e-mail from this source only! >> >> Gary >> (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shyamph at gmail.com Wed May 27 10:34:24 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 10:34:34 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hi , I have removed the cache dba nd restarted the mailscanner but still i am able to see cached not timed out error in the log. Any thing else i needs to be done ?? Thanks and Regards, Shyam On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: > on 5-21-2009 3:17 AM shyam hirurkar spake the following: > > Hi , > > > > Thanks for the input but small question how often i need to do is there > > any automation for this. > > > You only need to do this if the cache becomes corrupt. It could be days or > years, you never know when a db can get corrupted. I'm not sure if you > could > automate this. I guess if there is a utility in sqlite that can check for > corruption and exit with an errorlevel, you could automate this in a > startup > script. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/d15d2e64/attachment.html From shyamph at gmail.com Wed May 27 10:37:06 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 10:37:17 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: Hi All, This is the error i am getting in the log May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was killed, failure 3 of 10 May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, SpamAssassin (not cached, timed out) Regards, Shyam On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: > Hi , > > I have removed the cache dba nd restarted the mailscanner but still i am > able to see cached not timed out error in the log. > > Any thing else i needs to be done ?? > > Thanks and Regards, > Shyam > > On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: > >> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >> > Hi , >> > >> > Thanks for the input but small question how often i need to do is there >> > any automation for this. >> > >> You only need to do this if the cache becomes corrupt. It could be days or >> years, you never know when a db can get corrupted. I'm not sure if you >> could >> automate this. I guess if there is a utility in sqlite that can check for >> corruption and exit with an errorlevel, you could automate this in a >> startup >> script. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/cbd7a8c0/attachment.html From maxsec at gmail.com Wed May 27 10:44:57 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 27 10:45:05 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> Message-ID: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> Ah that's spamassassin timing out not the cache. see http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance 2009/5/27 shyam hirurkar > Hi All, > > This is the error i am getting in the log > > May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was > killed, failure 3 of 10 > May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from > xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, > SpamAssassin (not cached, timed out) > > Regards, > Shyam > > > On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: > >> Hi , >> >> I have removed the cache dba nd restarted the mailscanner but still i am >> able to see cached not timed out error in the log. >> >> Any thing else i needs to be done ?? >> >> Thanks and Regards, >> Shyam >> >> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >> >>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>> > Hi , >>> > >>> > Thanks for the input but small question how often i need to do is there >>> > any automation for this. >>> > >>> You only need to do this if the cache becomes corrupt. It could be days >>> or >>> years, you never know when a db can get corrupted. I'm not sure if you >>> could >>> automate this. I guess if there is a utility in sqlite that can check for >>> corruption and exit with an errorlevel, you could automate this in a >>> startup >>> script. >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/6afbb9c7/attachment.html From jonas at vrt.dk Wed May 27 10:45:11 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Wed May 27 10:45:24 2009 Subject: UTF-8 error in SweepViruses.pm In-Reply-To: References: <4A1CD889.8030906@gmail.com> <4A1CFAC4.6000701@ecs.soton.ac.uk> Message-ID: <001101c9deaf$d46b88b0$7d429a10$@dk> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 27. maj 2009 10:33 > To: MailScanner discussion > Subject: Re: UTF-8 error in SweepViruses.pm > > I am reluctant to change this without being able to test the "eset" > virus scanner. > And I haven't got a licence for it any more. > If you can find someone with a trial licence for eset I will gladly > attempt to fix it. > I will gladly provide you with a license Julian, or you can even get access to one of our boxes which has eset already installed if you prefer. Contact me off list if this has any has any interest, its after all the least we can do for getting to use your brilliant product for free. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From stef at aoc-uk.com Wed May 27 10:48:03 2009 From: stef at aoc-uk.com (Stef Morrell) Date: Wed May 27 10:47:55 2009 Subject: Whitelisting rule query Message-ID: <200905270947.n4R9llxO025428@safir.blacknight.ie> Hello, I'm wanting to whitelist email coming from my office, so it doesn't get marked up as spam, in particular when discussing spammy topics with colleagues/clients. If I simply whitelist *@mydomain.com then this allows email with spoofed 'from' address throught. I can't whitelist the mail relay, as there's any number of domains email running through it and if one of those users takes it upon themselves to throw a spam sandwich at it, I want to catch it and stop it before the wide wide world decides to blacklist me. So, what I hope to be able to do is add a spam whitelisting rule along the lines of From: *@mydomain and From: Does this makes sense and is it achieveable? Regards Stef -- Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net From glenn.steen at gmail.com Wed May 27 11:06:41 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 11:06:51 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> Message-ID: <223f97700905270306n16dd9eem34f648f51ffd5e39@mail.gmail.com> 2009/5/27 Martin Hepworth : > Ah that's spamassassin timing out not the cache. > see > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > and > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance > .... further, check that bayes isn't your problem. if the bayes seen file is huge, you might experience things like this. And if the auto expire takes a very long time to finish, you might see it too (you'll get a lot of *expire* files in the directory where you keep bayes)... Assuming you use filebased bayes:). Also... the spamassassin timeout in MailScanner.conf might be way to short... Consider increasing it substantially. > 2009/5/27 shyam hirurkar >> >> Hi All, >> >> This is the error i am getting in the log >> >> May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was >> killed, failure 3 of 10 >> May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from >> xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, >> SpamAssassin (not cached, timed out) >> >> Regards, >> Shyam >> >> On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: >>> >>> Hi , >>> >>> I have removed the cache dba nd restarted the mailscanner but still i am >>> able to see cached not timed out error in the log. >>> >>> Any thing else i needs to be done ?? >>> >>> Thanks and Regards, >>> Shyam >>> >>> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >>>> >>>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>>> > Hi , >>>> > >>>> > Thanks for the input but small question how often i need to do is >>>> > there >>>> > any automation for this. >>>> > >>>> You only need to do this if the cache becomes corrupt. It could be days >>>> or >>>> years, you never know when a db can get corrupted. I'm not sure if you >>>> could >>>> automate this. I guess if there is a utility in sqlite that can check >>>> for >>>> corruption and exit with an errorlevel, you could automate this in a >>>> startup >>>> script. >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shyamph at gmail.com Wed May 27 11:17:57 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 11:18:07 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> Message-ID: Hi , Thanks for the link, My server is running dual core,4GB ram and RAID 5 of 160GB, Hope this is good enough to run MailScanner. Is there any else i need to look at.. Thanks, Shyam On Wed, May 27, 2009 at 3:14 PM, Martin Hepworth wrote: > Ah that's spamassassin timing out not the cache. > see > > > http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin > http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips > > and > > > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance > > > 2009/5/27 shyam hirurkar > > Hi All, >> >> This is the error i am getting in the log >> >> May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was >> killed, failure 3 of 10 >> May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from >> xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, >> SpamAssassin (not cached, timed out) >> >> Regards, >> Shyam >> >> >> On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: >> >>> Hi , >>> >>> I have removed the cache dba nd restarted the mailscanner but still i am >>> able to see cached not timed out error in the log. >>> >>> Any thing else i needs to be done ?? >>> >>> Thanks and Regards, >>> Shyam >>> >>> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >>> >>>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>>> > Hi , >>>> > >>>> > Thanks for the input but small question how often i need to do is >>>> there >>>> > any automation for this. >>>> > >>>> You only need to do this if the cache becomes corrupt. It could be days >>>> or >>>> years, you never know when a db can get corrupted. I'm not sure if you >>>> could >>>> automate this. I guess if there is a utility in sqlite that can check >>>> for >>>> corruption and exit with an errorlevel, you could automate this in a >>>> startup >>>> script. >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/8474b7c7/attachment.html From maxsec at gmail.com Wed May 27 11:28:38 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 27 11:28:47 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> Message-ID: <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Depends on the amount of of traffic and size of the emails, but that should be good enough for a a few 100k of emails per day. 2009/5/27 shyam hirurkar > Hi , > > Thanks for the link, > > > My server is running dual core,4GB ram and RAID 5 of 160GB, Hope this is > good enough to run MailScanner. Is there any else i need to look at.. > > Thanks, > Shyam > > > On Wed, May 27, 2009 at 3:14 PM, Martin Hepworth wrote: > >> Ah that's spamassassin timing out not the cache. >> see >> >> >> http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin >> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >> >> and >> >> >> http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance >> >> >> 2009/5/27 shyam hirurkar >> >> Hi All, >>> >>> This is the error i am getting in the log >>> >>> May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was >>> killed, failure 3 of 10 >>> May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from >>> xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, >>> SpamAssassin (not cached, timed out) >>> >>> Regards, >>> Shyam >>> >>> >>> On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: >>> >>>> Hi , >>>> >>>> I have removed the cache dba nd restarted the mailscanner but still i am >>>> able to see cached not timed out error in the log. >>>> >>>> Any thing else i needs to be done ?? >>>> >>>> Thanks and Regards, >>>> Shyam >>>> >>>> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >>>> >>>>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>>>> > Hi , >>>>> > >>>>> > Thanks for the input but small question how often i need to do is >>>>> there >>>>> > any automation for this. >>>>> > >>>>> You only need to do this if the cache becomes corrupt. It could be days >>>>> or >>>>> years, you never know when a db can get corrupted. I'm not sure if you >>>>> could >>>>> automate this. I guess if there is a utility in sqlite that can check >>>>> for >>>>> corruption and exit with an errorlevel, you could automate this in a >>>>> startup >>>>> script. >>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> -- >> Martin Hepworth >> Oxford, UK >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/0feadb0b/attachment-0001.html From MailScanner at ecs.soton.ac.uk Wed May 27 11:28:51 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 11:29:13 2009 Subject: Whitelisting rule query In-Reply-To: <200905270947.n4R9llxO025428@safir.blacknight.ie> References: <200905270947.n4R9llxO025428@safir.blacknight.ie> <4A1D15E3.2030104@ecs.soton.ac.uk> Message-ID: On 27/05/2009 10:48, Stef Morrell wrote: > Hello, > > I'm wanting to whitelist email coming from my office, so it doesn't get > marked up as spam, in particular when discussing spammy topics with > colleagues/clients. > > If I simply whitelist *@mydomain.com then this allows email with spoofed > 'from' address throught. > > I can't whitelist the mail relay, as there's any number of domains email > running through it and if one of those users takes it upon themselves to > throw a spam sandwich at it, I want to catch it and stop it before the > wide wide world decides to blacklist me. > > So, what I hope to be able to do is add a spam whitelisting rule along > the lines of > > From: *@mydomain and From: > > Does this makes sense and is it achieveable? > Yes, and you have even got the syntax right. Just add a "yes" on the end of the line and put it in /etc/MailScanner/rules/spam.whitelist.rules. Then do a "service MailScanner reload" and it will re-read the configuration, and away you go. > Regards > > Stef > -- > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | stef@l5net.net > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Wed May 27 11:53:05 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 11:53:15 2009 Subject: Whitelisting rule query In-Reply-To: References: <4A1D15E3.2030104@ecs.soton.ac.uk> <200905270947.n4R9llxO025428@safir.blacknight.ie> Message-ID: Hello, R u giving in the same line From: domain and From IP and yes, Hope this is wrong if not let me knwo i will also use the same , Also if you give in different line then again you will get spoof ID as you said earlier. Shyam On Wed, May 27, 2009 at 3:58 PM, Julian Field wrote: > > > On 27/05/2009 10:48, Stef Morrell wrote: > >> Hello, >> >> I'm wanting to whitelist email coming from my office, so it doesn't get >> marked up as spam, in particular when discussing spammy topics with >> colleagues/clients. >> >> If I simply whitelist *@mydomain.com then this allows email with spoofed >> 'from' address throught. >> >> I can't whitelist the mail relay, as there's any number of domains email >> running through it and if one of those users takes it upon themselves to >> throw a spam sandwich at it, I want to catch it and stop it before the >> wide wide world decides to blacklist me. >> >> So, what I hope to be able to do is add a spam whitelisting rule along >> the lines of >> >> From: *@mydomain and From: >> >> Does this makes sense and is it achieveable? >> >> > Yes, and you have even got the syntax right. Just add a "yes" on the end of > the line and put it in /etc/MailScanner/rules/spam.whitelist.rules. Then do > a "service MailScanner reload" and it will re-read the configuration, and > away you go. > > Regards >> >> Stef >> -- >> Stefan Morrell | Operations Director >> Tel: 0845 3452820 | Alpha Omega Computers Ltd >> Fax: 0845 3452830 | Incorporating Level 5 Internet >> stef@aoc-uk.com | stef@l5net.net >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/6d4486a6/attachment.html From MailScanner at ecs.soton.ac.uk Wed May 27 12:14:58 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 12:15:32 2009 Subject: Whitelisting rule query In-Reply-To: References: <4A1D15E3.2030104@ecs.soton.ac.uk> <200905270947.n4R9llxO025428@safir.blacknight.ie> <4A1D20B2.2030805@ecs.soton.ac.uk> Message-ID: Please don't use "R u" instead of "Are you", it's just an abuse of the English language. Anyway, that syntax is just fine, you are allowed to combine two tests with an "and" on the same line. Cheers, Jules. On 27/05/2009 11:53, shyam hirurkar wrote: > Hello, > > R u giving in the same line From: domain and From IP and yes, Hope > this is wrong if not let me knwo i will also use the same , Also if > you give in different line then again you will get spoof ID as you > said earlier. > > Shyam > > On Wed, May 27, 2009 at 3:58 PM, Julian Field > > wrote: > > > > On 27/05/2009 10:48, Stef Morrell wrote: > > Hello, > > I'm wanting to whitelist email coming from my office, so it > doesn't get > marked up as spam, in particular when discussing spammy topics > with > colleagues/clients. > > If I simply whitelist *@mydomain.com > then this allows email with spoofed > 'from' address throught. > > I can't whitelist the mail relay, as there's any number of > domains email > running through it and if one of those users takes it upon > themselves to > throw a spam sandwich at it, I want to catch it and stop it > before the > wide wide world decides to blacklist me. > > So, what I hope to be able to do is add a spam whitelisting > rule along > the lines of > > From: *@mydomain and From: > > Does this makes sense and is it achieveable? > > Yes, and you have even got the syntax right. Just add a "yes" on > the end of the line and put it in > /etc/MailScanner/rules/spam.whitelist.rules. Then do a "service > MailScanner reload" and it will re-read the configuration, and > away you go. > > > Regards > > Stef > -- > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | > stef@l5net.net > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shyamph at gmail.com Wed May 27 12:26:08 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 12:26:19 2009 Subject: Whitelisting rule query In-Reply-To: References: <4A1D15E3.2030104@ecs.soton.ac.uk> <200905270947.n4R9llxO025428@safir.blacknight.ie> <4A1D20B2.2030805@ecs.soton.ac.uk> Message-ID: Hi Jules, I was not meant in that way , sincere apology for the use of the short words. Thanks a lot for the same. i have one more doubt i want rule in highscore spam action can i use like this From: domain.com forward user@domain.com store OR is it From:domain.com forward user@domain.com and store Is really and required. basically i want to forward the high score spam to one email id and also store in quarantine. Thanks , Shyam On Wed, May 27, 2009 at 4:44 PM, Julian Field wrote: > Please don't use "R u" instead of "Are you", it's just an abuse of the > English language. > Anyway, that syntax is just fine, you are allowed to combine two tests with > an "and" on the same line. > > Cheers, > Jules. > > On 27/05/2009 11:53, shyam hirurkar wrote: > >> Hello, >> >> R u giving in the same line From: domain and From IP and yes, Hope this >> is wrong if not let me knwo i will also use the same , Also if you give in >> different line then again you will get spoof ID as you said earlier. >> >> Shyam >> >> On Wed, May 27, 2009 at 3:58 PM, Julian Field < >> MailScanner@ecs.soton.ac.uk > wrote: >> >> >> >> On 27/05/2009 10:48, Stef Morrell wrote: >> >> Hello, >> >> I'm wanting to whitelist email coming from my office, so it >> doesn't get >> marked up as spam, in particular when discussing spammy topics >> with >> colleagues/clients. >> >> If I simply whitelist *@mydomain.com >> then this allows email with spoofed >> 'from' address throught. >> >> I can't whitelist the mail relay, as there's any number of >> domains email >> running through it and if one of those users takes it upon >> themselves to >> throw a spam sandwich at it, I want to catch it and stop it >> before the >> wide wide world decides to blacklist me. >> >> So, what I hope to be able to do is add a spam whitelisting >> rule along >> the lines of >> >> From: *@mydomain and From: >> >> Does this makes sense and is it achieveable? >> >> Yes, and you have even got the syntax right. Just add a "yes" on >> the end of the line and put it in >> /etc/MailScanner/rules/spam.whitelist.rules. Then do a "service >> MailScanner reload" and it will re-read the configuration, and >> away you go. >> >> >> Regards >> >> Stef >> -- >> Stefan Morrell | Operations Director >> Tel: 0845 3452820 | Alpha Omega Computers Ltd >> Fax: 0845 3452830 | Incorporating Level 5 Internet >> stef@aoc-uk.com | >> stef@l5net.net >> >> >> Jules >> >> -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and >> twitter.com/MailScanner >> >> >> -- This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/d66fef51/attachment.html From shyamph at gmail.com Wed May 27 13:07:05 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 13:07:15 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: Hi All, Even I observe the mailq was 50 and RAM was being utilized 60% and swap not at all used. Still I am getting the same error in maillog.... any other reason...as spams are passing... Thanks and Regards, Shyam On Wed, May 27, 2009 at 3:58 PM, Martin Hepworth wrote: > Depends on the amount of of traffic and size of the emails, but that should > be good enough for a a few 100k of emails per day. > > > 2009/5/27 shyam hirurkar > >> Hi , >> >> Thanks for the link, >> >> >> My server is running dual core,4GB ram and RAID 5 of 160GB, Hope this is >> good enough to run MailScanner. Is there any else i need to look at.. >> >> Thanks, >> Shyam >> >> >> On Wed, May 27, 2009 at 3:14 PM, Martin Hepworth wrote: >> >>> Ah that's spamassassin timing out not the cache. >>> see >>> >>> >>> http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin >>> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >>> >>> and >>> >>> >>> http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance >>> >>> >>> 2009/5/27 shyam hirurkar >>> >>> Hi All, >>>> >>>> This is the error i am getting in the log >>>> >>>> May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was >>>> killed, failure 3 of 10 >>>> May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from >>>> xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, >>>> SpamAssassin (not cached, timed out) >>>> >>>> Regards, >>>> Shyam >>>> >>>> >>>> On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: >>>> >>>>> Hi , >>>>> >>>>> I have removed the cache dba nd restarted the mailscanner but still i >>>>> am able to see cached not timed out error in the log. >>>>> >>>>> Any thing else i needs to be done ?? >>>>> >>>>> Thanks and Regards, >>>>> Shyam >>>>> >>>>> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >>>>> >>>>>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>>>>> > Hi , >>>>>> > >>>>>> > Thanks for the input but small question how often i need to do is >>>>>> there >>>>>> > any automation for this. >>>>>> > >>>>>> You only need to do this if the cache becomes corrupt. It could be >>>>>> days or >>>>>> years, you never know when a db can get corrupted. I'm not sure if you >>>>>> could >>>>>> automate this. I guess if there is a utility in sqlite that can check >>>>>> for >>>>>> corruption and exit with an errorlevel, you could automate this in a >>>>>> startup >>>>>> script. >>>>>> >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/da842bd2/attachment.html From shyamph at gmail.com Wed May 27 13:36:59 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 13:37:09 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: One more error I am getting like below SpamAssassin timed out (with no network checks) and was killed, failure 15 of 20 I am not able to understand the where i went wrong.. Thanks, Shyam On Wed, May 27, 2009 at 5:37 PM, shyam hirurkar wrote: > Hi All, > > > Even I observe the mailq was 50 and RAM was being utilized 60% and swap > not at all used. Still I am getting the same error in maillog.... any other > reason...as spams are passing... > > > Thanks and Regards, > Shyam > > > On Wed, May 27, 2009 at 3:58 PM, Martin Hepworth wrote: > >> Depends on the amount of of traffic and size of the emails, but that >> should be good enough for a a few 100k of emails per day. >> >> >> 2009/5/27 shyam hirurkar >> >>> Hi , >>> >>> Thanks for the link, >>> >>> >>> My server is running dual core,4GB ram and RAID 5 of 160GB, Hope this is >>> good enough to run MailScanner. Is there any else i need to look at.. >>> >>> Thanks, >>> Shyam >>> >>> >>> On Wed, May 27, 2009 at 3:14 PM, Martin Hepworth wrote: >>> >>>> Ah that's spamassassin timing out not the cache. >>>> see >>>> >>>> >>>> http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin >>>> http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips >>>> >>>> and >>>> >>>> >>>> http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance >>>> >>>> >>>> 2009/5/27 shyam hirurkar >>>> >>>> Hi All, >>>>> >>>>> This is the error i am getting in the log >>>>> >>>>> May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was >>>>> killed, failure 3 of 10 >>>>> May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from >>>>> xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, >>>>> SpamAssassin (not cached, timed out) >>>>> >>>>> Regards, >>>>> Shyam >>>>> >>>>> >>>>> On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: >>>>> >>>>>> Hi , >>>>>> >>>>>> I have removed the cache dba nd restarted the mailscanner but still i >>>>>> am able to see cached not timed out error in the log. >>>>>> >>>>>> Any thing else i needs to be done ?? >>>>>> >>>>>> Thanks and Regards, >>>>>> Shyam >>>>>> >>>>>> On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: >>>>>> >>>>>>> on 5-21-2009 3:17 AM shyam hirurkar spake the following: >>>>>>> > Hi , >>>>>>> > >>>>>>> > Thanks for the input but small question how often i need to do is >>>>>>> there >>>>>>> > any automation for this. >>>>>>> > >>>>>>> You only need to do this if the cache becomes corrupt. It could be >>>>>>> days or >>>>>>> years, you never know when a db can get corrupted. I'm not sure if >>>>>>> you could >>>>>>> automate this. I guess if there is a utility in sqlite that can check >>>>>>> for >>>>>>> corruption and exit with an errorlevel, you could automate this in a >>>>>>> startup >>>>>>> script. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> >>>> -- >>>> Martin Hepworth >>>> Oxford, UK >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> -- >> Martin Hepworth >> Oxford, UK >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/532caaff/attachment.html From glenn.steen at gmail.com Wed May 27 13:40:03 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 13:40:12 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: <223f97700905270540j5d2be459s2aa91bbc2ef3801a@mail.gmail.com> 2009/5/27 shyam hirurkar : > Hi All, > > > Even I observe the mailq was 50 and RAM was being utilized? 60% and swap not > at all used. Still I am getting the same error in maillog.... any other > reason...as spams are passing... > > > Thanks and Regards, > Shyam (snip) Yes. As mentioned in the other mail I sent you: - Check your bayes seen file, perhaps resetting it (rm .....) - Check if you have any bayes expiry problems (ls /path/to/bayes/*expir*). If you have, consider disabling the automatic expiry and using a cron'd sa-learn --force-expire instead. - Increase the SpamAssassin timout value in MailScanner.conf. The default is very low. I set it to 300 seconds... - run sa-update (if you don't do that automatically, which you should). - Your problems *might* be related to RBLs, so check that and perhaps turn off any offenders - do sa-compile. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed May 27 13:57:25 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 13:57:46 2009 Subject: Whitelisting rule query In-Reply-To: References: <4A1D15E3.2030104@ecs.soton.ac.uk> <200905270947.n4R9llxO025428@safir.blacknight.ie> <4A1D20B2.2030805@ecs.soton.ac.uk> <4A1D38B5.1010700@ecs.soton.ac.uk> Message-ID: On 27/05/2009 12:26, shyam hirurkar wrote: > Hi Jules, > > I was not meant in that way , sincere apology for the use of the short > words. No problem. > > Thanks a lot for the same. i have one more doubt i want rule in > highscore spam action can i use like this > > From: domain.com forward user@domain.com > store Correct. > OR is it > > From:domain.com forward user@domain.com > and store Wrong. The "and" is only used to separate two conditions in a ruleset line. The result of the ruleset is everything that appears after the last condition, which in this case should be "forward user@domain.com store". > > Is really and required. > > basically i want to forward the high score spam to one email id and > also store in quarantine. Yes, that sounds fine. > > > Thanks , > Shyam > > On Wed, May 27, 2009 at 4:44 PM, Julian Field > > wrote: > > Please don't use "R u" instead of "Are you", it's just an abuse of > the English language. > Anyway, that syntax is just fine, you are allowed to combine two > tests with an "and" on the same line. > > Cheers, > Jules. > > > On 27/05/2009 11:53, shyam hirurkar wrote: > > Hello, > > R u giving in the same line From: domain and From IP and yes, > Hope this is wrong if not let me knwo i will also use the same > , Also if you give in different line then again you will get > spoof ID as you said earlier. > > Shyam > > On Wed, May 27, 2009 at 3:58 PM, Julian Field > > >> wrote: > > > > On 27/05/2009 10:48, Stef Morrell wrote: > > Hello, > > I'm wanting to whitelist email coming from my office, so it > doesn't get > marked up as spam, in particular when discussing spammy > topics > with > colleagues/clients. > > If I simply whitelist *@mydomain.com > > > then this allows email with spoofed > 'from' address throught. > > I can't whitelist the mail relay, as there's any number of > domains email > running through it and if one of those users takes it upon > themselves to > throw a spam sandwich at it, I want to catch it and stop it > before the > wide wide world decides to blacklist me. > > So, what I hope to be able to do is add a spam whitelisting > rule along > the lines of > > From: *@mydomain and From: > > Does this makes sense and is it achieveable? > > Yes, and you have even got the syntax right. Just add a > "yes" on > the end of the line and put it in > /etc/MailScanner/rules/spam.whitelist.rules. Then do a "service > MailScanner reload" and it will re-read the configuration, and > away you go. > > > Regards > > Stef > -- > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com > > | > stef@l5net.net > > > > > Jules > > -- Julian Field MEng CITP CEng > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from > your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > Follow me at twitter.com/JulesFM > and > twitter.com/MailScanner > > > > > -- This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eli at orbsky.homelinux.org Wed May 27 13:56:24 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Wed May 27 13:57:47 2009 Subject: (2nd Request) Disable scanning for a client that connectsviaSMTP-AUTH In-Reply-To: <223f97700905270219i523d1123n4d194d7b4d746feb@mail.gmail.com> References: <4A147B290200002D00006737@sparky.asdm.net> <200905250752.42509.eli@orbsky.homelinux.org> <223f97700905270219i523d1123n4d194d7b4d746feb@mail.gmail.com> Message-ID: <200905271556.24687.eli@orbsky.homelinux.org> Like I said, I think this is a very very bad idea. Eli On Wednesday 27 May 2009 12:19:36 Glenn Steen wrote: > 2009/5/25 Eli Wapniarski : > > I still think this is a very very bad idea but why not use a list of full email addresses instead of just the domain. That is FROM: user1@domain.com FROM: user2@domain.com etc. Do yourself a favor. If possible set up an effective MailScanner Instalation over on the server at Business B. > > > > El > > Because those are as easily forged? That would be my reason to not do > it that way. > > Gary, I'm a PF type too, and can think of numerous ways of bypassing > MS with that, but... that's no help to you:-)... I do know that this > topic has been touched before (IIRC numerous times), although then > mostly for roadrunners/roaming users needing to relay through the MS > host. Try a little list searchuing over at Gmane ... Scott Silva > (among others) have this for Sendmail. > > > On Monday 25 May 2009 04:46:22 Gary Faith wrote: > >> Business A - ISP located in a co-lo with fast internet and static IP's. It does web hosting, dial-up internet and mail scanning. > >> > >> Business B & My Personal Internet - Used to be a T1 with static IPs but is now a third party sucky Dynamic DSL. Now that it is dynamic DSL, I need to relay this mail through the mail scanner at Business A without the other people I have designated as MailWatch Admins in Business A, having the ability see this e-mail at all. I have an account in the mail scanner setup so I can do SMTP AUTH with TLS. That works great but ALL incoming mail is scanned unless I add FROM: domain.com no to the scan.messages.rules. When I do that I get spam from outside sources because it isn't being scanned. > >> > >> I need a sendmail or mailscanner option so that I can bypass scanning for the e-mail from this source only! > >> > >> Gary > >> > (snip) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Joey.Casas at nexusmgmt.com Wed May 27 13:56:02 2009 From: Joey.Casas at nexusmgmt.com (Joey Casas) Date: Wed May 27 13:59:39 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: <6A4AF5E37B020A4B869BE3A108F8F67006DBC8BF57@nmibwkexch4.nexusmgmt.com> In recent experience on my systems, this was due to an increase in the size of some spam. I also believe it was related to an increase in the number of rules I have enabled recently. I checked the size of the emails that were involved in the timeouts and they were generally larger than 50kbytes. There are many potential causes however and anything that can cause SA to run longer than the timeout in MailScanner.conf can generate these. Ultimately I increased my timeout value. SpamAssassin Timeout = I believe the "failure x of 20" is saying that soon (if the count reaches 20) MailScanner will disable SA checks and pass emails unscanned. This is to prevent SA failures from causing a full mail stoppage. Joey Casas ------------------------------------------- Linux Engineering Team n|m Nexus Management 4 Industrial Parkway Suite 101 Brunswick, Maine 04011 Tel (US) : 1 207 319 1105 Tel (UK) : 0207 100 4968 x421 Cell (US) : 1 207 607 1047 Fax : 1 207 725 8552 SIP: 0421@pbx.nexusmgmt.com Nexus Management, Inc.? Registered Office: 4 Industrial Parkway, Suite 101, Brunswick, Maine. 04011?Company No. 19891257D, Registered in Maine? A member of the Nexus Management Plc group of companies -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shyam hirurkar Sent: Wednesday, May 27, 2009 8:37 AM To: MailScanner discussion Subject: Re: Cached Timeout MailScanner One more error I am getting like below SpamAssassin timed out (with no network checks) and was killed, failure 15 of 20 I am not able to understand the where i went wrong.. Thanks, Shyam On Wed, May 27, 2009 at 5:37 PM, shyam hirurkar wrote: Hi All, Even I observe the mailq was 50 and RAM was being utilized 60% and swap not at all used. Still I am getting the same error in maillog.... any other reason...as spams are passing... Thanks and Regards, Shyam On Wed, May 27, 2009 at 3:58 PM, Martin Hepworth wrote: Depends on the amount of of traffic and size of the emails, but that should be good enough for a a few 100k of emails per day. 2009/5/27 shyam hirurkar Hi , Thanks for the link, My server is running dual core,4GB ram and RAID 5 of 160GB, Hope this is good enough to run MailScanner. Is there any else i need to look at.. Thanks, Shyam On Wed, May 27, 2009 at 3:14 PM, Martin Hepworth wrote: Ah that's spamassassin timing out not the cache. see http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips and http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:performance&s=performance 2009/5/27 shyam hirurkar Hi All, This is the error i am getting in the log May 27 15:03:47 mx1 MailScanner[31435]: SpamAssassin timed out and was killed, failure 3 of 10 May 27 15:03:48 mx1 MailScanner[31435]: Message A76B125A8047.9FN8C from xxx.xxx.xxx.xxx (username@yahoo.co.in) to domain.com is not spam, SpamAssassin (not cached, timed out) Regards, Shyam On Wed, May 27, 2009 at 3:04 PM, shyam hirurkar wrote: Hi , I have removed the cache dba nd restarted the mailscanner but still i am able to see cached not timed out error in the log. Any thing else i needs to be done ?? Thanks and Regards, Shyam On Thu, May 21, 2009 at 9:18 PM, Scott Silva wrote: on 5-21-2009 3:17 AM shyam hirurkar spake the following: > Hi , > > Thanks for the input but small question how often i need to do is there > any automation for this. > You only need to do this if the cache becomes corrupt. It could be days or years, you never know when a db can get corrupted. I'm not sure if you could automate this. I guess if there is a utility in sqlite that can check for corruption and exit with an errorlevel, you could automate this in a startup script. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shyamph at gmail.com Wed May 27 14:16:04 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 14:16:16 2009 Subject: Cached Timeout MailScanner In-Reply-To: <223f97700905270540j5d2be459s2aa91bbc2ef3801a@mail.gmail.com> References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> <223f97700905270540j5d2be459s2aa91bbc2ef3801a@mail.gmail.com> Message-ID: Hi Glenn, 1. I am using Bayes with mysql 2. I have increased the spamassassin time out value to 120 Sec 3.I am little bit confused about the sa-update I am using the rules-dujour to update apert from this do i need to run sa-updats--> not sure.. 4. I am using local RBL server which get sync with paid RBL sites. Thanks, Shyam On Wed, May 27, 2009 at 6:10 PM, Glenn Steen wrote: > 2009/5/27 shyam hirurkar : > > Hi All, > > > > > > Even I observe the mailq was 50 and RAM was being utilized 60% and swap > not > > at all used. Still I am getting the same error in maillog.... any other > > reason...as spams are passing... > > > > > > Thanks and Regards, > > Shyam > (snip) > Yes. > As mentioned in the other mail I sent you: > - Check your bayes seen file, perhaps resetting it (rm .....) > - Check if you have any bayes expiry problems (ls > /path/to/bayes/*expir*). If you have, consider disabling the automatic > expiry and using a cron'd sa-learn --force-expire instead. > - Increase the SpamAssassin timout value in MailScanner.conf. The > default is very low. I set it to 300 seconds... > - run sa-update (if you don't do that automatically, which you should). > - Your problems *might* be related to RBLs, so check that and perhaps > turn off any offenders > - do sa-compile. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/b7898f58/attachment.html From shyamph at gmail.com Wed May 27 14:27:40 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Wed May 27 14:27:53 2009 Subject: Whitelisting rule query In-Reply-To: References: <4A1D15E3.2030104@ecs.soton.ac.uk> <200905270947.n4R9llxO025428@safir.blacknight.ie> <4A1D20B2.2030805@ecs.soton.ac.uk> <4A1D38B5.1010700@ecs.soton.ac.uk> Message-ID: Hi Jules, Thanks a lot I will try and let you know. Thanks , Shyam On Wed, May 27, 2009 at 6:27 PM, Julian Field wrote: > > > On 27/05/2009 12:26, shyam hirurkar wrote: > >> Hi Jules, >> >> I was not meant in that way , sincere apology for the use of the short >> words. >> > No problem. > >> >> Thanks a lot for the same. i have one more doubt i want rule in highscore >> spam action can i use like this >> >> From: domain.com forward user@domain.com > user@domain.com> store >> > Correct. > >> OR is it >> >> From:domain.com forward user@domain.com > user@domain.com> and store >> > Wrong. > > The "and" is only used to separate two conditions in a ruleset line. The > result of the ruleset is everything that appears after the last condition, > which in this case should be "forward user@domain.com store". > >> >> Is really and required. >> >> basically i want to forward the high score spam to one email id and also >> store in quarantine. >> > Yes, that sounds fine. > >> >> >> Thanks , >> Shyam >> >> >> On Wed, May 27, 2009 at 4:44 PM, Julian Field < >> MailScanner@ecs.soton.ac.uk > wrote: >> >> Please don't use "R u" instead of "Are you", it's just an abuse of >> the English language. >> Anyway, that syntax is just fine, you are allowed to combine two >> tests with an "and" on the same line. >> >> Cheers, >> Jules. >> >> >> On 27/05/2009 11:53, shyam hirurkar wrote: >> >> Hello, >> >> R u giving in the same line From: domain and From IP and yes, >> Hope this is wrong if not let me knwo i will also use the same >> , Also if you give in different line then again you will get >> spoof ID as you said earlier. >> >> Shyam >> >> On Wed, May 27, 2009 at 3:58 PM, Julian Field >> > >> > >> wrote: >> >> >> >> On 27/05/2009 10:48, Stef Morrell wrote: >> >> Hello, >> >> I'm wanting to whitelist email coming from my office, so it >> doesn't get >> marked up as spam, in particular when discussing spammy >> topics >> with >> colleagues/clients. >> >> If I simply whitelist *@mydomain.com >> >> >> >> then this allows email with spoofed >> 'from' address throught. >> >> I can't whitelist the mail relay, as there's any number of >> domains email >> running through it and if one of those users takes it upon >> themselves to >> throw a spam sandwich at it, I want to catch it and stop it >> before the >> wide wide world decides to blacklist me. >> >> So, what I hope to be able to do is add a spam whitelisting >> rule along >> the lines of >> >> From: *@mydomain and From: >> >> Does this makes sense and is it achieveable? >> >> Yes, and you have even got the syntax right. Just add a >> "yes" on >> the end of the line and put it in >> /etc/MailScanner/rules/spam.whitelist.rules. Then do a "service >> MailScanner reload" and it will re-read the configuration, and >> away you go. >> >> >> Regards >> >> Stef >> -- >> Stefan Morrell | Operations Director >> Tel: 0845 3452820 | Alpha Omega Computers Ltd >> Fax: 0845 3452830 | Incorporating Level 5 Internet >> stef@aoc-uk.com >> > | >> stef@l5net.net > > >> >> >> >> Jules >> >> -- Julian Field MEng CITP CEng >> www.MailScanner.info >> >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from >> your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >> B654 >> Follow me at twitter.com/JulesFM >> and >> >> twitter.com/MailScanner >> >> >> >> >> -- This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> Jules >> >> -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and >> twitter.com/MailScanner >> >> >> -- This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/8d5651d8/attachment-0001.html From maxsec at gmail.com Wed May 27 14:41:28 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed May 27 14:41:38 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> <223f97700905270540j5d2be459s2aa91bbc2ef3801a@mail.gmail.com> Message-ID: <72cf361e0905270641n74ace9fdqa08b8aca5fa08ca2@mail.gmail.com> 2009/5/27 shyam hirurkar > Hi Glenn, > > > 1. I am using Bayes with mysql good > > 2. I have increased the spamassassin time out value to 120 Sec good > > 3.I am little bit confused about the sa-update I am using the rules-dujour > to update apert from this do i need to run sa-updats--> not sure.. yes - rule du jour only updates the extra rules you tell it about, not any core spamassassin rules. This is SA-UPDATE's job. > > 4. I am using local RBL server which get sync with paid RBL sites. > good - turn the other RBL's off in spamassassin by giving them a zero score - (check /usr/share/*spamassassin*/20_dnsbl_tests.cf or /var/lib/spamassassin//20_dnsbl_tests.cf after you've run sa-update for the list of RBLs in default use by spamassassin name). Could well be you'r trying to hit dead RBL's is you've disabled them explicitly . Also run a local caching nameserver on the mailscanner box - yes this makes a difference even if the main DNS server is 2ms away! > > Thanks, > Shyam > > > On Wed, May 27, 2009 at 6:10 PM, Glenn Steen wrote: > >> 2009/5/27 shyam hirurkar : >> > Hi All, >> > >> > >> > Even I observe the mailq was 50 and RAM was being utilized 60% and swap >> not >> > at all used. Still I am getting the same error in maillog.... any other >> > reason...as spams are passing... >> > >> > >> > Thanks and Regards, >> > Shyam >> (snip) >> Yes. >> As mentioned in the other mail I sent you: >> - Check your bayes seen file, perhaps resetting it (rm .....) >> - Check if you have any bayes expiry problems (ls >> /path/to/bayes/*expir*). If you have, consider disabling the automatic >> expiry and using a cron'd sa-learn --force-expire instead. >> - Increase the SpamAssassin timout value in MailScanner.conf. The >> default is very low. I set it to 300 seconds... >> - run sa-update (if you don't do that automatically, which you should). >> - Your problems *might* be related to RBLs, so check that and perhaps >> turn off any offenders >> - do sa-compile. >> >> Cheers >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/0a4621ac/attachment.html From glenn.steen at gmail.com Wed May 27 14:47:30 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed May 27 14:47:39 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> <223f97700905270540j5d2be459s2aa91bbc2ef3801a@mail.gmail.com> Message-ID: <223f97700905270647w40246b36u28495fba5a0205d8@mail.gmail.com> 2009/5/27 shyam hirurkar : > Hi Glenn, > > > 1. I am using Bayes with mysql Good. And the MySQL schemas are OK? > 2. I have increased the spamassassin time out value to 120 Sec Go wild and set it to 300 (5 minutes);-). > 3.I am little bit confused about the sa-update I am using the rules-dujour > to update apert from this do i need to run sa-updats--> not sure.. IIRC, you should be using sa-update for all needed rule updating. If you search the archives, I'm sure you'll find some nice info on how to set it up to replace any rulesdujour script. If you use the RPM install of MS, it will have set up a cron job to run daily (/etc/cron.daily/update_spamassassin). > 4. I am using local RBL server which get sync with paid RBL sites. Ok, and you've disabled all else? Or at least checked them? If you run MailScanner --debug --debug-sa ... do you see any telltales where it is spending the time? > > Thanks, > Shyam > > > On Wed, May 27, 2009 at 6:10 PM, Glenn Steen wrote: >> >> 2009/5/27 shyam hirurkar : >> > Hi All, >> > >> > >> > Even I observe the mailq was 50 and RAM was being utilized? 60% and swap >> > not >> > at all used. Still I am getting the same error in maillog.... any other >> > reason...as spams are passing... >> > >> > >> > Thanks and Regards, >> > Shyam >> (snip) >> Yes. >> As mentioned in the other mail I sent you: >> - Check your bayes seen file, perhaps resetting it (rm .....) >> - Check if you have any bayes expiry problems (ls >> /path/to/bayes/*expir*). If you have, consider disabling the automatic >> expiry and using a cron'd sa-learn --force-expire instead. >> - Increase the SpamAssassin timout value in MailScanner.conf. The >> default is very low. I set it to 300 seconds... >> - run sa-update (if you don't do that automatically, which you should). >> - Your problems *might* be related to RBLs, so check that and perhaps >> turn off any offenders >> - do sa-compile. >> >> Cheers >> -- >> -- Glenn >> email: glenn < dot > steen < at > gmail < dot > com >> work: glenn < dot > steen < at > ap1 < dot > se >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From stef at aoc-uk.com Wed May 27 16:35:04 2009 From: stef at aoc-uk.com (Stef Morrell) Date: Wed May 27 16:34:56 2009 Subject: Whitelisting rule query In-Reply-To: References: <200905270947.n4R9llxO025428@safir.blacknight.ie><4A1D15E3.2030104@ecs.soton.ac.uk> Message-ID: <200905271534.n4RFYlMM018401@safir.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > > On 27/05/2009 10:48, Stef Morrell wrote: > > So, what I hope to be able to do is add a spam whitelisting > rule along > > the lines of > > > > From: *@mydomain and From: > > > > Does this makes sense and is it achieveable? > > > Yes, and you have even got the syntax right. Just add a "yes" > on the end of the line and put it in > /etc/MailScanner/rules/spam.whitelist.rules. Ah fantastic thanks. For some reason I was under the mistaken impression one could only do a From:Foo and To:Bar Yes Rather than multiple 'from' conditions. Is there a maximum number of conditions (not that I can think of an application for more than maybe 3-4)? Could you say From:Foo or From:Bar Or is it more appropriate to write two rules? Thanks Stef -- Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net From hilario at soliton.com.br Wed May 27 17:00:55 2009 From: hilario at soliton.com.br (Hilario Fochi Silveira) Date: Wed May 27 17:01:14 2009 Subject: "Remove These Headers" not working In-Reply-To: References: <200905192039.n4JKdSbS030810@safir.blacknight.ie> <200905200159.n4K1x67u010236@safir.blacknight.ie> <4A1664E6.5000809@ecs.soton.ac.uk> <200905221326.n4MDQK9A003574@safir.blacknight.ie> <4A16AC11.5090404@ecs.soton.ac.uk> <200905221712.n4MHC3Pj014070@safir.blacknight.ie> <4A16F651.2080209@ecs.soton.ac.uk> <200905221935.n4MJZYi3020712@safir.blacknight.ie> <4A17C9DB.1040707@ecs.soton.ac.uk> <200905231355.n4NDtgec027408@safir.blacknight.ie> <4A182BDF.8080400@ecs.soton.ac.uk> Message-ID: <200905271601.n4RG15nr020294@safir.blacknight.ie> [quote] >... So if you think my docs can be agreed, please do suggest an improvement. >So you can insert comments and additions of your own .... [/quote] Here is my humble suggestion # Example 1 (traditional) # Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: # # Example 2 (mixed with regex expressions) # Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/ # # Example 3 (regex using \s as spaces) # Remove These Headers = X-UID: /your\sregex\swith\sspaces\shere/ /X-Mozilla-Status.*:/ /Disposition.*:/ # # Example 4 (using a per domain rules file) # If you wish to remove (block) incoming return-receipt requests while allowing the outgoing request to pass, set # Remove These Headers = %rules-dir%/remove.headers.rules # And edit the content of the remove.headers.rules file based on the following examples # From: *@yourdomain1.com X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: # To: *@yourdomain1.com Confirm-Reading-To: Delivery-Receipt-To: Disposition-Notification-To: Errors-To: MDRcpt-To: MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL: # FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed: # Note: In this example, when an outgoing email is sent with at least one copy to accounts in your own domain accounts, all matching headers will be removed from all emails, including the outgoing ones. note: I believe Example 3 must not use the : but I'm not sure. Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 At 14:01 2009-05-23, Julian Field wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 23/05/2009 14:55, Hilario Fochi Silveira wrote: > > humm... your example is interesting. > > > > As regex uses "I" and the original system used "spaces" for the "or" > > function, I had interpreted that the instructions texts in > > MailScanner.conf were not fully updated and that the spaces were not > > allowed anymore at all ! >Spaces are not allowed in the regexps, correct. So you need to use \s in >your regexp instead of a space character. That is explained in the docs >as shown below. > > It looked like the old and the new system were incompatible with each > > other. > > May I kindly suggest that you insert your example in the > > MailScanner.conf file if possible with an \s anywhere that would make > > clear the correct usage of regex. >Okay, I'll try to improve the docs example a bit. It does already make >it very clear that it mustn't contain spaces, and that you should use \s >instead of the space character. > >So if you think my docs can be agreed, please do suggest an improvement. >So you can insert comments and additions of your own, here is the bulk >of the documentation for this setting: > ># If any of these headers are included in a a message, they will be deleted. ># This is a space-separated list of a mixture of any combination of ># 1. Names of headers, optionally ending with a ':' ># (the ':' will be added if not supplied) ># 2. Regular expressions starting and ending with a '/'. ># These regular expressions are matched against the entire header line, ># not just the name of the header. ># **NOTE** The regular expressions must *not* contain spaces, ># so use '\s' instead of ' '. ># This is very useful for removing return-receipt requests and any headers ># which mean special things to your email client application. ># X-Mozilla-Status is bad as it allows spammers to make a message appear to ># have already been read, which is believed to bypass some naive spam ># filtering systems. ># Receipt requests are bad as they give any attacker confirmation that an ># account is active and being read. You don't want this sort of information ># to leak outside your corporation. So you might want to remove >(long list of header names removed) ># If you are having problems with duplicate message-id headers when you ># release spam from the quarantine and send it to an Exchange server, >then add ># Message-Id. ># Each header should end in a ":", but MailScanner will add it if you >forget. ># Headers should be separated by commas or spaces. > >Please add comments and suggestions for new docs or changes to existing >info above. > > Either way it is an incredible coincidence that my box stopped working > > with the rules file just when the new regex feature was added. >If the regexp is not surrounded by / characters then it will be treated >the same way the header names always used to be handled. So it should be >compatible with the old system. That was certainly my intention anyway. >The great advantage of using a regexp is that it is matched against the >*entire* header line, and not just the name of the header, so you can >use it to remove a header if its value contains a particular word or >something like that. > > > At 07:03 2009-05-23, you wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> My intention was that you would present a list of regexps for header > >> names, so you could do things like > >> Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/ > >> and things like that, not one big regexp that covered everything. > >> > >> On 22/05/2009 20:35, Hilario Fochi Silveira wrote: > >> > Wow, Now I am really confused ! > >> > > >> > The following are the instructions I interpreted as new regex feature > >> > for " > >> > Remove These Headers > >> > " > >> > I see them in two different places: the changelog and the instructions > >> > in the MailScanner.conf file inside the > >> MailScanner-4.77.5-1.rpm.tar.gz > >> > And the new instructions prohibit the use of spaces in the new > >> regex mode. > >> > > >> > a) The changelog file > >> > > >> > Reference: http://www.mailscanner.info/ChangeLog > >> > 1/4/2009 New in Version 4.75.11-1 > >> > > >> > ================================= > >> > ... > >> > 9 Added support for regular expressions in "Remove These > >> > Headers". Note that > >> > > >> > the expression is matched against the whole header line, > >> not > >> > just the name > >> > > >> > of the header. Note that the expressions must not > >> contain any > >> > spaces, so > >> > > >> > use '\s' instead of ' '. The match is done > >> case-insensitive in > >> > all cases. > >> > > >> > ... > >> > > >> > > >> > b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz ). > >> > > >> > Reference: > >> > ... > >> > # If any of these headers are included in a a message, they will > >> > be deleted. > >> > # This is a space-separated list of a mixture of any > >> combination of > >> > # 1. Names of headers, optionally ending with a ':' > >> > # (the ':' will be added if not supplied) > >> > # 2. Regular expressions starting and ending with a '/'. > >> > # These regular expressions are matched against the entire > >> > header line, > >> > # not just the name of the header. > >> > # **NOTE** The regular expressions must *not* contain spaces, > >> > # so use '\s' instead of ' '. > >> > # This is very useful for removing return-receipt requests and any > >> > headers > >> > ... > >> > > >> > I really thought it was a new regex feature to remove headers and/or > >> > additional information. > >> > It works as a line in the Mailscanner.conf file, but I am not able to > >> > have my old per domain file working anymore. > >> > I just do not know how to use it correctly and my server does not > >> > accept the file with spaces any more. > >> > > >> > Thanks again for helping. > >> > > >> > Best Regards, > >> > > >> > *Hilario Fochi Silveira > >> > **Soliton Controles Industriais Ltda. > >> > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > >> > > >> > > >> > > >> > *At 16:00 2009-05-22, Julian Field wrote: > >> > > >> >> -----BEGIN PGP SIGNED MESSAGE----- > >> >> Hash: SHA1 > >> >> > >> >> > >> >> > >> >> On 22/05/2009 18:11, Hilario Fochi Silveira wrote: > >> >> > Interesting ! > >> >> > If it still accepts the old configuration way, I am really > >> curious to > >> >> > learn what happened in my box for it to stop accepting the old > >> >> > configuration file. I will have to work on it this week end ! > >> >> > When/How should I use the new regex feature in the > >> >> > remove.headers.rules file? > >> >> What new regex feature? There never was one! Not in my book > >> anyway. What > >> >> you may have exploited due to poor syntax checking on my part was > >> never > >> >> in any way a supported feature, the feature is as documented in the > >> >> MailScanner.conf file, ie. a space-separated list of header names. > >> >> > > >> >> > Thanks, > >> >> > > >> >> > Hil?rio > >> >> > > >> >> > At 10:43 2009-05-22, you wrote: > >> >> > > >> >> > > >> >> >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote: > >> >> >>> Good Morning > >> >> >>> > >> >> >>> Thus of course I have done some kind of mistake that I still > >> did not > >> >> >>> pinpoint. I will try again to double check where I may have > >> done the > >> >> >>> mistake. > >> >> >>> > >> >> >>> Is there any additional possibilities like user:group or > >> permission > >> >> >>> related issues? > >> >> >>> Is the following example line correct? > >> >> >>> To: *@domain1.com.br > >> >> >>> > >> >> > >> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\ > >> >> >> That's wrong. The list, as I said, should be a space separated > >> list > >> >> >> of header names. So you should just put it like that, such as > >> >> >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> >> >> Disposition-Notification-To: > >> >> >> > >> >> >> No \ or | or anything like that at all. > >> >> >>> > >> >> >>> Till now I am just looking at the log tail for file load fails > >> and > >> >> >>> sending outside emails to myself with return receipts to check > >> if it > >> >> >>> is working. > >> >> >>> Is there a more intelligent way to test or generate more log > >> details? > >> >> >>> > >> >> >>> Thanks for taking your time to help. > >> >> >>> > >> >> >>> Best Regards, > >> >> >>> > >> >> >>> *Hilario Fochi Silveira > >> >> >>> **Soliton Controles Industriais Ltda. > >> >> >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> *At 05:40 2009-05-22, Julian Field wrote: > >> >> >>> > >> >> >>> > >> >> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote: > >> >> >>>>> Hello, > >> >> >>>>> > >> >> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front > >> >> >>>>> End (configserver.com) > >> >> >>>>> MailScanner is running ok for more than one year. > >> >> >>>>> Our server uses the "Remove These Headers = > >> >> >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound > >> >> >>>>> return receipts requests while allowing outbound receipts > >> headers > >> >> >>>>> to stay intact. > >> >> >>>>> > >> >> >>>>> Two weeks ago after upgrading to version MailScanner - > >> v4.76.24 we > >> >> >>>>> begun to notice that some inbound emails were asking for return > >> >> >>>>> receipts. > >> >> >>>>> > >> >> >>>>> We played a lot with the rules file without success and as a > >> >> >>>>> temporary solution, we replaced the per domain rules file > >> with the > >> >> >>>>> following single line instruction: > >> >> >>>>> > >> >> >>>>> Remove These Headers = > >> >> >>>>> > >> >> > >> > /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/ > > >> > >> >> >>>>> > >> >> >>>>> This solution is working, we have no receipts at all both > >> inbound > >> >> >>>>> and outbound, but we wish to regain the fine granularity > >> control > >> >> >>>>> we once had. > >> >> >>>> That should definitely not work, and it was a small bug that was > >> >> >>>> allowing it to work. The spec in the MailScanner.conf file > >> clearly > >> >> >>>> states that: > >> >> >>>> # Each header should end in a ":", but MailScanner will add > >> it if > >> >> >>>> you forget. > >> >> >>>> # Headers should be separated by commas or spaces. > >> >> >>>>> > >> >> >>>>> The original rules file uses spaces to separate the headers. > >> >> >>>> That was correct. > >> >> >>>>> The typical per domain lines we had in the remove.headers.rules > >> >> >>>>> file were: > >> >> >>>>> > >> >> >>>>> # For each domain: > >> >> >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2: > >> >> >>>>> X-Spam-Processed: > >> >> >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To: > >> >> >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To: > >> >> >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To: > >> >> >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To: > >> >> >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords: > >> >> >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: > >> >> >>>>> X-Status: X-UID: X-UIDL: > >> >> >>>>> > >> >> >>>>> Those instructions used worked ok with previous MailScanner > >> >> versions. > >> >> >>>> And I have just tried a system with a rules file very much like > >> >> >>>> yours and it works just fine. > >> >> >>>> > >> >> >>>> Sorry, but I cannot reproduce the problem. > >> >> >>>> > >> >> >>>> Jules > >> >> >>>> > >> >> >>>> -- > >> >> >>>> Julian Field MEng CITP CEng > >> >> >>>> www.MailScanner.info < > >> >> http://www.mailscanner.info/> < > >> >> >>>> http://www.mailscanner.info/> > >> >> >>>> Buy the MailScanner book at www.MailScanner.info/store > >> >> > >> >> >>>> < http://www.mailscanner.info/store> < > >> >> >>>> http://www.mailscanner.info/store> > >> >> >>>> > >> >> >>>> Need help customising MailScanner? > >> >> >>>> Contact me! > >> >> >>>> Need help fixing or optimising your systems? > >> >> >>>> Contact me! > >> >> >>>> Need help getting you started solving new requirements from your > >> >> boss? > >> >> >>>> Contact me! > >> >> >>>> > >> >> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> >> >>>> > >> >> >>>> > >> >> >>>> -- > >> >> >>>> This message has been scanned for viruses and > >> >> >>>> dangerous content by MailScanner, and is > >> >> >>>> believed to be clean. > >> >> >>>> > >> >> >>>> -- > >> >> >>>> MailScanner mailing list > >> >> >>>> mailscanner@lists.mailscanner.info > >> >> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> >>>> > >> >> >>>> Before posting, read http://wiki.mailscanner.info/posting > >> >> >>>> > >> >> >>>> Support MailScanner development - buy the book off the website! > >> >> >> > >> >> >> Jules > >> >> >> > >> >> >> -- > >> >> >> Julian Field MEng CITP CEng > >> >> >> www.MailScanner.info < > >> >> http://www.mailscanner.info/> > >> >> >> Buy the MailScanner book at www.MailScanner.info/store > >> >> > >> >> >> < http://www.mailscanner.info/store> > >> >> >> > >> >> >> Need help customising MailScanner? > >> >> >> Contact me! > >> >> >> Need help fixing or optimising your systems? > >> >> >> Contact me! > >> >> >> Need help getting you started solving new requirements from > >> your boss? > >> >> >> Contact me! > >> >> >> > >> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> This message has been scanned for viruses and > >> >> >> dangerous content by MailScanner, and is > >> >> >> believed to be clean. > >> >> >> > >> >> >> -- > >> >> >> MailScanner mailing list > >> >> >> mailscanner@lists.mailscanner.info > >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> >> > >> >> >> Before posting, read http://wiki.mailscanner.info/posting > >> >> >> > >> >> >> Support MailScanner development - buy the book off the website! > >> >> > > >> >> > Atenciosamente, > >> >> > > >> >> > *Hil?rio Fochi Silveira > >> >> > **Soliton Controles Industriais Ltda. > >> >> > 02017-002 Rua Alfredo Pujol, 1010 - S?o Paulo - SP - Brasil > >> >> > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail: > >> >> > hilario@soliton.com.br > >> >> > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives), > >> Eurotherm > >> >> > Controls, Action Instruments, Montalvo, Koyo, Sharp > >> >> > www.soliton.com.br < > >> >> http://www.soliton.com.br/> www.eurotherm.com.br > >> >> > >> >> > < http://www.eurotherm.com.br/> www.actionio.com.br > >> >> > >> >> > < http://www.actionio.com.br/> www.montalvo.com.br > >> >> > >> >> > < http://www.montalvo.com.br/> > >> >> > > >> >> > >> >> Jules > >> >> > >> >> - -- > >> >> Julian Field MEng CITP CEng > >> >> www.MailScanner.info > >> >> Buy the MailScanner book at www.MailScanner.info/store > >> >> > >> >> Follow me at twitter.com/JulesFM > >> >> > >> >> MailScanner customisation, or any advanced system administration > >> help? > >> >> Contact me at Jules@Jules.FM > >> >> > >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >> PGP public key: http://www.jules.fm/julesfm.asc > >> >> > >> >> > >> >> -----BEGIN PGP SIGNATURE----- > >> >> Version: PGP Desktop 9.10.0 (Build 500) > >> >> Comment: Use PGP or Thunderbird Enigmail to verify this message > >> >> Charset: ISO-8859-1 > >> >> > >> >> wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G > >> >> +QTTpHrgwHz371bPuVpt6bE= > >> >> =Qvgv > >> >> -----END PGP SIGNATURE----- > >> >> > >> >> -- > >> >> This message has been scanned for viruses and > >> >> dangerous content by MailScanner, and is > >> >> believed to be clean. > >> >> > >> >> -- > >> >> MailScanner mailing list > >> >> mailscanner@lists.mailscanner.info > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> >> > >> >> Before posting, read http://wiki.mailscanner.info/posting > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> > >> Jules > >> > >> - -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> Follow me at twitter.com/JulesFM > >> > >> MailScanner customisation, or any advanced system administration help? > >> Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> PGP public key: http://www.jules.fm/julesfm.asc > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.10.0 (Build 500) > >> Comment: Use PGP or Thunderbird Enigmail to verify this message > >> Charset: ISO-8859-1 > >> > >> wj8DBQFKF8nsEfZZRxQVtlQRApzAAJ9FkThuK2sojwjemn4byMCtH0tF4QCgj9P8 > >> i/yXi7l76D6QCNylWxApkQs= > >> =xPP8 > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > >Jules > >- -- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store >Follow me at twitter.com/JulesFM > >MailScanner customisation, or any advanced system administration help? >Contact me at Jules@Jules.FM > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >PGP public key: http://www.jules.fm/julesfm.asc > > >-----BEGIN PGP SIGNATURE----- >Version: PGP Desktop 9.10.0 (Build 500) >Comment: Use PGP or Thunderbird Enigmail to verify this message >Charset: ISO-8859-1 > >wj8DBQFKGCvgEfZZRxQVtlQRAp1GAJkBcbObXYgGW6zHo97sZOflX7JBBwCgyKsR >v+Eaju7OiKjyDpNfqYe3kJ0= >=976l >-----END PGP SIGNATURE----- > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/cf4da332/attachment.html From mr.jarry at gmail.com Wed May 27 17:22:42 2009 From: mr.jarry at gmail.com (Jarry) Date: Wed May 27 17:22:38 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> Message-ID: <4A1D68D2.2060001@gmail.com> Glenn Steen wrote: > 2009/5/24 Jarry : >> For whatever reason I can not stop/start MailScanner cleanly: >> >> # /etc/init.d/MailScanner stop >> * Stopping MailScanner... >> * MailScanner: caught SIGTERM, aborting >> >> # /etc/init.d/MailScanner start >> * WARNING: MailScanner has already been started >> >> Actually, MailScanner stops, but sendmail which has been >> started by MailScanner init script is still there running: >> >> # ps -e | grep sendmail >> 18676 ? 00:00:00 sendmail >> 18679 ? 00:00:00 sendmail >> >> Even when I killall sendmail, I still get the above mentioned >> warning, and can not start MailScanner. And that is a problem, >> because MailScanner is restarted (in my case, just want to be >> restarted, but is not) every hour to prevent eating all resources >> (which it keeps eating anyway, read next). I checked /var/run and >> /var/lock, there is no trace of MailScanner or sendmail running, >> yet I can not re-start Mailscanner. How can I fix this problem? > > What version of MailScanner, what version of what OS? It's rather like > impossible to help you without those tidbits;-) Sorry I did not mention it. I just thought it was not important. MailScanner 4.70.7.1, OS Gentoo (stable branch, everything updated) The /etc/init.d/MailScanner script looks this way: ---------------------------------- #!/sbin/runscript opts="${opts} reload" depend() { need net mta use logger dns } start() { ebegin "Starting MailScanner" /usr/sbin/check_MailScanner >/dev/null RETVAL=$? [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner.off eend ${RETVAL} } stop() { ebegin "Stopping MailScanner" killall -15 MailScanner RETVAL=$? [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner.off eend ${RETVAL} } # I removed "restart () {}" and "reload () {}" sections ---------------------------------- I'm not good at shell-programming, but this is what someone on our mailing-list said about it (and others seemed to agree): "...That's the ugliest init.d script ever. It looks like it fell out of the ugly tree, hit every branch on the way down and now not even its mother could love it..." >> And the 2nd problem, MailScanner is eating too much memory: >> >> # ps aux | grep MailScanner >> root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: master >> waiting for children, sleeping >> root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: waiting >> for messages >> root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: waiting >> for messages >> root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: waiting >> for messages >> root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: waiting >> for messages >> root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: waiting >> for messages >> >> ~330 MB RESS, ~1GB VIRTS, is *this* normal? Unbelievable. I see it for >> the first time, that my server does not have enough physical memory >> and is forced to use swap. I'm affraid, I can not spend so much memory >> just for MailScanner... >> > Are you perhaps using the clamavmodule? No, I'm using F-Prot, and no SpamAssassin. My server has 2GB memory, and out of it, running a few vservers. The one serving mail (strip-down gentoo, with sendmail, f-prot and mailscanner) eats ~350MB physical memory right after boot, out of that more than 300MB is mailscanner. I could not believe it, when I saw it for the first time. 300 megs!!! Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. From MailScanner at ecs.soton.ac.uk Wed May 27 18:36:16 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 18:36:29 2009 Subject: Whitelisting rule query In-Reply-To: <200905271534.n4RFYlMM018401@safir.blacknight.ie> References: <200905270947.n4R9llxO025428@safir.blacknight.ie><4A1D15E3.2030104@ecs.soton.ac.uk> <200905271534.n4RFYlMM018401@safir.blacknight.ie> <4A1D7A10.9060300@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27/05/2009 16:35, Stef Morrell wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> >> On 27/05/2009 10:48, Stef Morrell wrote: >> >>> So, what I hope to be able to do is add a spam whitelisting >>> >> rule along >> >>> the lines of >>> >>> From: *@mydomain and From: >>> >>> Does this makes sense and is it achieveable? >>> >>> >> Yes, and you have even got the syntax right. Just add a "yes" >> on the end of the line and put it in >> /etc/MailScanner/rules/spam.whitelist.rules. >> > Ah fantastic thanks. For some reason I was under the mistaken impression > one could only do a > > From:Foo and To:Bar Yes > > Rather than multiple 'from' conditions. > > Is there a maximum number of conditions (not that I can think of an > application for more than maybe 3-4)? > Yes. 2. > Could you say > > From:Foo or From:Bar > > Or is it more appropriate to write two rules? > No, write 2 rules. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHXoREfZZRxQVtlQRAnyEAJ4iMWdjECe5XGj3Tljij7our22hVQCeObqr VvRJ54lv/60EXK7x8BlhrP0= =V6mD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed May 27 18:41:00 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed May 27 18:41:19 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <4A1D68D2.2060001@gmail.com> References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> <4A1D7B2C.8030807@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27/05/2009 17:22, Jarry wrote: > Glenn Steen wrote: >> 2009/5/24 Jarry : >>> For whatever reason I can not stop/start MailScanner cleanly: >>> >>> # /etc/init.d/MailScanner stop >>> * Stopping MailScanner... >>> * MailScanner: caught SIGTERM, aborting >>> >>> # /etc/init.d/MailScanner start >>> * WARNING: MailScanner has already been started >>> >>> Actually, MailScanner stops, but sendmail which has been >>> started by MailScanner init script is still there running: >>> >>> # ps -e | grep sendmail >>> 18676 ? 00:00:00 sendmail >>> 18679 ? 00:00:00 sendmail >>> >>> Even when I killall sendmail, I still get the above mentioned >>> warning, and can not start MailScanner. And that is a problem, >>> because MailScanner is restarted (in my case, just want to be >>> restarted, but is not) every hour to prevent eating all resources >>> (which it keeps eating anyway, read next). I checked /var/run and >>> /var/lock, there is no trace of MailScanner or sendmail running, >>> yet I can not re-start Mailscanner. How can I fix this problem? >> >> What version of MailScanner, what version of what OS? It's rather like >> impossible to help you without those tidbits;-) > > Sorry I did not mention it. I just thought it was not important. > MailScanner 4.70.7.1, OS Gentoo (stable branch, everything updated) > > The /etc/init.d/MailScanner script looks this way: > ---------------------------------- > #!/sbin/runscript > opts="${opts} reload" > depend() { > need net mta > use logger dns } > > start() { > ebegin "Starting MailScanner" > /usr/sbin/check_MailScanner >/dev/null > RETVAL=$? > [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner > [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner.off > eend ${RETVAL} > } > > stop() { > ebegin "Stopping MailScanner" > killall -15 MailScanner > RETVAL=$? > [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner > [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner.off > eend ${RETVAL} > } > # I removed "restart () {}" and "reload () {}" sections > ---------------------------------- > > I'm not good at shell-programming, but this is what someone > on our mailing-list said about it (and others seemed to agree): > > "...That's the ugliest init.d script ever. It looks like it fell > out of the ugly tree, hit every branch on the way down and > now not even its mother could love it..." Well I didn't write the code above, so they're quite free to say whatever they like about it. Nothing to do with me. > >>> And the 2nd problem, MailScanner is eating too much memory: >>> >>> # ps aux | grep MailScanner >>> root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: >>> master >>> waiting for children, sleeping >>> root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: >>> waiting >>> for messages >>> root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> >>> ~330 MB RESS, ~1GB VIRTS, is *this* normal? VIRTS is irrelevant. I can make a process print whatever it likes in that column. >>> Unbelievable. I see it for >>> the first time, that my server does not have enough physical memory >>> and is forced to use swap. I'm affraid, I can not spend so much memory >>> just for MailScanner... >>> >> Are you perhaps using the clamavmodule? > > No, I'm using F-Prot, and no SpamAssassin. My server has 2GB memory, > and out of it, running a few vservers. The one serving mail (strip-down > gentoo, with sendmail, f-prot and mailscanner) eats ~350MB physical > memory right after boot, out of that more than 300MB is mailscanner. > I could not believe it, when I saw it for the first time. 300 megs!!! And memory costs about 20 or 30 quid per gigabyte, roughly speaking. What's your question again? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKHXstEfZZRxQVtlQRAuFnAKCOv0TuVZq02/UGP8M1ddgQaIH16ACeMtXn 6LGKtoN+bz2uzuIdxG7ft20= =lqhZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed May 27 20:55:18 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 27 20:55:35 2009 Subject: (2nd Request) Disable scanning for a client that connects via SMTP-AUTH In-Reply-To: <4A170F760200002D0000676D@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> Message-ID: on 5-22-2009 5:47 PM Gary Faith spake the following: > I am trying to get around the problem of whitelisting my entire domain > which is what I did earlier by allowing any message FROM my domain name > without scanning. As I said earlier, this caused problems because > people were using my server to send spam using my domain. I only want > it to not scan e-mail when it is from the server that authenticates. > > The server that I am talking about is a mail server, which used to have > a static IP, I use for another unrelated business and my personal > e-mail. Due to circumstances, I had to move the server to dynamic DSL > (YUCK!) and now I need to relay the mail through the mail scanner > because outbound mail would be blocked by RBL's and I have no option to > add another mail scanner server at this time. There are other > people that I need to have admin access to mailwatch & mailscanner > giving them the ability to add users, change configuration, read & > release messages, etc. I do not want others to be able to read my other > business & personal e-mails, etc. So you see that is why I don't want > all mail scanned. > > I need a solutions and I thought someone on this list would have a > brilliant idea on how to do this. It can't be that hard, can it? > >>>> Eli Wapniarski 5/21/2009 12:54 AM >>> > Gary... With all due respect. Assuming that the mail coming from your > servers is not affected by something bad is a mistake. Not to mention, > spam that uses your domain as email addresses in the to / from to get > around just the kind of scenario is also makes your strategy a mistake. > > What harm besides having your server do some work would be caused by > having all the mail scanned? > > On Thursday 21 May 2009 04:50:33 Gary Faith wrote: >> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a > situation where I am relaying e-mail for a trusted mail server with a > dynamic IP who connects to my mail scanner via SMTP Auth. I don't have > a need for scanning the outbound e-mail from this server but I do need > to have the inbound mail scanned. So I figured I would add the domain > to scan.messages.rules. >> >> From: domain.com no >> >> This had the effect of stopping scanning of the mail which was > desired but now spam is coming in with the From addresss the same as > the To address like: xyz@domain.com to xyz@domain.com. These messages > are not being scanned and getting passed through due to the rule above. > Obviously, I didn't think this through correctly and I need a better > solution. >> >> What is required: >> 1. Outbound mail from the server with a dynamic IP which > authenticates to the mail scanner via SMTP Auth = Not Scanned. I > wouldn't care if it just goes from sendmail-in to sendmail-out and not > even go through mailscanner but I don't know if that is possible. >> 2. All other mail scanned (like normal). >> >> I know I can't base a rule on the IP address since it is dynamic but I > am unsure of any other way to accomplish this. Any thoughts on how I > can accomplish this? >> >> Thanks, >> >> Gary Faith >> Can you set your system to send to your scanner on another port? You could set another daemon to listen on that port and then dump the mail on without scanning it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/193e576b/signature-0001.bin From ssilva at sgvwater.com Wed May 27 20:59:32 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 27 21:00:14 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905210310h55825b93ga2a3002bb150d171@mail.gmail.com> <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: on 5-27-2009 5:07 AM shyam hirurkar spake the following: > Hi All, > > > Even I observe the mailq was 50 and RAM was being utilized? 60% and swap > not at all used. Still I am getting the same error in maillog.... any > other reason...as spams are passing... > > > Thanks and Regards, > Shyam > Did you read the links to optimize spamassassin? Did you set up a caching nameserver on the box? run temp files from ramdisk? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/7e4b4cd6/signature.bin From gafaith at asdm.net Wed May 27 21:13:16 2009 From: gafaith at asdm.net (Gary Faith) Date: Wed May 27 21:13:40 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> Message-ID: <4A1D669C0200002D000067D9@sparky.asdm.net> I can check to see if I can send to another port. How do I configure another sendmail daemon to listen on a different port? Will this daemon receive and send or would I specify the "out queue" of the Mailscanner sendmail process as it's queue? Not real sure about this. Gary >>> Scott Silva 5/27/2009 3:55 PM >>> on 5-22-2009 5:47 PM Gary Faith spake the following: > I am trying to get around the problem of whitelisting my entire domain > which is what I did earlier by allowing any message FROM my domain name > without scanning. As I said earlier, this caused problems because > people were using my server to send spam using my domain. I only want > it to not scan e-mail when it is from the server that authenticates. > > The server that I am talking about is a mail server, which used to have > a static IP, I use for another unrelated business and my personal > e-mail. Due to circumstances, I had to move the server to dynamic DSL > (YUCK!) and now I need to relay the mail through the mail scanner > because outbound mail would be blocked by RBL's and I have no option to > add another mail scanner server at this time. There are other > people that I need to have admin access to mailwatch & mailscanner > giving them the ability to add users, change configuration, read & > release messages, etc. I do not want others to be able to read my other > business & personal e-mails, etc. So you see that is why I don't want > all mail scanned. > > I need a solutions and I thought someone on this list would have a > brilliant idea on how to do this. It can't be that hard, can it? > >>>> Eli Wapniarski 5/21/2009 12:54 AM >>> > Gary... With all due respect. Assuming that the mail coming from your > servers is not affected by something bad is a mistake. Not to mention, > spam that uses your domain as email addresses in the to / from to get > around just the kind of scenario is also makes your strategy a mistake. > > What harm besides having your server do some work would be caused by > having all the mail scanned? > > On Thursday 21 May 2009 04:50:33 Gary Faith wrote: >> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a > situation where I am relaying e-mail for a trusted mail server with a > dynamic IP who connects to my mail scanner via SMTP Auth. I don't have > a need for scanning the outbound e-mail from this server but I do need > to have the inbound mail scanned. So I figured I would add the domain > to scan.messages.rules. >> >> From: domain.com no >> >> This had the effect of stopping scanning of the mail which was > desired but now spam is coming in with the From addresss the same as > the To address like: xyz@domain.com to xyz@domain.com. These messages > are not being scanned and getting passed through due to the rule above. > Obviously, I didn't think this through correctly and I need a better > solution. >> >> What is required: >> 1. Outbound mail from the server with a dynamic IP which > authenticates to the mail scanner via SMTP Auth = Not Scanned. I > wouldn't care if it just goes from sendmail-in to sendmail-out and not > even go through mailscanner but I don't know if that is possible. >> 2. All other mail scanned (like normal). >> >> I know I can't base a rule on the IP address since it is dynamic but I > am unsure of any other way to accomplish this. Any thoughts on how I > can accomplish this? >> >> Thanks, >> >> Gary Faith >> Can you set your system to send to your scanner on another port? You could set another daemon to listen on that port and then dump the mail on without scanning it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/b398e002/attachment.html From mr.jarry at gmail.com Wed May 27 21:32:24 2009 From: mr.jarry at gmail.com (Jarry) Date: Wed May 27 21:32:21 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> <4A1D7B2C.8030807@ecs.soton.ac.uk> Message-ID: <4A1DA358.8090000@gmail.com> Julian Field wrote: >> No, I'm using F-Prot, and no SpamAssassin. My server has 2GB memory, >> and out of it, running a few vservers. The one serving mail (strip-down >> gentoo, with sendmail, f-prot and mailscanner) eats ~350MB physical >> memory right after boot, out of that more than 300MB is mailscanner. >> I could not believe it, when I saw it for the first time. 300 megs!!! > And memory costs about 20 or 30 quid per gigabyte, roughly speaking. Memory-slots in motherboard are a little more expensive. Especially if they are all already occupied... > What's your question again? >>>> And the 2nd problem, MailScanner is eating too much memory: >>>> >>>> # ps aux | grep MailScanner >>>> root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: >>>> master >>>> waiting for children, sleeping >>>> root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: >>>> waiting >>>> for messages >>>> root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>>> waiting >>>> for messages >>>> root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>>> waiting >>>> for messages >>>> root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>>> waiting >>>> for messages >>>> root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>>> waiting >>>> for messages >>>> >>>> ~330 MB RESS, ~1GB VIRTS, is *this* normal? That above mentioned *this* does not apply to virtual size only, but resident size too. But if my question is not clear, let me rephrase it: In my case, MailScanner takes right after the start about 300MB of physical memory (default installation, f-prot, no antispam). Is it normal for MailScanner to take so much memory? That is all I want to know. At the first moment, I thought about memory leak or configuration being screwed up. That value simply scared me, because all services on all virtual servers on that physical server together do not take so much memory... Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. From ssilva at sgvwater.com Wed May 27 22:32:31 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 27 22:32:56 2009 Subject: advice on upgrade In-Reply-To: References: Message-ID: on 5-24-2009 5:32 AM Benedict simon spake the following: > Dear All, > > I Have the following setup running fine for about a year or so on a > single server. > > Centos 5 (final) Is this really only at CentOS 5, or is it patched to 5.3? > DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server > sendmail-8.13.8-2.el5 as my mail server > MailScanner ver 4.66.5 > jules easy package Clam-0.92-SA-3.2.4 > pyzor-0.4.0 > razor-agents-2.84 > mailwatch-1.0.4 > httpd-2.2.3-11.el5_1 > > all the above is working fine . > > now i would like to upgrade to the latest MS stable version and also the > stable clamav 0.94 and SA 3.2.5 package > > since this is live server i would highly appreciate if could get some advice > and steps about upgrading the MS version to the latest stable version and > also the other required packages > basically i would > > 1) stop sendmail and mailscanner > 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin 3.2.5 > easy installation package) > 3) download and install mailscanner(4.76.25-1) I would download them first so your system isn't down as long. I think I would also use clamav from rpmforge so it is easier to run clamd instead of clamscan or the clam perl module. > 4) run command upgrade_MailScanner_conf > 5) run command upgrade_language_conf You really want to see if there is a new languages.conf file before running this, as it will leave you a blank one if you aren't careful. > > just want to know if latest clam av + SA will run on my current OS or do i > have to upgrade any OS related files If you have run yum update on that system it should be at 5.3. If you haven't updated it, you run many risks of kernel vulnerabilities and other access paths for the internet vermin to move in. > > MS was installed from tar.gz package Installed from tar.gz, or from rpm.tar.gz=? There is a big difference. > > > Thanks and really would appreciate your advice > > regards > > > simon > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/af30a382/signature.bin From ssilva at sgvwater.com Wed May 27 22:39:36 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 27 22:39:59 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <4A1DA358.8090000@gmail.com> References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> <4A1D7B2C.8030807@ecs.soton.ac.uk> <4A1DA358.8090000@gmail.com> Message-ID: on 5-27-2009 1:32 PM Jarry spake the following: > Julian Field wrote: > >>> No, I'm using F-Prot, and no SpamAssassin. My server has 2GB memory, >>> and out of it, running a few vservers. The one serving mail (strip-down >>> gentoo, with sendmail, f-prot and mailscanner) eats ~350MB physical >>> memory right after boot, out of that more than 300MB is mailscanner. >>> I could not believe it, when I saw it for the first time. 300 megs!!! > >> And memory costs about 20 or 30 quid per gigabyte, roughly speaking. > > Memory-slots in motherboard are a little more expensive. Especially > if they are all already occupied... > >> What's your question again? > >>>>> And the 2nd problem, MailScanner is eating too much memory: >>>>> >>>>> # ps aux | grep MailScanner >>>>> root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: >>>>> master >>>>> waiting for children, sleeping >>>>> root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: >>>>> waiting >>>>> for messages >>>>> root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>>>> waiting >>>>> for messages >>>>> root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>>>> waiting >>>>> for messages >>>>> root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>>>> waiting >>>>> for messages >>>>> root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>>>> waiting >>>>> for messages >>>>> >>>>> ~330 MB RESS, ~1GB VIRTS, is *this* normal? > > That above mentioned *this* does not apply to virtual size only, > but resident size too. But if my question is not clear, let me > rephrase it: > > In my case, MailScanner takes right after the start about 300MB > of physical memory (default installation, f-prot, no antispam). > Is it normal for MailScanner to take so much memory? > > That is all I want to know. At the first moment, I thought about > memory leak or configuration being screwed up. That value simply > scared me, because all services on all virtual servers on that > physical server together do not take so much memory... > > Jarry > Virtual services although technically separate can still share loaded modules in some places. That is why the ram usage looks so low for them. MailScanner is not a virtual system, it is a hungry, snarling beast waiting to devour your spam and spit out the pieces. ;-P -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/21d041df/signature.bin From ssilva at sgvwater.com Wed May 27 22:36:42 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed May 27 22:40:16 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <4A1D68D2.2060001@gmail.com> References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> Message-ID: on 5-27-2009 9:22 AM Jarry spake the following: > Glenn Steen wrote: >> 2009/5/24 Jarry : >>> For whatever reason I can not stop/start MailScanner cleanly: >>> >>> # /etc/init.d/MailScanner stop >>> * Stopping MailScanner... >>> * MailScanner: caught SIGTERM, aborting >>> >>> # /etc/init.d/MailScanner start >>> * WARNING: MailScanner has already been started >>> >>> Actually, MailScanner stops, but sendmail which has been >>> started by MailScanner init script is still there running: >>> >>> # ps -e | grep sendmail >>> 18676 ? 00:00:00 sendmail >>> 18679 ? 00:00:00 sendmail >>> >>> Even when I killall sendmail, I still get the above mentioned >>> warning, and can not start MailScanner. And that is a problem, >>> because MailScanner is restarted (in my case, just want to be >>> restarted, but is not) every hour to prevent eating all resources >>> (which it keeps eating anyway, read next). I checked /var/run and >>> /var/lock, there is no trace of MailScanner or sendmail running, >>> yet I can not re-start Mailscanner. How can I fix this problem? >> >> What version of MailScanner, what version of what OS? It's rather like >> impossible to help you without those tidbits;-) > > Sorry I did not mention it. I just thought it was not important. > MailScanner 4.70.7.1, OS Gentoo (stable branch, everything updated) > > The /etc/init.d/MailScanner script looks this way: > ---------------------------------- > #!/sbin/runscript > opts="${opts} reload" > depend() { > need net mta > use logger dns } > > start() { > ebegin "Starting MailScanner" > /usr/sbin/check_MailScanner >/dev/null > RETVAL=$? > [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner > [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner.off > eend ${RETVAL} > } > > stop() { > ebegin "Stopping MailScanner" > killall -15 MailScanner > RETVAL=$? > [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner > [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner.off > eend ${RETVAL} > } > # I removed "restart () {}" and "reload () {}" sections > ---------------------------------- > > I'm not good at shell-programming, but this is what someone > on our mailing-list said about it (and others seemed to agree): > > "...That's the ugliest init.d script ever. It looks like it fell > out of the ugly tree, hit every branch on the way down and > now not even its mother could love it..." > >>> And the 2nd problem, MailScanner is eating too much memory: >>> >>> # ps aux | grep MailScanner >>> root 8047 0.0 0.7 93148 31084 ? Ss 13:53 0:00 MailScanner: >>> master >>> waiting for children, sleeping >>> root 8048 0.0 1.5 140136 64692 ? S 13:53 0:00 MailScanner: >>> waiting >>> for messages >>> root 8140 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8173 0.0 1.5 140136 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8176 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> root 8177 0.0 1.5 140140 64696 ? S 13:54 0:00 MailScanner: >>> waiting >>> for messages >>> >>> ~330 MB RESS, ~1GB VIRTS, is *this* normal? Unbelievable. I see it for >>> the first time, that my server does not have enough physical memory >>> and is forced to use swap. I'm affraid, I can not spend so much memory >>> just for MailScanner... >>> >> Are you perhaps using the clamavmodule? > > No, I'm using F-Prot, and no SpamAssassin. My server has 2GB memory, > and out of it, running a few vservers. The one serving mail (strip-down > gentoo, with sendmail, f-prot and mailscanner) eats ~350MB physical > memory right after boot, out of that more than 300MB is mailscanner. > I could not believe it, when I saw it for the first time. 300 megs!!! > > Jarry > It is recommended to run 1 GB per processor with MailScanner. It is not a lightweight application, it is a serious tool and requires ram to operate. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/4c24d4bc/signature.bin From alex at rtpty.com Thu May 28 02:24:45 2009 From: alex at rtpty.com (Alex Neuman) Date: Thu May 28 02:24:55 2009 Subject: (2nd Request) Disable scanning for a client that connects viaSMTP-AUTH In-Reply-To: <4A1D669C0200002D000067D9@sparky.asdm.net> References: <4A147B290200002D00006737@sparky.asdm.net> <200905210754.04555.eli@orbsky.homelinux.org> <4A170F760200002D0000676D@sparky.asdm.net> <4A1D669C0200002D000067D9@sparky.asdm.net> Message-ID: <24e3d2e40905271824t4840909m565e0ab6f3e28f2f@mail.gmail.com> You can configure an instance of sendmail running on port 587 that will only accept authenticated traffic, and use its own queue folder (/var/spool/mqueue.auth for example). That should keep things nice, neat and separate. On Wed, May 27, 2009 at 3:13 PM, Gary Faith wrote: > I can check to see if I can send to another port. > > How do I configure another sendmail daemon to listen on a different port? > Will this daemon receive and send or would I specify the "out queue" of the > Mailscanner sendmail process as it's queue? Not real sure about this. > > Gary > > >>> Scott Silva 5/27/2009 3:55 PM >>> > > on 5-22-2009 5:47 PM Gary Faith spake the following: > > I am trying to get around the problem of whitelisting my entire domain > > which is what I did earlier by allowing any message FROM my domain name > > without scanning. As I said earlier, this caused problems because > > people were using my server to send spam using my domain. I only want > > it to not scan e-mail when it is from the server that authenticates. > > > > The server that I am talking about is a mail server, which used to have > > a static IP, I use for another unrelated business and my personal > > e-mail. Due to circumstances, I had to move the server to dynamic DSL > > (YUCK!) and now I need to relay the mail through the mail scanner > > because outbound mail would be blocked by RBL's and I have no option to > > add another mail scanner server at this time. There are other > > people that I need to have admin access to mailwatch & mailscanner > > giving them the ability to add users, change configuration, read & > > release messages, etc. I do not want others to be able to read my other > > business & personal e-mails, etc. So you see that is why I don't want > > all mail scanned. > > > > I need a solutions and I thought someone on this list would have a > > brilliant idea on how to do this. It can't be that hard, can it? > > > >>>> Eli Wapniarski 5/21/2009 12:54 AM >>> > > Gary... With all due respect. Assuming that the mail coming from your > > servers is not affected by something bad is a mistake. Not to mention, > > spam that uses your domain as email addresses in the to / from to get > > around just the kind of scenario is also makes your strategy a mistake. > > > > What harm besides having your server do some work would be caused by > > having all the mail scanned? > > > > On Thursday 21 May 2009 04:50:33 Gary Faith wrote: > >> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13. I have a > > situation where I am relaying e-mail for a trusted mail server with a > > dynamic IP who connects to my mail scanner via SMTP Auth. I don't have > > a need for scanning the outbound e-mail from this server but I do need > > to have the inbound mail scanned. So I figured I would add the domain > > to scan.messages.rules. > >> > >> From: domain.com no > >> > >> This had the effect of stopping scanning of the mail which was > > desired but now spam is coming in with the From addresss the same as > > the To address like: xyz@domain.com to xyz@domain.com. These messages > > are not being scanned and getting passed through due to the rule above. > > Obviously, I didn't think this through correctly and I need a better > > solution. > >> > >> What is required: > >> 1. Outbound mail from the server with a dynamic IP which > > authenticates to the mail scanner via SMTP Auth = Not Scanned. I > > wouldn't care if it just goes from sendmail-in to sendmail-out and not > > even go through mailscanner but I don't know if that is possible. > >> 2. All other mail scanned (like normal). > >> > >> I know I can't base a rule on the IP address since it is dynamic but I > > am unsure of any other way to accomplish this. Any thoughts on how I > > can accomplish this? > >> > >> Thanks, > >> > >> Gary Faith > >> > Can you set your system to send to your scanner on another port? You could > set > another daemon to listen on that port and then dump the mail on without > scanning it. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/caeb091d/attachment.html From shyamph at gmail.com Thu May 28 05:54:05 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 28 05:54:15 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: Hi , Thanks a lot for the valuable inputs and i will work on this and let you know. Thanks, Shyam On Thu, May 28, 2009 at 1:29 AM, Scott Silva wrote: > on 5-27-2009 5:07 AM shyam hirurkar spake the following: > > Hi All, > > > > > > Even I observe the mailq was 50 and RAM was being utilized? 60% and swap > > not at all used. Still I am getting the same error in maillog.... any > > other reason...as spams are passing... > > > > > > Thanks and Regards, > > Shyam > > > > Did you read the links to optimize spamassassin? > Did you set up a caching nameserver on the box? > run temp files from ramdisk? > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/e3485d44/attachment.html From shyamph at gmail.com Thu May 28 06:05:37 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 28 06:05:48 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: Hi All, Strange things May 28 10:24:24 mx1 MailScanner[14166]: SpamAssassin timed out and was killed, failure 1 of 10 May 28 10:24:25 mx1 MailScanner[14166]: Message 8230A25A8011.85641 from xxx.xxx.xxx.xxx (srs0=6iu+f4=by=domain.com=username@remote-domain.com) to domain.com is not spam, SpamAssassin (not cached, timed out) May 28 10:33:15 mx1 MailScanner[14227]: SpamAssassin timed out and was killed, failure 1 of 10 May 28 10:33:16 mx1 MailScanner[14227]: Message 36E3325A800A.3D3A4 from xxx.xxx.xxx.xxx (prvs=392a3764d=user@remote-domain.com) to domain.com is not spam, SpamAssassin (not cached, timed out) When ever i get these kind of mails spamassassin is timing out. I am not able to figureout why ? Any idea on this Thanks, Shyam On Thu, May 28, 2009 at 10:24 AM, shyam hirurkar wrote: > Hi , > > > Thanks a lot for the valuable inputs and i will work on this and let you > know. > > Thanks, > Shyam > > On Thu, May 28, 2009 at 1:29 AM, Scott Silva wrote: > >> on 5-27-2009 5:07 AM shyam hirurkar spake the following: >> > Hi All, >> > >> > >> > Even I observe the mailq was 50 and RAM was being utilized? 60% and swap >> > not at all used. Still I am getting the same error in maillog.... any >> > other reason...as spams are passing... >> > >> > >> > Thanks and Regards, >> > Shyam >> > >> >> Did you read the links to optimize spamassassin? >> Did you set up a caching nameserver on the box? >> run temp files from ramdisk? >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/2528da79/attachment.html From john at tradoc.fr Thu May 28 08:03:37 2009 From: john at tradoc.fr (John Wilcock) Date: Thu May 28 08:03:51 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: <4A1D68D2.2060001@gmail.com> References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> Message-ID: <4A1E3749.90804@tradoc.fr> Le 27/05/2009 18:22, Jarry a ?crit : > Sorry I did not mention it. I just thought it was not important. > MailScanner 4.70.7.1, OS Gentoo (stable branch, everything updated) Nice to see another gentoo user on here. FWIW, I've been updating the ebuild locally to track Julian's additions (currently at 4.76.24.3), with the intention of feeding it back to the community at some point. If you want to test my ebuild, let me know. >>> And the 2nd problem, MailScanner is eating too much memory: >>> ~330 MB RESS, ~1GB VIRTS, is *this* normal? Unbelievable. I see it for >>> the first time, that my server does not have enough physical memory >>> and is forced to use swap. I'm affraid, I can not spend so much memory >>> just for MailScanner... You don't say how much mail you're putting through the system, but do you really need 5 MailScanner child processes? I seem to remember that that is the default value; you could try setting Max Children to a lower value which will bring the memory usage down to a more reasonable level. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maxsec at gmail.com Thu May 28 09:06:52 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 28 09:07:02 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> Message-ID: <72cf361e0905280106u3460fea1if977f03149512f0@mail.gmail.com> So what have you done on the list of suggestions we've given you?? Normally this is either the RBL's or bayes that causes this issue. turn off the RBL's/bayes with the following in ./etc/mail/spamassassin/ mailscanner.cf skip_rbl_checks 1 use_bayes 0 restart MailScanner with one of these set and see how you go. once it's been narrowed down put the problem back in again run mailscanner in debug mode ( "MailScanner --debug --debug-sa" ) as has already been suggested and pastebin the output to t he list and we'll be able to help further. 2009/5/28 shyam hirurkar > Hi All, > > Strange things > > May 28 10:24:24 mx1 MailScanner[14166]: SpamAssassin timed out and was > killed, failure 1 of 10 > May 28 10:24:25 mx1 MailScanner[14166]: Message 8230A25A8011.85641 from > xxx.xxx.xxx.xxx (srs0=6iu+f4=by=domain.com=username@remote-domain.com) to > domain.com is not spam, SpamAssassin (not cached, timed out) > > May 28 10:33:15 mx1 MailScanner[14227]: SpamAssassin timed out and was > killed, failure 1 of 10 > May 28 10:33:16 mx1 MailScanner[14227]: Message 36E3325A800A.3D3A4 from > xxx.xxx.xxx.xxx > (prvs=392a3764d=user@remote-domain.com) to domain.com is not spam, > SpamAssassin (not cached, timed out) > > > When ever i get these kind of mails spamassassin is timing out. I am not > able to figureout why ? Any idea on this > > Thanks, > Shyam > > > > > On Thu, May 28, 2009 at 10:24 AM, shyam hirurkar wrote: > >> Hi , >> >> >> Thanks a lot for the valuable inputs and i will work on this and let you >> know. >> >> Thanks, >> Shyam >> >> On Thu, May 28, 2009 at 1:29 AM, Scott Silva wrote: >> >>> on 5-27-2009 5:07 AM shyam hirurkar spake the following: >>> > Hi All, >>> > >>> > >>> > Even I observe the mailq was 50 and RAM was being utilized? 60% and >>> swap >>> > not at all used. Still I am getting the same error in maillog.... any >>> > other reason...as spams are passing... >>> > >>> > >>> > Thanks and Regards, >>> > Shyam >>> > >>> >>> Did you read the links to optimize spamassassin? >>> Did you set up a caching nameserver on the box? >>> run temp files from ramdisk? >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/1abcf640/attachment.html From shyamph at gmail.com Thu May 28 09:32:41 2009 From: shyamph at gmail.com (shyam hirurkar) Date: Thu May 28 09:32:52 2009 Subject: Cached Timeout MailScanner In-Reply-To: <72cf361e0905280106u3460fea1if977f03149512f0@mail.gmail.com> References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> <72cf361e0905280106u3460fea1if977f03149512f0@mail.gmail.com> Message-ID: Hi , Thanks a lot I will check and paste the debug output. Shyam On Thu, May 28, 2009 at 1:36 PM, Martin Hepworth wrote: > So what have you done on the list of suggestions we've given you?? > Normally this is either the RBL's or bayes that causes this issue. > > turn off the RBL's/bayes with the following in ./etc/mail/spamassassin/ > mailscanner.cf > > skip_rbl_checks 1 > > use_bayes 0 > > restart MailScanner with one of these set and see how you go. > > once it's been narrowed down put the problem back in again run mailscanner > in debug mode ( "MailScanner --debug --debug-sa" ) as has already been > suggested and pastebin the output to t he list and we'll be able to help > further. > > > 2009/5/28 shyam hirurkar > > Hi All, >> >> Strange things >> >> May 28 10:24:24 mx1 MailScanner[14166]: SpamAssassin timed out and was >> killed, failure 1 of 10 >> May 28 10:24:25 mx1 MailScanner[14166]: Message 8230A25A8011.85641 from >> xxx.xxx.xxx.xxx (srs0=6iu+f4=by=domain.com=username@remote-domain.com) to >> domain.com is not spam, SpamAssassin (not cached, timed out) >> >> May 28 10:33:15 mx1 MailScanner[14227]: SpamAssassin timed out and was >> killed, failure 1 of 10 >> May 28 10:33:16 mx1 MailScanner[14227]: Message 36E3325A800A.3D3A4 from >> xxx.xxx.xxx.xxx >> (prvs=392a3764d=user@remote-domain.com) to domain.com is not spam, >> SpamAssassin (not cached, timed out) >> >> >> When ever i get these kind of mails spamassassin is timing out. I am not >> able to figureout why ? Any idea on this >> >> Thanks, >> Shyam >> >> >> >> >> On Thu, May 28, 2009 at 10:24 AM, shyam hirurkar wrote: >> >>> Hi , >>> >>> >>> Thanks a lot for the valuable inputs and i will work on this and let you >>> know. >>> >>> Thanks, >>> Shyam >>> >>> On Thu, May 28, 2009 at 1:29 AM, Scott Silva wrote: >>> >>>> on 5-27-2009 5:07 AM shyam hirurkar spake the following: >>>> > Hi All, >>>> > >>>> > >>>> > Even I observe the mailq was 50 and RAM was being utilized? 60% and >>>> swap >>>> > not at all used. Still I am getting the same error in maillog.... any >>>> > other reason...as spams are passing... >>>> > >>>> > >>>> > Thanks and Regards, >>>> > Shyam >>>> > >>>> >>>> Did you read the links to optimize spamassassin? >>>> Did you set up a caching nameserver on the box? >>>> run temp files from ramdisk? >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/7591c5b8/attachment.html From chauhananshul at gmail.com Thu May 28 13:23:40 2009 From: chauhananshul at gmail.com (Anshul Chauhan) Date: Thu May 28 13:24:26 2009 Subject: Mailscaaner not delivering mails just queuing them Message-ID: <2a3578a60905280523q1f14b223rbc9ffc16c0657ced@mail.gmail.com> Hi, I'm a new mailscanner user, I've installed mailscanner-4.76.25-1 on CentOS 5.2 with sendmail. I was trying to install a AntiSpam Gateway. Installation didn't gave any errors & i'm using default configuration but mailscanner is not delivering any mails its just queue every mail. This is maillog for a mail May 28 16:51:22 antispam sendmail[15695]: n4SBLM3l015695: from=< user@yahoo.com>, size=1095, class=0, nrcpts=1, msgid=<000d01c9df86$6d507190$0101a584@user1>, proto=SMTP, daemon=MTA, relay=[192.168.1.1] May 28 16:51:22 antispam sendmail[15695]: n4SBLM3l015695: to=< user@mydomainname.com>, delay=00:00:00, mailer=esmtp, pri=31095, stat=queued user exists on the local server but still its queuing the mails i don't understand why????? Please help Warm Regards, Anshul Chauhan "Dream is not what you see while sleep, it's the thing that does not let you sleep." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/74095cac/attachment.html From maxsec at gmail.com Thu May 28 13:48:00 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 28 13:48:09 2009 Subject: Mailscaaner not delivering mails just queuing them In-Reply-To: <2a3578a60905280523q1f14b223rbc9ffc16c0657ced@mail.gmail.com> References: <2a3578a60905280523q1f14b223rbc9ffc16c0657ced@mail.gmail.com> Message-ID: <72cf361e0905280548v58df9448q3cef3063ba6a6a29@mail.gmail.com> anything in the logs for MailScanner - there should be. 2009/5/28 Anshul Chauhan > Hi, > > I'm a new mailscanner user, I've installed mailscanner-4.76.25-1 on CentOS > 5.2 with sendmail. I was trying to install a AntiSpam Gateway. Installation > didn't gave any errors & i'm using default configuration but mailscanner is > not delivering any mails its just queue every mail. > This is maillog for a mail > > May 28 16:51:22 antispam sendmail[15695]: n4SBLM3l015695: from=< > user@yahoo.com>, size=1095, class=0, nrcpts=1, > msgid=<000d01c9df86$6d507190$0101a584@user1>, proto=SMTP, daemon=MTA, > relay=[192.168.1.1] > May 28 16:51:22 antispam sendmail[15695]: n4SBLM3l015695: to=< > user@mydomainname.com>, delay=00:00:00, mailer=esmtp, pri=31095, > stat=queued > > user exists on the local server but still its queuing the mails i don't > understand why????? > > > Please help > > > Warm Regards, > Anshul Chauhan > "Dream is not what you see while sleep, it's the thing that does not let > you sleep." > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/51970bdf/attachment.html From chauhananshul at gmail.com Thu May 28 13:57:36 2009 From: chauhananshul at gmail.com (Anshul Chauhan) Date: Thu May 28 13:58:06 2009 Subject: Mailscaaner not delivering Message-ID: <2a3578a60905280557m71457dc3sc411e0d9ae185211@mail.gmail.com> Mail scanner logs doesn't give any error or information abut mail delievery or configuration error These are some of the logs May 28 18:23:40 antispam sendmail[27867]: alias database /etc/aliases rebuilt by root May 28 18:23:40 antispam sendmail[27867]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total May 28 18:23:40 antispam sendmail[27875]: starting daemon (8.13.8): SMTP May 28 18:23:40 antispam sm-msp-queue[27879]: starting daemon (8.13.8): queueing@00:15:00 May 28 18:23:40 antispam sendmail[27883]: starting daemon (8.13.8): queueing@00:15:00 May 28 18:23:49 antispam MailScanner[27906]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:49 antispam MailScanner[27906]: Read 854 hostnames from the phishing whitelist May 28 18:23:49 antispam MailScanner[27906]: Read 9046 hostnames from the phishing blacklists May 28 18:23:52 antispam MailScanner[27906]: Using SpamAssassin results cache May 28 18:23:52 antispam MailScanner[27906]: Connected to SpamAssassin cache database May 28 18:23:52 antispam MailScanner[27906]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:23:54 antispam MailScanner[27908]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:54 antispam MailScanner[27908]: Read 854 hostnames from the phishing whitelist May 28 18:23:54 antispam MailScanner[27908]: Read 9046 hostnames from the phishing blacklists May 28 18:23:55 antispam MailScanner[27908]: Using SpamAssassin results cache May 28 18:23:55 antispam MailScanner[27908]: Connected to SpamAssassin cache database May 28 18:23:55 antispam MailScanner[27908]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:23:59 antispam MailScanner[27910]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:59 antispam MailScanner[27910]: Read 854 hostnames from the phishing whitelist May 28 18:23:59 antispam MailScanner[27910]: Read 9046 hostnames from the phishing blacklists May 28 18:24:00 antispam MailScanner[27910]: Using SpamAssassin results cache May 28 18:24:00 antispam MailScanner[27910]: Connected to SpamAssassin cache database May 28 18:24:00 antispam MailScanner[27910]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:24:04 antispam MailScanner[27912]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:24:04 antispam MailScanner[27912]: Read 854 hostnames from the phishing whitelist May 28 18:24:04 antispam MailScanner[27912]: Read 9046 hostnames from the phishing blacklists May 28 18:24:05 antispam MailScanner[27912]: Using SpamAssassin results cache May 28 18:24:05 antispam MailScanner[27912]: Connected to SpamAssassin cache database May 28 18:24:05 antispam MailScanner[27912]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:24:09 antispam MailScanner[27914]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:24:09 antispam MailScanner[27914]: Read 854 hostnames from the phishing whitelist May 28 18:24:09 antispam MailScanner[27914]: Read 9046 hostnames from the phishing blacklists May 28 18:24:10 antispam MailScanner[27914]: Using SpamAssassin results cache May 28 18:24:10 antispam MailScanner[27914]: Connected to SpamAssassin cache database May 28 18:24:10 antispam MailScanner[27914]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:25:39 antispam MailScanner[27908]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:00 antispam MailScanner[27917]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:00 antispam MailScanner[27906]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:02 antispam MailScanner[27910]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:07 antispam MailScanner[27917]: Read 854 hostnames from the phishing whitelist May 28 18:26:09 antispam MailScanner[27917]: Read 9046 hostnames from the phishing blacklists May 28 18:26:28 antispam MailScanner[27917]: Using SpamAssassin results cache May 28 18:26:29 antispam MailScanner[27917]: Connected to SpamAssassin cache database May 28 18:26:30 antispam MailScanner[27917]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:38 antispam MailScanner[27912]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:40 antispam MailScanner[27914]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:49 antispam MailScanner[27923]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:53 antispam MailScanner[27923]: Read 854 hostnames from the phishing whitelist May 28 18:26:54 antispam MailScanner[27924]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:54 antispam MailScanner[27923]: Read 9046 hostnames from the phishing blacklists May 28 18:26:54 antispam MailScanner[27924]: Read 854 hostnames from the phishing whitelist May 28 18:26:54 antispam MailScanner[27924]: Read 9046 hostnames from the phishing blacklists May 28 18:26:57 antispam MailScanner[27924]: Using SpamAssassin results cache May 28 18:26:57 antispam MailScanner[27924]: Connected to SpamAssassin cache database May 28 18:26:57 antispam MailScanner[27924]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:57 antispam MailScanner[27923]: Using SpamAssassin results cache May 28 18:26:57 antispam MailScanner[27923]: Connected to SpamAssassin cache database May 28 18:26:57 antispam MailScanner[27923]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:59 antispam MailScanner[27927]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:59 antispam MailScanner[27927]: Read 854 hostnames from the phishing whitelist May 28 18:26:59 antispam MailScanner[27927]: Read 9046 hostnames from the phishing blacklists May 28 18:27:00 antispam MailScanner[27927]: Using SpamAssassin results cache May 28 18:27:00 antispam MailScanner[27927]: Connected to SpamAssassin cache database May 28 18:27:00 antispam MailScanner[27927]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:27:04 antispam MailScanner[27929]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:27:04 antispam MailScanner[27929]: Read 854 hostnames from the phishing whitelist May 28 18:27:04 antispam MailScanner[27929]: Read 9046 hostnames from the phishing blacklists May 28 18:27:05 antispam MailScanner[27929]: Using SpamAssassin results cache May 28 18:27:05 antispam MailScanner[27929]: Connected to SpamAssassin cache database May 28 18:27:05 antispam MailScanner[27929]: Enabling SpamAssassin auto-whitelist functionality... Warm Regards, Anshul Chauhan "Dream is not what you see while sleep, it's the thing that does not let you sleep." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/b78e074c/attachment.html From chauhananshul at gmail.com Thu May 28 14:01:19 2009 From: chauhananshul at gmail.com (Anshul Chauhan) Date: Thu May 28 14:01:49 2009 Subject: Mailscaaner not delivering mails just queuing them Message-ID: <2a3578a60905280601j209bf5a2v2e645994830312e9@mail.gmail.com> Mail Scanner logs doesn't give any error or information abut mail delievery or configuration error These are some of the logs May 28 18:23:40 antispam sendmail[27867]: alias database /etc/aliases rebuilt by root May 28 18:23:40 antispam sendmail[27867]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total May 28 18:23:40 antispam sendmail[27875]: starting daemon (8.13.8): SMTP May 28 18:23:40 antispam sm-msp-queue[27879]: starting daemon (8.13.8): queueing@00:15:00 May 28 18:23:40 antispam sendmail[27883]: starting daemon (8.13.8): queueing@00:15:00 May 28 18:23:49 antispam MailScanner[27906]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:49 antispam MailScanner[27906]: Read 854 hostnames from the phishing whitelist May 28 18:23:49 antispam MailScanner[27906]: Read 9046 hostnames from the phishing blacklists May 28 18:23:52 antispam MailScanner[27906]: Using SpamAssassin results cache May 28 18:23:52 antispam MailScanner[27906]: Connected to SpamAssassin cache database May 28 18:23:52 antispam MailScanner[27906]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:23:54 antispam MailScanner[27908]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:54 antispam MailScanner[27908]: Read 854 hostnames from the phishing whitelist May 28 18:23:54 antispam MailScanner[27908]: Read 9046 hostnames from the phishing blacklists May 28 18:23:55 antispam MailScanner[27908]: Using SpamAssassin results cache May 28 18:23:55 antispam MailScanner[27908]: Connected to SpamAssassin cache database May 28 18:23:55 antispam MailScanner[27908]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:23:59 antispam MailScanner[27910]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:23:59 antispam MailScanner[27910]: Read 854 hostnames from the phishing whitelist May 28 18:23:59 antispam MailScanner[27910]: Read 9046 hostnames from the phishing blacklists May 28 18:24:00 antispam MailScanner[27910]: Using SpamAssassin results cache May 28 18:24:00 antispam MailScanner[27910]: Connected to SpamAssassin cache database May 28 18:24:00 antispam MailScanner[27910]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:24:04 antispam MailScanner[27912]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:24:04 antispam MailScanner[27912]: Read 854 hostnames from the phishing whitelist May 28 18:24:04 antispam MailScanner[27912]: Read 9046 hostnames from the phishing blacklists May 28 18:24:05 antispam MailScanner[27912]: Using SpamAssassin results cache May 28 18:24:05 antispam MailScanner[27912]: Connected to SpamAssassin cache database May 28 18:24:05 antispam MailScanner[27912]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:24:09 antispam MailScanner[27914]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:24:09 antispam MailScanner[27914]: Read 854 hostnames from the phishing whitelist May 28 18:24:09 antispam MailScanner[27914]: Read 9046 hostnames from the phishing blacklists May 28 18:24:10 antispam MailScanner[27914]: Using SpamAssassin results cache May 28 18:24:10 antispam MailScanner[27914]: Connected to SpamAssassin cache database May 28 18:24:10 antispam MailScanner[27914]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:25:39 antispam MailScanner[27908]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:00 antispam MailScanner[27917]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:00 antispam MailScanner[27906]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:02 antispam MailScanner[27910]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:07 antispam MailScanner[27917]: Read 854 hostnames from the phishing whitelist May 28 18:26:09 antispam MailScanner[27917]: Read 9046 hostnames from the phishing blacklists May 28 18:26:28 antispam MailScanner[27917]: Using SpamAssassin results cache May 28 18:26:29 antispam MailScanner[27917]: Connected to SpamAssassin cache database May 28 18:26:30 antispam MailScanner[27917]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:38 antispam MailScanner[27912]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:40 antispam MailScanner[27914]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! May 28 18:26:49 antispam MailScanner[27923]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:53 antispam MailScanner[27923]: Read 854 hostnames from the phishing whitelist May 28 18:26:54 antispam MailScanner[27924]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:54 antispam MailScanner[27923]: Read 9046 hostnames from the phishing blacklists May 28 18:26:54 antispam MailScanner[27924]: Read 854 hostnames from the phishing whitelist May 28 18:26:54 antispam MailScanner[27924]: Read 9046 hostnames from the phishing blacklists May 28 18:26:57 antispam MailScanner[27924]: Using SpamAssassin results cache May 28 18:26:57 antispam MailScanner[27924]: Connected to SpamAssassin cache database May 28 18:26:57 antispam MailScanner[27924]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:57 antispam MailScanner[27923]: Using SpamAssassin results cache May 28 18:26:57 antispam MailScanner[27923]: Connected to SpamAssassin cache database May 28 18:26:57 antispam MailScanner[27923]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:26:59 antispam MailScanner[27927]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:26:59 antispam MailScanner[27927]: Read 854 hostnames from the phishing whitelist May 28 18:26:59 antispam MailScanner[27927]: Read 9046 hostnames from the phishing blacklists May 28 18:27:00 antispam MailScanner[27927]: Using SpamAssassin results cache May 28 18:27:00 antispam MailScanner[27927]: Connected to SpamAssassin cache database May 28 18:27:00 antispam MailScanner[27927]: Enabling SpamAssassin auto-whitelist functionality... May 28 18:27:04 antispam MailScanner[27929]: MailScanner E-Mail Virus Scanner version 4.76.25 starting... May 28 18:27:04 antispam MailScanner[27929]: Read 854 hostnames from the phishing whitelist May 28 18:27:04 antispam MailScanner[27929]: Read 9046 hostnames from the phishing blacklists May 28 18:27:05 antispam MailScanner[27929]: Using SpamAssassin results cache May 28 18:27:05 antispam MailScanner[27929]: Connected to SpamAssassin cache database May 28 18:27:05 antispam MailScanner[27929]: Enabling SpamAssassin auto-whitelist functionality... Warm Regards, Anshul Chauhan "Dream is not what you see while sleep, it's the thing that does not let you sleep." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/ffd3f7ef/attachment.html From maxsec at gmail.com Thu May 28 14:37:33 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu May 28 14:37:43 2009 Subject: Mailscaaner not delivering In-Reply-To: <2a3578a60905280557m71457dc3sc411e0d9ae185211@mail.gmail.com> References: <2a3578a60905280557m71457dc3sc411e0d9ae185211@mail.gmail.com> Message-ID: <72cf361e0905280637k57cd4d98rb33b4d4e7e981cc7@mail.gmail.com> run MailScanner in debug mode it may give you more clues;.. MailScanner --Debug 2009/5/28 Anshul Chauhan > Mail scanner logs doesn't give any error or information abut mail delievery > or configuration error > These are some of the logs > > May 28 18:23:40 antispam sendmail[27867]: alias database /etc/aliases > rebuilt by root > May 28 18:23:40 antispam sendmail[27867]: /etc/aliases: 76 aliases, longest > 10 bytes, 765 bytes total > May 28 18:23:40 antispam sendmail[27875]: starting daemon (8.13.8): SMTP > May 28 18:23:40 antispam sm-msp-queue[27879]: starting daemon (8.13.8): > queueing@00:15:00 > May 28 18:23:40 antispam sendmail[27883]: starting daemon (8.13.8): > queueing@00:15:00 > May 28 18:23:49 antispam MailScanner[27906]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:23:49 antispam MailScanner[27906]: Read 854 hostnames from the > phishing whitelist > May 28 18:23:49 antispam MailScanner[27906]: Read 9046 hostnames from the > phishing blacklists > May 28 18:23:52 antispam MailScanner[27906]: Using SpamAssassin results > cache > May 28 18:23:52 antispam MailScanner[27906]: Connected to SpamAssassin > cache database > May 28 18:23:52 antispam MailScanner[27906]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:23:54 antispam MailScanner[27908]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:23:54 antispam MailScanner[27908]: Read 854 hostnames from the > phishing whitelist > May 28 18:23:54 antispam MailScanner[27908]: Read 9046 hostnames from the > phishing blacklists > May 28 18:23:55 antispam MailScanner[27908]: Using SpamAssassin results > cache > May 28 18:23:55 antispam MailScanner[27908]: Connected to SpamAssassin > cache database > May 28 18:23:55 antispam MailScanner[27908]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:23:59 antispam MailScanner[27910]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:23:59 antispam MailScanner[27910]: Read 854 hostnames from the > phishing whitelist > May 28 18:23:59 antispam MailScanner[27910]: Read 9046 hostnames from the > phishing blacklists > May 28 18:24:00 antispam MailScanner[27910]: Using SpamAssassin results > cache > May 28 18:24:00 antispam MailScanner[27910]: Connected to SpamAssassin > cache database > May 28 18:24:00 antispam MailScanner[27910]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:24:04 antispam MailScanner[27912]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:24:04 antispam MailScanner[27912]: Read 854 hostnames from the > phishing whitelist > May 28 18:24:04 antispam MailScanner[27912]: Read 9046 hostnames from the > phishing blacklists > May 28 18:24:05 antispam MailScanner[27912]: Using SpamAssassin results > cache > May 28 18:24:05 antispam MailScanner[27912]: Connected to SpamAssassin > cache database > May 28 18:24:05 antispam MailScanner[27912]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:24:09 antispam MailScanner[27914]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:24:09 antispam MailScanner[27914]: Read 854 hostnames from the > phishing whitelist > May 28 18:24:09 antispam MailScanner[27914]: Read 9046 hostnames from the > phishing blacklists > May 28 18:24:10 antispam MailScanner[27914]: Using SpamAssassin results > cache > May 28 18:24:10 antispam MailScanner[27914]: Connected to SpamAssassin > cache database > May 28 18:24:10 antispam MailScanner[27914]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:25:39 antispam MailScanner[27908]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > May 28 18:26:00 antispam MailScanner[27917]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:26:00 antispam MailScanner[27906]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > May 28 18:26:02 antispam MailScanner[27910]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > May 28 18:26:07 antispam MailScanner[27917]: Read 854 hostnames from the > phishing whitelist > May 28 18:26:09 antispam MailScanner[27917]: Read 9046 hostnames from the > phishing blacklists > May 28 18:26:28 antispam MailScanner[27917]: Using SpamAssassin results > cache > May 28 18:26:29 antispam MailScanner[27917]: Connected to SpamAssassin > cache database > May 28 18:26:30 antispam MailScanner[27917]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:26:38 antispam MailScanner[27912]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > May 28 18:26:40 antispam MailScanner[27914]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > May 28 18:26:49 antispam MailScanner[27923]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:26:53 antispam MailScanner[27923]: Read 854 hostnames from the > phishing whitelist > May 28 18:26:54 antispam MailScanner[27924]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:26:54 antispam MailScanner[27923]: Read 9046 hostnames from the > phishing blacklists > May 28 18:26:54 antispam MailScanner[27924]: Read 854 hostnames from the > phishing whitelist > May 28 18:26:54 antispam MailScanner[27924]: Read 9046 hostnames from the > phishing blacklists > May 28 18:26:57 antispam MailScanner[27924]: Using SpamAssassin results > cache > May 28 18:26:57 antispam MailScanner[27924]: Connected to SpamAssassin > cache database > May 28 18:26:57 antispam MailScanner[27924]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:26:57 antispam MailScanner[27923]: Using SpamAssassin results > cache > May 28 18:26:57 antispam MailScanner[27923]: Connected to SpamAssassin > cache database > May 28 18:26:57 antispam MailScanner[27923]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:26:59 antispam MailScanner[27927]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:26:59 antispam MailScanner[27927]: Read 854 hostnames from the > phishing whitelist > May 28 18:26:59 antispam MailScanner[27927]: Read 9046 hostnames from the > phishing blacklists > May 28 18:27:00 antispam MailScanner[27927]: Using SpamAssassin results > cache > May 28 18:27:00 antispam MailScanner[27927]: Connected to SpamAssassin > cache database > May 28 18:27:00 antispam MailScanner[27927]: Enabling SpamAssassin > auto-whitelist functionality... > May 28 18:27:04 antispam MailScanner[27929]: MailScanner E-Mail Virus > Scanner version 4.76.25 starting... > May 28 18:27:04 antispam MailScanner[27929]: Read 854 hostnames from the > phishing whitelist > May 28 18:27:04 antispam MailScanner[27929]: Read 9046 hostnames from the > phishing blacklists > May 28 18:27:05 antispam MailScanner[27929]: Using SpamAssassin results > cache > May 28 18:27:05 antispam MailScanner[27929]: Connected to SpamAssassin > cache database > May 28 18:27:05 antispam MailScanner[27929]: Enabling SpamAssassin > auto-whitelist functionality... > > > > > Warm Regards, > Anshul Chauhan > "Dream is not what you see while sleep, it's the thing that does not let > you sleep." > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/31fe5205/attachment.html From neilw at dcdata.co.za Thu May 28 16:22:36 2009 From: neilw at dcdata.co.za (Neil Wilson) Date: Thu May 28 16:22:54 2009 Subject: MySQL Stability Message-ID: <4A1EAC3C.70006@dcdata.co.za> Hi guys, There is probably an easy answer to this question, but I've searched around on google and can't find much about it. I'm running Centos 5.2 with mysql-5.0.45-7.el5 Every few days my MySQL seems to die and in the logs I'm seeing the following errors. 090528 14:05:37 [ERROR] /usr/libexec/mysqld: Sort aborted 090528 14:07:56 [ERROR] Error in accept: Too many open files 090528 14:11:52 [ERROR] /usr/libexec/mysqld: Sort aborted 090528 14:12:13 [ERROR] Error in accept: Too many open files 090528 14:12:54 [ERROR] /usr/libexec/mysqld: Sort aborted 090528 14:14:26 [ERROR] /usr/libexec/mysqld: Sort aborted 090528 14:18:29 [Note] /usr/libexec/mysqld: Normal shutdown Then I stop it used the init script and it shutsdown properly. Then I start it and the problem is gone for the next few days. The box is processing quite a few mails daily, but I don't think it's exceptional. Processed: 10,277 409.3Mb Clean: 3,371 32.8% Spam: 551 5.4% High Scoring Spam: 6,355 61.8% My maillog.MYD is 3.4Gigs, is this too large? Sorry I realise this should probably be sent to a MySQL mailing list, but I'm sure people must have some huge MySQL DB's with some of their own MailScanner implementations I just want to make sure that we have nothing exceptional. Thanks, any tips will help. Regards. Neil. This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From maillists at conactive.com Thu May 28 16:54:57 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu May 28 16:55:09 2009 Subject: Problem with SQLite detection Message-ID: Just came back from vacation and updated MailScanner on the first machine. It started barking about SQLite. I had to disable the SA cache db and the processing-messages database. First some observations which might call for slight improvements: It took me some time to find the correct config line to disable it. The error mentions "processing-messages database", but the config doesn't contain this sequence at all. I suggest either renaming the error message to point to "Processing Attempts Database" (which would go to the next config line) or mentioning "processing-messages database" in the description of the "Maximum Processing Attempts" config option. Also, I got a bit confused first by the wording "Set this to 0 to disable the limit.". I mean, even if disabled MS could still track and use the db. It might help to rephrase it to "Set this to 0 to disable the limit and the Processing Attempts Database." MailScanner --lint reports: DBD::SQLite initialisation failed: Can't locate object method "driver" via package "DBD::SQLite" at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux- thread-multi/DBI.pm line 770. Perhaps the capitalisation of DBD 'SQLite' isn't right. at /usr/sbin/MailScanner line 1684 And then the --lint errors out at this stage and doesn't finish. Should it really do this? Now for the problem itself. It seems the problem may lie in the rpmforge-packaged module I use. If I downgrade the new version 1.25 to the old available version 1.14 MailScanner -v starts detecting DBD::SQLite again and the use of the databases works. I notice "6-4 Corrected DBD-SQLite packaging error." in the changelog. Jules, could this have anything to do with the problem? I mean did you correct a problem from upstream or in your own packaging only? In order to find the nature of the change in the rpmforge packages it might be helpful to know how the detection of the modules in MailScanner -v works. Thanks. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From tjones at isthmus.com Thu May 28 17:18:28 2009 From: tjones at isthmus.com (Thom Jones) Date: Thu May 28 17:19:30 2009 Subject: MySQL Stability In-Reply-To: <4A1EAC3C.70006@dcdata.co.za> References: <4A1EAC3C.70006@dcdata.co.za> Message-ID: <200905281118.28610.tjones@isthmus.com> On Thursday 28 May 2009 10:22:36 am Neil Wilson wrote: > Processed: 10,277 409.3Mb > Clean: 3,371 32.8% > Spam: 551 5.4% > High Scoring Spam: 6,355 61.8% > > My maillog.MYD is 3.4Gigs, is this too large? Looks like I process only about twice what you do per day and my maillog.MYD file is only 650Mb. So it seems that something is wrong someplace. I'll do some digging. -- Thom Jones Isthmus Publishing http://www.thedailypage.com APATHY ERROR: Don't bother striking any key From Hostmaster at computerservicecentre.com Thu May 28 17:20:52 2009 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Thu May 28 17:21:02 2009 Subject: MySQL Stability In-Reply-To: <4A1EAC3C.70006@dcdata.co.za> References: <4A1EAC3C.70006@dcdata.co.za> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2AABC523@commssrv01.computerservicecentre.com> >>I'm running Centos 5.2 with mysql-5.0.45-7.el5 >>Every few days my MySQL seems to die and in the logs I'm seeing the >>following errors. >>090528 14:05:37 [ERROR] /usr/libexec/mysqld: Sort aborted >>090528 14:07:56 [ERROR] Error in accept: Too many open files >>090528 14:11:52 [ERROR] /usr/libexec/mysqld: Sort aborted >>090528 14:12:13 [ERROR] Error in accept: Too many open files >>090528 14:12:54 [ERROR] /usr/libexec/mysqld: Sort aborted >>090528 14:14:26 [ERROR] /usr/libexec/mysqld: Sort aborted >>090528 14:18:29 [Note] /usr/libexec/mysqld: Normal shutdown I had a very similar problem with MySQL quite some time ago, although I think it was with 5.0.67. When you hit the "too many open files" problem, do a "ps ax |grep mysql" to find MySQL's PID, and then do "lsof -p PID |grep deleted" and see if you get a long list of open file handles on deleted files. If you do, the answer is to upgrade MySQL - I moved to 5.0.77 and it cured the problem immediately. >>Then I stop it used the init script and it shutsdown properly. >>Then I start it and the problem is gone for the next few days. >>The box is processing quite a few mails daily, but I don't think it's >>exceptional. >>Processed: 10,277 409.3Mb >>Clean: 3,371 32.8% >>Spam: 551 5.4% >>High Scoring Spam: 6,355 61.8% Mine handles around 25k emails a day, so this isn't a huge install >>My maillog.MYD is 3.4Gigs, is this too large? You might want to check the db-clean.php and the values it has configured for retention. My current database is around 1.2-1.5 GB, and holds 90 days of mail at 25k emails a day, so yours goes back a long way at my guess. There are some details around about setting up an "archive" of MailWatch databases so that your main database can be a bit smaller. >>Sorry I realise this should probably be sent to a MySQL mailing list, >>but I'm sure people must have some huge MySQL DB's with some of their >>own MailScanner implementations I just want to make sure that we have >>nothing exceptional. Yep, you'll find plenty of people on list who are using MailScanner. Just as a suggestion, you might want to review your MySQL settings - Search for "tuning-primer.sh" to run against your install of MySQL for some pointers. >>Thanks, any tips will help. Pleasure Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) Hostmaster Computer Service Centre http://www.computerservicecentre.com? From tjones at isthmus.com Thu May 28 17:27:41 2009 From: tjones at isthmus.com (Thom Jones) Date: Thu May 28 17:35:03 2009 Subject: MySQL Stability In-Reply-To: <4A1EAC3C.70006@dcdata.co.za> References: <4A1EAC3C.70006@dcdata.co.za> Message-ID: <200905281127.41690.tjones@isthmus.com> On Thursday 28 May 2009 10:22:36 am Neil Wilson wrote: > > My maillog.MYD is 3.4Gigs, is this too large? Try here: http://wiki.mailscanner.info/doku.php?id=documentation:related_software:management:mailwatch:tips:trimming_db This table is from MailWatch, not MailScanner and it does need to be trimmed. Above link will help do that. HTH -- Thom Jones Isthmus Publishing http://www.thedailypage.com APATHY ERROR: Don't bother striking any key From mr.jarry at gmail.com Thu May 28 18:25:49 2009 From: mr.jarry at gmail.com (Jarry) Date: Thu May 28 18:25:45 2009 Subject: /etc/init.d/MailScanner stop: caught SIGTERM, aborting In-Reply-To: References: <4A195A25.7000209@gmail.com> <223f97700905270202ne8ba063v3bbbc452172c42ff@mail.gmail.com> <4A1D68D2.2060001@gmail.com> <4A1D7B2C.8030807@ecs.soton.ac.uk> <4A1DA358.8090000@gmail.com> Message-ID: <4A1EC91D.1010501@gmail.com> Scott Silva wrote: > Virtual services although technically separate can still share loaded modules > in some places. That is why the ram usage looks so low for them. Don't know what is such a "virtual service" good for, but the only thing vserver-guests share is kernel. Guest-running processes can not share loaded modules... > MailScanner > is not a virtual system, it is a hungry, snarling beast waiting to devour your > spam and spit out the pieces. ;-P It seems to me, this beast is so hungry, it is going to devour even me. I'm not sure I have enough spam to feed it. Maybe I'd better start with puppies, they are easier to domesticate... Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. From ssilva at sgvwater.com Thu May 28 20:19:39 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Thu May 28 20:20:04 2009 Subject: Cached Timeout MailScanner In-Reply-To: References: <72cf361e0905270244o51bd4bfcv8981a01a96b4b181@mail.gmail.com> <72cf361e0905270328j20317929qaa40ead3902f53f3@mail.gmail.com> <72cf361e0905280106u3460fea1if977f03149512f0@mail.gmail.com> Message-ID: on 5-28-2009 1:32 AM shyam hirurkar spake the following: > Hi , > > Thanks a lot I will check and paste the debug output. > > Shyam Do not paste here on the list. Use a pastebin account and just post the link (pastebin.com). The debug output can get rather large, and you will tick off a lot of list members. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/be8f79c4/signature.bin From ecasarero at gmail.com Thu May 28 20:32:48 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu May 28 20:33:19 2009 Subject: OT: SA rule to detect forged gmail traffic. Message-ID: <7d9b3cf20905281232s12075293k63e4b14ab02dceca@mail.gmail.com> I'm researching and trying to write an SA rule to detect forged gmail traffic, does anyone has anything done like this? i was thinking in some message id structure, and the precense of DKIM data. any advice would be aprecciated, eduardo. PD: cant block for invalid spf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090528/3a483461/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 29 10:12:56 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 29 10:13:16 2009 Subject: Problem with SQLite detection In-Reply-To: References: <4A1FA718.7000408@ecs.soton.ac.uk> Message-ID: On 28/05/2009 16:54, Kai Schaetzl wrote: > Just came back from vacation and updated MailScanner on the first machine. > It started barking about SQLite. I had to disable the SA cache db and the > processing-messages database. > > First some observations which might call for slight improvements: > > It took me some time to find the correct config line to disable it. The > error mentions "processing-messages database", but the config doesn't > contain this sequence at all. I suggest either renaming the error message > to point to "Processing Attempts Database" (which would go to the next > config line) or mentioning "processing-messages database" in the > description of the "Maximum Processing Attempts" config option. > > Also, I got a bit confused first by the wording "Set this to 0 to disable > the limit.". I mean, even if disabled MS could still track and use the db. > It might help to rephrase it to "Set this to 0 to disable the limit and > the Processing Attempts Database." > > MailScanner --lint reports: > DBD::SQLite initialisation failed: Can't locate object method "driver" via > package "DBD::SQLite" at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux- > thread-multi/DBI.pm line 770. > > Perhaps the capitalisation of DBD 'SQLite' isn't right. at > /usr/sbin/MailScanner line 1684 > > And then the --lint errors out at this stage and doesn't finish. Should it > really do this? > Many thanks for all that. As a result I have improved the --lint check considerably and fixed all the log text relating to this database. > Now for the problem itself. > It seems the problem may lie in the rpmforge-packaged module I use. If I > downgrade the new version 1.25 to the old available version 1.14 > MailScanner -v starts detecting DBD::SQLite again and the use of the > databases works. > I notice "6-4 Corrected DBD-SQLite packaging error." in the changelog. > Jules, could this have anything to do with the problem? I mean did you > correct a problem from upstream or in your own packaging only? > It was just my packaging of it. It was superceded by the move to 1.25 anyway. > In order to find the nature of the change in the rpmforge packages it > might be helpful to know how the detection of the modules in MailScanner > -v works. Thanks. > It just does a "require" on the module and then prints the $Module::Name::VERSION value, which is the version number extracted from the Perl code of the module. Every Perl package defines a variable called VERSION. I ended up having to go to 1.25 or else it would not build properly on a whole bunch of CentOS 4 systems. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zaeem.arshad at gmail.com Fri May 29 11:10:44 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri May 29 11:10:54 2009 Subject: Moving Bayes database to tmps Message-ID: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> Hi List, Can I get noticecable performance improvement by moving the bayesian database to tmpfs? Currently, it's being stored at /root/.spamassassin which happens to be an ext3 partition. Regards -- Zaeem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090529/6dacf201/attachment-0001.html From pumzika at gmail.com Fri May 29 11:46:35 2009 From: pumzika at gmail.com (Steve Barnes) Date: Fri May 29 11:46:44 2009 Subject: "autolearn=" and spams getting through. Message-ID: <76f60d7e0905290346p60935411j57f1a79a9ec0c9a@mail.gmail.com> Hi Does anyone have know why this is occuring in maillog: May 29 06:14:53 mail MailScanner[397]: Message 3C1731164B.AB9BD from 189.69.109.196 (efhcrewz_1995@hillview.org) to domain.com is not spam, SpamAssassin (not cached, score= 0, required 6, autolearn=) In particular, the "autolearn=)" truncation. I've had a couple of spam e-mails get through that were scored at 0.00 (and oddly enough, at 28.7 when later passed by hand to spamassassn -D on the command line). The "autolearn=)" truncation occurred in both cases where the spam got through. The only reference I've found via Gmane search dated back to 2004 and didn't seem relevent (or answered). I have plenty of other entries that look fine: May 29 00:05:36 mail MailScanner[97129]: Message 0B56A11638.A209B from 196.200.16.19 (sales@altn.com) to domain.com is not spam, SpamAssassin (not cached, score=0, required 6, autolearn=disabled, KHOP_RCVD_UNTRUST 1.00, RCVD_IN_JMF_W -1.00) Could this be caused by a bayes database rebuild at the time of spam-checks? I'm not really sure where to start looking since the by-hand SA run set the spam on fire in both cases... Thank you Steve PS, I'm using: MS 4.76.24, Perl 5.10.0, SA 3.2.5, FreeBSD 7.2, Postfix 2.5.6 and MailWatch 1.0.4. From MailScanner at ecs.soton.ac.uk Fri May 29 12:12:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 29 12:12:58 2009 Subject: Problem with SQLite detection In-Reply-To: References: <4A1FA718.7000408@ecs.soton.ac.uk> <4A1FC306.6070006@ecs.soton.ac.uk> Message-ID: On 29/05/2009 10:12, Julian Field wrote: > > > On 28/05/2009 16:54, Kai Schaetzl wrote: >> Just came back from vacation and updated MailScanner on the first >> machine. >> It started barking about SQLite. I had to disable the SA cache db and >> the >> processing-messages database. >> >> First some observations which might call for slight improvements: >> >> It took me some time to find the correct config line to disable it. The >> error mentions "processing-messages database", but the config doesn't >> contain this sequence at all. I suggest either renaming the error >> message >> to point to "Processing Attempts Database" (which would go to the next >> config line) or mentioning "processing-messages database" in the >> description of the "Maximum Processing Attempts" config option. >> >> Also, I got a bit confused first by the wording "Set this to 0 to >> disable >> the limit.". I mean, even if disabled MS could still track and use >> the db. >> It might help to rephrase it to "Set this to 0 to disable the limit and >> the Processing Attempts Database." >> >> MailScanner --lint reports: >> DBD::SQLite initialisation failed: Can't locate object method >> "driver" via >> package "DBD::SQLite" at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux- >> thread-multi/DBI.pm line 770. >> >> Perhaps the capitalisation of DBD 'SQLite' isn't right. at >> /usr/sbin/MailScanner line 1684 >> >> And then the --lint errors out at this stage and doesn't finish. >> Should it >> really do this? > Many thanks for all that. As a result I have improved the --lint check > considerably and fixed all the log text relating to this database. >> Now for the problem itself. >> It seems the problem may lie in the rpmforge-packaged module I use. If I >> downgrade the new version 1.25 to the old available version 1.14 >> MailScanner -v starts detecting DBD::SQLite again and the use of the >> databases works. >> I notice "6-4 Corrected DBD-SQLite packaging error." in the changelog. >> Jules, could this have anything to do with the problem? I mean did you >> correct a problem from upstream or in your own packaging only? > It was just my packaging of it. It was superceded by the move to 1.25 > anyway. >> In order to find the nature of the change in the rpmforge packages it >> might be helpful to know how the detection of the modules in MailScanner >> -v works. Thanks. > It just does a "require" on the module and then prints the > $Module::Name::VERSION value, which is the version number extracted > from the Perl code of the module. Every Perl package defines a > variable called VERSION. > > I ended up having to go to 1.25 or else it would not build properly on > a whole bunch of CentOS 4 systems. > > Jules > I have released 4.77.7 which includes the improvements I have mentioned above, which you may want to try it to see if you think it is good enough or needs further work. Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri May 29 12:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 12:31:35 2009 Subject: Moving Bayes database to tmps In-Reply-To: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> Message-ID: Zaeem Arshad wrote on Fri, 29 May 2009 16:10:44 +0600: > Can I get noticecable performance improvement by moving the bayesian > database to tmpfs? Currently, it's being stored at /root/.spamassassin which > happens to be an ext3 partition. Maybe. But you have to regularly back it up and restore it once you reboot or lose tmpfs for other reasons. I would think you are better off with moving to SQL. How big is the database at the moment? What's the data of "sa-learn --dump magic"? Have you determined *that* it is Bayes that is creating your asserted permonance problem? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From zaeem.arshad at gmail.com Fri May 29 13:11:17 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri May 29 13:11:28 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> Message-ID: <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> On Fri, May 29, 2009 at 5:31 PM, Kai Schaetzl wrote: > Zaeem Arshad wrote on Fri, 29 May 2009 16:10:44 +0600: > > > Can I get noticecable performance improvement by moving the bayesian > > database to tmpfs? Currently, it's being stored at /root/.spamassassin > which > > happens to be an ext3 partition. > > Maybe. But you have to regularly back it up and restore it once you reboot > or > lose tmpfs for other reasons. I would think you are better off with moving > to > SQL. Doesn't MS expire the database every 24 hours? > How big is the database at the moment? What's the data of > "sa-learn --dump magic"? bayes_seen 21M bayes_toks 9.3M 0.000 0 3 0 non-token data: bayes db version 0.000 0 131710 0 non-token data: nspam 0.000 0 40140 0 non-token data: nham 0.000 0 469228 0 non-token data: ntokens 0.000 0 1241679918 0 non-token data: oldest atime 0.000 0 1243580885 0 non-token data: newest atime 0.000 0 1243594258 0 non-token data: last journal sync atime 0.000 0 1243594283 0 non-token data: last expiry atime 0.000 0 691200 0 non-token data: last expire atime delta 0.000 0 13745 0 non-token data: last expire reduction count > > Have you determined *that* it is Bayes that is creating your asserted > permonance problem? I am trying to speed up I/O wherever it is involved within my resources. Since, the bayes database is an oft accessed file, I would like to have it on a faster filesystem or tmpfs. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090529/413060d8/attachment.html From alex at rtpty.com Fri May 29 13:17:02 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri May 29 13:17:17 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> Message-ID: What would be the best way to back it up, with the least amount of downtime? On May 29, 2009, at 6:31 AM, Kai Schaetzl wrote: > But you have to regularly back it up and restore it once you reboot or > lose tmpfs for other reasons -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From john at tradoc.fr Fri May 29 13:23:43 2009 From: john at tradoc.fr (John Wilcock) Date: Fri May 29 13:23:53 2009 Subject: Moving Bayes database to tmps In-Reply-To: <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: <4A1FD3CF.1090005@tradoc.fr> Le 29/05/2009 14:11, Zaeem Arshad a ?crit : > Doesn't MS expire the database every 24 hours? Yes (at least, it can be set to do so) but Bayes expiry merely deletes the least-recently-used data from the database, not the entire contents. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From zaeem.arshad at gmail.com Fri May 29 13:32:23 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri May 29 13:32:32 2009 Subject: Moving Bayes database to tmps In-Reply-To: <4A1FD3CF.1090005@tradoc.fr> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> <4A1FD3CF.1090005@tradoc.fr> Message-ID: <3e1809420905290532s34e3ab32j467a1e5b71c49759@mail.gmail.com> On Fri, May 29, 2009 at 6:23 PM, John Wilcock wrote: > Le 29/05/2009 14:11, Zaeem Arshad a ?crit : > >> Doesn't MS expire the database every 24 hours? >> > > Yes (at least, it can be set to do so) but Bayes expiry merely deletes the > least-recently-used data from the database, not the entire contents. > cp the database every 4 hours would help in case of database loss due to tmpfs or power outage? -- Zaeem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090529/151da9d4/attachment.html From alex at rtpty.com Fri May 29 14:27:25 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri May 29 14:27:44 2009 Subject: Moving Bayes database to tmps In-Reply-To: <3e1809420905290532s34e3ab32j467a1e5b71c49759@mail.gmail.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> <4A1FD3CF.1090005@tradoc.fr> <3e1809420905290532s34e3ab32j467a1e5b71c49759@mail.gmail.com> Message-ID: <4A72D700-EAA6-47E2-BEB8-7FDBFA9AFC69@rtpty.com> What would be a way to cp the database that would be "safe" - in the sense that we'd have to make sure it's not being written to at the time? On May 29, 2009, at 7:32 AM, Zaeem Arshad wrote: > cp the database every 4 hours would help in case of database loss > due to tmpfs or power outage? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From rlopezcnm at gmail.com Fri May 29 14:27:51 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri May 29 14:27:53 2009 Subject: normal output: SpamAssassin --lint Message-ID: Is this normal output? The part between the equal-sign lines is my largest concern. # MailScanner --lint Trying to setlogsock(unix) Read 854 hostnames from the phishing whitelist Read 9068 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.77.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. I have found clamavmodule scanners installed, and will use them all by default. Connected to processing-messages database Created processing-messages database successfully There are 0 messages in the processing-messages database Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamavmodule =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/ ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com Virus Scanning: ClamAVModule found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From maillists at conactive.com Fri May 29 14:31:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 14:31:28 2009 Subject: Moving Bayes database to tmps In-Reply-To: <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: Zaeem Arshad wrote on Fri, 29 May 2009 18:11:17 +0600: > Doesn't MS expire the database every 24 hours? expire is not the same as delete. If you cannot make sure that you backup the db regularly, so you have it back after a loss you are better off switching it off. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri May 29 14:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 14:31:29 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> Message-ID: Alex Neuman van der Hans wrote on Fri, 29 May 2009 07:17:02 -0500: > What would be the best way to back it up, with the least amount of > downtime? cp Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From theodrake.mailscanner at gmail.com Fri May 29 14:33:02 2009 From: theodrake.mailscanner at gmail.com (Ed Bruce) Date: Fri May 29 14:33:16 2009 Subject: Losing My IP Message-ID: <4A1FE40E.6090302@gmail.com> We've been rapidly virtualizing many severs, all Windows based. Finally decided its time to virtualize a Linux server so we chose our email gateways. Not a lot of load or disk activity. Ran the VMWare p2v client and we were good to go or at least I thought so. With all the image spam we've been hit with I installed Sanesecurity, which has greatly helped reduce it, but is getting a few false positives. As best I can tell any rules that reference IP address, say 127.0.0.1 don't get applied because it appears that MailScanner is seeing all email as coming from 0.0.0.0. Any ideas what I need to fix to get back my IP. May 29 09:08:48 mail4 postfix/smtpd[14688]: 722F085EC5: client=mail1.hpmich.com[*192.168.30.72*] May 29 09:09:24 mail4 postfix/cleanup[15443]: 722F085EC5: hold: header Received: from mail1.hpmich.com (mail1.hpmich.com [192.168.30.72])??by mail4.hpmich.com (Postfix) with ESMTP id 722F085EC5??for ; Fri, 29 May 2009 09:08:38 -0400 (EDT) from mail1.hpmich.com[192.168.30.72]; from= to= proto=ESMTP helo= May 29 09:09:24 mail4 postfix/cleanup[15443]: 722F085EC5: message-id=<20090529130848.722F085EC5@mail4.hpmich.com> May 29 09:09:24 mail4 MailScanner[13338]: Saved archive copies of 722F085EC5.AF247 May 29 09:09:25 mail4 MailScanner[13338]: Message 722F085EC5.AF247 from *0.0.0.0* (ebruce@hpmich.com) to hpmich.com is not spam, SpamAssassin (not cached, score=1.836, required 5.3, AWL -0.81, BAYES_50 2.65) May 29 09:09:29 mail4 MailScanner[13338]: Requeue: 722F085EC5.AF247 to DFE4F85EC6 May 29 09:09:29 mail4 MailScanner[13338]: Logging message 722F085EC5.AF247 to SQL May 29 09:09:29 mail4 MailScanner[13341]: 722F085EC5.AF247: Logged to MailWatch SQL May 29 09:09:29 mail4 postfix/smtp[16039]: DFE4F85EC6: to=, relay=x.x.x[x.x.x.x]:25, delay=51, delays=51/0/0/0.01, dsn=2.6.0, status=sent (250 2.6.0 <20090529130848.722F085EC5@mail4.hpmich.com> Queued mail for delivery) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090529/ec567213/attachment.html From MailScanner at ecs.soton.ac.uk Fri May 29 15:46:02 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 29 15:46:22 2009 Subject: normal output: SpamAssassin --lint In-Reply-To: References: <4A1FF52A.8020908@ecs.soton.ac.uk> Message-ID: On 29/05/2009 14:27, Robert Lopez wrote: > Is this normal output? > The part between the equal-sign lines is my largest concern. > That is not only perfectly normal but *intentional*. It is proof that your virus scanners are working, they successfully found a test (but totally harmless) "virus" pattern in a real email message. > # MailScanner --lint > Trying to setlogsock(unix) > Read 854 hostnames from the phishing whitelist > Read 9068 hostnames from the phishing blacklists > Checking version numbers... > Version number in MailScanner.conf (4.77.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > I have found clamavmodule scanners installed, and will use them all by default. > Connected to processing-messages database > Created processing-messages database successfully > There are 0 messages in the processing-messages database > Using locktype = posix > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamavmodule > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/ > ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com > Virus Scanning: ClamAVModule found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > > -- > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eddie at emcuk.com Fri May 29 16:16:54 2009 From: eddie at emcuk.com (Eddie Hallahan) Date: Fri May 29 16:17:30 2009 Subject: normal output: SpamAssassin --lint In-Reply-To: References: Message-ID: <4A1FFC66.1010909@emcuk.com> Hi Robert, Yes that is normal output. The EICAR thing is a test virus, much like GTUBE is a test spam email. The relevant lines in the output let you know that the virus scanner(s) you have set in your mailscanner.conf are working. I would say that I'd advise switching to clamd rather than clamavmodule as the perl module hasn't been updated forever and clamd definitely seems to work better. Regards Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. Robert Lopez wrote: > Is this normal output? > The part between the equal-sign lines is my largest concern. > > # MailScanner --lint > Trying to setlogsock(unix) > Read 854 hostnames from the phishing whitelist > Read 9068 hostnames from the phishing blacklists > Checking version numbers... > Version number in MailScanner.conf (4.77.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > I have found clamavmodule scanners installed, and will use them all by default. > Connected to processing-messages database > Created processing-messages database successfully > There are 0 messages in the processing-messages database > Using locktype = posix > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamavmodule > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/ > ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com > Virus Scanning: ClamAVModule found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > > -- > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > From MailScanner at ecs.soton.ac.uk Fri May 29 15:47:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri May 29 16:27:19 2009 Subject: Losing My IP In-Reply-To: <4A1FE40E.6090302@gmail.com> References: <4A1FE40E.6090302@gmail.com> <4A1FF59B.1050702@ecs.soton.ac.uk> Message-ID: Are you running Postfix with 4.76? If so, upgrade to 4.77.7. It will turn into a stable release on Monday morning, and I don't intend to change the code between now and then unless there's either something very minor or very urgent. Jules. On 29/05/2009 14:33, Ed Bruce wrote: > We've been rapidly virtualizing many severs, all Windows based. > Finally decided its time to virtualize a Linux server so we chose our > email gateways. Not a lot of load or disk activity. Ran the VMWare p2v > client and we were good to go or at least I thought so. With all the > image spam we've been hit with I installed Sanesecurity, which has > greatly helped reduce it, but is getting a few false positives. As > best I can tell any rules that reference IP address, say 127.0.0.1 > don't get applied because it appears that MailScanner is seeing all > email as coming from 0.0.0.0. > > Any ideas what I need to fix to get back my IP. > > May 29 09:08:48 mail4 postfix/smtpd[14688]: 722F085EC5: > client=mail1.hpmich.com[*192.168.30.72*] > May 29 09:09:24 mail4 postfix/cleanup[15443]: 722F085EC5: hold: header > Received: from mail1.hpmich.com (mail1.hpmich.com [192.168.30.72])??by > mail4.hpmich.com (Postfix) with ESMTP id 722F085EC5??for > ; Fri, 29 May 2009 09:08:38 -0400 (EDT) from > mail1.hpmich.com[192.168.30.72]; from= > to= proto=ESMTP helo= > May 29 09:09:24 mail4 postfix/cleanup[15443]: 722F085EC5: > message-id=<20090529130848.722F085EC5@mail4.hpmich.com> > May 29 09:09:24 mail4 MailScanner[13338]: Saved archive copies of > 722F085EC5.AF247 > May 29 09:09:25 mail4 MailScanner[13338]: Message 722F085EC5.AF247 > from *0.0.0.0* (ebruce@hpmich.com) to hpmich.com is not spam, > SpamAssassin (not cached, score=1.836, required 5.3, AWL -0.81, > BAYES_50 2.65) > May 29 09:09:29 mail4 MailScanner[13338]: Requeue: 722F085EC5.AF247 to > DFE4F85EC6 > May 29 09:09:29 mail4 MailScanner[13338]: Logging message > 722F085EC5.AF247 to SQL > May 29 09:09:29 mail4 MailScanner[13341]: 722F085EC5.AF247: Logged to > MailWatch SQL > May 29 09:09:29 mail4 postfix/smtp[16039]: DFE4F85EC6: > to=, relay=x.x.x[x.x.x.x]:25, delay=51, > delays=51/0/0/0.01, dsn=2.6.0, status=sent (250 2.6.0 > <20090529130848.722F085EC5@mail4.hpmich.com> Queued mail for delivery) > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri May 29 16:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 16:31:38 2009 Subject: normal output: SpamAssassin --lint In-Reply-To: References: Message-ID: Robert Lopez wrote on Fri, 29 May 2009 07:27:51 -0600: > The part between the equal-sign lines is my largest concern. This is not "SpamAssassin --lint". Why do you think there should be any concern? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri May 29 16:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 16:31:39 2009 Subject: Moving Bayes database to tmps In-Reply-To: <4A72D700-EAA6-47E2-BEB8-7FDBFA9AFC69@rtpty.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> <4A1FD3CF.1090005@tradoc.fr> <3e1809420905290532s34e3ab32j467a1e5b71c49759@mail.gmail.com> <4A72D700-EAA6-47E2-BEB8-7FDBFA9AFC69@rtpty.com> Message-ID: Alex Neuman van der Hans wrote on Fri, 29 May 2009 08:27:25 -0500: > What would be a way to cp the database that would be "safe" - in the > sense that we'd have to make sure it's not being written to at the time? I'm quite sure that a simple copy is safe enough. It's a dbm database. If you want to be absolutely sure you can use the bayes_journal for writing (not sure if it is enabled by default). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri May 29 16:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri May 29 16:31:40 2009 Subject: Moving Bayes database to tmps In-Reply-To: <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: Zaeem Arshad wrote on Fri, 29 May 2009 18:11:17 +0600: > bayes_seen 21M > bayes_toks 9.3M > > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 131710 0 non-token data: nspam > 0.000 0 40140 0 non-token data: nham > 0.000 0 469228 0 non-token data: ntokens I forgot to look at these data. These are low figures. If you already have a performance problem, then not because of Bayes. As I said I'm sure going to SQL is better than using tmpfs. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rlopezcnm at gmail.com Fri May 29 17:06:09 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri May 29 17:06:20 2009 Subject: normal output: SpamAssassin --lint In-Reply-To: References: Message-ID: Thanks to all who responded. Kai, I was only concerned because I did not know why those lines were so highlighted. I suspected maybe the highlighting was pointing out a problem. Now I know it is fine. On Fri, May 29, 2009 at 9:31 AM, Kai Schaetzl wrote: > Robert Lopez wrote on Fri, 29 May 2009 07:27:51 -0600: > >> The part between the equal-sign lines is my largest concern. > > This is not "SpamAssassin --lint". > Why do you think there should be any concern? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From alex at rtpty.com Fri May 29 17:21:06 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri May 29 17:21:21 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: What would you say is the best tutorial or faq page on how to go about switching bayes to sql? On May 29, 2009, at 10:31 AM, Kai Schaetzl wrote: > As I said I'm sure going > to SQL is better than using tmpfs. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From theodrake.mailscanner at gmail.com Fri May 29 18:19:00 2009 From: theodrake.mailscanner at gmail.com (Ed Bruce) Date: Fri May 29 18:19:12 2009 Subject: Losing My IP In-Reply-To: References: <4A1FE40E.6090302@gmail.com> <4A1FF59B.1050702@ecs.soton.ac.uk> Message-ID: <4A201904.7060203@gmail.com> Julian Field wrote: > Are you running Postfix with 4.76? If so, upgrade to 4.77.7. It will > turn into a stable release on Monday morning, and I don't intend to > change the code between now and then unless there's either something > very minor or very urgent. > > Jules. Yes I was and have upgraded to 4.77.7. It appears to be working well. From simonmjones at gmail.com Sat May 30 11:04:33 2009 From: simonmjones at gmail.com (Simon Jones) Date: Sat May 30 11:04:42 2009 Subject: Losing My IP In-Reply-To: <4A201904.7060203@gmail.com> References: <4A1FE40E.6090302@gmail.com> <4A1FF59B.1050702@ecs.soton.ac.uk> <4A201904.7060203@gmail.com> Message-ID: <70572c510905300304o4fb08fdah4b177956f52c5443@mail.gmail.com> 2009/5/29 Ed Bruce : > Julian Field wrote: >> >> Are you running Postfix with 4.76? If so, upgrade to 4.77.7. It will turn >> into a stable release on Monday morning, and I don't intend to change the >> code between now and then unless there's either something very minor or very >> urgent. >> >> Jules. > > Yes I was and have upgraded to 4.77.7. It appears to be working well. > -- I'm running vs on Xen - works a treat, you need the pv drivers for uber speed but I'd recommend it - very stable! From chauhananshul at gmail.com Sat May 30 12:20:04 2009 From: chauhananshul at gmail.com (Anshul Chauhan) Date: Sat May 30 12:20:34 2009 Subject: Mailscaaner not delivering mails just queuing them In-Reply-To: <2a3578a60905280601j209bf5a2v2e645994830312e9@mail.gmail.com> References: <2a3578a60905280601j209bf5a2v2e645994830312e9@mail.gmail.com> Message-ID: <2a3578a60905300420m1031597fj74e7aa390a8ea6e1@mail.gmail.com> while debug it shows this error [root@antispam ~]# MailScanner -Debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 30 messages. Stopping now as you are debugging me. Plz help Warm Regards, Anshul Chauhan "Dream is not what you see while sleep, it's the thing that does not let you sleep." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090530/930f6879/attachment.html From maillists at conactive.com Sat May 30 12:52:51 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat May 30 12:53:08 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: Alex Neuman van der Hans wrote on Fri, 29 May 2009 11:21:06 -0500: > What would you say is the best tutorial or faq page on how to go about > switching bayes to sql? wiki.spamassassin.org in short from my notes: sa-learn --backup > /home/spamd/backup.txt create mysql-DB according to the sa instructions sa-learn --restore /home/spamd/backup.txt Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat May 30 12:52:51 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat May 30 12:53:09 2009 Subject: Problem with SQLite detection In-Reply-To: References: <4A1FA718.7000408@ecs.soton.ac.uk> <4A1FC306.6070006@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Fri, 29 May 2009 12:12:06 +0100: > I have released 4.77.7 which includes the improvements I have mentioned > above, which you may want to try it to see if you think it is good > enough or needs further work. Can confirm that all works fine in this release. I wasn't able to test the error messages and --lint behavior yet. Thanks for the ::VERSION info. Hadn't been working with Perl for quite some time and had completely forgotten that I have to reference the Module like $Module after the require. Took a while to realize that before I got usable output. Just had time to test this on a copied VM. Newer versions of DBD::SQLite need a DBI version of at least 1.57. The rpmforge package *does* include this requirement. However, CentOS includes DBI 1.52 and doesn't provide newer versions. As a good administrator I'm using yum priorities and thus the software is locked at the CentOS version. I would think that yum should not have upgraded perl-DBD-SQLite if it cannot fulfill the requirement of perl-DBI >= 1.57. I will follow this up on the CentOS list whether it has to be reported as a bug. So, for anyone using rpmforge modules on CentOS/RHEL instead of your packages: - either exclude perl-DBD-SQLite in the rpmforge repo (MailScanner works fine with 1.14) - or exclude perl-DBI* from the CentOS base and updates repos (this will update to DBI 1.607 plus two dependencies, works fine) (Btw, this was the first time in years there occurred a problem with using only the rpmforge perl modules). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat May 30 12:52:51 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat May 30 12:53:10 2009 Subject: normal output: SpamAssassin --lint In-Reply-To: References: Message-ID: Robert Lopez wrote on Fri, 29 May 2009 10:06:09 -0600: > Kai, I was only concerned because I did not know why those lines were > so highlighted. I suspected maybe the highlighting was pointing out a > problem. Now I know it is fine. It's not a highlight, it's a ruler. It's direct virusscanner output. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From paulo-m-roncon at ptinovacao.pt Sat May 30 17:11:28 2009 From: paulo-m-roncon at ptinovacao.pt (Paulo Roncon) Date: Sat May 30 17:11:59 2009 Subject: question with greylisting Message-ID: Hello, I've installed the rpm milter-greylist and i'm running it. The only messages that I see in my maillog are: May 30 17:14:12 papagaio sendmail[5158]: n4UGE76o005158: Milter add: header: X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.0 (localhost.localdomain [192.168.89.11] I'm I doing anything wrong? It dont seens that its doing anything... I've used the guide in the maillscanner site. Can you post a sample config? thanks From eli at orbsky.homelinux.org Sat May 30 18:00:33 2009 From: eli at orbsky.homelinux.org (Eli Wapniarski) Date: Sat May 30 18:01:02 2009 Subject: question with greylisting In-Reply-To: References: Message-ID: <200905302000.33665.eli@orbsky.homelinux.org> At the bottom of /etc/mail/greylist.conf you should have something that reads like the following. Please note that bottom line. This is the acces control list rule for greylisting. Make sure that its not commented out and it actually is there? # And here is the access list acl whitelist list "my network" acl whitelist list "broken mta" acl whitelist list "trusted external mail servers" acl whitelist list "trusted addresses" #acl greylist list "grey users" dnsrbl "SORBS DUN" delay 24h autowhite 3d acl greylist default delay 5m autowhite 1d Eli On Saturday 30 May 2009 19:11:28 Paulo Roncon wrote: > Hello, > > I've installed the rpm milter-greylist and i'm running it. > The only messages that I see in my maillog are: > > May 30 17:14:12 papagaio sendmail[5158]: n4UGE76o005158: Milter add: header: X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-3.0 (localhost.localdomain [192.168.89.11] > > I'm I doing anything wrong? It dont seens that its doing anything... I've used the guide in the maillscanner site. > Can you post a sample config? > > thanks-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Sat May 30 20:10:55 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sat May 30 20:11:04 2009 Subject: Mailscaaner not delivering mails just queuing them In-Reply-To: <2a3578a60905300420m1031597fj74e7aa390a8ea6e1@mail.gmail.com> References: <2a3578a60905280601j209bf5a2v2e645994830312e9@mail.gmail.com> <2a3578a60905300420m1031597fj74e7aa390a8ea6e1@mail.gmail.com> Message-ID: <72cf361e0905301210m357be03u8a40d4de271afc11@mail.gmail.com> hmm something' not right what does MailScanner -lint and MailScanner -v show? 2009/5/30 Anshul Chauhan > while debug it shows this error > > > [root@antispam ~]# MailScanner -Debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > Have a batch of 30 messages. > Stopping now as you are debugging me. > > Plz help > > > > Warm Regards, > Anshul Chauhan > "Dream is not what you see while sleep, it's the thing that does not let > you sleep." > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090530/828beb33/attachment.html From simon at kmun.gov.kw Sun May 31 10:54:59 2009 From: simon at kmun.gov.kw (Benedict simon) Date: Sun May 31 10:32:13 2009 Subject: advice on upgrade In-Reply-To: References: Message-ID: > on 5-24-2009 5:32 AM Benedict simon spake the following: >> Dear All, >> >> I Have the following setup running fine for about a year or so on a >> single server. >> >> Centos 5 (final) > Is this really only at CentOS 5, or is it patched to 5.3? > >> DNS bind-9.3.4-6.0.2.P1.el5_2 as my DNS server >> sendmail-8.13.8-2.el5 as my mail server >> MailScanner ver 4.66.5 >> jules easy package Clam-0.92-SA-3.2.4 >> pyzor-0.4.0 >> razor-agents-2.84 >> mailwatch-1.0.4 >> httpd-2.2.3-11.el5_1 >> >> all the above is working fine . >> >> now i would like to upgrade to the latest MS stable version and also the >> stable clamav 0.94 and SA 3.2.5 package >> >> since this is live server i would highly appreciate if could get some >> advice >> and steps about upgrading the MS version to the latest stable version >> and >> also the other required packages >> basically i would >> >> 1) stop sendmail and mailscanner >> 2) download and install jules latest ClamAV 0.95.1 and SpamAssassin >> 3.2.5 >> easy installation package) >> 3) download and install mailscanner(4.76.25-1) > > I would download them first so your system isn't down as long. I think I > would > also use clamav from rpmforge so it is easier to run clamd instead of > clamscan > or the clam perl module. >> 4) run command upgrade_MailScanner_conf >> 5) run command upgrade_language_conf > You really want to see if there is a new languages.conf file before > running > this, as it will leave you a blank one if you aren't careful. >> >> just want to know if latest clam av + SA will run on my current OS or do >> i >> have to upgrade any OS related files > If you have run yum update on that system it should be at 5.3. If you > haven't > updated it, you run many risks of kernel vulnerabilities and other access > paths for the internet vermin to move in. >> >> MS was installed from tar.gz package > Installed from tar.gz, or from rpm.tar.gz=? There is a big difference. >> Thanks scott for ur quick reply Actually before your email I already did upgrade my mailscanner actually i jus did download and install the jules Mailscanner and clamva+spamm assain package for the website stoped mailscanner and then jus did a Service mailScanner startin ran the upgrade_MailScanner_conf n upgrade_language_conf commands and everything worked like a charm. actually b4 i did the upgrade i jus made a discopy of my current hdd with clonezilla for safety 2) i tried upgrading with yum update but it as giving me errors with perl modules regarding conflicts .. and googling arround i found these could be cause of rpms installed from other sources . jus googling arround to find some way for the OS upgrade thanks and regards simon >> >> Thanks and really would appreciate your advice >> >> regards >> >> >> simon >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun May 31 17:17:13 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 31 17:17:40 2009 Subject: New feature - hostname lookups in rulesets References: <4A22AD89.60702@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just added a new feature which I hope you will find useful. It struck me that it has always been really awkward to have to use IP addresses in the "From:" lines in rulesets, and wouldn't it be a lot easier to be able to use hostnames or domain names, with wildcards, and stuff like that. So now you can. You just put "host:" at the start of the hostname or domain name (or wildcard or regexp or whatever) and it matches it against the hostname of the SMTP client that sent the message to MailScanner. So you can now do rules such as these: From: host:localhost.localdomain yes From: host:mail.mydomain.com yes From: host:mailgate*.soton.ac.uk yes From: host:soton.ac.uk yes From: host:ac.uk yes From: host:example.* yes From: host:/\.(de|dk|es)$/ yes and all sorts of things like that. I hope you find this useful, particularly those where who have to live in a world of dynamic IP addresses for their machines. This will be in the stable release tomorrow, but I don't consider this feature itself to be "stable" quite yet, as I only just wrote it. However, it shouldn't interfere with anything else. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKIq2MEfZZRxQVtlQRAonaAKDXPUzKZU4+g4pEJb+GT8VtJhICUACgoEym 5BQtUFJRDvsgutWEIJ1ZURc= =ZkcA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sun May 31 20:41:52 2009 From: alex at rtpty.com (Alex Neuman) Date: Sun May 31 20:42:02 2009 Subject: New feature - hostname lookups in rulesets In-Reply-To: References: <4A22AD89.60702@ecs.soton.ac.uk> Message-ID: <24e3d2e40905311241w763c0c2fwdeb910a4e03e4cf7@mail.gmail.com> Wow! This means we can whitelist (gasp!) *blackberry.com and things like that! I suggest you add to the description on the comments on the MailScanner.conf file that it's imperative - for performance reasons, besides the fact that it's A Good Idea (tm), that people run their own local caching nameserver. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090531/89fc83e2/attachment.html From alex at rtpty.com Sun May 31 20:43:19 2009 From: alex at rtpty.com (Alex Neuman) Date: Sun May 31 20:43:29 2009 Subject: Moving Bayes database to tmps In-Reply-To: References: <3e1809420905290310y71f17fdaufb59bebb37906e64@mail.gmail.com> <3e1809420905290511md625e45v5d2819464922d730@mail.gmail.com> Message-ID: <24e3d2e40905311243q7890d616xb6e026f53ba1875a@mail.gmail.com> Thanks! On Sat, May 30, 2009 at 6:52 AM, Kai Schaetzl wrote: > Alex Neuman van der Hans wrote on Fri, 29 May 2009 11:21:06 -0500: > > > What would you say is the best tutorial or faq page on how to go about > > switching bayes to sql? > > wiki.spamassassin.org > in short from my notes: > sa-learn --backup > /home/spamd/backup.txt > create mysql-DB according to the sa instructions > sa-learn --restore /home/spamd/backup.txt > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090531/65f14eb8/attachment.html From MailScanner at ecs.soton.ac.uk Sun May 31 20:59:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun May 31 20:59:56 2009 Subject: New feature - hostname lookups in rulesets In-Reply-To: <24e3d2e40905311241w763c0c2fwdeb910a4e03e4cf7@mail.gmail.com> References: <4A22AD89.60702@ecs.soton.ac.uk> <24e3d2e40905311241w763c0c2fwdeb910a4e03e4cf7@mail.gmail.com> <4A22E1A4.9060305@ecs.soton.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31/05/2009 20:41, Alex Neuman wrote: > Wow! This means we can whitelist (gasp!) *blackberry.com > and things like that! You'll just need to do From: host:blackberry.com yes which will do the job. > > I suggest you add to the description on the comments on the > MailScanner.conf file that it's imperative - for performance reasons, > besides the fact that it's A Good Idea (tm), that people run their own > local caching nameserver. True enough, I should do that. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.10.0 (Build 500) Comment: Use PGP or Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFKIuGmEfZZRxQVtlQRAjh8AKCIFj/LlWIUudyJC9HxjZCxjxeSzQCdGX3n ZGw9AeqQCytdtZahW/wB5XE= =f1Jk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.welsh.3 at googlemail.com Sun May 31 21:28:05 2009 From: paul.welsh.3 at googlemail.com (Paul Welsh) Date: Sun May 31 21:28:25 2009 Subject: RTF attachment spam In-Reply-To: <200903151201.n2FC0QDC023254@safir.blacknight.ie> References: <200903151201.n2FC0QDC023254@safir.blacknight.ie> Message-ID: <403A16EC40204967A10868208E24A904@DFXG7G1J> Had a few of these today; message containing an RTF attachment of under 1k and no message body. Rather like the png attachment spam that I started noticing in earnest a few weeks ago. Anyone know of a good spamassassin rule to detect these? From alex at rtpty.com Sun May 31 21:58:32 2009 From: alex at rtpty.com (Alex Neuman) Date: Sun May 31 21:58:44 2009 Subject: RTF attachment spam In-Reply-To: <403A16EC40204967A10868208E24A904@DFXG7G1J> References: <200903151201.n2FC0QDC023254@safir.blacknight.ie> <403A16EC40204967A10868208E24A904@DFXG7G1J> Message-ID: <24e3d2e40905311358l66c1ebdaod343c444b509b8ee@mail.gmail.com> You *could* ban RTF's, since almost nobody uses them. But you will get the occasional PHB that will protest. On Sun, May 31, 2009 at 3:28 PM, Paul Welsh wrote: > Had a few of these today; message containing an RTF attachment of under 1k > and no message body. Rather like the png attachment spam that I started > noticing in earnest a few weeks ago. > > Anyone know of a good spamassassin rule to detect these? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090531/43bf723d/attachment.html