From maillists at conactive.com Mon Feb 1 00:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 1 00:31:34 2010 Subject: Replace Attachment's based on total size In-Reply-To: <4B65D22B.4000801@markusoft.se> References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> <4B6492C9.2040301@huenerberg.net> <4B65D22B.4000801@markusoft.se> Message-ID: Please do not reply to a thread with a new question. If you have a new question, please use the "new message" button and not "Reply". Thanks. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Mon Feb 1 09:29:48 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 1 09:30:06 2010 Subject: MailScanner ANNOUNCE: 4.79 stable released References: <4B669F0C.1040706@ecs.soton.ac.uk> Message-ID: I have just released a new stable version of MailScanner, version 4.79.11. The main changes and improvements this time around are: - If the clamd daemon or the F-Prot daemon are unreachable then if *all* the configured virus scanners cannot be reached then no mail is virus-scanned and delivered. The previous behaviour was that the mail would still be delivered and logged in this situation. Now it will not deliver any message that could be infected but could not be scanned. - Changed behaviour of "Reject Message". It is now a "First match" rule and not an "All matches" rule. The first matching rule in the ruleset will determine the result. - Fixed lots of taint-related issues. - Fixed important bug in ClamAV output parser (only affects "clamav" and not "clamd" or "clamavmodule"). - Fixed UnpackZip taint problem, affecting processing of *.docx files. So nothing too major this time around, but it is the first stable release in a while. Download from www.mailscanner.info as usual. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Mon Feb 1 13:16:30 2010 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Feb 1 13:16:50 2010 Subject: MailScanner ANNOUNCE: 4.79 stable released In-Reply-To: References: <4B669F0C.1040706@ecs.soton.ac.uk> Message-ID: Julian, Were there any changes other than version number since 4.79.10-1, the last beta? I don't see any in the ChangeLog... Jeff Earickson Colby College On Mon, 1 Feb 2010, Julian Field wrote: > Date: Mon, 01 Feb 2010 09:29:48 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion , > MailScanner-Announce mailing list list > > Subject: MailScanner ANNOUNCE: 4.79 stable released > > I have just released a new stable version of MailScanner, version 4.79.11. From MailScanner at ecs.soton.ac.uk Mon Feb 1 13:38:22 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 1 13:38:40 2010 Subject: MailScanner ANNOUNCE: 4.79 stable released In-Reply-To: References: <4B669F0C.1040706@ecs.soton.ac.uk> <4B66D94E.5020804@ecs.soton.ac.uk> Message-ID: No, there weren't. On 01/02/2010 13:16, Jeff A. Earickson wrote: > Julian, > > Were there any changes other than version number since 4.79.10-1, the > last > beta? I don't see any in the ChangeLog... > > Jeff Earickson > Colby College > > On Mon, 1 Feb 2010, Julian Field wrote: >> Date: Mon, 01 Feb 2010 09:29:48 +0000 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion , >> MailScanner-Announce mailing list list >> >> Subject: MailScanner ANNOUNCE: 4.79 stable released >> >> I have just released a new stable version of MailScanner, version >> 4.79.11. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dcurtis at sbschools.net Mon Feb 1 14:44:02 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Feb 1 14:53:21 2010 Subject: stripped attachments In-Reply-To: <235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> <235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry> Message-ID: <73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> I had it set for replace and this is where it fails. If I change it to no it works. I have not tried add, but I thought I was reading it correctly and that is why I had it as replace. It had been working no issue until lately. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Friday, January 29, 2010 3:32 PM To: MailScanner discussion Subject: Re: stripped attachments Clam isn't touching it. Leave "replace" alone or have it add the attachment, otherwise you're asking MS to remove the attachment. By saying "use the attachment that came in microsoft's bogus tnef format equals no" you are actually asking for the bogus attachment to be removed. Perhaps the wording of the option or the explanatory text could be improved. I can see how non-English-speaking admins might misunderstand the option's purpose or effect. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Date: Fri, 29 Jan 2010 15:18:05 To: Subject: RE: stripped attachments -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From alex at rtpty.com Mon Feb 1 15:09:58 2010 From: alex at rtpty.com (Alex Neuman) Date: Mon Feb 1 15:10:13 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> <235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry> <73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> Message-ID: <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com> If you change it to "no" it doesn't work, it removes the attachment. Leave it as "replace" but change your tnef handler or update your MS installation. That and get rid of the forced setting on the exchange server since that's going to bring you more headaches down the line. On Feb 1, 2010, at 9:44 AM, wrote: > I had it set for replace and this is where it fails. If I change it to > no it works. I have not tried add, but I thought I was reading it > correctly and that is why I had it as replace. It had been working no > issue until lately. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Friday, January 29, 2010 3:32 PM > To: MailScanner discussion > Subject: Re: stripped attachments > > Clam isn't touching it. Leave "replace" alone or have it add the > attachment, otherwise you're asking MS to remove the attachment. By > saying "use the attachment that came in microsoft's bogus tnef format > equals no" you are actually asking for the bogus attachment to be > removed. > > Perhaps the wording of the option or the explanatory text could be > improved. I can see how non-English-speaking admins might misunderstand > the option's purpose or effect. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: > Date: Fri, 29 Jan 2010 15:18:05 > To: > Subject: RE: stripped attachments > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From dcurtis at sbschools.net Mon Feb 1 18:00:16 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Feb 1 18:13:21 2010 Subject: stripped attachments In-Reply-To: <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net><235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com> Message-ID: <73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net> Somewhere along the way I have confused you or I am confused. When I have mailscanner set to replace it kills the attachment, when it is set to no it leaves the attachment alone. I have not tried add yet. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Monday, February 01, 2010 10:10 AM To: MailScanner discussion Subject: Re: stripped attachments If you change it to "no" it doesn't work, it removes the attachment. Leave it as "replace" but change your tnef handler or update your MS installation. That and get rid of the forced setting on the exchange server since that's going to bring you more headaches down the line. On Feb 1, 2010, at 9:44 AM, wrote: > I had it set for replace and this is where it fails. If I change it to > no it works. I have not tried add, but I thought I was reading it > correctly and that is why I had it as replace. It had been working no > issue until lately. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Friday, January 29, 2010 3:32 PM > To: MailScanner discussion > Subject: Re: stripped attachments > > Clam isn't touching it. Leave "replace" alone or have it add the > attachment, otherwise you're asking MS to remove the attachment. By > saying "use the attachment that came in microsoft's bogus tnef format > equals no" you are actually asking for the bogus attachment to be > removed. > > Perhaps the wording of the option or the explanatory text could be > improved. I can see how non-English-speaking admins might misunderstand > the option's purpose or effect. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: > Date: Fri, 29 Jan 2010 15:18:05 > To: > Subject: RE: stripped attachments > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 1 19:01:57 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Feb 1 19:02:19 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net><235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com> <73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net> <4B672525.2000700@ecs.soton.ac.uk> Message-ID: With it set to "replace", it should indeed kill the winmail.dat attachment but it should replace it with the real file attachments that were encoded within it. "TNEF" is an attachment encapsulation format invented by Microsoft because they couldn't just be bothered to follow the same standards as everyone else. Your best bet long term is to stop your Exchange Server generating any TNEF in the first place. The only email application in the world that can read it is Outlook, so no-one using any other email application can even read your attachments at all. Is that replacement process happening properly, or are you being left with no attachments at all? What is your "TNEF Expander" set to in MailScanner.conf? If it is set to some /usr/bin/tnef command-line, do you have the tnef binary installed properly? What operating system and distribution are you running on? If it is set to "internal" then does "MailScanner -v" report that you have the TNEF perl module properly installed? If so, what version number of the TNEF perl module? If you have it set to some /usr/bin/tnef command-line, then change it to the single word "internal" so it says TNEF Expander = internal If you have it set to "internal" then replace it with /usr/bin/tnef so it says TNEF Expander = /usr/bin/tnef --maxsize=100000000 Then retry your messages with this new setup (after doing a "service MailScanner reload" to make it re-read the new configuration). Does it behave any differently now? Jules. On 01/02/2010 18:00, dcurtis@sbschools.net wrote: > Somewhere along the way I have confused you or I am confused. When I > have mailscanner set to replace it kills the attachment, when it is set > to no it leaves the attachment alone. I have not tried add yet. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman > Sent: Monday, February 01, 2010 10:10 AM > To: MailScanner discussion > Subject: Re: stripped attachments > > If you change it to "no" it doesn't work, it removes the attachment. > Leave it as "replace" but change your tnef handler or update your MS > installation. > That and get rid of the forced setting on the exchange server since > that's going to bring you more headaches down the line. > > On Feb 1, 2010, at 9:44 AM, > wrote: > > >> I had it set for replace and this is where it fails. If I change it to >> no it works. I have not tried add, but I thought I was reading it >> correctly and that is why I had it as replace. It had been working no >> issue until lately. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex >> Neuman van der Hans >> Sent: Friday, January 29, 2010 3:32 PM >> To: MailScanner discussion >> Subject: Re: stripped attachments >> >> Clam isn't touching it. Leave "replace" alone or have it add the >> attachment, otherwise you're asking MS to remove the attachment. By >> saying "use the attachment that came in microsoft's bogus tnef format >> equals no" you are actually asking for the bogus attachment to be >> removed. >> >> Perhaps the wording of the option or the explanatory text could be >> improved. I can see how non-English-speaking admins might >> > misunderstand > >> the option's purpose or effect. >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> >> >> -----Original Message----- >> From: >> Date: Fri, 29 Jan 2010 15:18:05 >> To: >> Subject: RE: stripped attachments >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> ______________________________________________________________ >> ______________________________________________________________ >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, ClamAV and Bitdefender and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dcurtis at sbschools.net Mon Feb 1 19:26:51 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Feb 1 19:33:44 2010 Subject: stripped attachments In-Reply-To: References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net><235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com><73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net><4B672525.2000700@ecs.soton.ac.uk> Message-ID: <73461DFCD2207F44A16F136A4619554547317B@exchange2.sbschools.net> Replace is causing the problem it strips the attachemt(s) entirely. It had been doing as you state, killing the winmail.dat and leaving the attachments but it is now deleting both. Yes with No set I still have the winmail.dat. I will look into changing Exchange to no do that. I have 0.17 Convert::TNEF showing with MailScanner --v Linux spamfilter.sbschools.net 2.6.18-128.2.1.el5PAE #1 SMP Tue Jul 14 07:15:01 EDT 2009 i686 i686 i386 GNU/Linux This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.76.25 I will test it as instructed as soon as I can get some test messages together. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Monday, February 01, 2010 2:02 PM To: MailScanner discussion Subject: Re: stripped attachments With it set to "replace", it should indeed kill the winmail.dat attachment but it should replace it with the real file attachments that were encoded within it. "TNEF" is an attachment encapsulation format invented by Microsoft because they couldn't just be bothered to follow the same standards as everyone else. Your best bet long term is to stop your Exchange Server generating any TNEF in the first place. The only email application in the world that can read it is Outlook, so no-one using any other email application can even read your attachments at all. Is that replacement process happening properly, or are you being left with no attachments at all? What is your "TNEF Expander" set to in MailScanner.conf? If it is set to some /usr/bin/tnef command-line, do you have the tnef binary installed properly? What operating system and distribution are you running on? If it is set to "internal" then does "MailScanner -v" report that you have the TNEF perl module properly installed? If so, what version number of the TNEF perl module? If you have it set to some /usr/bin/tnef command-line, then change it to the single word "internal" so it says TNEF Expander = internal If you have it set to "internal" then replace it with /usr/bin/tnef so it says TNEF Expander = /usr/bin/tnef --maxsize=100000000 Then retry your messages with this new setup (after doing a "service MailScanner reload" to make it re-read the new configuration). Does it behave any differently now? Jules. On 01/02/2010 18:00, dcurtis@sbschools.net wrote: > Somewhere along the way I have confused you or I am confused. When I > have mailscanner set to replace it kills the attachment, when it is set > to no it leaves the attachment alone. I have not tried add yet. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman > Sent: Monday, February 01, 2010 10:10 AM > To: MailScanner discussion > Subject: Re: stripped attachments > > If you change it to "no" it doesn't work, it removes the attachment. > Leave it as "replace" but change your tnef handler or update your MS > installation. > That and get rid of the forced setting on the exchange server since > that's going to bring you more headaches down the line. > > On Feb 1, 2010, at 9:44 AM, > wrote: > > >> I had it set for replace and this is where it fails. If I change it to >> no it works. I have not tried add, but I thought I was reading it >> correctly and that is why I had it as replace. It had been working no >> issue until lately. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex >> Neuman van der Hans >> Sent: Friday, January 29, 2010 3:32 PM >> To: MailScanner discussion >> Subject: Re: stripped attachments >> >> Clam isn't touching it. Leave "replace" alone or have it add the >> attachment, otherwise you're asking MS to remove the attachment. By >> saying "use the attachment that came in microsoft's bogus tnef format >> equals no" you are actually asking for the bogus attachment to be >> removed. >> >> Perhaps the wording of the option or the explanatory text could be >> improved. I can see how non-English-speaking admins might >> > misunderstand > >> the option's purpose or effect. >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> >> >> -----Original Message----- >> From: >> Date: Fri, 29 Jan 2010 15:18:05 >> To: >> Subject: RE: stripped attachments >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> ______________________________________________________________ >> ______________________________________________________________ >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, ClamAV and Bitdefender and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Mon Feb 1 20:40:05 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Feb 1 20:42:19 2010 Subject: stripped attachments In-Reply-To: References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net><235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com><73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net><4B672525.2000700@ecs.soton.ac.uk> Message-ID: <73461DFCD2207F44A16F136A46195545473189@exchange2.sbschools.net> Making the change (TNEF Expander = /usr/bin/tnef --maxsize=100000000) with replace so far is working. I have another user I am waiting to test with. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Monday, February 01, 2010 2:02 PM To: MailScanner discussion Subject: Re: stripped attachments With it set to "replace", it should indeed kill the winmail.dat attachment but it should replace it with the real file attachments that were encoded within it. "TNEF" is an attachment encapsulation format invented by Microsoft because they couldn't just be bothered to follow the same standards as everyone else. Your best bet long term is to stop your Exchange Server generating any TNEF in the first place. The only email application in the world that can read it is Outlook, so no-one using any other email application can even read your attachments at all. Is that replacement process happening properly, or are you being left with no attachments at all? What is your "TNEF Expander" set to in MailScanner.conf? If it is set to some /usr/bin/tnef command-line, do you have the tnef binary installed properly? What operating system and distribution are you running on? If it is set to "internal" then does "MailScanner -v" report that you have the TNEF perl module properly installed? If so, what version number of the TNEF perl module? If you have it set to some /usr/bin/tnef command-line, then change it to the single word "internal" so it says TNEF Expander = internal If you have it set to "internal" then replace it with /usr/bin/tnef so it says TNEF Expander = /usr/bin/tnef --maxsize=100000000 Then retry your messages with this new setup (after doing a "service MailScanner reload" to make it re-read the new configuration). Does it behave any differently now? Jules. On 01/02/2010 18:00, dcurtis@sbschools.net wrote: > Somewhere along the way I have confused you or I am confused. When I > have mailscanner set to replace it kills the attachment, when it is set > to no it leaves the attachment alone. I have not tried add yet. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman > Sent: Monday, February 01, 2010 10:10 AM > To: MailScanner discussion > Subject: Re: stripped attachments > > If you change it to "no" it doesn't work, it removes the attachment. > Leave it as "replace" but change your tnef handler or update your MS > installation. > That and get rid of the forced setting on the exchange server since > that's going to bring you more headaches down the line. > > On Feb 1, 2010, at 9:44 AM, > wrote: > > >> I had it set for replace and this is where it fails. If I change it to >> no it works. I have not tried add, but I thought I was reading it >> correctly and that is why I had it as replace. It had been working no >> issue until lately. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex >> Neuman van der Hans >> Sent: Friday, January 29, 2010 3:32 PM >> To: MailScanner discussion >> Subject: Re: stripped attachments >> >> Clam isn't touching it. Leave "replace" alone or have it add the >> attachment, otherwise you're asking MS to remove the attachment. By >> saying "use the attachment that came in microsoft's bogus tnef format >> equals no" you are actually asking for the bogus attachment to be >> removed. >> >> Perhaps the wording of the option or the explanatory text could be >> improved. I can see how non-English-speaking admins might >> > misunderstand > >> the option's purpose or effect. >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> >> >> -----Original Message----- >> From: >> Date: Fri, 29 Jan 2010 15:18:05 >> To: >> Subject: RE: stripped attachments >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> ______________________________________________________________ >> ______________________________________________________________ >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, ClamAV and Bitdefender and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ram at netcore.co.in Tue Feb 2 05:21:27 2010 From: ram at netcore.co.in (ram) Date: Tue Feb 2 05:21:42 2010 Subject: How do I block all attachments Message-ID: <1265088087.19504.8.camel@darkstar.netcore.co.in> One of my clients wishes to block *all* attachments for outgoing , due to security concerns How can I do this ? If I use postfix as an MTA , can I achieve this with a simple header checks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100202/71cf0e84/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 2 09:23:52 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 2 09:24:07 2010 Subject: How do I block all attachments In-Reply-To: <1265088087.19504.8.camel@darkstar.netcore.co.in> References: <1265088087.19504.8.camel@darkstar.netcore.co.in> <4B67EF28.4070602@ecs.soton.ac.uk> Message-ID: See # The maximum number of attachments allowed in a message before it is # considered to be an error. Some email systems, if bouncing a message # between 2 addresses repeatedly, add information about each bounce as # an attachment, creating a message with thousands of attachments in just # a few minutes. This can slow down or even stop MailScanner as it uses # all available memory to unpack these thousands of attachments. # This can also be the filename of a ruleset. Maximum Attachments Per Message = 200 and if that doesn't do what you want then there is this as well: # The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. # This can also be the filename of a ruleset, so you can have different # settings for different users. You might want to set this quite small for # large mailing lists so they don't get deluged by large attachments. Maximum Attachment Size = -1 I would probably advise trying "Maximum Attachment Size = 0" first, as the other setting's definition of an attachment is not quite as simple as I would like. On 02/02/2010 05:21, ram wrote: > One of my clients wishes to block *all* attachments for outgoing , due > to security concerns > How can I do this ? > If I use postfix as an MTA , can I achieve this with a simple header > checks > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Andrew.Chester at ukuvuma.co.za Tue Feb 2 11:59:01 2010 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Tue Feb 2 11:55:06 2010 Subject: Spam Ruleset Message-ID: Hi There We are using MailScanner as part of a mail gateway for incoming mail, and I would like to set up a ruleset on what to do when MailScanner finds spam - I want it to deliver the mail to certain domains, and bounce the rest, I've had a look at the examples in the rules directory, and from that I've set up the following in %rules-dir%/spam.actions.rules: To: *@domain.com deliver FromOrTo: default bounce Is that correct, do I need to include any other lines into the ruleset, or can I leave it with only the two lines above? I then set the "Spam Actions =" field in MailScanner.conf to the following: Spam Actions = %rules-dir%/spam.actions.rules Is that correct? I tried to set it to /usr/local/etc/MailScanner/rules/spam.actions.rules but then I get the error: "Your spam actions "/etc/MailScanner/rules/spam.actions.rules" looks like a filename. If this is a ruleset filename, it must end in .rule or .rules" in the maillog. It is a FreeBSD system. Any help would be greatly appreciated, thanks! Kind Regards, Andrew CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100202/287ef3c4/attachment.html From alex at rtpty.com Tue Feb 2 12:30:17 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Tue Feb 2 12:30:38 2010 Subject: Spam Ruleset In-Reply-To: References: Message-ID: <445036955-1265113821-cardhu_decombobulator_blackberry.rim.net-671896802-@bda942.bisx.prod.on.blackberry> Bouncing spam will easily triple your traffic. Please consider deleting it. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: "Andrew Chester" Date: Tue, 2 Feb 2010 13:59:01 To: Subject: Spam Ruleset -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Tue Feb 2 12:31:16 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 2 12:31:32 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A4619554547317B@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net> <73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> <235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry> <73461DFCD2207F44A16F136A46195545473163@exchange2.sbschools.net> <8ED66427-3C57-4818-A4ED-23A9EE515440@rtpty.com> <73461DFCD2207F44A16F136A46195545473173@exchange2.sbschools.net> <4B672525.2000700@ecs.soton.ac.uk> <73461DFCD2207F44A16F136A4619554547317B@exchange2.sbschools.net> Message-ID: Your MS and OS version is outdated. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From Andrew.Chester at ukuvuma.co.za Tue Feb 2 12:48:43 2010 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Tue Feb 2 12:44:42 2010 Subject: Spam Ruleset In-Reply-To: <445036955-1265113821-cardhu_decombobulator_blackberry.rim.net-671896802-@bda942.bisx.prod.on.blackberry> References: <445036955-1265113821-cardhu_decombobulator_blackberry.rim.net-671896802-@bda942.bisx.prod.on.blackberry> Message-ID: Ok, thanks for the advice - however the question of the ruleset still remains? Kind Regards, Andrew Chester +27 83 442 9025 andrew.chester@ukuvuma.co.za From: "Alex Neuman van der Hans" To: "MailScanner discussion" Date: 2010/02/02 02:40 PM Subject: Re: Spam Ruleset Sent by: mailscanner-bounces@lists.mailscanner.info Bouncing spam will easily triple your traffic. Please consider deleting it. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: "Andrew Chester" Date: Tue, 2 Feb 2010 13:59:01 To: Subject: Spam Ruleset -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100202/ed4424cb/attachment.html From nerijusb at dtiltas.lt Tue Feb 2 12:52:30 2010 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Feb 2 13:00:12 2010 Subject: postfix header_checks Message-ID: Hello, According to http://www.cyberciti.biz/faq/postfix-remove-hide-hostnames-ip-addresses/ I added 2 lines to remove our internal IPs from the messages, so /etc/postfix/header_checks is now: /^Received:.*\[127\.0\.0\.1/ IGNORE /^Received:.*\[10\.10\.10\.1/ IGNORE /^Received:/ HOLD But now when I send message from 127.0.0.1 I do not get X-xx-MailScanner headers in received message anymore. I do get them if I only have /^Received:/ HOLD line in /etc/postfix/header_checks. Regards, Nerijus From cfisk at qwicnet.com Tue Feb 2 13:06:42 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Tue Feb 2 13:07:03 2010 Subject: How do I block all attachments In-Reply-To: Message-ID: > I would probably advise trying "Maximum Attachment Size = > 0" first, as > the other setting's definition of an attachment is not > quite as simple > as I would like. Can that be a ruleset? Seems to me if this is handling processing for incoming and outgoing messages and this will block incoming attachments as well as outgoing. (Plus block attachments between users internally). So that seems like the correct place to put the block, but you would want 2 entries in the ruleset: To: yourdomain.tld -1 Default 0 Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Tue Feb 2 13:17:53 2010 From: john at tradoc.fr (John Wilcock) Date: Tue Feb 2 13:18:08 2010 Subject: postfix header_checks In-Reply-To: References: Message-ID: <4B682601.80508@tradoc.fr> Le 02/02/2010 13:52, Nerijus Baliunas a ?crit : > According to http://www.cyberciti.biz/faq/postfix-remove-hide-hostnames-ip-addresses/ > I added 2 lines to remove our internal IPs from the messages, so /etc/postfix/header_checks > is now: > > /^Received:.*\[127\.0\.0\.1/ IGNORE > /^Received:.*\[10\.10\.10\.1/ IGNORE > /^Received:/ HOLD > > But now when I send message from 127.0.0.1 I do not get X-xx-MailScanner headers > in received message anymore. I do get them if I only have /^Received:/ HOLD > line in /etc/postfix/header_checks. Yes, that's the way postfix header_checks works. As soon as a header hits a given action, no other actions are taken for the same header. In other words, you can't use that method with MailScanner, because you need the HOLD action regardless. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maillists at conactive.com Tue Feb 2 13:29:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 2 13:29:33 2010 Subject: Spam Ruleset In-Reply-To: References: Message-ID: Andrew Chester wrote on Tue, 2 Feb 2010 13:59:01 +0200: > and bounce the rest, NO, PLEASE DON'T DO THIS !!! (Yes, capitals are meant as yelling.) You just bounce this all back to the innocent victims that were abused as sender addresses. I consider this at least as evil as spamming itself. If you want to *reject* mail you have to do this at the MTA phase. MS is after MTA phase. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maxsec at gmail.com Tue Feb 2 13:40:39 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Feb 2 13:40:48 2010 Subject: Spam Ruleset In-Reply-To: References: <445036955-1265113821-cardhu_decombobulator_blackberry.rim.net-671896802-@bda942.bisx.prod.on.blackberry> Message-ID: <72cf361e1002020540w9da9176tb41704c4d463c65b@mail.gmail.com> Andrew have a look in the wiki for overloading rulesets, there's a nice starter for you there. On 2 February 2010 12:48, Andrew Chester wrote: > Ok, thanks for the advice - however the question of the ruleset still > remains? > > Kind Regards, > Andrew Chester > +27 83 442 9025 > andrew.chester@ukuvuma.co.za > > > From:"Alex Neuman van der Hans" To:"MailScanner > discussion" Date:2010/02/02 02:40 PM > Subject:Re: Spam RulesetSent by:mailscanner-bounces@lists.mailscanner.info > ------------------------------ > > > > Bouncing spam will easily triple your traffic. Please consider deleting it. > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: "Andrew Chester" > Date: Tue, 2 Feb 2010 13:59:01 > To: > Subject: Spam Ruleset > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ------------------------------ > CONFIDENTIALITY CLAUSE > This message is intended only for the use of the individual or entity to > which it is addressed and contains information that is privileged and > confidential. If the reader of this message is not the intended recipient, > or the employee or agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. If you > have received this communication in error, please notify the sender by > telephone. > ------------------------------ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100202/8c20a81e/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 2 13:48:30 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 2 13:48:50 2010 Subject: Spam Ruleset In-Reply-To: References: <4B682D2E.4090104@ecs.soton.ac.uk> Message-ID: On 02/02/2010 11:59, Andrew Chester wrote: > Hi There > > We are using MailScanner as part of a mail gateway for incoming mail, > and I would like to set up a ruleset on what to do when MailScanner > finds spam - I want it to deliver the mail to certain domains, and > bounce the rest, I've had a look at the examples in the rules > directory, and from that I've set up the following in > %rules-dir%/spam.actions.rules: > > To: *@domain.com deliver > FromOrTo: default bounce That's a terrible idea, but other people have told you that already. > > Is that correct, do I need to include any other lines into the > ruleset, or can I leave it with only the two lines above? > > I then set the "Spam Actions =" field in MailScanner.conf to the > following: > Spam Actions = %rules-dir%/spam.actions.rules > > Is that correct? Yes. Provided you have set %rules-dir% at the top of MailScanner.conf correctly. > I tried to set it to > /usr/local/etc/MailScanner/rules/spam.actions.rules but then I get the > error: "Your spam actions "/etc/MailScanner/rules/spam.actions.rules" > looks like a filename. If this is a ruleset filename, it must end in > .rule or .rules" in the maillog. > > It is a FreeBSD system. > > Any help would be greatly appreciated, thanks! > > Kind Regards, > Andrew > ------------------------------------------------------------------------ > CONFIDENTIALITY CLAUSE > This message is intended only for the use of the individual or entity > to which it is addressed and contains information that is privileged > and confidential. If the reader of this message is not the intended > recipient, or the employee or agent responsible for delivering the > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is > strictly prohibited. If you have received this communication in error, > please notify the sender by telephone. > ------------------------------------------------------------------------ > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Feb 2 13:53:39 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 2 13:53:54 2010 Subject: How do I block all attachments In-Reply-To: References: <4B682E63.1000706@ecs.soton.ac.uk> Message-ID: On 02/02/2010 13:06, Christopher Fisk wrote: >> I would probably advise trying "Maximum Attachment Size = >> 0" first, as >> the other setting's definition of an attachment is not >> quite as simple >> as I would like. >> > Can that be a ruleset? Well done, you just found a typo in the documentation. It can be a ruleset, despite not mentioning it. I have just fixed that in the docs for the next release. > Seems to me if this is handling processing for incoming and outgoing messages and this will block incoming attachments as well as outgoing. (Plus block attachments between users internally). > Not if you make it a ruleset. > So that seems like the correct place to put the block, but you would want 2 entries in the ruleset: > > To: yourdomain.tld -1 > Default 0 > To: yourdomain.tld -1 FromOrTo: default 0 is the correct syntax. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Andrew.Chester at ukuvuma.co.za Tue Feb 2 14:08:38 2010 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Tue Feb 2 14:04:37 2010 Subject: Spam Ruleset In-Reply-To: References: <4B682D2E.4090104@ecs.soton.ac.uk> Message-ID: mailscanner-bounces@lists.mailscanner.info wrote on 2010/02/02 03:48:30 PM: > On 02/02/2010 11:59, Andrew Chester wrote: > > Hi There > > > > We are using MailScanner as part of a mail gateway for incoming mail, > > and I would like to set up a ruleset on what to do when MailScanner > > finds spam - I want it to deliver the mail to certain domains, and > > bounce the rest, I've had a look at the examples in the rules > > directory, and from that I've set up the following in > > %rules-dir%/spam.actions.rules: > > > > To: *@domain.com deliver > > FromOrTo: default bounce > That's a terrible idea, but other people have told you that already. Ye, I fixed that to forward to a mail-in database, instead. > > > > Is that correct, do I need to include any other lines into the > > ruleset, or can I leave it with only the two lines above? > > > > I then set the "Spam Actions =" field in MailScanner.conf to the > > following: > > Spam Actions = %rules-dir%/spam.actions.rules > > > > Is that correct? > Yes. Provided you have set %rules-dir% at the top of MailScanner.conf > correctly. Ok, I have the rules-dir set correctly, so I'll give it a try - thanks for the help! Andrew CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100202/f12ce94f/attachment.html From nerijusb at dtiltas.lt Tue Feb 2 14:06:05 2010 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Feb 2 14:10:14 2010 Subject: postfix header_checks In-Reply-To: <4B682601.80508@tradoc.fr> References: <4B682601.80508@tradoc.fr> Message-ID: On Tue, 02 Feb 2010 14:17:53 +0100 John Wilcock wrote: > Yes, that's the way postfix header_checks works. As soon as a header > hits a given action, no other actions are taken for the same header. > > In other words, you can't use that method with MailScanner, because you > need the HOLD action regardless. OK, I found how to do it with MailScanner itself here - http://old.nabble.com/Hide-internal-address-%28Postfix%29-td2300995.html Regards, Nerijus From maillists at conactive.com Tue Feb 2 15:16:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 2 15:16:35 2010 Subject: MailScanner ANNOUNCE: 4.79 stable released In-Reply-To: References: <4B669F0C.1040706@ecs.soton.ac.uk> Message-ID: Just for the record. Upgraded from 4.79.10. No problems. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mikael at syska.dk Tue Feb 2 16:38:09 2010 From: mikael at syska.dk (Mikael Syska) Date: Tue Feb 2 16:38:34 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> <6beca9db1001290600s56701ce2y34343857c1287350@mail.gmail.com> Message-ID: <6beca9db1002020838l76492a98ra13693a9cb405d0f@mail.gmail.com> Hi On Fri, Jan 29, 2010 at 8:31 PM, Kai Schaetzl wrote: > Mikael Syska wrote on Fri, 29 Jan 2010 15:00:32 +0100: > >> This means you dont get me. > > Indeed. Taking your "If" as "Is" (and considering you might have misphrased > somewhere else as well) I read that you are not sure if it found scanners or > not. At least you were at great help, and I appreciate that. > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From nerijusb at dtiltas.lt Tue Feb 2 17:09:13 2010 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Tue Feb 2 17:10:13 2010 Subject: postfix header_checks In-Reply-To: References: <4B682601.80508@tradoc.fr> Message-ID: On Tue, 2 Feb 2010 16:06:05 +0200 Nerijus Baliunas wrote: > OK, I found how to do it with MailScanner itself here - > http://old.nabble.com/Hide-internal-address-%28Postfix%29-td2300995.html I added to MailScanner.conf: Remove These Headers = %rules-dir%/remove.headers.rules /etc/MailScanner/rules/remove.headers.rules: From: 127.0. Received: X-Mailer: X-MimeOLE: FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: Restarted MS, but still I see in the headers of received message: Received: from xxx.lt (xxx.xxx.lt [127.0.0.1]) by xxx.xxx.lt (Postfix) with SMTP id 4A9AC39C044 for ; Tue, 2 Feb 2010 18:46:12 +0200 (EET) Regards, Nerijus From glenn.steen at gmail.com Tue Feb 2 17:33:33 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 2 17:33:43 2010 Subject: postfix header_checks In-Reply-To: References: Message-ID: <223f97701002020933n541086denc21fc3d6e5b1aa16@mail.gmail.com> That will defeat the hold trick entirely. Try see he another order helps, ms switch to using Hugos' access map trick instead (which doesn't rely on any header check at all). 2010/2/2, Nerijus Baliunas : > Hello, > > According to > http://www.cyberciti.biz/faq/postfix-remove-hide-hostnames-ip-addresses/ > I added 2 lines to remove our internal IPs from the messages, so > /etc/postfix/header_checks > is now: > > /^Received:.*\[127\.0\.0\.1/ IGNORE > /^Received:.*\[10\.10\.10\.1/ IGNORE > /^Received:/ HOLD > > But now when I send message from 127.0.0.1 I do not get X-xx-MailScanner > headers > in received message anymore. I do get them if I only have /^Received:/ HOLD > line in /etc/postfix/header_checks. > > Regards, > Nerijus > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ganesh.payelkar at gmail.com Wed Feb 3 10:34:58 2010 From: ganesh.payelkar at gmail.com (Ganesh.payelkar) Date: Wed Feb 3 10:35:28 2010 Subject: error in mailscanner Message-ID: Dear Team, I have install mailscanner MailScanner-4.79.11-1 with openprotect, when i see maillog i am getting that mails are stuck in queue. like below. Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5497 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging child Connected to Processing Attempts Database Found 0 messages in the Processing Attempts Database Using locktype = flock New Batch: Scanning 3 messages, 2055 bytes Kindly help to sort out this issue... -- Regards, Ganesh P -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100203/c46edd4d/attachment.html From ganesh.payelkar at gmail.com Wed Feb 3 11:26:51 2010 From: ganesh.payelkar at gmail.com (Ganesh.payelkar) Date: Wed Feb 3 11:27:21 2010 Subject: error in mailscanner In-Reply-To: References: Message-ID: Dear Team, I have install below Mailscanner on 64Bit CentOS. -- Regards, Ganesh P On Wed, Feb 3, 2010 at 4:04 PM, Ganesh.payelkar wrote: > Dear Team, > > I have install mailscanner MailScanner-4.79.11-1 with > openprotect, when i see maillog i am getting that mails are stuck in queue. > like below. > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 858 hostnames from the phishing whitelist > Read 5497 hostnames from the phishing blacklists > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Connected to Processing Attempts Database > Found 0 messages in the Processing Attempts Database > Using locktype = flock > New Batch: Scanning 3 messages, 2055 bytes > > > Kindly help to sort out this issue... > > > > > -- > Regards, > > Ganesh P > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100203/d1d0c44a/attachment.html From Garrod.Alwood at lorodoes.com Wed Feb 3 12:55:55 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Feb 3 13:02:44 2010 Subject: error in mailscanner In-Reply-To: References: Message-ID: <8C36B31A-CC0F-45AC-A04F-0D69C1A6D960@alwood.local> Make sure that selinux isn't running. Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Feb 3, 2010, at 6:22 AM, "Ganesh.payelkar" > wrote: Dear Team, I have install below Mailscanner on 64Bit CentOS. -- Regards, Ganesh P On Wed, Feb 3, 2010 at 4:04 PM, Ganesh.payelkar <ganesh.payelkar@gmail.com> wrote: Dear Team, I have install mailscanner MailScanner-4.79.11-1 with openprotect, when i see maillog i am getting that mails are stuck in queue. like below. Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5497 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging child Connected to Processing Attempts Database Found 0 messages in the Processing Attempts Database Using locktype = flock New Batch: Scanning 3 messages, 2055 bytes Kindly help to sort out this issue... -- Regards, Ganesh P -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100203/8a05f0d5/attachment.html From J.Ede at birchenallhowden.co.uk Wed Feb 3 13:03:21 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Feb 3 13:03:42 2010 Subject: error in mailscanner In-Reply-To: References: Message-ID: <1213490F1F316842A544A850422BFA96129737E592@BHLSBS.bhl.local> Which version of CentOS? 4 or 5? Post the output from MailScanner --lint and MailScanner --debug (assuming you've got some messages in your MTA for it to process) up here to help people see where the error is. Jason From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ganesh.payelkar Sent: 03 February 2010 11:27 To: mailscanner@lists.mailscanner.info Subject: Re: error in mailscanner Dear Team, I have install below Mailscanner on 64Bit CentOS. -- Regards, Ganesh P On Wed, Feb 3, 2010 at 4:04 PM, Ganesh.payelkar > wrote: Dear Team, I have install mailscanner MailScanner-4.79.11-1 with openprotect, when i see maillog i am getting that mails are stuck in queue. like below. Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5497 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging child Connected to Processing Attempts Database Found 0 messages in the Processing Attempts Database Using locktype = flock New Batch: Scanning 3 messages, 2055 bytes Kindly help to sort out this issue... -- Regards, Ganesh P -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100203/224747a4/attachment.html From maillists at conactive.com Wed Feb 3 14:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 3 14:31:31 2010 Subject: error in mailscanner In-Reply-To: References: Message-ID: Information about the other relevant software and how you installed it is missing. Did you follow the postfix integration tutorial on the wiki? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From bbecken at aafp.org Wed Feb 3 18:18:06 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Feb 3 18:18:10 2010 Subject: ArchiveMail question Message-ID: <4B69697D.BC55.0068.1@aafp.org> Running MailScanner v4.78.17 I'm filtering email for a listserver that has been running for 16+ years. The email server has two DNS records pointing to it. Record #1 is a proper MX record pointing to the MailScanner system Record #2 is a CNAME that points to the MX record. (ugly and I hate it, hence this email so I can get rid of the CNAME). Over the past couple of years, I've managed to get the vast majority of the list users to use the newer MX/host record. Now I want to get rid of the DNS CNAME and I'm considering using MailScanners ArchiveMail option to finish the job. The idea is to accept email to the CNAME (which the MTA already does) and then re-write the email and send it on to the ListServer using the new domain name. Since the email will be re-written, the List users will automatically start using the newer address when they reply to the next email from the list. Eventually I should be able to drop the CNAME record from DNS if this works. Example using the _TOUSER_ syntax to re-write the email. ArchiveMail.rules To: *@OldHost.domain.org forward _TOUSER_@NewHost.domain.org Comments please. -------------- next part -------------- Skipped content of type multipart/related From ratana08 at yahoo.com Wed Feb 3 18:46:04 2010 From: ratana08 at yahoo.com (Ratana Prinyawiwatkul) Date: Wed Feb 3 18:46:14 2010 Subject: Sendmail/MailScanner for newbie Message-ID: <898032.278.qm@web33501.mail.mud.yahoo.com> Hello All, ? I am new in *nix system and I want to setup my own mail server. I installed Fedora 11 and use sendmail as MTA, I also installed MailScanner, spamassassin and clamav. I can send and receive mails without any problems.?When I?checked?MailScanner status and got the results as the following #?service MailScanner status Checking MailScanner daemons: MailScanner:???????? ?[ok] incoming sendmail: [ok] outgoing sendmail:? [ok] ? but?when?I do # service sendmail status sendmail is stopped sm-client (pid 14107) is running... ? Is there any problems and how do I fix it? ? Thanks ? Ratana ? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100203/b21d429c/attachment.html From lists at openenterprise.ca Wed Feb 3 18:52:29 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Wed Feb 3 18:52:38 2010 Subject: Temporarily Disable SPAM Checks? Message-ID: <4B69C5ED.1050709@openenterprise.ca> I am running 4.79.6 on CentOS 5.4 and would like to temporarily disable all spam/av checks since I am also evaluating another gateway spam solution downstream. Is there a simple way to disable all spam/rbl/virus checks and have mail pass through untouched? From MailScanner at ecs.soton.ac.uk Wed Feb 3 19:04:15 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 3 19:04:31 2010 Subject: ArchiveMail question In-Reply-To: <4B69697D.BC55.0068.1@aafp.org> References: <4B69697D.BC55.0068.1@aafp.org> <4B69C8AF.1080808@ecs.soton.ac.uk> Message-ID: On 03/02/2010 18:18, Brad Beckenhauer wrote: > Running MailScanner v4.78.17 > I'm filtering email for a listserver that has been running for 16+ years. > The email server has two DNS records pointing to it. > Record #1 is a proper MX record pointing to the MailScanner system > Record #2 is a CNAME that points to the MX record. (ugly and I hate > it, hence this email so I can get rid of the CNAME). Note that an MX record cannot refer to a hostname described in a CNAME record, only a hostname described in an A record. That's one of the rules of DNS. > Over the past couple of years, I've managed to get the vast majority > of the list users to use the newer MX/host record. > Now I want to get rid of the DNS CNAME and I'm considering using > MailScanners ArchiveMail option to finish the job. > The idea is to accept email to the CNAME (which the MTA already does) > and then re-write the email and send it on to the ListServer using the > new domain name. > Since the email will be re-written, the List users will automatically > start using the newer address when they reply to the next email from > the list. Eventually I should be able to drop the CNAME record from > DNS if this works. > Example using the _TOUSER_ syntax to re-write the email. > ArchiveMail.rules > To: *@OldHost.domain.org forward > _TOUSER_@NewHost.domain.org You can't put Spam Actions (or Non-Spam Actions) in a ruleset assigned to "Archive Mail". Only in Spam Actions, Non-Spam Actions and High-Scoring Spam Actions. This is all explained in the documentation. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 3 19:05:49 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 3 19:06:08 2010 Subject: Sendmail/MailScanner for newbie In-Reply-To: <898032.278.qm@web33501.mail.mud.yahoo.com> References: <898032.278.qm@web33501.mail.mud.yahoo.com> <4B69C90D.1@ecs.soton.ac.uk> Message-ID: You should disable the "sendmail" service in Fedora and not use it at all once you have MailScanner installed. Just use the MailScanner service to do everything. So, as the install.sh clearly tells you at the end of running it, you should chkconfig sendmail off service sendmail stop chkconfig MailScanner on service MailScanner start and never touch the service "sendmail" again. On 03/02/2010 18:46, Ratana Prinyawiwatkul wrote: > Hello All, > I am new in *nix system and I want to setup my own mail server. I > installed Fedora 11 and use sendmail as MTA, I also installed > MailScanner, spamassassin and clamav. I can send and receive mails > without any problems. When I checked MailScanner status and got the > results as the following > # service MailScanner status > Checking MailScanner daemons: > MailScanner: [ok] > incoming sendmail: [ok] > outgoing sendmail: [ok] > but when I do > # service sendmail status > sendmail is stopped > sm-client (pid 14107) is running... > Is there any problems and how do I fix it? > Thanks > Ratana > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Feb 3 19:06:26 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 3 19:06:45 2010 Subject: Temporarily Disable SPAM Checks? In-Reply-To: <4B69C5ED.1050709@openenterprise.ca> References: <4B69C5ED.1050709@openenterprise.ca> <4B69C932.8070103@ecs.soton.ac.uk> Message-ID: Look at the "Scan Messages" configuration setting. Just set this to "no" and MailScanner will completely get out of the way. On 03/02/2010 18:52, Johnny Stork wrote: > I am running 4.79.6 on CentOS 5.4 and would like to temporarily > disable all spam/av checks since I am also evaluating another gateway > spam solution downstream. Is there a simple way to disable all > spam/rbl/virus checks and have mail pass through untouched? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Wed Feb 3 19:23:39 2010 From: steve at fsl.com (Stephen Swaney) Date: Wed Feb 3 19:23:49 2010 Subject: Temporarily Disable SPAM Checks? In-Reply-To: <4B69C5ED.1050709@openenterprise.ca> References: <4B69C5ED.1050709@openenterprise.ca> Message-ID: <2BFEFDDB-E5E9-4E7F-97A5-021A29CD9852@fsl.com> On Feb 3, 2010, at 1:52 PM, Johnny Stork wrote: > I am running 4.79.6 on CentOS 5.4 and would like to temporarily disable all spam/av checks since I am also evaluating another gateway spam solution downstream. Is there a simple way to disable all spam/rbl/virus checks and have mail pass through untouched? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Scan Messages = no or Scan Messages = %rules-dir%/scan.message.rules if you want to only evaluate certain domains or addresses. But if you're evaluating BarricadeMX plus, this won't work very well since Many of the BarricadeMX tests require that the smtpf process talk directly to the sending MTA (or spambot :) to be effective. Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available From lists at openenterprise.ca Wed Feb 3 19:49:20 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Wed Feb 3 19:49:31 2010 Subject: Temporarily Disable SPAM Checks? In-Reply-To: <2BFEFDDB-E5E9-4E7F-97A5-021A29CD9852@fsl.com> References: <4B69C5ED.1050709@openenterprise.ca> <2BFEFDDB-E5E9-4E7F-97A5-021A29CD9852@fsl.com> Message-ID: <4B69D340.9020808@openenterprise.ca> Thanks Steve! As I say red-faced since I not only own the book, but could have quickly scanned the mailscanner.conf file for such a section myself. Laziness I guess. :) On 10-02-03 11:23 AM, Stephen Swaney wrote: > On Feb 3, 2010, at 1:52 PM, Johnny Stork wrote: > > >> I am running 4.79.6 on CentOS 5.4 and would like to temporarily disable all spam/av checks since I am also evaluating another gateway spam solution downstream. Is there a simple way to disable all spam/rbl/virus checks and have mail pass through untouched? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Scan Messages = no > > or > > Scan Messages = %rules-dir%/scan.message.rules > > if you want to only evaluate certain domains or addresses. > > But if you're evaluating BarricadeMX plus, this won't work very well since > Many of the BarricadeMX tests require that the smtpf process talk directly to > the sending MTA (or spambot :) to be effective. > > Steve > -- _____________________________________________ Johnny Stork Technology Solutions Architect Linux& Open-Source Consultant Photographer/Writer Wannabee From brent at beanfield.com Wed Feb 3 20:01:12 2010 From: brent at beanfield.com (Brent Bloxam) Date: Wed Feb 3 20:01:22 2010 Subject: "Required SpamAssassin Score" custom function gets called multiple times Message-ID: <4B69D608.9020707@beanfield.com> I've setup a custom function to implement per-user spam scores for SpamAssassin Required SpamAssassin Score = &MyFunc I have logging inside the function, and see the following in our MailScanner log: Feb 3 14:45:07 mta MailScanner[24111]: MyFunc: email@example.com mark score set to 7 Feb 3 14:45:08 mta MailScanner[24111]: MyFunc: email@example.com mark score set to 7 Feb 3 14:45:08 mta MailScanner[24111]: MyFunc: email@example.com mark score set to 7 Is there a reason it appears to be called 3 times? There are no loops in the function that would cause the logging to be erroneously repeated, and it's occurring consistently Thanks for any help. (PS: Sorry if this message dupes, I realized after sending it previously that I hadn't updated my mailman membership to my new email address. I imagine mailman would have blocked my previous message) From pparsons at columbiafuels.com Wed Feb 3 20:17:24 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Wed Feb 3 20:19:06 2010 Subject: Customer SpamAssassin interface In-Reply-To: <4B69D608.9020707@beanfield.com> References: <4B69D608.9020707@beanfield.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> Hey everyone, so I have a Mailscanner front end that passes the mail to an exchange server on the back end and I can sort of remember quite a while back of someone saying something about a SpamAssassin interface which would allow people to add to whitelists and black lists etc etc etc any suggestions would be great. Thank you. Philip Parsons Corporate Team Lead, IT and Telecommunications ? Columbia Fuels Inc. A Division of Parkland Industries LP 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 www.columbiafuels.com www.parkland.ca pparsons@columbiafuels.com Register for Access Online - Access to your Columbia Fuels account information online 24/7 IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. From Kevin_Miller at ci.juneau.ak.us Wed Feb 3 20:32:04 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Feb 3 20:32:19 2010 Subject: Customer SpamAssassin interface In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> References: <4B69D608.9020707@beanfield.com> <7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F868573@city-exchange07> Philip Parsons wrote: > Hey everyone, so I have a Mailscanner front end that passes the mail > to an exchange server on the back end and I can sort of remember > quite a while back of someone saying something about a SpamAssassin > interface which would allow people to add to whitelists and black > lists etc etc etc any suggestions would be great. You may be thinking of Mailwatch for MailScanner: http://mailwatch.sourceforge.net ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From pparsons at columbiafuels.com Wed Feb 3 21:09:27 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Wed Feb 3 21:11:06 2010 Subject: Customer SpamAssassin interface In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F868573@city-exchange07> References: <4B69D608.9020707@beanfield.com><7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> <4A09477D575C2C4B86497161427DD94C149F868573@city-exchange07> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B3FBD@sprocket.columbiafuels.com> Philip Parsons wrote: > Hey everyone, so I have a Mailscanner front end that passes the mail > to an exchange server on the back end and I can sort of remember > quite a while back of someone saying something about a SpamAssassin > interface which would allow people to add to whitelists and black > lists etc etc etc any suggestions would be great. You may be thinking of Mailwatch for MailScanner: http://mailwatch.sourceforge.net ...Kevin Thanks Kevin but that is a little over kill for what I need I just need something for the white list and black lists. If there is anything out there. From maillists at conactive.com Wed Feb 3 21:31:23 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 3 21:31:38 2010 Subject: "Required SpamAssassin Score" custom function gets called multiple times In-Reply-To: <4B69D608.9020707@beanfield.com> References: <4B69D608.9020707@beanfield.com> Message-ID: Brent Bloxam wrote on Wed, 03 Feb 2010 15:01:12 -0500: > I've setup a custom function to implement per-user spam scores for > SpamAssassin Why not compare that with Mailwatch which has the same kind of MailScanner plugin? mailwatch.sf.net Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Feb 3 21:31:23 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 3 21:31:39 2010 Subject: Customer SpamAssassin interface In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> References: <4B69D608.9020707@beanfield.com> <7C62BFED4DC0CE488F93865D83A61E64020B3FBB@sprocket.columbiafuels.com> Message-ID: Please don't hijack threads. If you want to ask a question, please press the "new message" button. Thanks. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From lists at openenterprise.ca Wed Feb 3 21:54:48 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Wed Feb 3 21:54:58 2010 Subject: Reverting back to official mailscanner releases, from fsl-beta.repo Message-ID: <4B69F0A8.2090308@openenterprise.ca> I had been using the fsl-beta.rep for yum updates to MS, but decided to grab a fresh release from mailscanner.info and run the install.sh script. I hope I have not messed things up permanently but I got lots of perl errors. Thought I would check here while also checking the wiki shortly. Can I still update with fresh releases, or should I stick to the fsl-beta.repo? BEGIN failed--compilation aborted at blib/lib/OLE/Storage_Lite.pm line 171. Compilation failed in require at test.pl line 11. BEGIN failed--compilation aborted at test.pl line 11. not ok 1 make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-OLE-Storage_Lite-0.16-2.noarch.rpm. Maybe it did not build correctly? Installing tnef decoder Preparing... ################################################## package tnef-1.4.5-1.i386 is already installed Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" error: Failed dependencies: perl-MIME-tools >= 5.412 is needed by mailscanner-4.79.11-1.noarch -- _____________________________________________ Johnny Stork Technology Solutions Architect Linux& Open-Source Consultant Photographer/Writer Wannabee Open Enterprise Solutions "Open Solutions for an Open World" http://www.openenterprise.ca Home: http://www.johnnystork.ca Facebook: http://www.facebook.com/johnnystork Twitter: http://www.twitter.com/johnnystork.ca From drnick at physics.byu.edu Wed Feb 3 22:47:12 2010 From: drnick at physics.byu.edu (Blatter, Nicholas) Date: Wed Feb 3 22:47:26 2010 Subject: "Required SpamAssassin Score" custom function gets called multiple times In-Reply-To: <4B69D608.9020707@beanfield.com> References: <4B69D608.9020707@beanfield.com> Message-ID: <5DC600B80DB6EE4BAB1D631E14FBADCC0134922C@bohr.physics.byu.edu> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Brent Bloxam > Sent: Wednesday, February 03, 2010 1:01 PM > To: MailScanner discussion > Subject: "Required SpamAssassin Score" custom function gets called > multiple times > > I've setup a custom function to implement per-user spam scores for > SpamAssassin > > Is there a reason it appears to be called 3 times? There are no loops in > the function that would cause the logging to be erroneously repeated, > and it's occurring consistently I actually sent this same question to the list about six months ago and Jules answered it for me. You can find his answer on the list archives: http://lists.mailscanner.info/pipermail/mailscanner/2009-August/092754.html My guess is you're seeing the same behavior. Nick From stef at aoc-uk.com Thu Feb 4 11:49:50 2010 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Feb 4 11:50:11 2010 Subject: Ruleset question Message-ID: <201002041150.o14Bo2Av018468@safir.blacknight.ie> Hello list... In the context of spam whitelist rules I'm familiar with From: *@domain.com yes However, what I've been asked to do is whitelist any email address which includes a particular keyword. Is: From: *@*keyword* yes valid in this context? Should (can?) I use a regexp? From: /keyword/ yes Or I am on a hiding to nothing? Cheers Stef From MailScanner at ecs.soton.ac.uk Thu Feb 4 12:09:35 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 4 12:28:34 2010 Subject: Ruleset question In-Reply-To: <201002041150.o14Bo2Av018468@safir.blacknight.ie> References: <201002041150.o14Bo2Av018468@safir.blacknight.ie> <4B6AB8FF.6040304@ecs.soton.ac.uk> Message-ID: On 04/02/2010 11:49, Stef Morrell wrote: > Hello list... > > In the context of spam whitelist rules I'm familiar with > > From: *@domain.com yes > > However, what I've been asked to do is whitelist any email address which > includes a particular keyword. > > Is: > > From: *@*keyword* yes > > valid in this context? Should (can?) I use a regexp? > > From: /keyword/ yes > That last example should work just fine. > Or I am on a hiding to nothing? > > Cheers > > Stef > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Thu Feb 4 13:22:14 2010 From: alex at rtpty.com (Alex Neuman) Date: Thu Feb 4 13:22:31 2010 Subject: Ruleset question In-Reply-To: References: <201002041150.o14Bo2Av018468@safir.blacknight.ie> <4B6AB8FF.6040304@ecs.soton.ac.uk> Message-ID: <8BEFF358-8AA8-44CC-93D4-EF7C1636B809@rtpty.com> You might want to add this to the ruleset's # comment section, so that in the future this "undocumented feature" can be used by others who might find a use for it. On Feb 4, 2010, at 7:09 AM, Julian Field wrote: > > > On 04/02/2010 11:49, Stef Morrell wrote: >> Hello list... >> >> In the context of spam whitelist rules I'm familiar with >> >> From: *@domain.com yes >> >> However, what I've been asked to do is whitelist any email address which >> includes a particular keyword. >> >> Is: >> >> From: *@*keyword* yes >> >> valid in this context? Should (can?) I use a regexp? >> >> From: /keyword/ yes >> > That last example should work just fine. >> Or I am on a hiding to nothing? >> >> Cheers >> >> Stef >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From cfisk at qwicnet.com Thu Feb 4 13:51:37 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Thu Feb 4 13:52:05 2010 Subject: Customer SpamAssassin interface In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64020B3FBD@sprocket.columbiafuels.com> Message-ID: > Philip Parsons wrote: > > Hey everyone, so I have a Mailscanner front end that > passes the mail > > to an exchange server on the back end and I can sort of > remember > > quite a while back of someone saying something about a > SpamAssassin > > interface which would allow people to add to whitelists > and black > > lists etc etc etc any suggestions would be great. > You may be thinking of Mailwatch for MailScanner: > http://mailwatch.sourceforge.net webmin has a mailscanner plugin. http://www.webmin.com You can also write up a very quick database application that talks to mysql on the database server. I wrote a mysql database & script to store the white and black lists in mysql. Give them access to that and you're all set. Here is my work I did on storing the black and whitelists in mysql: http://lists.mailscanner.info/pipermail/mailscanner/2009-October/093484.html Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 4 13:52:54 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 4 13:53:11 2010 Subject: Ruleset question In-Reply-To: <8BEFF358-8AA8-44CC-93D4-EF7C1636B809@rtpty.com> References: <201002041150.o14Bo2Av018468@safir.blacknight.ie> <4B6AB8FF.6040304@ecs.soton.ac.uk> <8BEFF358-8AA8-44CC-93D4-EF7C1636B809@rtpty.com> <4B6AD136.4020203@ecs.soton.ac.uk> Message-ID: It is documented. It is in the /etc/MailScanner/etc/rules/EXAMPLES and the README in that location. As that is where people put rulesets by default, they will see it. On 04/02/2010 13:22, Alex Neuman wrote: > You might want to add this to the ruleset's # comment section, so that in the future this "undocumented feature" can be used by others who might find a use for it. > > On Feb 4, 2010, at 7:09 AM, Julian Field wrote: > > >> >> On 04/02/2010 11:49, Stef Morrell wrote: >> >>> Hello list... >>> >>> In the context of spam whitelist rules I'm familiar with >>> >>> From: *@domain.com yes >>> >>> However, what I've been asked to do is whitelist any email address which >>> includes a particular keyword. >>> >>> Is: >>> >>> From: *@*keyword* yes >>> >>> valid in this context? Should (can?) I use a regexp? >>> >>> From: /keyword/ yes >>> >>> >> That last example should work just fine. >> >>> Or I am on a hiding to nothing? >>> >>> Cheers >>> >>> Stef >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Thu Feb 4 14:14:51 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Feb 4 14:15:39 2010 Subject: Ruleset question In-Reply-To: References: <201002041150.o14Bo2Av018468@safir.blacknight.ie> <4B6AB8FF.6040304@ecs.soton.ac.uk> <8BEFF358-8AA8-44CC-93D4-EF7C1636B809@rtpty.com><4B6AD136.4020203@ecs.soton.ac.uk> Message-ID: <1070747512-1265292898-cardhu_decombobulator_blackberry.rim.net-1514909939-@bda942.bisx.prod.on.blackberry> Sorry about that... Haven't read that part in a while. Thanks! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Julian Field Date: Thu, 04 Feb 2010 13:52:54 To: MailScanner discussion Subject: Re: Ruleset question It is documented. It is in the /etc/MailScanner/etc/rules/EXAMPLES and the README in that location. As that is where people put rulesets by default, they will see it. On 04/02/2010 13:22, Alex Neuman wrote: > You might want to add this to the ruleset's # comment section, so that in the future this "undocumented feature" can be used by others who might find a use for it. > > On Feb 4, 2010, at 7:09 AM, Julian Field wrote: > > >> >> On 04/02/2010 11:49, Stef Morrell wrote: >> >>> Hello list... >>> >>> In the context of spam whitelist rules I'm familiar with >>> >>> From: *@domain.com yes >>> >>> However, what I've been asked to do is whitelist any email address which >>> includes a particular keyword. >>> >>> Is: >>> >>> From: *@*keyword* yes >>> >>> valid in this context? Should (can?) I use a regexp? >>> >>> From: /keyword/ yes >>> >>> >> That last example should work just fine. >> >>> Or I am on a hiding to nothing? >>> >>> Cheers >>> >>> Stef >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ratana08 at yahoo.com Thu Feb 4 14:41:52 2010 From: ratana08 at yahoo.com (Ratana Prinyawiwatkul) Date: Thu Feb 4 14:42:04 2010 Subject: Sendmail/MailScanner for newbie In-Reply-To: Message-ID: <525177.59652.qm@web33505.mail.mud.yahoo.com> ? I did all these on?my mailserver which is running on Fedora 11 with Mail scanner and sendmail ?chkconfig sendmail off ?service sendmail stop ?chkconfig MailScanner on ?service MailScanner start ?as the install.sh tells. service sendmail status for?my mail?server? ?# service MailScanner status ?Checking MailScanner daemons: ?MailScanner:? ? ? ? ? [ok] ?incoming sendmail: [ok] ?outgoing sendmail:? [ok] and ?# service sendmail status ?sendmail is stopped ?sm-client (pid 14107) is running... But?the Mail Server at work?which?has Fedora 7, sendmail and ?MailScanner?also. When I did the same command, it?shows as following:? # service MailScanner status ?Checking MailScanner daemons: ?MailScanner:? ? ? ? ? [ok] ?incoming sendmail: [ok] ?outgoing sendmail:? [ok] ?which is the same results as my mail server But when I do ?#service sendmail status? sendmail (pid 30045 30041 ...) is running... which is different from my mail server so that I am not sure I configure MailScanner right or not? Why MailServer at work didn't show sm-client since both use Fedora core? ? Thanks ? ? --- On Wed, 2/3/10, Jules Field wrote: From: Jules Field Subject: Re: Sendmail/MailScanner for newbie To: "MailScanner discussion" Date: Wednesday, February 3, 2010, 7:05 PM You should disable the "sendmail" service in Fedora and not use it at all once you have MailScanner installed. Just use the MailScanner service to do everything. So, as the install.sh clearly tells you at the end of running it, you should chkconfig sendmail off service sendmail stop chkconfig MailScanner on service MailScanner start and never touch the service "sendmail" again. On 03/02/2010 18:46, Ratana Prinyawiwatkul wrote: > Hello All, > I am new in *nix system and I want to setup my own mail server. I installed Fedora 11 and use sendmail as MTA, I also installed MailScanner, spamassassin and clamav. I can send and receive mails without any problems. When I checked MailScanner status and got the results as the following > # service MailScanner status > Checking MailScanner daemons: > MailScanner:? ? ? ? ? [ok] > incoming sendmail: [ok] > outgoing sendmail:? [ok] > but when I do > # service sendmail status > sendmail is stopped > sm-client (pid 14107) is running... > Is there any problems and how do I fix it? > Thanks > Ratana > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100204/6fb46786/attachment.html From MailScanner at ecs.soton.ac.uk Thu Feb 4 15:04:20 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 4 15:04:32 2010 Subject: {Disarmed} Re: Sendmail/MailScanner for newbie In-Reply-To: <525177.59652.qm@web33505.mail.mud.yahoo.com> References: <525177.59652.qm@web33505.mail.mud.yahoo.com> <4B6AE1F4.8000502@ecs.soton.ac.uk> Message-ID: On 04/02/2010 14:41, Ratana Prinyawiwatkul wrote: > I did all these on my mailserver which is running on Fedora 11 with > Mail scanner and sendmail > > chkconfig sendmail off > service sendmail stop > chkconfig MailScanner on > service MailScanner start > as the install.sh tells. > > service sendmail status for my mail server? > Do not use "service sendmail status" at all on any MailScanner server. It will not tell you the truth. Use "service MailScanner status" instead. > # service MailScanner status > Checking MailScanner daemons: > MailScanner: [ok] > incoming sendmail: [ok] > outgoing sendmail: [ok] > and > # service sendmail status > sendmail is stopped > sm-client (pid 14107) is running... > But the Mail Server at work which has Fedora 7, sendmail and > MailScanner also. > When I did the same command, it shows as following: > # service MailScanner status > Checking MailScanner daemons: > MailScanner: [ok] > incoming sendmail: [ok] > outgoing sendmail: [ok] > which is the same results as my mail server > But when I do > #service sendmail status > sendmail (pid 30045 30041 ...) is running... > which is different from my mail server so that I am not sure I > configure MailScanner right or not? Why MailServer at work didn't show > sm-client since both use Fedora core? > Thanks > > > --- On *Wed, 2/3/10, Jules Field //* wrote: > > > From: Jules Field > Subject: Re: Sendmail/MailScanner for newbie > To: "MailScanner discussion" > Date: Wednesday, February 3, 2010, 7:05 PM > > You should disable the "sendmail" service in Fedora and not use it > at all once you have MailScanner installed. Just use the > MailScanner service to do everything. > So, as the install.sh clearly tells you at the end of running it, > you should > chkconfig sendmail off > service sendmail stop > chkconfig MailScanner on > service MailScanner start > > and never touch the service "sendmail" again. > > On 03/02/2010 18:46, Ratana Prinyawiwatkul wrote: > > Hello All, > > I am new in *nix system and I want to setup my own mail server. > I installed Fedora 11 and use sendmail as MTA, I also installed > MailScanner, spamassassin and clamav. I can send and receive mails > without any problems. When I checked MailScanner status and got > the results as the following > > # service MailScanner status > > Checking MailScanner daemons: > > MailScanner: [ok] > > incoming sendmail: [ok] > > outgoing sendmail: [ok] > > but when I do > > # service sendmail status > > sendmail is stopped > > sm-client (pid 14107) is running... > > Is there any problems and how do I fix it? > > Thanks > > Ratana > > > > > > Jules > > -- Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- MailScanner mailing list > *MailScanner has detected a possible fraud attempt from > "us.mc335.mail.yahoo.com" claiming to be* > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Feb 4 15:31:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 4 15:31:32 2010 Subject: Customer SpamAssassin interface In-Reply-To: References: Message-ID: Christopher Fisk wrote on Thu, 4 Feb 2010 08:51:37 -0500: > webmin has a mailscanner plugin. > > http://www.webmin.com DO NOT USE IT! It's outdated and almost guaranteed to shoot your configuration. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From J.Ede at birchenallhowden.co.uk Thu Feb 4 15:41:02 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Feb 4 15:41:36 2010 Subject: MS spamassassin timeouts Message-ID: <1213490F1F316842A544A850422BFA96129737E5F0@BHLSBS.bhl.local> I'm getting quite a few Spamassassin has timed out and was killed in my maillog... When I look at the message that was casuing the problem and try running it through spamassassin manually with Spamassassin -D -p /etc/MailScanner/spam.assassin.prefs -t References: <1213490F1F316842A544A850422BFA96129737E5F0@BHLSBS.bhl.local> <4B6AEC77.4040304@ecs.soton.ac.uk> Message-ID: Check your Bayes database isn't screwed, or locked solid by some other process. That's where the problem lies, almost certainly. "spamassassin -D" won't try to learn from the message, whereas MailScanner will. On 04/02/2010 15:41, Jason Ede wrote: > > I?m getting quite a few Spamassassin has timed out and was killed in > my maillog... > > When I look at the message that was casuing the problem and try > running it through spamassassin manually with > > Spamassassin ?D ?p /etc/MailScanner/spam.assassin.prefs ?t > Then it completes ok and gives the message a score. It only takes a > few seconds to run so well below any SA timeouts that I?ve set in > MailScanner. If I try running it through MailScanner with the ?debug > ?debug-sa ?id=messageID then it seems to go through up until the > following point where it hangs... > > 15:35:00 [32217] dbg: learn: auto-learn? ham=0.1, spam=12, > body-points=-3.999, head-points=-3.999, learned-points=-5 > > 15:35:00 [32217] dbg: learn: auto-learn? yes, ham (-3.999 < 0.1) > > 15:35:00 [32217] dbg: learn: initializing learner > > 15:35:00 [32217] dbg: learn: learning ham > > 15:35:00 [32217] dbg: eval: all '*From' addrs: > bounce.25900379@gorkanadatabase.com gorkanaalerts@gorkana.com > > 15:35:00 [32217] dbg: eval: all '*To' addrs: XXX@XXXX.org.uk > > 15:35:00 [32217] dbg: bayes: database connection established > > 15:35:00 [32217] dbg: bayes: found bayes db version 3 > > 15:35:00 [32217] dbg: bayes: Using userid: 2 > > 15:35:00 [32217] dbg: bayes: > c4841420914b788941701d213ff2b0d78571a6da@sa_generated already learnt > correctly, not learning twice > > 15:35:00 [32217] dbg: learn: initializing learner > > Any suggestions about what to check next? > > Centos 5.4 with MS 4.78.17 & SA 3.2.5 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cfisk at qwicnet.com Thu Feb 4 16:23:31 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Thu Feb 4 16:24:04 2010 Subject: Customer SpamAssassin interface In-Reply-To: Message-ID: > Christopher Fisk wrote on Thu, 4 Feb 2010 08:51:37 -0500: > > webmin has a mailscanner plugin. > > > > http://www.webmin.com > DO NOT USE IT! > It's outdated and almost guaranteed to shoot your > configuration. Or just use it to edit the spam.whitelist.rules and spam.blacklist.rules file and nothing else. Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Thu Feb 4 16:40:08 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Feb 4 16:40:26 2010 Subject: MS spamassassin timeouts In-Reply-To: References: <1213490F1F316842A544A850422BFA96129737E5F0@BHLSBS.bhl.local> <4B6AEC77.4040304@ecs.soton.ac.uk> Message-ID: <1213490F1F316842A544A850422BFA96129737E5FD@BHLSBS.bhl.local> I had a feeling that it was related to bayes... I've created a new blank bayes database (its stored in mysql currently) and it processes the batch in debug mode and requeues the emails a lot quicker than before, but MS is still hanging at 16:32:12 [3788] dbg: learn: initializing learner I've checked the mysql processlist and there's nothing queued or locked up there. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 04 February 2010 15:49 > To: MailScanner discussion > Subject: Re: MS spamassassin timeouts > > Check your Bayes database isn't screwed, or locked solid by some other > process. > That's where the problem lies, almost certainly. > > "spamassassin -D" won't try to learn from the message, whereas > MailScanner will. > > On 04/02/2010 15:41, Jason Ede wrote: > > > > I'm getting quite a few Spamassassin has timed out and was killed in > > my maillog... > > > > When I look at the message that was casuing the problem and try > > running it through spamassassin manually with > > > > Spamassassin -D -p /etc/MailScanner/spam.assassin.prefs -t > > > > Then it completes ok and gives the message a score. It only takes a > > few seconds to run so well below any SA timeouts that I've set in > > MailScanner. If I try running it through MailScanner with the -debug > > -debug-sa -id=messageID then it seems to go through up until the > > following point where it hangs... > > > > 15:35:00 [32217] dbg: learn: auto-learn? ham=0.1, spam=12, > > body-points=-3.999, head-points=-3.999, learned-points=-5 > > > > 15:35:00 [32217] dbg: learn: auto-learn? yes, ham (-3.999 < 0.1) > > > > 15:35:00 [32217] dbg: learn: initializing learner > > > > 15:35:00 [32217] dbg: learn: learning ham > > > > 15:35:00 [32217] dbg: eval: all '*From' addrs: > > bounce.25900379@gorkanadatabase.com gorkanaalerts@gorkana.com > > > > 15:35:00 [32217] dbg: eval: all '*To' addrs: XXX@XXXX.org.uk > > > > 15:35:00 [32217] dbg: bayes: database connection established > > > > 15:35:00 [32217] dbg: bayes: found bayes db version 3 > > > > 15:35:00 [32217] dbg: bayes: Using userid: 2 > > > > 15:35:00 [32217] dbg: bayes: > > c4841420914b788941701d213ff2b0d78571a6da@sa_generated already learnt > > correctly, not learning twice > > > > 15:35:00 [32217] dbg: learn: initializing learner > > > > Any suggestions about what to check next? > > > > Centos 5.4 with MS 4.78.17 & SA 3.2.5 > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Thu Feb 4 16:56:06 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Feb 4 16:56:25 2010 Subject: MS spamassassin timeouts In-Reply-To: <1213490F1F316842A544A850422BFA96129737E5FD@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96129737E5F0@BHLSBS.bhl.local> <4B6AEC77.4040304@ecs.soton.ac.uk> <1213490F1F316842A544A850422BFA96129737E5FD@BHLSBS.bhl.local> Message-ID: <1213490F1F316842A544A850422BFA96129737E600@BHLSBS.bhl.local> I've moved it to a file based bayes and it seems happier for now.. Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jason Ede > Sent: 04 February 2010 16:40 > To: MailScanner discussion > Subject: RE: MS spamassassin timeouts > > I had a feeling that it was related to bayes... > > I've created a new blank bayes database (its stored in mysql currently) > and it processes the batch in debug mode and requeues the emails a lot > quicker than before, but MS is still hanging at > > 16:32:12 [3788] dbg: learn: initializing learner > > I've checked the mysql processlist and there's nothing queued or locked > up there. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: 04 February 2010 15:49 > > To: MailScanner discussion > > Subject: Re: MS spamassassin timeouts > > > > Check your Bayes database isn't screwed, or locked solid by some > other > > process. > > That's where the problem lies, almost certainly. > > > > "spamassassin -D" won't try to learn from the message, whereas > > MailScanner will. > > > > On 04/02/2010 15:41, Jason Ede wrote: > > > > > > I'm getting quite a few Spamassassin has timed out and was killed > in > > > my maillog... > > > > > > When I look at the message that was casuing the problem and try > > > running it through spamassassin manually with > > > > > > Spamassassin -D -p /etc/MailScanner/spam.assassin.prefs -t > > > > > > > Then it completes ok and gives the message a score. It only takes a > > > few seconds to run so well below any SA timeouts that I've set in > > > MailScanner. If I try running it through MailScanner with the - > debug > > > -debug-sa -id=messageID then it seems to go through up until the > > > following point where it hangs... > > > > > > 15:35:00 [32217] dbg: learn: auto-learn? ham=0.1, spam=12, > > > body-points=-3.999, head-points=-3.999, learned-points=-5 > > > > > > 15:35:00 [32217] dbg: learn: auto-learn? yes, ham (-3.999 < 0.1) > > > > > > 15:35:00 [32217] dbg: learn: initializing learner > > > > > > 15:35:00 [32217] dbg: learn: learning ham > > > > > > 15:35:00 [32217] dbg: eval: all '*From' addrs: > > > bounce.25900379@gorkanadatabase.com gorkanaalerts@gorkana.com > > > > > > 15:35:00 [32217] dbg: eval: all '*To' addrs: XXX@XXXX.org.uk > > > > > > 15:35:00 [32217] dbg: bayes: database connection established > > > > > > 15:35:00 [32217] dbg: bayes: found bayes db version 3 > > > > > > 15:35:00 [32217] dbg: bayes: Using userid: 2 > > > > > > 15:35:00 [32217] dbg: bayes: > > > c4841420914b788941701d213ff2b0d78571a6da@sa_generated already > learnt > > > correctly, not learning twice > > > > > > 15:35:00 [32217] dbg: learn: initializing learner > > > > > > Any suggestions about what to check next? > > > > > > Centos 5.4 with MS 4.78.17 & SA 3.2.5 > > > > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From pparsons at columbiafuels.com Thu Feb 4 16:55:38 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Thu Feb 4 16:57:19 2010 Subject: Customer SpamAssassin interface In-Reply-To: References: <7C62BFED4DC0CE488F93865D83A61E64020B3FBD@sprocket.columbiafuels.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B3FD1@sprocket.columbiafuels.com> Thanks I had a look at the webmin but it does not work so I will look at the link you supplied. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christopher Fisk Sent: Thursday, February 04, 2010 5:52 AM To: MailScanner discussion Subject: re[2]: Customer SpamAssassin interface > Philip Parsons wrote: > > Hey everyone, so I have a Mailscanner front end that > passes the mail > > to an exchange server on the back end and I can sort of > remember > > quite a while back of someone saying something about a > SpamAssassin > > interface which would allow people to add to whitelists > and black > > lists etc etc etc any suggestions would be great. > You may be thinking of Mailwatch for MailScanner: > http://mailwatch.sourceforge.net webmin has a mailscanner plugin. http://www.webmin.com You can also write up a very quick database application that talks to mysql on the database server. I wrote a mysql database & script to store the white and black lists in mysql. Give them access to that and you're all set. Here is my work I did on storing the black and whitelists in mysql: http://lists.mailscanner.info/pipermail/mailscanner/2009-October/093484. html Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard at seveninternet.co.uk Thu Feb 4 17:02:56 2010 From: richard at seveninternet.co.uk (richard@seveninternet.co.uk) Date: Thu Feb 4 17:03:05 2010 Subject: MS spamassassin timeouts Message-ID: <20100204170256.9328.qmail@venus.seveninternet.co.uk> Sorry I'm out of the country until Tuesday 9th Feb. From brent at beanfield.com Thu Feb 4 17:28:34 2010 From: brent at beanfield.com (Brent Bloxam) Date: Thu Feb 4 17:28:46 2010 Subject: "Required SpamAssassin Score" custom function gets called multiple times In-Reply-To: <5DC600B80DB6EE4BAB1D631E14FBADCC0134922C@bohr.physics.byu.edu> References: <4B69D608.9020707@beanfield.com> <5DC600B80DB6EE4BAB1D631E14FBADCC0134922C@bohr.physics.byu.edu> Message-ID: <4B6B03C2.6090804@beanfield.com> Thank you Nick, somehow didn't manage to locate that thread in my searching. Exactly the issue I'm experiencing and that explanation from Julian will suffice :) Blatter, Nicholas wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Brent Bloxam >> Sent: Wednesday, February 03, 2010 1:01 PM >> To: MailScanner discussion >> Subject: "Required SpamAssassin Score" custom function gets called >> multiple times >> >> I've setup a custom function to implement per-user spam scores for >> SpamAssassin >> >> Is there a reason it appears to be called 3 times? There are no loops in >> the function that would cause the logging to be erroneously repeated, >> and it's occurring consistently > > I actually sent this same question to the list about six months ago and Jules answered it for me. You can find his answer on the list archives: > > http://lists.mailscanner.info/pipermail/mailscanner/2009-August/092754.html > > My guess is you're seeing the same behavior. > > Nick From pparsons at columbiafuels.com Fri Feb 5 19:43:23 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Fri Feb 5 19:45:04 2010 Subject: Hey guys Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> A pdf attachment keeps getting a message of Non-delivery of nonspam: message when it is set to deliver any idea's ?? Thank you. Philip Parsons Corporate Team Lead, IT and Telecommunications Columbia Fuels Inc. A Division of Parkland Industries LP 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 www.columbiafuels.com www.parkland.ca pparsons@columbiafuels.com Register for Access Online - Access to your Columbia Fuels account information online 24/7 IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying and distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and e-mail confirmation to the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100205/66476923/attachment.html From richard at seveninternet.co.uk Fri Feb 5 19:55:08 2010 From: richard at seveninternet.co.uk (richard@seveninternet.co.uk) Date: Fri Feb 5 19:55:17 2010 Subject: Hey guys Message-ID: <20100205195508.21695.qmail@venus.seveninternet.co.uk> Sorry I'm out of the country until Tuesday 9th Feb. From alex at rtpty.com Fri Feb 5 20:24:06 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Feb 5 20:24:20 2010 Subject: Hey guys In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> References: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> Message-ID: Yeah. Something might be misconfigured. Could you be a bit more specific about the error message, OS, bits, MailScanner version, SA/Clam version, etc.? On Feb 5, 2010, at 2:43 PM, Philip Parsons wrote: > A pdf attachment keeps getting a message of Non-delivery of nonspam: message when it is set to deliver any idea?s ?? > > > From pparsons at columbiafuels.com Fri Feb 5 20:35:07 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Fri Feb 5 20:36:54 2010 Subject: Hey guys In-Reply-To: References: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B4001@sprocket.columbiafuels.com> Fedora 9 clamav 0.95/10361 Feb 5 09:11:50 mailscanner 4.75.11 spamassassin 3.2.5 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Friday, February 05, 2010 12:24 PM To: MailScanner discussion Subject: Re: Hey guys Yeah. Something might be misconfigured. Could you be a bit more specific about the error message, OS, bits, MailScanner version, SA/Clam version, etc.? On Feb 5, 2010, at 2:43 PM, Philip Parsons wrote: > A pdf attachment keeps getting a message of Non-delivery of nonspam: message when it is set to deliver any idea's ?? > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mmcintosh at infowall.com Fri Feb 5 21:30:31 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Fri Feb 5 21:30:46 2010 Subject: Hey guys In-Reply-To: <7C62BFED4DC0CE488F93865D83A61E64020B4001@sprocket.columbiafuels.com> References: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> <7C62BFED4DC0CE488F93865D83A61E64020B4001@sprocket.columbiafuels.com> Message-ID: <4B6C8DF7.5060103@infowall.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100205/853b5eb8/attachment.html From pparsons at columbiafuels.com Fri Feb 5 22:22:20 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Fri Feb 5 22:28:17 2010 Subject: Hey guys In-Reply-To: <4B6C8DF7.5060103@infowall.com> References: <7C62BFED4DC0CE488F93865D83A61E64020B4000@sprocket.columbiafuels.com> <7C62BFED4DC0CE488F93865D83A61E64020B4001@sprocket.columbiafuels.com> <4B6C8DF7.5060103@infowall.com> Message-ID: <7C62BFED4DC0CE488F93865D83A61E64020B4004@sprocket.columbiafuels.com> Thanks I have figure it out the e-mail that had the .pdf that kept getting a non delivery had a facebook link embedded into it and I had a MCP rule that was set to remove the messages. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mark McIntosh Infowall Sent: Friday, February 05, 2010 1:31 PM To: MailScanner discussion Subject: Re: Hey guys Philip Parsons wrote: Fedora 9 clamav 0.95/10361 Feb 5 09:11:50 mailscanner 4.75.11 spamassassin 3.2.5 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Friday, February 05, 2010 12:24 PM To: MailScanner discussion Subject: Re: Hey guys Yeah. Something might be misconfigured. Could you be a bit more specific about the error message, OS, bits, MailScanner version, SA/Clam version, etc.? On Feb 5, 2010, at 2:43 PM, Philip Parsons wrote: A pdf attachment keeps getting a message of Non-delivery of nonspam: message when it is set to deliver any idea's ?? I believe I had this issue last year and it was a size issue at least for me some pdf's can be quite large. Mark McIntosh -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100205/9c242a1f/attachment.html From lists at openenterprise.ca Sat Feb 6 05:21:47 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Feb 6 05:21:56 2010 Subject: Help: Busted My MailScanner Install Message-ID: <4B6CFC6B.6010605@openenterprise.ca> Well it looks like I truly hooped my MS install on CentOS 5.4. Previously I was using the fsl-beta.repo and then decided to try and update with the recent tar ball from mailscanner.info. First mistake. This led to a failed build and multiple perl errors like these: BEGIN failed--compilation aborted at blib/lib/OLE/Storage_Lite.pm line 171. Compilation failed in require at test.pl line 11. BEGIN failed--compilation aborted at test.pl line 11. not ok 1 make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) And now while doing some hosuekeeping I came across folder that I was not sure of and deleted it (/opt/fsl). So now I get these errors below from a cron job for bad_phishing sites. Whats the best way to get back to the working fsl-beta.repo, OR back to being able to use the standard ms tar balls? /etc/cron.hourly/update_bad_phishing_sites: Can't locate IO/File.pm in @INC (@INC contains: /opt/fsl/lib/perl5 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/lib/perl5/5.8.8/FileHandle.pm line 9. Compilation failed in require at /usr/sbin/Quick.Peek line 9. -- Johnny Stork From richard at seveninternet.co.uk Sat Feb 6 05:30:32 2010 From: richard at seveninternet.co.uk (richard@seveninternet.co.uk) Date: Sat Feb 6 05:30:45 2010 Subject: Help: Busted My MailScanner Install Message-ID: <20100206053032.14242.qmail@venus.seveninternet.co.uk> Sorry I'm out of the country until Tuesday 9th Feb. From supunr at lankacom.net Sat Feb 6 05:36:04 2010 From: supunr at lankacom.net (Supun Rathnayake) Date: Sat Feb 6 05:36:30 2010 Subject: Mailscanner + Kaspersky 5.7 Message-ID: <4B6CFFC4.2050904@lankacom.net> Hi everybody, Does any one has a working setup with kaspersky command line scanner new version ( kav4ws_5.7-26_i386.deb ) with ubuntu server 9.10 I checked that the kaspersky is working when manually scanning on command line but with the mailscanner setup. following is my config: and MS lint output virus.scanners.conf: kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky # MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5855 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.79.11) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (124) MailScanner setting UID to (117) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. I have found kaspersky-4.5 clamav scanners installed, and will use them all by default. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 15 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamav, kaspersky-4.5 =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== If any of your virus scanners (clamav,kaspersky-4.5) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Thanks in advance, Supun. From lists at tippingmar.com Sat Feb 6 05:51:23 2010 From: lists at tippingmar.com (Mark Nienberg) Date: Sat Feb 6 05:51:43 2010 Subject: Help: Busted My MailScanner Install In-Reply-To: <4B6CFC6B.6010605@openenterprise.ca> References: <4B6CFC6B.6010605@openenterprise.ca> Message-ID: <4B6D035B.4080608@tippingmar.com> On 2/5/10 9:21 PM, Johnny Stork wrote: > > Whats the best way to get back to the working fsl-beta.repo, OR back > to being able to use the standard ms tar balls? Why not download the latest stable version for Redhat, CentOS and Fedora linux (and other rpm distributions) and then run the install script? http://www.mailscanner.info/downloads.html Mark From lists at openenterprise.ca Sat Feb 6 17:51:39 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Feb 6 17:51:53 2010 Subject: Help: Busted My MailScanner Install In-Reply-To: <4B6D035B.4080608@tippingmar.com> References: <4B6CFC6B.6010605@openenterprise.ca> <4B6D035B.4080608@tippingmar.com> Message-ID: <4B6DAC2B.2050805@openenterprise.ca> Tried that of course, but thats when I get all those per errors BEGIN failed--compilation aborted at blib/lib/OLE/Storage_Lite.pm line 171. Compilation failed in require at test.pl line 11. BEGIN failed--compilation aborted at test.pl line 11. not ok 1 make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.39451 (%build) On 10-02-05 09:51 PM, Mark Nienberg wrote: > On 2/5/10 9:21 PM, Johnny Stork wrote: >> >> Whats the best way to get back to the working fsl-beta.repo, OR back >> to being able to use the standard ms tar balls? > Why not download the latest stable version for Redhat, CentOS and > Fedora linux (and other rpm distributions) and then run the install > script? > > http://www.mailscanner.info/downloads.html > > Mark -- Johnny Stork From ecasarero at gmail.com Mon Feb 8 19:05:00 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Feb 8 19:05:29 2010 Subject: filename & filetype with CustomFunctions Message-ID: <7d9b3cf21002081105m4aa8f9f3y245fa17f6024bf4e@mail.gmail.com> I'm playing with some custom functions and the filename rulset. Is posible to use custom functions here? what should be the return string when the to_address pattern match. I was doing some test, but sending for example "allow *. - - -" didn't work, although that string in a filename.rules work ok. any help would be appreciated. thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100208/18f1143a/attachment.html From mmmm82 at gmail.com Tue Feb 9 08:26:20 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Tue Feb 9 08:26:30 2010 Subject: Scanning images Message-ID: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> Hi: Today I got some emails that had attached images containing unwanted material My MailScanner tagged it as clean RBL did not find tag the domain or IP as black list ( I use spamhaus-zen and CBL) SA scores were as follows 0.10RDNS_NONE 2.90TVD_SPACE_RATIO The body was empty only an attachment of a jpg image containing the unwanted material I use RBL test and SA no bayes or MCP 1- How can detect such messages? 2- Can anyone explain a little bit what MCP does and when or why do I need it. All I read is what was written in the MailScanner.conf documentation and that it uses another copy of SA to rescan the body (attachments are part of the body, correct me if I misunderstand attachments), doesn't SA already scan the body?? why scan again the same thing with different rules? why not have all these rules under SA in the first place and do one full scan? please shed some light so I can understand the mechanism Thanks Best Regards Monis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/3e9575f4/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 9 08:33:08 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Feb 9 08:33:35 2010 Subject: filename & filetype with CustomFunctions In-Reply-To: <7d9b3cf21002081105m4aa8f9f3y245fa17f6024bf4e@mail.gmail.com> References: <7d9b3cf21002081105m4aa8f9f3y245fa17f6024bf4e@mail.gmail.com> <4B711DC4.8070805@ecs.soton.ac.uk> Message-ID: The "Filename Rules" setting in MailScanner.conf takes a filename, so that is what your Custom Function must produce. Very straightforward. What you may find more helpful is to use the "Allow Filenames", "Deny Filenames" and so on settings with a Custom Function instead, as they would allow your Custom Function to produce lists of filename patterns that you want to allow or deny. Hope that helps, Jules. On 08/02/2010 19:05, Eduardo Casarero wrote: > I'm playing with some custom functions and the filename rulset. Is > posible to use custom functions here? what should be the return string > when the to_address pattern match. I was doing some test, but sending > for example "allow *. - - -" didn't work, although that string in a > filename.rules work ok. > > any help would be appreciated. > > thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Tue Feb 9 08:49:19 2010 From: john at tradoc.fr (John Wilcock) Date: Tue Feb 9 08:49:32 2010 Subject: Scanning images In-Reply-To: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> Message-ID: <4B71218F.3040206@tradoc.fr> Le 09/02/2010 09:26, Monis Monther a ?crit : > 2- Can anyone explain a little bit what MCP does and when or why do I > need it. All I read is what was written in the MailScanner.conf > documentation and that it uses another copy of SA to rescan the body > (attachments are part of the body, correct me if I misunderstand > attachments), doesn't SA already scan the body?? why scan again the same > thing with different rules? why not have all these rules under SA in the > first place and do one full scan? please shed some light so I can > understand the mechanism The main point of MCP was to scan with totally different rules, for example to detect messages that are not spam but that infringe corporate policy on acceptable content, and that therefore need to be processed differently to spam (different archive settings, etc.). However, the SpamAssassin Rule Actions setting now allows you to take different actions based on hitting particular rules, and is thus a far more efficient way of achieving the same effect. MCP is still there for those who want it, but is no longer a recommended solution. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From glenn.steen at gmail.com Tue Feb 9 08:53:48 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 9 08:53:57 2010 Subject: Scanning images In-Reply-To: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> Message-ID: <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> On 9 February 2010 09:26, Monis Monther wrote: > > Hi: > > Today I got some emails that had attached images containing unwanted material > > > My MailScanner tagged it as clean > > RBL did not find tag the domain or IP as black list ( I use spamhaus-zen and CBL) I might be having a senior moment, but.... Isn't CBL part of zen? > SA scores were as follows > 0.10RDNS_NONE > 2.90TVD_SPACE_RATIO > The body was empty only an attachment of a jpg image containing the unwanted material > > I use RBL test and SA no bayes or MCP > > 1- How can detect such messages? Since many years I use ImageInfo in SA, to great effect. Since it mostly is a bunch of rules, it'll cost little. Else you might explore FuzzyOCR, but this comes with a rather hefty performance impact... I'd only use it on low-volume systems;). Else... you'll have to look at the actual message (and the whole message, body and headers) to try determine if there is anything you can try score it with (Things like Bayes and CRM114 will likely not help here). I'm sure others have other ideas:-) > > 2- Can anyone explain a little bit what MCP does and when or why do I need it. All I read is what was written in the MailScanner.conf documentation and that it uses another copy of SA to rescan the body (attachments are part of the body, correct me if I misunderstand attachments), doesn't SA already scan the body?? why scan again the same thing with different rules? why not have all these rules under SA in the first place and do one full scan? please shed some light so I can understand the mechanism > Message Content Protection is actually a second SpamAssassin, with a completely separate configuration. It's main goals are to have separate actions on specific words/rules. It is deprecated since a while back... It's functionality has been "replaced" by use of SpamAssassin Rule Hit configuration... which has none of the performance-related impact that MCP carries. So... Don't use MCP;-) > Thanks > > Best Regards > > Monis > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Tue Feb 9 13:31:11 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 9 13:31:25 2010 Subject: Scanning images In-Reply-To: <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> Message-ID: Glenn Steen wrote on Tue, 9 Feb 2010 09:53:48 +0100: > Since many years I use ImageInfo in SA, to great effect. Does it still work with 3.3.0? I'm contemplating to add it to my mix. I've recently seen some spam slip thru and these were all > 500 KB image-only spams. Probably the same stuff the OP talks about. I assume you have to increase the Max SpamAssassin Size for such images or does that apply only to text? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ecasarero at gmail.com Tue Feb 9 14:03:43 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Feb 9 14:04:13 2010 Subject: filename & filetype with CustomFunctions In-Reply-To: References: <4B711DC4.8070805@ecs.soton.ac.uk> <7d9b3cf21002081105m4aa8f9f3y245fa17f6024bf4e@mail.gmail.com> Message-ID: <7d9b3cf21002090603l7a89648fv7b21d34bf76e2e8d@mail.gmail.com> 2010/2/9 Jules Field > The "Filename Rules" setting in MailScanner.conf takes a filename, so that > is what your Custom Function must produce. Very straightforward. > > What you may find more helpful is to use the "Allow Filenames", "Deny > Filenames" and so on settings with a Custom Function instead, as they would > allow your Custom Function to produce lists of filename patterns that you > want to allow or deny. > > Hope that helps, > Jules. > > > On 08/02/2010 19:05, Eduardo Casarero wrote: > >> I'm playing with some custom functions and the filename rulset. Is posible >> to use custom functions here? what should be the return string when the >> to_address pattern match. I was doing some test, but sending for example >> "allow *. - - -" didn't work, although that string in a filename.rules work >> ok. >> >> any help would be appreciated. >> >> thanks! >> > > Jules > > thanks julian > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/7470d733/attachment.html From ezikoh at gmail.com Tue Feb 9 14:19:21 2010 From: ezikoh at gmail.com (Ezequiel Bertone) Date: Tue Feb 9 14:19:30 2010 Subject: Problem with process Mailscanner Message-ID: Hi, I have a Opensuse 11.1 x64, I installed Mailscanner with sendmail. The problems is what the Mailscanner break the processes and the mail spam is received in the sendmail. Then, I need reinit the procees Mailscanner. The problems is 2 o 3 times every day and the sendmail cras. Now, can something please helpme with the problem or what I can have to resolve? Thanyou. Sorry for my English. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/6cb109ce/attachment.html From mmmm82 at gmail.com Tue Feb 9 19:28:34 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Tue Feb 9 19:28:47 2010 Subject: Scanning images In-Reply-To: References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> Message-ID: <837e17ab1002091128t761cb990v1cb1ae4f554f7bb4@mail.gmail.com> Hi Kai What is ImageInfo in SA, first time I hear about such a thing Can you provide a good link about it ,Thanks Best Regards Monis On Tue, Feb 9, 2010 at 3:31 PM, Kai Schaetzl wrote: > Glenn Steen wrote on Tue, 9 Feb 2010 09:53:48 +0100: > > > Since many years I use ImageInfo in SA, to great effect. > > Does it still work with 3.3.0? I'm contemplating to add it to my mix. I've > recently seen some spam slip thru and these were all > 500 KB image-only > spams. Probably the same stuff the OP talks about. I assume you have to > increase the Max SpamAssassin Size for such images or does that apply only > to text? > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/b033fa2a/attachment.html From uxbod at splatnix.net Tue Feb 9 20:11:25 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Feb 9 20:11:39 2010 Subject: Scanning images In-Reply-To: <837e17ab1002091128t761cb990v1cb1ae4f554f7bb4@mail.gmail.com> Message-ID: <3035524.83.1265746285229.JavaMail.root@office.splatnix.net> ----- "Monis Monther" wrote: Hi Kai What is ImageInfo in SA, first time I hear about such a thing Can you provide a good link about it ,Thanks Best Regards Monis On Tue, Feb 9, 2010 at 3:31 PM, Kai Schaetzl < maillists@conactive.com > wrote: Glenn Steen wrote on Tue, 9 Feb 2010 09:53:48 +0100: > Since many years I use ImageInfo in SA, to great effect. Does it still work with 3.3.0? I'm contemplating to add it to my mix. I've recently seen some spam slip thru and these were all > 500 KB image-only spams. Probably the same stuff the OP talks about. I assume you have to increase the Max SpamAssassin Size for such images or does that apply only to text? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! http://www.rulesemporium.com/plugins/ImageInfo.pm or look at http://wiki.apache.org/spamassassin/FuzzyOcrPlugin -- Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/e634dbd5/attachment.html From maillists at conactive.com Tue Feb 9 21:31:14 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Feb 9 21:31:25 2010 Subject: Scanning images In-Reply-To: <837e17ab1002091128t761cb990v1cb1ae4f554f7bb4@mail.gmail.com> References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> <837e17ab1002091128t761cb990v1cb1ae4f554f7bb4@mail.gmail.com> Message-ID: Why not google? That's what I did. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jeffrey at nikoletich.com Tue Feb 9 22:26:31 2010 From: jeffrey at nikoletich.com (Jeffrey Nikoletich) Date: Tue Feb 9 22:26:44 2010 Subject: Undefined subroutine error Message-ID: <201002092226.o19MQZ4m019841@safir.blacknight.ie> Hello everyone, I am having the follow error come up when attempting to use the SQLSpamSettings.pm with mailscanner: Undefined subroutine &MailScanner::CustomConfig::SQLSpamSettings called at /usr/lib/MailScanner/MailScanner/Config.pm line 174. I have 2 other modules SQLBlackList and SQLWhiteList setup and they are working fine. When I change Required SpamAssassin Score = back to the default, messages will get delivered. Any help or pointers will be appreciated. Thanks in advance. -- Jeffrey Nikoletich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100209/1afa2a0b/attachment.html From yingyang at exemail.com.au Tue Feb 9 23:52:31 2010 From: yingyang at exemail.com.au (Ying) Date: Tue Feb 9 23:52:48 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk> Message-ID: <6708380C165243D1849C586A4457E8F8@tardis2> Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. ? MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC ? ? Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/1150d577/attachment.html From peter at farrows.org Wed Feb 10 01:08:54 2010 From: peter at farrows.org (Peter Farrow) Date: Wed Feb 10 01:09:26 2010 Subject: bug report In-Reply-To: <6708380C165243D1849C586A4457E8F8@tardis2> References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> Message-ID: <4B720726.4050004@farrows.org> Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: > Hello, > Did you even read my report? > I state it work with spamassassin directly, it work with amavisd, it > work with mailscanner until SA upgrade. so very obviously SA works as > all read /etc/postfix/spamassassin/*, just not properly with > mailscanner anymore, do you treat everyone like this and dismiss out > of hand without reading or comprehend what said or investigate? > and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. > > ----- Original Message ----- > *From:* Jules Field > *To:* Ying > *Sent:* Tuesday, February 09, 2010 6:29 PM > *Subject:* Re: bug report > > If it is not doing the tests, then you have not enabled them in > the /etc/mail/spamassassin/v*.pre files. > This is not a MailScanner problem, I suggest you read the SA > documentation. > > On 09/02/2010 02:29, Ying wrote: >> >> BUG REPORT >> >> MailScanner does not do many SpamAssassin tests, this is local >> rules and >> >> URI tests, eg: .multi.uribl.com and all others >> >> Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner >> work fine >> >> for many month with same configuration even from last version >> which also has >> >> this problem. In testing we even remove all the whitelists. >> >> MailScanner-4.79.11-1 source install >> >> SpamAssassin 3.3.0 from CPAN >> >> Perl Modules - all required installed and update from CPAN >> >> MailScanner and SpamAssassin both --lint OK >> >> MailScanner run as user postfix >> >> amavisd-new run as user vscan >> >> /etc/postfix/spamassasin owner is root directory is 0755 >> >> Unreproducable by spamassasin -t < queue file >> >> Unreproducable by amavisd-new >> >> both of these tests score as expected. >> >> Monitor of Bind show MailScanner does not ask URI questions >> >> also scan real fast and not asking Razor or DCC >> >> Using MailScanner and amavisd-new together, MailScanner take message >> >> first before amavisd-new. >> >> MailScanner say- >> >> X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, >> score=0, >> >> required 3, autolearn=disabled) >> >> amavisd-new say- >> >> X-Virus-Scanned: amavisd-new at YUKI >> >> X-Spam-Flag: NO >> >> X-Spam-Score: 1.313 >> >> X-Spam-Level: * >> >> X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 >> >> tests=[URI_HEX=1.313] autolearn=disabled >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book atwww.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* system > scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/8c7e1cb7/attachment.html From supunr at lankacom.net Wed Feb 10 07:31:06 2010 From: supunr at lankacom.net (Supun Rathnayake) Date: Wed Feb 10 07:31:31 2010 Subject: debugging mailscanner Message-ID: <4B7260BA.2070708@lankacom.net> Hi , It would be great if someone could show me how to debug mailscanner I wanted to troubleshoot some virus scanning part, but when I run MailScanner in the debugging mode as follows ( with --debug flag ) it only gives a very few line lines which is not sufficient to get into the actual problem. # MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. Stopping now as you are debugging me. -- With Best Regards, Supun Rathnayake Lanka communication Services (Pvt) Ltd. 65C, Dharmapala Mawatha, Colombo 07. Sri Lanka. Tel: +94-11-2437545 http://www.lankacom.net http://blog.lankacom.net From glenn.steen at gmail.com Wed Feb 10 08:36:33 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Feb 10 08:36:41 2010 Subject: Scanning images In-Reply-To: References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> Message-ID: <223f97701002100036m6b6da19bqffb0277f211493b9@mail.gmail.com> On 9 February 2010 14:31, Kai Schaetzl wrote: > Glenn Steen wrote on Tue, 9 Feb 2010 09:53:48 +0100: > >> Since many years I use ImageInfo in SA, to great effect. > > Does it still work with 3.3.0? I'm contemplating to add it to my mix. I've > recently seen some spam slip thru and these were all > 500 KB image-only > spams. Probably the same stuff the OP talks about. I assume you have to > increase the Max SpamAssassin Size for such images or does that apply only > to text? > > Kai > I honestly don't know... I usually try to keep on top of things, but lately... Other Work has eaten all my time... Hopefully I can give you a better answer next week (when I've at least had time to upgrade a testbed). I sure do hope it will work OK, since it has been ... good... with this type of sh*t:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mmmm82 at gmail.com Wed Feb 10 09:10:23 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Wed Feb 10 09:10:32 2010 Subject: Scanning images In-Reply-To: References: <837e17ab1002090026x39bca026yabd989f50da81181@mail.gmail.com> <223f97701002090053t60f9861ida911ed1c50447f4@mail.gmail.com> <837e17ab1002091128t761cb990v1cb1ae4f554f7bb4@mail.gmail.com> Message-ID: <837e17ab1002100110w7c61f95bwe902af0b85202baa@mail.gmail.com> Phill thanks for the Links Kai: Thanks for all the help Thanks to everyone on the List Best Regards Monis On Tue, Feb 9, 2010 at 11:31 PM, Kai Schaetzl wrote: > Why not google? That's what I did. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/7712e499/attachment.html From yingyang at exemail.com.au Wed Feb 10 09:52:48 2010 From: yingyang at exemail.com.au (Ying) Date: Wed Feb 10 09:53:07 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> <4B720726.4050004@farrows.org> Message-ID: I show respect, I did by private bug report, but I get told I need to read documentation, I am no newby, but alas mailscanner dev think so, so I ask myself why waste my time with bug report when not welcome, I have private mail too by someone who has similar problem, they say run slackware, we run debian, he think it because run latest perl modules. but why I care now after mailscanner dev response. my 5 yo son could tell the answers from amavisd is different to what mailscanner be. So sorry for wasting my time, wont report bugs anymore here ----- Original Message ----- From: Peter Farrow To: MailScanner discussion Sent: Wednesday, February 10, 2010 11:08 AM Subject: Re: bug report Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. ? MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC ? ? Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/c8e51847/attachment.html From uxbod at splatnix.net Wed Feb 10 10:05:05 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Feb 10 10:05:25 2010 Subject: bug report In-Reply-To: Message-ID: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> Instead of checking Amavis or MailScanner what happens when you run the message directly through SA ? -- Thanks, Phil ps: Top posting as Pete did :) ----- "Ying" wrote: I show respect, I did by private bug report, but I get told I need to read documentation, I am no newby, but alas mailscanner dev think so, so I ask myself why waste my time with bug report when not welcome, I have private mail too by someone who has similar problem, they say run slackware, we run debian, he think it because run latest perl modules. but why I care now after mailscanner dev response. my 5 yo son could tell the answers from amavisd is different to what mailscanner be. So sorry for wasting my time, wont report bugs anymore here ----- Original Message ----- From: Peter Farrow To: MailScanner discussion Sent: Wednesday, February 10, 2010 11:08 AM Subject: Re: bug report Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/55fe8b43/attachment-0001.html From maillists at conactive.com Wed Feb 10 12:19:29 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 10 12:19:41 2010 Subject: bug report In-Reply-To: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> Message-ID: --[ UxBoD ]-- wrote on Wed, 10 Feb 2010 10:05:05 +0000 (GMT): > ps: Top posting as Pete did :) I would prefer if you didn't quote at all then. This kind of top posting is violating mail message RFCs as it contains multiple signature dividers. And it's not marked as a quote either. Is it really that hard to not send HTML to a mailing list and quote correctly? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Feb 10 12:19:29 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 10 12:19:42 2010 Subject: bug report In-Reply-To: <6708380C165243D1849C586A4457E8F8@tardis2> References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> Message-ID: Ying wrote on Wed, 10 Feb 2010 09:52:31 +1000: Same question to you: Is it really that hard to not send HTML to a mailing list and quote correctly? > as all read /etc/postfix/spamassassin/*, That might be the problem. It's non-standard for MailScanner and non-standard for SA. Use the --debug switch and check if SA via MS is really using the files there. > I did by private bug report Honestly, that wasn't really a bug report. I hope you know that. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From uxbod at splatnix.net Wed Feb 10 12:41:30 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Feb 10 12:42:16 2010 Subject: bug report In-Reply-To: Message-ID: <15319817.150.1265805690131.JavaMail.root@office.splatnix.net> Skipped content of type multipart/related From maxsec at gmail.com Wed Feb 10 12:49:12 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Feb 10 12:49:22 2010 Subject: bug report In-Reply-To: References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> Message-ID: <72cf361e1002100449y521ade68lb1afea8cfcee1ecb@mail.gmail.com> On 10 February 2010 12:19, Kai Schaetzl wrote: > Ying wrote on Wed, 10 Feb 2010 09:52:31 +1000: > > Same question to you: > Is it really that hard to not send HTML to a mailing list and quote > correctly? > > > as all read /etc/postfix/spamassassin/*, > > That might be the problem. It's non-standard for MailScanner and > non-standard > for SA. Use the --debug switch and check if SA via MS is really using the > files there. > > > I did by private bug report > > Honestly, that wasn't really a bug report. I hope you know that. > > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Ying now as you know MailScanner runs as a specific user (postfix perhaps in your setup). SA 3.3.0 does NOT come with any default rules but relies on sa-update to pull down the rules. So, can the 'postfix' user see those rules (file permissions) and does SA run as the postfix user also run those network rules? -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/852e9ef7/attachment.html From MailScanner at ecs.soton.ac.uk Wed Feb 10 14:33:01 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 10 14:33:08 2010 Subject: Undefined subroutine error In-Reply-To: <201002092226.o19MQZ4m019841@safir.blacknight.ie> References: <201002092226.o19MQZ4m019841@safir.blacknight.ie> <4B72C39D.3090809@ecs.soton.ac.uk> Message-ID: Which file do you think defines sub SQLSpamSettings? On 09/02/2010 22:26, Jeffrey Nikoletich wrote: > Hello everyone, > I am having the follow error come up when attempting to use the > SQLSpamSettings.pm with mailscanner: > Undefined subroutine &MailScanner::CustomConfig::SQLSpamSettings > called at /usr/lib/MailScanner/MailScanner/Config.pm line 174. > I have 2 other modules SQLBlackList and SQLWhiteList setup and they > are working fine. When I change Required SpamAssassin Score = back to > the default, messages will get delivered. > Any help or pointers will be appreciated. > Thanks in advance. > -- > Jeffrey Nikoletich Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Wed Feb 10 15:29:24 2010 From: peter at farrows.org (Peter Farrow) Date: Wed Feb 10 15:30:02 2010 Subject: bug report In-Reply-To: References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> Message-ID: <4B72D0D4.9@farrows.org> On 10/02/2010 12:19, Kai Schaetzl wrote: > --[ UxBoD ]-- wrote on Wed, 10 Feb 2010 10:05:05 +0000 (GMT): > > >> ps: Top posting as Pete did :) >> > I would prefer if you didn't quote at all then. This kind of top posting > is violating mail message RFCs as it contains multiple signature dividers. > And it's not marked as a quote either. > Is it really that hard to not send HTML to a mailing list and quote > correctly? > > Kai > > Is this aversion to html messages and maybe top posting as well relating to saving paper on your teletype terminals. Personally I've had a mail reader that can handle HTML for 10 years now, and it has a colour display too! :-P .. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [1]. http://www.inexcom.co.uk From rcooper at dwford.com Wed Feb 10 16:31:47 2010 From: rcooper at dwford.com (Rick Cooper) Date: Wed Feb 10 16:32:04 2010 Subject: bug report In-Reply-To: References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2><4B720726.4050004@farrows.org> Message-ID: <8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ying Sent: Wednesday, February 10, 2010 4:53 AM To: MailScanner discussion Subject: Re: bug report I show respect, I did by private bug report, but I get told I need to read documentation, I am no newby, but alas mailscanner dev think so, so I ask myself why waste my time with bug report when not welcome, I have private mail too by someone who has similar problem, they say run slackware, we run debian, he think it because run latest perl modules. but why I care now after mailscanner dev response. my 5 yo son could tell the answers from amavisd is different to what mailscanner be. So sorry for wasting my time, wont report bugs anymore here [Rick Cooper] I am wondering if something was lost in the translation here. Clearly English is not your native tongue and you might well have misinterpreted his attitude. You must also realize that Julian gets/answers thousands of mails in a week and a very large number are simple configuration errors. Plus if you upgraded SA and MS did not change then the issue is likely permissions or configuration. Personally I would be looking to see if the local.cf link is correct as this could explain why MS is skipping network tests and amavisd is not. there should be a link between /etc/mail/spamassassin/local. cf and /opt/MailScanner/etc/spam.assassin.prefs.conf. Also check your MS config setting for "SpamAssassin Default Rules Dir", "SpamAssassin Local Rules Dir" and "SpamAssassin Site Rules Dir". Clearly if MS skips some tests that the others do not they must not be using the same rules. Also bear in mind your English is so broken it's hard to follow. Of course the only way I could possibly write to you in your native tongue would be to run it through babblefish and I can tell you from experience that what you enter there many times loses much in the translation, you might have a very hard time understanding me and certainly have issues with context and meaning. ----- Original Message ----- From: Peter Farrow To: MailScanner discussion Sent: Wednesday, February 10, 2010 11:08 AM Subject: Re: bug report Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. ? MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC ? ? Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. _____ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100210/5224e268/attachment.html From uxbod at splatnix.net Wed Feb 10 18:52:25 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Feb 10 18:52:52 2010 Subject: bug report In-Reply-To: <8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT> Message-ID: <24524039.154.1265827945937.JavaMail.root@office.splatnix.net> ----- "Rick Cooper" wrote: > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ying > Sent: Wednesday, February 10, 2010 4:53 AM > To: MailScanner discussion > Subject: Re: bug report > > > > I show respect, I did by private bug report, but I get told I need to > read documentation, I am no newby, but alas mailscanner dev think so, > so I ask myself why waste my time with bug report when not welcome, I > have private mail too by someone who has similar problem, they say run > slackware, we run debian, he think it because run latest perl modules. > but why I care now after mailscanner dev response. my 5 yo son could > tell the answers from amavisd is different to what mailscanner be. > > So sorry for wasting my time, wont report bugs anymore here > [Rick Cooper] > > I am wondering if something was lost in the translation here. Clearly > English is not your native tongue and you might well have > misinterpreted his attitude. You must also realize that Julian > gets/answers thousands of mails in a week and a very large number are > simple configuration errors. Plus if you upgraded SA and MS did not > change then the issue is likely permissions or configuration. > Personally I would be looking to see if the local.cf link is correct > as this could explain why MS is skipping network tests and amavisd is > not. there should be a link between /etc/mail/spamassassin/local.cf > and /opt/MailScanner/etc/spam.assassin.prefs.conf. Also check your MS > config setting for "SpamAssassin Default Rules Dir", "SpamAssassin > Local Rules Dir" and "SpamAssassin Site Rules Dir". Clearly if MS > skips some tests that the others do not they must not be using the > same rules. > > Also bear in mind your English is so broken it's hard to follow. Of > course the only way I could possibly write to you in your native > tongue would be to run it through babblefish and I can tell you from > experience that what you enter there many times loses much in the > translation, you might have a very hard time understanding me and > certainly have issues with context and meaning. > > > > ----- Original Message ----- > From: Peter Farrow > To: MailScanner discussion > Sent: Wednesday, February 10, 2010 11:08 AM > Subject: Re: bug report > > Ying: > > Show some respect here, I am sure Jules would have read your bug > report, so no need to adopt that tone. > > If you want help from someone its good start to be on your best > behaviour, no one this list has an obligation to help you, please > remember that when you type your replies. > > regards > > Pete > ps: I am top posting because this thread is in that format. > > On 09/02/2010 23:52, Ying wrote: > > > Hello, > Did you even read my report? > > I state it work with spamassassin directly, it work with amavisd, it > work with mailscanner until SA upgrade. so very obviously SA works as > all read /etc/postfix/spamassassin/*, just not properly with > mailscanner anymore, do you treat everyone like this and dismiss out > of hand without reading or comprehend what said or investigate? > > and yes /etc/postfix is symlink to /etc/mail, else amavisd would not > work. > > > ----- Original Message ----- > From: Jules Field > To: Ying > Sent: Tuesday, February 09, 2010 6:29 PM > Subject: Re: bug report > > If it is not doing the tests, then you have not enabled them in the > /etc/mail/spamassassin/v*.pre files. > This is not a MailScanner problem, I suggest you read the SA > documentation. > > On 09/02/2010 02:29, Ying wrote: > > > > > BUG REPORT > > MailScanner does not do many SpamAssassin tests, this is local rules > and > > URI tests, eg: .multi.uribl.com and all others > > Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work > fine > > for many month with same configuration even from last version which > also has > > this problem. In testing we even remove all the whitelists. > > > > MailScanner-4.79.11-1 source install > > SpamAssassin 3.3.0 from CPAN > > Perl Modules - all required installed and update from CPAN > > MailScanner and SpamAssassin both --lint OK > > MailScanner run as user postfix > > amavisd-new run as user vscan > > /etc/postfix/spamassasin owner is root directory is 0755 > > Unreproducable by spamassasin -t < queue file > > Unreproducable by amavisd-new > > both of these tests score as expected. > > Monitor of Bind show MailScanner does not ask URI questions > > also scan real fast and not asking Razor or DCC > > > > > > Using MailScanner and amavisd-new together, MailScanner take message > > first before amavisd-new. > > MailScanner say- > > X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0, > > required 3, autolearn=disabled) > > amavisd-new say- > > X-Virus-Scanned: amavisd-new at YUKI > > X-Spam-Flag: NO > > X-Spam-Score: 1.313 > > X-Spam-Level: * > > X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 > > tests=[URI_HEX=1.313] autolearn=disabled > > > Jules > Which is one of the reasons why we would need to see the output direct from SpamAssassin and not from Amavisd. -- Thanks - Phil From maillists at conactive.com Wed Feb 10 22:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 10 22:31:29 2010 Subject: bug report In-Reply-To: <4B72D0D4.9@farrows.org> References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> <4B72D0D4.9@farrows.org> Message-ID: Peter Farrow wrote on Wed, 10 Feb 2010 15:29:24 +0000: > Is this aversion to html messages and maybe top posting as well relating > to saving paper on your teletype terminals. The HTML messages in this thread, particularly the ones by "Ying" and Rick show why. Don't tell me you can read and comprehend them better then *this* message. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From nerijusb at dtiltas.lt Wed Feb 10 23:19:53 2010 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Wed Feb 10 23:20:13 2010 Subject: Remove These Headers Message-ID: Hello, I have in MailScanner.conf: Remove These Headers = %rules-dir%/remove.headers.rules In rules/remove.headers.rules: From: 10.10.10.1 Received: X-Mailer: X-MimeOLE: #From: 10.10.10. yes FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: But mail from 10.10.10.1 still has: Received: from aaa.aaa.lt (aaa [10.10.10.1]) by bbb.aaa.lt (Postfix) with ESMTP id 127EE39C068 Regards, Nerijus From nerijusb at dtiltas.lt Wed Feb 10 23:59:31 2010 From: nerijusb at dtiltas.lt (Nerijus Baliunas) Date: Thu Feb 11 00:00:12 2010 Subject: Remove These Headers In-Reply-To: References: Message-ID: Forgot to tell version - 4.74.16. On Thu, 11 Feb 2010 01:19:53 +0200 Nerijus Baliunas wrote: > Hello, > > I have in MailScanner.conf: > Remove These Headers = %rules-dir%/remove.headers.rules > > In rules/remove.headers.rules: > From: 10.10.10.1 Received: X-Mailer: X-MimeOLE: > #From: 10.10.10. yes > FromOrTo: default X-Mozilla-Status: X-Mozilla-Status2: > > But mail from 10.10.10.1 still has: > Received: from aaa.aaa.lt (aaa [10.10.10.1]) > by bbb.aaa.lt (Postfix) with ESMTP id 127EE39C068 > > Regards, > Nerijus From mmcintosh at infowall.com Thu Feb 11 04:36:37 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Thu Feb 11 04:36:51 2010 Subject: MailScanner Upgrade issues Message-ID: <4B738955.5080003@infowall.com> Hello All, I upgraded Centos from 5.2 to 5.4 my first mistake in this was to update postfix as the rpm version did not have mysql compiled in and my previous version had. This also changed my custom main.cf and master.cf. None of these issue were that hard to diagnose but now I seem to have something not right. When doing a MailScanner --lint I get an error: while I hope this to be a small thing I could not find any solution via google or the list archive. Any help is appreciated. Error in tempdir() using MSlintXXXXXX: Could not create directory MSlintNc5sbC: Permission denied at /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 1211 This is CentOS release 5.4 (Final) This is Perl version 5.008008 (5.8.8) postfix 2.3.3 This is MailScanner version 4.79.11 Mark McIntosh From lyndonl at mexcom.co.za Thu Feb 11 07:38:53 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Thu Feb 11 07:44:28 2010 Subject: odd winmail.dat issue Report: MailScanner: Message attempted to kill MailScanner In-Reply-To: <4B738955.5080003@infowall.com> References: <4B738955.5080003@infowall.com> Message-ID: I am getting quite a few of these, but they all seem to be really small winmail.dat files i.e. 930B in this case if I take the file and manually run tnef winmail.dat nothing is extracted, I assume this is the problem, in this case they all seem to be Read receipts, would outlook / exchange encupsulate an empty message in a tnef format? is there a way of getting mailscanner to ignore this? The problem started when I set the tnef extractor to the internal mailscanner version, when I used /usr/bin/tnef the winmail.dat files where never extracted and placed in the mail content, Subject: Read: 4500693953 PGrp:R09 Vn:0000101070ATS2000 (Pty) Date: Thu, 11 Feb 2010 09:13:14 +0200 Message-ID: <029701caaae9$b79de280$26d9a780$@co.za> MIME-Version: 1.0 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcqqmUsXZguERlwJSYaop7UqxFsPBQAUF90y X-MS-TNEF-Correlator: 00000000A9FDD6B3290A5F4A81389A969BFC009424CF7900 -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100211/115ca151/attachment.html From MailScanner at ecs.soton.ac.uk Thu Feb 11 08:32:48 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Feb 11 08:33:04 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B738955.5080003@infowall.com> References: <4B738955.5080003@infowall.com> <4B73C0B0.5070401@ecs.soton.ac.uk> Message-ID: Check the permissions are correct on /tmp and /var/tmp. "ls -ld /tmp /var/tmp" should produce output like this: drwxrwxrwt 5 root root 300 Feb 11 08:32 /tmp drwxrwxrwt 3 root root 4096 Feb 11 04:02 /var/tmp On 11/02/2010 04:36, Mark McIntosh Infowall wrote: > Hello All, > > I upgraded Centos from 5.2 to 5.4 my first mistake in this was to > update postfix as the rpm version did not have mysql compiled in and > my previous version had. This also changed my custom main.cf and > master.cf. None of these issue were that hard to diagnose but now I > seem to have something not right. > > When doing a MailScanner --lint I get an error: while I hope this to > be a small thing I could not find any solution via google or the list > archive. Any help is appreciated. > > > > > Error in tempdir() using MSlintXXXXXX: Could not create directory > MSlintNc5sbC: Permission denied at > /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 1211 > > > This is CentOS release 5.4 (Final) > This is Perl version 5.008008 (5.8.8) > postfix 2.3.3 > This is MailScanner version 4.79.11 > > > Mark McIntosh > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 11 08:35:17 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Feb 11 08:35:38 2010 Subject: odd winmail.dat issue Report: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: <4B738955.5080003@infowall.com> <4B73C145.9090906@ecs.soton.ac.uk> Message-ID: Please can you zip up the df and qf files from 1 of these messages and send it to me off-list? Then I can take a look and see what's going on here. Jules. On 11/02/2010 07:38, Lyndon Labuschagne wrote: > I am getting quite a few of these, but they all seem to be really > small winmail.dat files i.e. 930B in this case > if I take the file and manually run tnef winmail.dat nothing is > extracted, I assume this is the problem, > in this case they all seem to be Read receipts, would outlook / > exchange encupsulate an empty message in a tnef format? > > is there a way of getting mailscanner to ignore this? > > The problem started when I set the tnef extractor to the internal > mailscanner version, when I used /usr/bin/tnef the winmail.dat files > where never extracted and placed in the mail content, > > > Subject: Read: 4500693953 PGrp:R09 Vn:0000101070ATS2000 (Pty) > Date: Thu, 11 Feb 2010 09:13:14 +0200 > Message-ID: <029701caaae9$b79de280$26d9a780$@co.za > > > MIME-Version: 1.0 > Content-Type: application/ms-tnef; > name="winmail.dat" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="winmail.dat" > X-Mailer: Microsoft Office Outlook 12.0 > thread-index: AcqqmUsXZguERlwJSYaop7UqxFsPBQAUF90y > X-MS-TNEF-Correlator: 00000000A9FDD6B3290A5F4A81389A969BFC009424CF7900 > -- > This message has been scanned for viruses and dangerous content by the > *Mexcom MailScanner*, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, > alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 11 08:37:31 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Feb 11 08:37:53 2010 Subject: bug report In-Reply-To: References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> <4B720726.4050004@farrows.org> <4B73C1CB.2070206@ecs.soton.ac.uk> Message-ID: I have already answered this one off-list. He needs to check his "MailScanner --debug --debug-sa" output to see what's happening and what's not happening. On 10/02/2010 09:52, Ying wrote: > I show respect, I did by private bug report, but I get told I need to > read documentation, I am no newby, but alas mailscanner dev think so, > so I ask myself why waste my time with bug report when not welcome, I > have private mail too by someone who has similar problem, they say run > slackware, we run debian, he think it because run latest perl > modules. but why I care now after mailscanner dev response. my 5 yo > son could tell the answers from amavisd is different to what > mailscanner be. > So sorry for wasting my time, wont report bugs anymore here > > ----- Original Message ----- > *From:* Peter Farrow > *To:* MailScanner discussion > > *Sent:* Wednesday, February 10, 2010 11:08 AM > *Subject:* Re: bug report > > Ying: > > Show some respect here, I am sure Jules would have read your bug > report, so no need to adopt that tone. > > If you want help from someone its good start to be on your best > behaviour, no one this list has an obligation to help you, please > remember that when you type your replies. > > regards > > Pete > ps: I am top posting because this thread is in that format. > > On 09/02/2010 23:52, Ying wrote: >> Hello, >> Did you even read my report? >> I state it work with spamassassin directly, it work with amavisd, >> it work with mailscanner until SA upgrade. so very obviously SA >> works as all read /etc/postfix/spamassassin/*, just not properly >> with mailscanner anymore, do you treat everyone like this and >> dismiss out of hand without reading or comprehend what said or >> investigate? >> and yes /etc/postfix is symlink to /etc/mail, else amavisd would >> not work. >> >> ----- Original Message ----- >> *From:* Jules Field >> *To:* Ying >> *Sent:* Tuesday, February 09, 2010 6:29 PM >> *Subject:* Re: bug report >> >> If it is not doing the tests, then you have not enabled them >> in the /etc/mail/spamassassin/v*.pre files. >> This is not a MailScanner problem, I suggest you read the SA >> documentation. >> >> On 09/02/2010 02:29, Ying wrote: >>> >>> BUG REPORT >>> >>> MailScanner does not do many SpamAssassin tests, this is >>> local rules and >>> >>> URI tests, eg: .multi.uribl.com and all others >>> >>> Problem only notice after upgrade SA 3.2.5 to 3.3.0. >>> MailScanner work fine >>> >>> for many month with same configuration even from last >>> version which also has >>> >>> this problem. In testing we even remove all the whitelists. >>> >>> MailScanner-4.79.11-1 source install >>> >>> SpamAssassin 3.3.0 from CPAN >>> >>> Perl Modules - all required installed and update from CPAN >>> >>> MailScanner and SpamAssassin both --lint OK >>> >>> MailScanner run as user postfix >>> >>> amavisd-new run as user vscan >>> >>> /etc/postfix/spamassasin owner is root directory is 0755 >>> >>> Unreproducable by spamassasin -t < queue file >>> >>> Unreproducable by amavisd-new >>> >>> both of these tests score as expected. >>> >>> Monitor of Bind show MailScanner does not ask URI questions >>> >>> also scan real fast and not asking Razor or DCC >>> >>> Using MailScanner and amavisd-new together, MailScanner take >>> message >>> >>> first before amavisd-new. >>> >>> MailScanner say- >>> >>> X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not >>> cached, score=0, >>> >>> required 3, autolearn=disabled) >>> >>> amavisd-new say- >>> >>> X-Virus-Scanned: amavisd-new at YUKI >>> >>> X-Spam-Flag: NO >>> >>> X-Spam-Score: 1.313 >>> >>> X-Spam-Level: * >>> >>> X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 >>> >>> tests=[URI_HEX=1.313] autolearn=disabled >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book atwww.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* >> , and is >> believed to be clean. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by the *Inexcom* >> system scanner, >> and is believed to be clean. >> Advanced heuristic mail scanning server [-]. > > > -- > This message has been scanned for viruses and > dangerous content by the *Inexcom* > system scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. > > ------------------------------------------------------------------------ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100211/b185ae89/attachment-0001.html From mmcintosh at infowall.com Thu Feb 11 08:39:11 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Thu Feb 11 08:39:23 2010 Subject: MailScanner Upgrade issues In-Reply-To: References: <4B738955.5080003@infowall.com> <4B73C0B0.5070401@ecs.soton.ac.uk> Message-ID: <4B73C22F.7080502@infowall.com> Julian, The permissions come back : I did not even consider those drwxrwxrwt 41 root root 4096 Feb 11 03:37 /tmp drwxrwxrwt 2 root root 4096 Feb 10 18:03 /var/tmp Regards, Mark Jules Field wrote: > Check the permissions are correct on /tmp and /var/tmp. "ls -ld /tmp > /var/tmp" should produce output like this: > drwxrwxrwt 5 root root 300 Feb 11 08:32 /tmp > drwxrwxrwt 3 root root 4096 Feb 11 04:02 /var/tmp > > > On 11/02/2010 04:36, Mark McIntosh Infowall wrote: >> Hello All, >> >> I upgraded Centos from 5.2 to 5.4 my first mistake in this was to >> update postfix as the rpm version did not have mysql compiled in and >> my previous version had. This also changed my custom main.cf and >> master.cf. None of these issue were that hard to diagnose but now I >> seem to have something not right. >> >> When doing a MailScanner --lint I get an error: while I hope this to >> be a small thing I could not find any solution via google or the list >> archive. Any help is appreciated. >> >> >> >> >> Error in tempdir() using MSlintXXXXXX: Could not create directory >> MSlintNc5sbC: Permission denied at >> /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 1211 >> >> >> This is CentOS release 5.4 (Final) >> This is Perl version 5.008008 (5.8.8) >> postfix 2.3.3 >> This is MailScanner version 4.79.11 >> >> >> Mark McIntosh >> > > Jules > Julian, The permission are correct From peter at farrows.org Thu Feb 11 08:40:08 2010 From: peter at farrows.org (Peter Farrow) Date: Thu Feb 11 08:40:28 2010 Subject: bug report In-Reply-To: References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> <4B72D0D4.9@farrows.org> Message-ID: <4B73C268.4070800@farrows.org> On 10/02/2010 22:31, Kai Schaetzl wrote: > Peter Farrow wrote on Wed, 10 Feb 2010 15:29:24 +0000: > > >> Is this aversion to html messages and maybe top posting as well relating >> to saving paper on your teletype terminals. >> > The HTML messages in this thread, particularly the ones by "Ying" and Rick > show why. Don't tell me you can read and comprehend them better then *this* > message. > > Kai > > My mailreader seamlessly displays either, I have no problem with either and usually don't even notice. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From mmcintosh at infowall.com Thu Feb 11 08:53:16 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Thu Feb 11 08:53:27 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B73C22F.7080502@infowall.com> References: <4B738955.5080003@infowall.com> <4B73C0B0.5070401@ecs.soton.ac.uk> <4B73C22F.7080502@infowall.com> Message-ID: <4B73C57C.3080609@infowall.com> Mark McIntosh Infowall wrote: > Julian, > > The permissions come back : I did not even consider those > > drwxrwxrwt 41 root root 4096 Feb 11 03:37 /tmp > drwxrwxrwt 2 root root 4096 Feb 10 18:03 /var/tmp > > Regards, > > Mark > > > > > Jules Field wrote: >> Check the permissions are correct on /tmp and /var/tmp. "ls -ld /tmp >> /var/tmp" should produce output like this: >> drwxrwxrwt 5 root root 300 Feb 11 08:32 /tmp >> drwxrwxrwt 3 root root 4096 Feb 11 04:02 /var/tmp >> >> >> On 11/02/2010 04:36, Mark McIntosh Infowall wrote: >>> Hello All, >>> >>> I upgraded Centos from 5.2 to 5.4 my first mistake in this was to >>> update postfix as the rpm version did not have mysql compiled in and >>> my previous version had. This also changed my custom main.cf and >>> master.cf. None of these issue were that hard to diagnose but now I >>> seem to have something not right. >>> >>> When doing a MailScanner --lint I get an error: while I hope this to >>> be a small thing I could not find any solution via google or the >>> list archive. Any help is appreciated. >>> >>> >>> >>> >>> Error in tempdir() using MSlintXXXXXX: Could not create directory >>> MSlintNc5sbC: Permission denied at >>> /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 1211 >>> >>> >>> This is CentOS release 5.4 (Final) >>> This is Perl version 5.008008 (5.8.8) >>> postfix 2.3.3 >>> This is MailScanner version 4.79.11 >>> >>> >>> Mark McIntosh >>> >> >> Jules >> > Julian, > > > The permission are correct Thanks for the quick response as usual I am not sure what causes the error I see and don't really know where to go next the only other thing I am seeing is that there is no mailscanner signature either. Regards, Mark From maillists at conactive.com Thu Feb 11 09:22:26 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 11 09:22:40 2010 Subject: Remove These Headers In-Reply-To: References: Message-ID: Nerijus Baliunas wrote on Thu, 11 Feb 2010 01:19:53 +0200: > But mail from 10.10.10.1 still has: > Received: from aaa.aaa.lt (aaa [10.10.10.1]) > by bbb.aaa.lt (Postfix) with ESMTP id 127EE39C068 Did you check if it removes the other headers for this host? If so, there might be a problem with folded headers. Jules would know more. Also, you should upgrade as that might have been fixed in the meantime. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Feb 11 09:22:24 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 11 09:22:40 2010 Subject: odd winmail.dat issue Report: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: <4B738955.5080003@infowall.com> Message-ID: Please do not hijack threads. You may think that changing the subject in a replied message starts a new thread. It doesn't. Please use "new message" for sending new messages. That's what it is for. While "Reply" is for, you guessed it, replies. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Feb 11 09:22:25 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 11 09:22:41 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B738955.5080003@infowall.com> References: <4B738955.5080003@infowall.com> Message-ID: Mark McIntosh Infowall wrote on Wed, 10 Feb 2010 23:36:37 -0500: > Error in tempdir() using MSlintXXXXXX: Could not create directory > MSlintNc5sbC: Permission denied at > /usr/lib/MailScanner/MailScanner/MessageBatch.pm line 1211 I would assume that the MailScanner work directory or a subdirectory doesn't have the correct permissions anymore. It usually needs to be writable by the postfix user. The directory is at /var/spool/MailScanner. The permissions might have been changed by your newly compiled version. They do not get changed by the postfix update in CentOS. l /var/spool/MailScanner total 60 drwxr-xr-x 6 root root 4096 Dec 31 2008 . drwxr-xr-x 13 root root 4096 Mar 9 2009 .. drwxr-xr-x 410 postfix apache 12288 Feb 11 00:00 archive drwxr-xr-x 5 postfix clamav 4096 Feb 11 08:30 incoming drwxrwx--- 494 postfix apache 12288 Feb 11 00:00 quarantine drwxr-xr-x 2 postfix postfix 4096 Oct 9 2008 spamassassin Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Feb 11 09:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 11 09:31:30 2010 Subject: bug report In-Reply-To: <4B73C268.4070800@farrows.org> References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> <4B72D0D4.9@farrows.org> <4B73C268.4070800@farrows.org> Message-ID: Peter Farrow wrote on Thu, 11 Feb 2010 08:40:08 +0000: > My mailreader seamlessly displays either, This is not about "display", it's about readability and comprehension. I have no problem with either > and usually don't even notice. It is sad that you don't notice the difference. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Thu Feb 11 10:11:16 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 11 10:11:33 2010 Subject: debugging mailscanner In-Reply-To: <4B7260BA.2070708@lankacom.net> References: <4B7260BA.2070708@lankacom.net> <4B73D7C4.9070703@ecs.soton.ac.uk> Message-ID: MailScanner --lint will test out most of it and will show you what the virus scanners are picking up. Also, check your maillog as all the virus scanner output is logged in there. Beyond that, dig into the code :-) If you need any help, that's what we are here for! Cheers, Jules. On 10/02/2010 07:31, Supun Rathnayake wrote: > Hi , > > It would be great if someone could show me how to debug mailscanner > > I wanted to troubleshoot some virus scanning part, but when I run > MailScanner in the debugging mode as follows ( with --debug flag ) > it only gives a very few line lines which is not sufficient to get > into the actual problem. > > > # MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > > > Have a batch of 1 message. > Stopping now as you are debugging me. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmcintosh at infowall.com Thu Feb 11 10:34:06 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Thu Feb 11 10:34:18 2010 Subject: MailScanner Upgrade issues In-Reply-To: References: <4B738955.5080003@infowall.com> Message-ID: <4B73DD1E.2050102@infowall.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100211/6a70eeaa/attachment.html From blaat0001 at gmail.com Thu Feb 11 14:27:17 2010 From: blaat0001 at gmail.com (BlaaT 0001) Date: Thu Feb 11 14:27:29 2010 Subject: Insecure dependency @ WorkArea.pm Message-ID: <254612fc1002110627y6337a47dwd5a63fbcb6388c3a@mail.gmail.com> Hello everybody, I've checked out the change log of the recently released 4.79.11-1 version and noticed the many changes to solve the "tainted" problems when running MailScanner with some Perl versions. I'm running FreeBSD 8.0 release (no updates) and am still running into an "Insecure dependency" on the MailScanner-4.79.11-1 version. [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --lint --debug Trying to setlogsock(unix) Reading configuration file /opt/MailScanner/etc/MailScanner.conf Reading configuration file /opt/MailScanner/etc/conf.d/README Config: calling custom init function MailWatchLogging Checking version numbers... Version number in MailScanner.conf (4.79.11) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (125) MailScanner setting UID to (125) Checking for SpamAssassin errors (if you use it)... SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Blocked Filename Detected (1 eicar.com) Insecure dependency in unlink while running with -T switch at /opt/MailScanner/lib/MailScanner/WorkArea.pm line 295. Is this an error that can be ignored? Cheers. [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --version Running on FreeBSD abcd.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sun Dec 6 01:22:01 CET 2009 root@freebsd80.abcd.com:/usr/obj/usr/src/sys/GENERIC_WITH_CARP amd64 This is Perl version 5.008009 (5.8.9) This is MailScanner version 4.79.11 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.10 Carp 2.015 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_17 Data::Dumper 2.27 Date::Parse 1.02 DirHandle 1.06 Fcntl 2.77 File::Basename 2.13 File::Copy 2.01 FileHandle 2.07_02 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.60 HTML::Entities 3.62 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.18 OLE::Storage_Lite 1.04 Pod::Escapes 3.08 Pod::Simple 1.15 POSIX 1.19 Scalar::Util 1.81 Socket 2.21 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.94 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.54 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.817 DB_File 1.25 DBD::SQLite 1.609 DBI 1.15 Digest 1.01 Digest::HMAC 2.37 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect missing Error missing ExtUtils::CBuilder 2.19 ExtUtils::ParseXS 2.38 Getopt::Long missing Inline 1.08 IO::String 1.10 IO::Zlib missing IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin missing Mail::SPF missing Mail::SPF::Query missing Module::Build missing Net::CIDR::Lite 0.65 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 1.98 Text::Balanced 1.40 URI missing version missing YAML From MailScanner at ecs.soton.ac.uk Thu Feb 11 14:55:02 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 11 14:55:22 2010 Subject: Insecure dependency @ WorkArea.pm In-Reply-To: <254612fc1002110627y6337a47dwd5a63fbcb6388c3a@mail.gmail.com> References: <254612fc1002110627y6337a47dwd5a63fbcb6388c3a@mail.gmail.com> <4B741A46.5080903@ecs.soton.ac.uk> Message-ID: On 11/02/2010 14:27, BlaaT 0001 wrote: > Hello everybody, > > I've checked out the change log of the recently released 4.79.11-1 > version and noticed the many changes to solve the "tainted" problems > when running MailScanner with some Perl versions. > > I'm running FreeBSD 8.0 release (no updates) and am still running into > an "Insecure dependency" on the MailScanner-4.79.11-1 version. > > [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --lint --debug > Trying to setlogsock(unix) > > Reading configuration file /opt/MailScanner/etc/MailScanner.conf > Reading configuration file /opt/MailScanner/etc/conf.d/README > Config: calling custom init function MailWatchLogging > > Checking version numbers... > Version number in MailScanner.conf (4.79.11) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (125) > MailScanner setting UID to (125) > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamd > =========================================================================== > Filename Checks: Blocked Filename Detected (1 eicar.com) > Insecure dependency in unlink while running with -T switch at > /opt/MailScanner/lib/MailScanner/WorkArea.pm line 295. > > > Is this an error that can be ignored? > Yes, but it's easy to get rid of too. Edit that file, and change line 295 to be the following little block of code: my $tmp1 = $this->{dir} . '/' . $message->{id} . '/' . $attach; $tmp1 =~ /(.*)/; $tmp1 = $1; unlink $tmp1; That will get rid of the warning for you. It will be in the next release anyway, but I don't know when that will happen. Jules. > Cheers. > > > > [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --version > Running on > FreeBSD abcd.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sun Dec 6 > 01:22:01 CET 2009 > root@freebsd80.abcd.com:/usr/obj/usr/src/sys/GENERIC_WITH_CARP amd64 > This is Perl version 5.008009 (5.8.9) > > This is MailScanner version 4.79.11 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.10 Carp > 2.015 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_17 Data::Dumper > 2.27 Date::Parse > 1.02 DirHandle > 1.06 Fcntl > 2.77 File::Basename > 2.13 File::Copy > 2.01 FileHandle > 2.07_02 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.60 HTML::Entities > 3.62 HTML::Parser > 3.57 HTML::TokeParser > 1.25 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.18 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.08 Pod::Simple > 1.15 POSIX > 1.19 Scalar::Util > 1.81 Socket > 2.21 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.40 Test::Pod > 0.94 Test::Simple > 1.9719 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.54 Archive::Tar > 0.23 bignum > missing Business::ISBN > missing Business::ISBN::Data > missing Data::Dump > 1.817 DB_File > 1.25 DBD::SQLite > 1.609 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.37 Digest::MD5 > 2.12 Digest::SHA1 > 1.01 Encode::Detect > missing Error > missing ExtUtils::CBuilder > 2.19 ExtUtils::ParseXS > 2.38 Getopt::Long > missing Inline > 1.08 IO::String > 1.10 IO::Zlib > missing IP::Country > missing Mail::ClamAV > 3.002005 Mail::SpamAssassin > missing Mail::SPF > missing Mail::SPF::Query > missing Module::Build > missing Net::CIDR::Lite > 0.65 Net::DNS > missing Net::DNS::Resolver::Programmable > missing Net::LDAP > missing NetAddr::IP > missing Parse::RecDescent > missing SAVI > 2.64 Test::Harness > missing Test::Manifest > 1.98 Text::Balanced > 1.40 URI > missing version > missing YAML > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eliott100 at gmail.com Thu Feb 11 15:58:21 2010 From: eliott100 at gmail.com (Eliott) Date: Thu Feb 11 15:58:29 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: Message-ID: Hi! Can anybody help me further on this? I have the same setup with Linux 2.6.9-78.0.8.ELsmp , Perl version 5.008005 (5.8.5) and MailScanner version 4.70.7 with avg7 working, so I suppose it must be an avg8 issue. this is what I get when running avgscan standalone: AVG command line Anti-Virus scanner Copyright (c) 2009 AVG Technologies CZ Virus database version: 271.1.1/2677 Virus database release date: Tue, 09 Feb 2010 08:35:00 +01:00 /root/eicar_com.zip:/eicar.com Virus identified EICAR_Test /root/eicar_com.zip Virus identified EICAR_Test Files scanned : 2(1) Infections found : 2(1) thanks in advance eliott On Fri, Jan 22, 2010 at 1:48 PM, Eliott wrote: > Hi! > > we are about to migrate an old imlementation while upgrading all the > components and came across a strange problem. > With MailScanner 4.78.17 and avg 8.5.288 we see the following log entries: > -------------- > Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: Scanning 1 > messages, 1338 bytes > Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content Scanning: > Starting > Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus identified > EICAR_Test in eicar.txt > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Avg found 1 > infections > Jan 18 15:47:23 localhost MailScanner[4725]: Infected message > ESC[2Ko0IElNL7004734 came from > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Found 1 > viruses > Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: Delivered 1 > messages > Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages from > processing-database > smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], dsn=2.0.0, stat=Sent > (Message accepted for delivery) > --------------- > I have checked SweepVisuses.pm, but there the output seems to be parsed > well. Is this a configuration issue or a bug? > > Thanks and regards > Eliott > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100211/4329f3f0/attachment.html From MailScanner at ecs.soton.ac.uk Thu Feb 11 16:13:59 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 11 16:14:12 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> Message-ID: Can you do a scan something like this (where "avg8" is whatever your virus scanner command is called): 1. Put an eicar_com.zip containing eicar.com into /tmp/eicar_com.zip 2. Do these 2 commands: cd /tmp avg8 . > /root/avg8.output 3. Mail me a copy of the avg8.output file. Ideally, if you could put the entire avg8 package somewhere I can download it (don't publish the URL, just send it to me off-list) and send me a valid licence for it as well, I will write the support you need. Don't worry about your licence, it will *only* be used for my development purposes, I won't let it leak out anywhere or use it for anything else. Jules. On 11/02/2010 15:58, Eliott wrote: > Hi! > > Can anybody help me further on this? I have the same setup with Linux > 2.6.9-78.0.8.ELsmp , Perl version 5.008005 (5.8.5) and MailScanner > version 4.70.7 with avg7 working, so I suppose it must be an avg8 issue. > this is what I get when running avgscan standalone: > AVG command line Anti-Virus scanner > Copyright (c) 2009 AVG Technologies CZ > > Virus database version: 271.1.1/2677 > Virus database release date: Tue, 09 Feb 2010 08:35:00 +01:00 > > /root/eicar_com.zip:/eicar.com Virus identified > EICAR_Test > /root/eicar_com.zip Virus identified EICAR_Test > > Files scanned : 2(1) > Infections found : 2(1) > > thanks in advance > eliott > > > > On Fri, Jan 22, 2010 at 1:48 PM, Eliott > wrote: > > Hi! > > we are about to migrate an old imlementation while upgrading all > the components and came across a strange problem. > With MailScanner 4.78.17 and avg 8.5.288 we see the following log > entries: > -------------- > Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: Scanning 1 > messages, 1338 bytes > Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content > Scanning: Starting > Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus identified > EICAR_Test in eicar.txt > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Avg > found 1 infections > Jan 18 15:47:23 localhost MailScanner[4725]: Infected message > ESC[2Ko0IElNL7004734 came from > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Found > 1 viruses > Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: Delivered > 1 messages > Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages > from processing-database > smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], dsn=2.0.0, > stat=Sent (Message accepted for delivery) > --------------- > I have checked SweepVisuses.pm, but there the output seems to be > parsed well. Is this a configuration issue or a bug? > > Thanks and regards > Eliott > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmcintosh at infowall.com Fri Feb 12 01:30:42 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Fri Feb 12 01:30:55 2010 Subject: MailScanner Upgrade issues In-Reply-To: References: <4B738955.5080003@infowall.com> Message-ID: <4B74AF42.1010909@infowall.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100211/48ec629c/attachment.html From blaat0001 at gmail.com Fri Feb 12 09:15:59 2010 From: blaat0001 at gmail.com (BlaaT 0001) Date: Fri Feb 12 09:16:07 2010 Subject: Insecure dependency @ WorkArea.pm In-Reply-To: References: <4B741A46.5080903@ecs.soton.ac.uk> <254612fc1002110627y6337a47dwd5a63fbcb6388c3a@mail.gmail.com> Message-ID: <254612fc1002120115k17874bedrb63808f58e5b4bb7@mail.gmail.com> Hello Jules, Thanks a lot, problem solved. Cheers. On Thu, Feb 11, 2010 at 3:55 PM, Julian Field wrote: > > Yes, but it's easy to get rid of too. Edit that file, and change line 295 to > be the following little block of code: > ?my $tmp1 = $this->{dir} . '/' . $message->{id} . '/' . $attach; > ?$tmp1 =~ /(.*)/; > ?$tmp1 = $1; > ?unlink $tmp1; > > That will get rid of the warning for you. It will be in the next release > anyway, but I don't know when that will happen. > > Jules. >> >> Cheers. >> >> From eliott100 at gmail.com Fri Feb 12 11:50:58 2010 From: eliott100 at gmail.com (Eliott) Date: Fri Feb 12 11:51:08 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: avg8.output Type: application/octet-stream Size: 455 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100212/8d992ab7/avg8.obj From MailScanner at ecs.soton.ac.uk Fri Feb 12 12:42:19 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 12 12:42:33 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> <4B754CAB.2060308@ecs.soton.ac.uk> Message-ID: I'll put out a new beta including support for AVG8 after I've had some lunch. It's all working. :-) Jules. On 12/02/2010 11:50, Eliott wrote: > Hi! > > Thanks, this is the command to execute: avgscan -arch . (by default > it does not search archives) > The output is attached, there are strange control characters in the > fiile, this might be realted to out problem. > Avg itself can be downloaded from: > http://free.avg.com/us-en/download?prd=afl > The free edition is free for personal use. > Regards > Eliott > > > On Thu, Feb 11, 2010 at 5:13 PM, Julian Field > > wrote: > > Can you do a scan something like this (where "avg8" is whatever > your virus scanner command is called): > 1. Put an eicar_com.zip containing eicar.com > into /tmp/eicar_com.zip > 2. Do these 2 commands: > cd /tmp > avg8 . > /root/avg8.output > 3. Mail me a copy of the avg8.output file. > > Ideally, if you could put the entire avg8 package somewhere I can > download it (don't publish the URL, just send it to me off-list) > and send me a valid licence for it as well, I will write the > support you need. > > Don't worry about your licence, it will *only* be used for my > development purposes, I won't let it leak out anywhere or use it > for anything else. > > Jules. > > > On 11/02/2010 15:58, Eliott wrote: > > Hi! > > Can anybody help me further on this? I have the same setup > with Linux 2.6.9-78.0.8.ELsmp , Perl version 5.008005 (5.8.5) > and MailScanner version 4.70.7 with avg7 working, so I > suppose it must be an avg8 issue. > this is what I get when running avgscan standalone: > AVG command line Anti-Virus scanner > Copyright (c) 2009 AVG Technologies CZ > > Virus database version: 271.1.1/2677 > Virus database release date: Tue, 09 Feb 2010 08:35:00 +01:00 > > /root/eicar_com.zip:/eicar.com > Virus identified EICAR_Test > > /root/eicar_com.zip Virus identified EICAR_Test > > Files scanned : 2(1) > Infections found : 2(1) > > thanks in advance > eliott > > > > On Fri, Jan 22, 2010 at 1:48 PM, Eliott >> wrote: > > Hi! > > we are about to migrate an old imlementation while > upgrading all > the components and came across a strange problem. > With MailScanner 4.78.17 and avg 8.5.288 we see the > following log > entries: > -------------- > Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: > Scanning 1 > messages, 1338 bytes > Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content > Scanning: Starting > Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus > identified > EICAR_Test in eicar.txt > Jan 18 15:47:23 localhost MailScanner[4725]: Virus > Scanning: Avg > found 1 infections > Jan 18 15:47:23 localhost MailScanner[4725]: Infected message > ESC[2Ko0IElNL7004734 came from > Jan 18 15:47:23 localhost MailScanner[4725]: Virus > Scanning: Found > 1 viruses > Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: > Delivered > 1 messages > Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages > from processing-database > smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], > dsn=2.0.0, > stat=Sent (Message accepted for delivery) > --------------- > I have checked SweepVisuses.pm, but there the output seems > to be > parsed well. Is this a configuration issue or a bug? > > Thanks and regards > Eliott > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Feb 12 13:52:53 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 12 13:53:09 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> <4B754CAB.2060308@ecs.soton.ac.uk> <4B755D35.7060604@ecs.soton.ac.uk> Message-ID: I have just released version 4.80.1 beta for you, which contains the AVG8 support you wanted. Best regards, Jules. On 12/02/2010 12:42, Julian Field wrote: > I'll put out a new beta including support for AVG8 after I've had some > lunch. > It's all working. > :-) > > Jules. > > On 12/02/2010 11:50, Eliott wrote: >> Hi! >> >> Thanks, this is the command to execute: avgscan -arch . (by default >> it does not search archives) >> The output is attached, there are strange control characters in the >> fiile, this might be realted to out problem. >> Avg itself can be downloaded from: >> http://free.avg.com/us-en/download?prd=afl >> The free edition is free for personal use. >> Regards >> Eliott >> >> >> On Thu, Feb 11, 2010 at 5:13 PM, Julian Field >> > >> wrote: >> >> Can you do a scan something like this (where "avg8" is whatever >> your virus scanner command is called): >> 1. Put an eicar_com.zip containing eicar.com >> into /tmp/eicar_com.zip >> 2. Do these 2 commands: >> cd /tmp >> avg8 . > /root/avg8.output >> 3. Mail me a copy of the avg8.output file. >> >> Ideally, if you could put the entire avg8 package somewhere I can >> download it (don't publish the URL, just send it to me off-list) >> and send me a valid licence for it as well, I will write the >> support you need. >> >> Don't worry about your licence, it will *only* be used for my >> development purposes, I won't let it leak out anywhere or use it >> for anything else. >> >> Jules. >> >> >> On 11/02/2010 15:58, Eliott wrote: >> >> Hi! >> >> Can anybody help me further on this? I have the same setup >> with Linux 2.6.9-78.0.8.ELsmp , Perl version 5.008005 (5.8.5) >> and MailScanner version 4.70.7 with avg7 working, so I >> suppose it must be an avg8 issue. >> this is what I get when running avgscan standalone: >> AVG command line Anti-Virus scanner >> Copyright (c) 2009 AVG Technologies CZ >> >> Virus database version: 271.1.1/2677 >> Virus database release date: Tue, 09 Feb 2010 08:35:00 +01:00 >> >> /root/eicar_com.zip:/eicar.com >> Virus identified EICAR_Test >> >> /root/eicar_com.zip Virus identified EICAR_Test >> >> Files scanned : 2(1) >> Infections found : 2(1) >> >> thanks in advance >> eliott >> >> >> >> On Fri, Jan 22, 2010 at 1:48 PM, Eliott > > >> wrote: >> >> Hi! >> >> we are about to migrate an old imlementation while >> upgrading all >> the components and came across a strange problem. >> With MailScanner 4.78.17 and avg 8.5.288 we see the >> following log >> entries: >> -------------- >> Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: >> Scanning 1 >> messages, 1338 bytes >> Jan 18 15:47:23 localhost MailScanner[4725]: Virus and >> Content >> Scanning: Starting >> Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus >> identified >> EICAR_Test in eicar.txt >> Jan 18 15:47:23 localhost MailScanner[4725]: Virus >> Scanning: Avg >> found 1 infections >> Jan 18 15:47:23 localhost MailScanner[4725]: Infected message >> ESC[2Ko0IElNL7004734 came from >> Jan 18 15:47:23 localhost MailScanner[4725]: Virus >> Scanning: Found >> 1 viruses >> Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: >> Delivered >> 1 messages >> Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 >> messages >> from processing-database >> smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], >> dsn=2.0.0, >> stat=Sent (Message accepted for delivery) >> --------------- >> I have checked SweepVisuses.pm, but there the output seems >> to be >> parsed well. Is this a configuration issue or a bug? >> >> Thanks and regards >> Eliott >> >> >> >> >> Jules >> >> -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and >> twitter.com/MailScanner >> >> >> -- This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eliott100 at gmail.com Fri Feb 12 16:10:59 2010 From: eliott100 at gmail.com (Eliott) Date: Fri Feb 12 16:11:07 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> <4B754CAB.2060308@ecs.soton.ac.uk> <4B755D35.7060604@ecs.soton.ac.uk> Message-ID: Hi! Works like charm, tested it with single and multiple scanners (together with clamd). Just fyi, there are still some parsing issues if the file is zipped, but I suppose that does not matter. Thanks very much regards Eliott -------- Feb 12 15:46:44 localhost MailScanner[12357]: New Batch: Scanning 1 messages, 1541 bytes Feb 12 15:46:44 localhost MailScanner[12357]: Filename Checks: Windows/DOS Executable (o1CEkcZm012430 eicar.com) Feb 12 15:46:44 localhost MailScanner[12357]: Other Checks: Found 1 problems Feb 12 15:46:44 localhost MailScanner[12357]: Virus and Content Scanning: Starting Feb 12 15:46:45 localhost MailScanner[12357]: Avg: Virus identified EICAR_Test in eicar_com.zip->eicar.com Feb 12 15:46:45 localhost MailScanner[12357]: Avg: Virus identified EICAR_Test in eicar_com.zip Feb 12 15:46:46 localhost MailScanner[12357]: Avg: Virus identified EICAR_Test in zeicar.com Feb 12 15:46:46 localhost MailScanner[12357]: Virus Scanning: Avg found 3 infections -------- Many thanks Eliott On Fri, Feb 12, 2010 at 2:52 PM, Julian Field wrote: > I have just released version 4.80.1 beta for you, which contains the AVG8 > support you wanted. > > Best regards, > Jules. > > > On 12/02/2010 12:42, Julian Field wrote: > >> I'll put out a new beta including support for AVG8 after I've had some >> lunch. >> It's all working. >> :-) >> >> Jules. >> >> On 12/02/2010 11:50, Eliott wrote: >> >>> Hi! >>> >>> Thanks, this is the command to execute: avgscan -arch . (by default it >>> does not search archives) >>> The output is attached, there are strange control characters in the >>> fiile, this might be realted to out problem. >>> Avg itself can be downloaded from: >>> http://free.avg.com/us-en/download?prd=afl >>> The free edition is free for personal use. >>> Regards >>> Eliott >>> >>> >>> On Thu, Feb 11, 2010 at 5:13 PM, Julian Field < >>> MailScanner@ecs.soton.ac.uk > wrote: >>> >>> Can you do a scan something like this (where "avg8" is whatever >>> your virus scanner command is called): >>> 1. Put an eicar_com.zip containing eicar.com >>> into /tmp/eicar_com.zip >>> 2. Do these 2 commands: >>> cd /tmp >>> avg8 . > /root/avg8.output >>> 3. Mail me a copy of the avg8.output file. >>> >>> Ideally, if you could put the entire avg8 package somewhere I can >>> download it (don't publish the URL, just send it to me off-list) >>> and send me a valid licence for it as well, I will write the >>> support you need. >>> >>> Don't worry about your licence, it will *only* be used for my >>> development purposes, I won't let it leak out anywhere or use it >>> for anything else. >>> >>> Jules. >>> >>> >>> On 11/02/2010 15:58, Eliott wrote: >>> >>> Hi! >>> >>> Can anybody help me further on this? I have the same setup >>> with Linux 2.6.9-78.0.8.ELsmp , Perl version 5.008005 (5.8.5) >>> and MailScanner version 4.70.7 with avg7 working, so I >>> suppose it must be an avg8 issue. >>> this is what I get when running avgscan standalone: >>> AVG command line Anti-Virus scanner >>> Copyright (c) 2009 AVG Technologies CZ >>> >>> Virus database version: 271.1.1/2677 >>> Virus database release date: Tue, 09 Feb 2010 08:35:00 +01:00 >>> >>> /root/eicar_com.zip:/eicar.com >>> Virus identified EICAR_Test >>> >>> /root/eicar_com.zip Virus identified EICAR_Test >>> >>> Files scanned : 2(1) >>> Infections found : 2(1) >>> >>> thanks in advance >>> eliott >>> >>> >>> >>> On Fri, Jan 22, 2010 at 1:48 PM, Eliott >> >> >> wrote: >>> >>> Hi! >>> >>> we are about to migrate an old imlementation while >>> upgrading all >>> the components and came across a strange problem. >>> With MailScanner 4.78.17 and avg 8.5.288 we see the >>> following log >>> entries: >>> -------------- >>> Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: >>> Scanning 1 >>> messages, 1338 bytes >>> Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content >>> Scanning: Starting >>> Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus >>> identified >>> EICAR_Test in eicar.txt >>> Jan 18 15:47:23 localhost MailScanner[4725]: Virus >>> Scanning: Avg >>> found 1 infections >>> Jan 18 15:47:23 localhost MailScanner[4725]: Infected message >>> ESC[2Ko0IElNL7004734 came from >>> Jan 18 15:47:23 localhost MailScanner[4725]: Virus >>> Scanning: Found >>> 1 viruses >>> Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: >>> Delivered >>> 1 messages >>> Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages >>> from processing-database >>> smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], >>> dsn=2.0.0, >>> stat=Sent (Message accepted for delivery) >>> --------------- >>> I have checked SweepVisuses.pm, but there the output seems >>> to be >>> parsed well. Is this a configuration issue or a bug? >>> >>> Thanks and regards >>> Eliott >>> >>> >>> >>> >>> Jules >>> >>> -- Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and >>> twitter.com/MailScanner >>> >>> >>> -- This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> Jules >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100212/d00d9fca/attachment.html From MailScanner at ecs.soton.ac.uk Fri Feb 12 16:54:31 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Feb 12 16:54:48 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B742CC7.9000906@ecs.soton.ac.uk> <4B754CAB.2060308@ecs.soton.ac.uk> <4B755D35.7060604@ecs.soton.ac.uk> <4B7587C7.4090109@ecs.soton.ac.uk> Message-ID: The only log entry that's wrong there is the zeicar.com should just be eicar.com. That will only affect the logging, the virus detection shouldn't be affected. The "->" are correct, that's what I intended the log output to say. Jules On 12/02/2010 16:10, Eliott wrote: > Hi! > > Works like charm, tested it with single and multiple scanners > (together with clamd). Just fyi, there are still some parsing issues > if the file is zipped, but I suppose that does not matter. > > Thanks very much > regards > Eliott > > -------- > Feb 12 15:46:44 localhost MailScanner[12357]: New Batch: Scanning 1 > messages, 1541 bytes > Feb 12 15:46:44 localhost MailScanner[12357]: Filename Checks: > Windows/DOS Executable (o1CEkcZm012430 eicar.com ) > Feb 12 15:46:44 localhost MailScanner[12357]: Other Checks: Found 1 > problems > Feb 12 15:46:44 localhost MailScanner[12357]: Virus and Content > Scanning: Starting > Feb 12 15:46:45 localhost MailScanner[12357]: Avg: Virus identified > EICAR_Test in eicar_com.zip->eicar.com > Feb 12 15:46:45 localhost MailScanner[12357]: Avg: Virus identified > EICAR_Test in eicar_com.zip > Feb 12 15:46:46 localhost MailScanner[12357]: Avg: Virus identified > EICAR_Test in zeicar.com > Feb 12 15:46:46 localhost MailScanner[12357]: Virus Scanning: Avg > found 3 infections > -------- > > Many thanks > Eliott > > On Fri, Feb 12, 2010 at 2:52 PM, Julian Field > > wrote: > > I have just released version 4.80.1 beta for you, which contains > the AVG8 support you wanted. > > Best regards, > Jules. > > > On 12/02/2010 12:42, Julian Field wrote: > > I'll put out a new beta including support for AVG8 after I've > had some lunch. > It's all working. > :-) > > Jules. > > On 12/02/2010 11:50, Eliott wrote: > > Hi! > > Thanks, this is the command to execute: avgscan -arch . > (by default it does not search archives) > The output is attached, there are strange control > characters in the fiile, this might be realted to out problem. > Avg itself can be downloaded from: > http://free.avg.com/us-en/download?prd=afl > The free edition is free for personal use. > Regards > Eliott > > > On Thu, Feb 11, 2010 at 5:13 PM, Julian Field > > >> wrote: > > Can you do a scan something like this (where "avg8" is > whatever > your virus scanner command is called): > 1. Put an eicar_com.zip containing eicar.com > > into /tmp/eicar_com.zip > 2. Do these 2 commands: > cd /tmp > avg8 . > /root/avg8.output > 3. Mail me a copy of the avg8.output file. > > Ideally, if you could put the entire avg8 package > somewhere I can > download it (don't publish the URL, just send it to me > off-list) > and send me a valid licence for it as well, I will > write the > support you need. > > Don't worry about your licence, it will *only* be used > for my > development purposes, I won't let it leak out anywhere > or use it > for anything else. > > Jules. > > > On 11/02/2010 15:58, Eliott wrote: > > Hi! > > Can anybody help me further on this? I have the > same setup > with Linux 2.6.9-78.0.8.ELsmp , Perl version > 5.008005 (5.8.5) > and MailScanner version 4.70.7 with avg7 working, so I > suppose it must be an avg8 issue. > this is what I get when running avgscan standalone: > AVG command line Anti-Virus scanner > Copyright (c) 2009 AVG Technologies CZ > > Virus database version: 271.1.1/2677 > Virus database release date: Tue, 09 Feb 2010 > 08:35:00 +01:00 > > /root/eicar_com.zip:/eicar.com > > Virus identified EICAR_Test > > /root/eicar_com.zip Virus identified EICAR_Test > > Files scanned : 2(1) > Infections found : 2(1) > > thanks in advance > eliott > > > > On Fri, Jan 22, 2010 at 1:48 PM, Eliott > > > > > >>> wrote: > > Hi! > > we are about to migrate an old imlementation while > upgrading all > the components and came across a strange problem. > With MailScanner 4.78.17 and avg 8.5.288 we see the > following log > entries: > -------------- > Jan 18 15:47:23 localhost MailScanner[4725]: New > Batch: > Scanning 1 > messages, 1338 bytes > Jan 18 15:47:23 localhost MailScanner[4725]: > Virus and Content > Scanning: Starting > Jan 18 15:47:23 localhost MailScanner[4725]: > Avg: Virus > identified > EICAR_Test in eicar.txt > Jan 18 15:47:23 localhost MailScanner[4725]: Virus > Scanning: Avg > found 1 infections > Jan 18 15:47:23 localhost MailScanner[4725]: > Infected message > ESC[2Ko0IElNL7004734 came from > Jan 18 15:47:23 localhost MailScanner[4725]: Virus > Scanning: Found > 1 viruses > Jan 18 15:47:24 localhost MailScanner[4725]: > Uninfected: > Delivered > 1 messages > Jan 18 15:47:24 localhost MailScanner[4725]: > Deleted 1 messages > from processing-database > smtp2225, pri=120812, relay=[10.0.20.10] > [10.0.20.10], > dsn=2.0.0, > stat=Sent (Message accepted for delivery) > --------------- > I have checked SweepVisuses.pm, but there the > output seems > to be > parsed well. Is this a configuration issue or a bug? > > Thanks and regards > Eliott > > > > > Jules > > -- Julian Field MEng CITP CEng > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements > from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 > 1415 B654 > Follow me at twitter.com/JulesFM > and > twitter.com/MailScanner > > > > -- This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > > Jules > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From yingyang at exemail.com.au Sat Feb 13 00:22:19 2010 From: yingyang at exemail.com.au (Ying) Date: Sat Feb 13 00:22:39 2010 Subject: bug report References: <763051.134.1265796305346.JavaMail.root@office.splatnix.net> Message-ID: <927F9C0FE1E74125A8862AD938F31924@tardis2> Ok language barrier must be a problem, I original messgae say it work good through spamassassin just like it use to work good in mailscanner ----- Original Message ----- From: --[ UxBoD ]-- To: MailScanner discussion Sent: Wednesday, February 10, 2010 8:05 PM Subject: Re: bug report Instead of checking Amavis or MailScanner what happens when you run the message directly through SA ? -- Thanks, Phil ps: Top posting as Pete did :) ----- "Ying" wrote: I show respect, I did by private bug report, but I get told I need to read documentation, I am no newby, but alas mailscanner dev think so, so I ask myself why waste my time with bug report when not welcome, I have private mail too by someone who has similar problem, they say run slackware, we run debian, he think it because run latest perl modules. but why I care now after mailscanner dev response. my 5 yo son could tell the answers from amavisd is different to what mailscanner be. So sorry for wasting my time, wont report bugs anymore here ----- Original Message ----- From: Peter Farrow To: MailScanner discussion Sent: Wednesday, February 10, 2010 11:08 AM Subject: Re: bug report Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. ? MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC ? ? Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -------------------------------------------------------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100213/3ff85508/attachment.html From yingyang at exemail.com.au Sat Feb 13 00:24:17 2010 From: yingyang at exemail.com.au (Ying) Date: Sat Feb 13 00:24:31 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk><6708380C165243D1849C586A4457E8F8@tardis2> Message-ID: <594A92C6F8B6493A8DD51351215455BB@tardis2> First are you a moderator of list? If no, please do not tell me how to type Second, all links work good, mailscanner work good until upgrade spamassasin which entailed also updating perl modules ----- Original Message ----- From: "Kai Schaetzl" To: Sent: Wednesday, February 10, 2010 10:19 PM Subject: Re: bug report > Ying wrote on Wed, 10 Feb 2010 09:52:31 +1000: > > Same question to you: > Is it really that hard to not send HTML to a mailing list and quote > correctly? > >> as all read /etc/postfix/spamassassin/*, > > That might be the problem. It's non-standard for MailScanner and > non-standard > for SA. Use the --debug switch and check if SA via MS is really using the > files there. > >> I did by private bug report > > Honestly, that wasn't really a bug report. I hope you know that. > > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From yingyang at exemail.com.au Sat Feb 13 00:25:32 2010 From: yingyang at exemail.com.au (Ying) Date: Sat Feb 13 00:25:49 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk><6708380C165243D1849C586A4457E8F8@tardis2> <72cf361e1002100449y521ade68lb1afea8cfcee1ecb@mail.gmail.com> Message-ID: <7F2178B36A2E43F3B899691E643502E9@tardis2> Marti Hello, Yes it was all working good with mailscanner for three years now until this upgrade ----- Original Message ----- From: Martin Hepworth To: MailScanner discussion Sent: Wednesday, February 10, 2010 10:49 PM Subject: Re: bug report On 10 February 2010 12:19, Kai Schaetzl wrote: Ying wrote on Wed, 10 Feb 2010 09:52:31 +1000: Same question to you: Is it really that hard to not send HTML to a mailing list and quote correctly? > as all read /etc/postfix/spamassassin/*, That might be the problem. It's non-standard for MailScanner and non-standard for SA. Use the --debug switch and check if SA via MS is really using the files there. > I did by private bug report Honestly, that wasn't really a bug report. I hope you know that. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Ying now as you know MailScanner runs as a specific user (postfix perhaps in your setup). SA 3.3.0 does NOT come with any default rules but relies on sa-update to pull down the rules. So, can the 'postfix' user see those rules (file permissions) and does SA run as the postfix user also run those network rules? -- Martin Hepworth Oxford, UK ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100213/48e0f6d9/attachment.html From yingyang at exemail.com.au Sat Feb 13 00:29:17 2010 From: yingyang at exemail.com.au (Ying) Date: Sat Feb 13 00:29:34 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2><4B720726.4050004@farrows.org> <8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT> Message-ID: <91785E6E6F064D93A4E6FBCB24C2E46D@tardis2> Rick, Hello, Yes I think much lost in translation, mailscanner work like this for three years fine. We upgrade spamassassin to 3.3.0, this also also mean we upgrade all perl modules needed by mailscanner, we check to make sure we have all required modules, all look good, then start mailscanner back on and this problem appear now. ----- Original Message ----- From: Rick Cooper To: 'MailScanner discussion' Sent: Thursday, February 11, 2010 2:31 AM Subject: RE: bug report ------------------------------------------------------------------------------ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ying Sent: Wednesday, February 10, 2010 4:53 AM To: MailScanner discussion Subject: Re: bug report I show respect, I did by private bug report, but I get told I need to read documentation, I am no newby, but alas mailscanner dev think so, so I ask myself why waste my time with bug report when not welcome, I have private mail too by someone who has similar problem, they say run slackware, we run debian, he think it because run latest perl modules. but why I care now after mailscanner dev response. my 5 yo son could tell the answers from amavisd is different to what mailscanner be. So sorry for wasting my time, wont report bugs anymore here [Rick Cooper] I am wondering if something was lost in the translation here. Clearly English is not your native tongue and you might well have misinterpreted his attitude. You must also realize that Julian gets/answers thousands of mails in a week and a very large number are simple configuration errors. Plus if you upgraded SA and MS did not change then the issue is likely permissions or configuration. Personally I would be looking to see if the local.cf link is correct as this could explain why MS is skipping network tests and amavisd is not. there should be a link between /etc/mail/spamassassin/local.cf and /opt/MailScanner/etc/spam.assassin.prefs.conf. Also check your MS config setting for "SpamAssassin Default Rules Dir", "SpamAssassin Local Rules Dir" and "SpamAssassin Site Rules Dir". Clearly if MS skips some tests that the others do not they must not be using the same rules. Also bear in mind your English is so broken it's hard to follow. Of course the only way I could possibly write to you in your native tongue would be to run it through babblefish and I can tell you from experience that what you enter there many times loses much in the translation, you might have a very hard time understanding me and certainly have issues with context and meaning. ----- Original Message ----- From: Peter Farrow To: MailScanner discussion Sent: Wednesday, February 10, 2010 11:08 AM Subject: Re: bug report Ying: Show some respect here, I am sure Jules would have read your bug report, so no need to adopt that tone. If you want help from someone its good start to be on your best behaviour, no one this list has an obligation to help you, please remember that when you type your replies. regards Pete ps: I am top posting because this thread is in that format. On 09/02/2010 23:52, Ying wrote: Hello, Did you even read my report? I state it work with spamassassin directly, it work with amavisd, it work with mailscanner until SA upgrade. so very obviously SA works as all read /etc/postfix/spamassassin/*, just not properly with mailscanner anymore, do you treat everyone like this and dismiss out of hand without reading or comprehend what said or investigate? and yes /etc/postfix is symlink to /etc/mail, else amavisd would not work. ----- Original Message ----- From: Jules Field To: Ying Sent: Tuesday, February 09, 2010 6:29 PM Subject: Re: bug report If it is not doing the tests, then you have not enabled them in the /etc/mail/spamassassin/v*.pre files. This is not a MailScanner problem, I suggest you read the SA documentation. On 09/02/2010 02:29, Ying wrote: BUG REPORT MailScanner does not do many SpamAssassin tests, this is local rules and URI tests, eg: .multi.uribl.com and all others Problem only notice after upgrade SA 3.2.5 to 3.3.0. MailScanner work fine for many month with same configuration even from last version which also has this problem. In testing we even remove all the whitelists. ? MailScanner-4.79.11-1 source install SpamAssassin 3.3.0 from CPAN Perl Modules - all required installed and update from CPAN MailScanner and SpamAssassin both --lint OK MailScanner run as user postfix amavisd-new run as user vscan /etc/postfix/spamassasin owner is root directory is 0755 Unreproducable by spamassasin -t < queue file Unreproducable by amavisd-new both of these tests score as expected. Monitor of Bind show MailScanner does not ask URI questions also scan real fast and not asking Razor or DCC ? ? Using MailScanner and amavisd-new together, MailScanner take message first before amavisd-new. MailScanner say- X-YUKI-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 3, autolearn=disabled) amavisd-new say- X-Virus-Scanned: amavisd-new at YUKI X-Spam-Flag: NO X-Spam-Score: 1.313 X-Spam-Level: * X-Spam-Status: No, score=1.313 tagged_above=-999 required=3 tests=[URI_HEX=1.313] autolearn=disabled ? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. -- This message has been scanned for viruses and dangerous content by the Inexcom system scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. ---------------------------------------------------------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100213/66374a49/attachment-0001.html From maillists at conactive.com Sat Feb 13 10:31:48 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Feb 13 10:32:02 2010 Subject: bug report In-Reply-To: <594A92C6F8B6493A8DD51351215455BB@tardis2> References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2> <594A92C6F8B6493A8DD51351215455BB@tardis2> Message-ID: Plonk. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Feb 13 16:37:47 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Feb 13 16:37:57 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B74AF42.1010909@infowall.com> References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com> Message-ID: Mark McIntosh Infowall wrote on Thu, 11 Feb 2010 20:30:42 -0500: > drwxr-xr-x 9 root clamav 4096 Feb 11 20:17 incoming Youz *did* correct this now? > drwxr-x--- 2 root clamav 4096 Feb 11 20:01 24211 > drwxr-x--- 2 root clamav 4096 Feb 11 20:17 24795 This is wrong I think, the user should be postfix (compare with the three other tempdirs). I don't know where this is set, either in MailScanner.conf or clamd.conf. Ahm, can you please stop sending html-only mail? Either use text/plain only or text and html parts. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Feb 13 17:31:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Feb 13 17:31:35 2010 Subject: mailscanner.conf symlink Message-ID: Jules, can you stop replacing /etc/mail/mailscanner.conf with a symlink if it already exists? I do not want this symlink, so I touched a file there. But you replace that, anyway. And if I remember right, all other ways I tried in the past to stop it doing that failed as well. If someone puts a file there that was obviously done for good reason, it should not get replaced by an rpm. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From alex at rtpty.com Sat Feb 13 17:40:29 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Feb 13 17:40:46 2010 Subject: mailscanner.conf symlink Message-ID: <1279993028-1266082831-cardhu_decombobulator_blackberry.rim.net-1378096339-@bda942.bisx.prod.on.blackberry> In the meantime you could try chattr +i or something like that? I'm sure Jules does it for consistency. The guy with the not-really-bug-report had issues with lack of consistency in PF/SA/MS. ------Original Message------ From: Kai Schaetzl Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: mailscanner.conf symlink Sent: Feb 13, 2010 12:31 PM Jules, can you stop replacing /etc/mail/mailscanner.conf with a symlink if it already exists? I do not want this symlink, so I touched a file there. But you replace that, anyway. And if I remember right, all other ways I tried in the past to stop it doing that failed as well. If someone puts a file there that was obviously done for good reason, it should not get replaced by an rpm. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From blaat0001 at gmail.com Sat Feb 13 18:40:54 2010 From: blaat0001 at gmail.com (BlaaT 0001) Date: Sat Feb 13 18:41:02 2010 Subject: Multiple inline html signatures Message-ID: <254612fc1002131040l488afa7blec1e113c469cb6ef@mail.gmail.com> Hello everybody, I've been struggling with MailScanner's options to avoid inserting an additional inline HTML signature. We're using the "Sign Clean Messages" option to add a disclaimer to our outgoing e-mails. Replies to those e-mails include our disclaimer once the message "comes back in". After a while our disclaimer is added to the conversation several times and I'm trying to put a stop to this. MailScanner includes options to prevend adding HTML signatures to e-mails that are allready signed (replies for instance where the disclaimer is allready part of the body). My settings for relevant options: Signature Image Filename = %report-dir%/signature.jpg Signature Image Filename = signature.jpg Sign Messages Already Processed = no Sign Clean Messages = %rules-dir%/sign.clean.messages.rules (yes for outgoing messages) Attach Image To Signature = %rules-dir%/attach.image.to.signature.rules Attach Image To HTML Message Only = yes Allow Multiple HTML Signatures = yes Dont Sign HTML If Headers Exist = # In-Reply-To: The "Allow Multiple HTML Signatures = yes" is rather funny. "Yes" means that MailScanner will try to avoid double signatures: # This option can be used to stop any duplication of en email signature # appearing in the HTML of an email message. It looks for the "alt" # attribute in the tag specifying the image to be inserted int the # HTML signature. If you want to use this option without inserting an image # into the signature, simply specify an tag without a "src" attribute. # # If the "alt" tag appears, and contains the word "MailScanner" and the # word "Signature" and the %org-name% you specified at the top of this file, # then the message is considered to already be signed. If this option is # also set to "yes", then it will not be signed again. Multiple image # signatures at the bottom of a message can make the message very large and # ugly once it has been replied to a couple of times. # This can also be the filename of a ruleset. In my HTML signature I've included the following line: MailScanner Signature %org-name% (I've allready tried replacing %org-name% with the org-name from the MailScanner.conf, no spaces in the name like it should) The image "signature.jpg" is included in the disclaimer with the right "ALT" tag as intended. Unfortunately the image + disclaimer are added to every outgoing mail, including the ones allready signed. As far as I can think of it should work with the settings specified. Unfortunately it doesn't. I've ran out of ideas on how to get this to work. I don't understand why it's not working. Our users are running Outlook 2003 mail clients with a MS Exchange 2007 server. MailScanner HTML protect features (disarm html) are disabled (yes, no, disarm settings are always set to "yes" to allow everything). When I configure the "Dont Sign HTML If Headers Exist = # In-Reply-To:" settings (remove the #-dash) then replies don't include a signature, so that works. Does anybody have any more suggestions on how to stop MailScanner from adding multiple signatures to outgoing e-mails? Cheers. I'm running: [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --version Running on FreeBSD mailscan01.abcorp.org 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sun Dec 6 01:22:01 CET 2009 root@freebsd80.abcorp.org:/usr/obj/usr/src/sys/GENERIC_WITH_CARP amd64 This is Perl version 5.008009 (5.8.9) This is MailScanner version 4.79.11 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.10 Carp 2.015 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_17 Data::Dumper 2.27 Date::Parse 1.02 DirHandle 1.06 Fcntl 2.77 File::Basename 2.13 File::Copy 2.01 FileHandle 2.07_02 File::Path 0.22 File::Temp 0.92 Filesys::Df 3.60 HTML::Entities 3.62 HTML::Parser 3.57 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.18 OLE::Storage_Lite 1.04 Pod::Escapes 3.08 Pod::Simple 1.15 POSIX 1.19 Scalar::Util 1.81 Socket 2.21 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.40 Test::Pod 0.94 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime From mmcintosh at infowall.com Sat Feb 13 22:52:35 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sat Feb 13 22:52:56 2010 Subject: MailScanner Upgrade issues In-Reply-To: References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com> Message-ID: <4B772D33.5080606@infowall.com> Kai Schaetzl wrote: > Mark McIntosh Infowall wrote on Thu, 11 Feb 2010 20:30:42 -0500: > >> drwxr-xr-x 9 root clamav 4096 Feb 11 20:17 incoming > > Youz *did* correct this now? > >> drwxr-x--- 2 root clamav 4096 Feb 11 20:01 24211 >> drwxr-x--- 2 root clamav 4096 Feb 11 20:17 24795 > > This is wrong I think, the user should be postfix (compare with the three > other tempdirs). I don't know where this is set, either in > MailScanner.conf or clamd.conf. > > Ahm, can you please stop sending html-only mail? Either use text/plain > only or text and html parts. > > Kai > Kai, Thanks for the assistance I have fixed the permission issue via the MailScanner.conf I had it set incorrectly. I have a question though I still see what may be an error when running Mailscanner --lint (results below) The result in question is: Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Is this normal because we are testing against self ??? Mark (ps sorry about the html mail it is default in Thunderbird ) [root@demo ~]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5941 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 50 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.79.11) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Filename Checks: Windows/DOS Executable (1 eicar.com) Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 =========================================================================== If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sat Feb 13 23:07:30 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Feb 13 23:07:47 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B772D33.5080606@infowall.com> References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com><4B772D33.5080606@infowall.com> Message-ID: <1739788437-1266102453-cardhu_decombobulator_blackberry.rim.net-1349091137-@bda942.bisx.prod.on.blackberry> It's not the default. You must have changed it from the default. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Mark McIntosh Infowall Date: Sat, 13 Feb 2010 17:52:35 To: MailScanner discussion Subject: Re: MailScanner Upgrade issues Kai Schaetzl wrote: > Mark McIntosh Infowall wrote on Thu, 11 Feb 2010 20:30:42 -0500: > >> drwxr-xr-x 9 root clamav 4096 Feb 11 20:17 incoming > > Youz *did* correct this now? > >> drwxr-x--- 2 root clamav 4096 Feb 11 20:01 24211 >> drwxr-x--- 2 root clamav 4096 Feb 11 20:17 24795 > > This is wrong I think, the user should be postfix (compare with the three > other tempdirs). I don't know where this is set, either in > MailScanner.conf or clamd.conf. > > Ahm, can you please stop sending html-only mail? Either use text/plain > only or text and html parts. > > Kai > Kai, Thanks for the assistance I have fixed the permission issue via the MailScanner.conf I had it set incorrectly. I have a question though I still see what may be an error when running Mailscanner --lint (results below) The result in question is: Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Is this normal because we are testing against self ??? Mark (ps sorry about the html mail it is default in Thunderbird ) [root@demo ~]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5941 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 50 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.79.11) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error, python traceback seen in response SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Filename Checks: Windows/DOS Executable (1 eicar.com) Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 Other Checks: Found 1 problems Virus and Content Scanning: Starting ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 =========================================================================== If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mmcintosh at infowall.com Sat Feb 13 23:10:16 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sat Feb 13 23:10:35 2010 Subject: MailScanner Upgrade issues In-Reply-To: <1739788437-1266102453-cardhu_decombobulator_blackberry.rim.net-1349091137-@bda942.bisx.prod.on.blackberry> References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com><4B772D33.5080606@infowall.com> <1739788437-1266102453-cardhu_decombobulator_blackberry.rim.net-1349091137-@bda942.bisx.prod.on.blackberry> Message-ID: <4B773158.2030701@infowall.com> Alex Neuman van der Hans wrote: > It's not the default. You must have changed it from the default. > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Mark McIntosh Infowall > Date: Sat, 13 Feb 2010 17:52:35 > To: MailScanner discussion > Subject: Re: MailScanner Upgrade issues > > Kai Schaetzl wrote: >> Mark McIntosh Infowall wrote on Thu, 11 Feb 2010 20:30:42 -0500: >> >>> drwxr-xr-x 9 root clamav 4096 Feb 11 20:17 incoming >> Youz *did* correct this now? >> >>> drwxr-x--- 2 root clamav 4096 Feb 11 20:01 24211 >>> drwxr-x--- 2 root clamav 4096 Feb 11 20:17 24795 >> This is wrong I think, the user should be postfix (compare with the three >> other tempdirs). I don't know where this is set, either in >> MailScanner.conf or clamd.conf. >> >> Ahm, can you please stop sending html-only mail? Either use text/plain >> only or text and html parts. >> >> Kai >> > Kai, > > Thanks for the assistance I have fixed the permission issue via the > MailScanner.conf I had it set incorrectly. I have a question though I > still see what may be an error when running Mailscanner --lint (results > below) > > > The result in question is: > > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 > > Is this normal because we are testing against self ??? > > > Mark > > (ps sorry about the html mail it is default in Thunderbird ) > > > [root@demo ~]# MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 858 hostnames from the phishing whitelist > Read 5941 hostnames from the phishing blacklists > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 0 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 50 whitelist entries > > Checking version numbers... > Version number in MailScanner.conf (4.79.11) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error, python traceback seen in response > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > =========================================================================== > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 > Filename Checks: Windows/DOS Executable (1 eicar.com) > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > ./1/eicar.com: Eicar-Test-Signature FOUND > > Virus Scanning: ClamAV found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 624 > =========================================================================== > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down by-domain spam blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down by-domain spam whitelist > > > Alex, I did not make any changes to that config file. How does one fix this ??? Regards, Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zepplin at exemail.com.au Sat Feb 13 23:58:06 2010 From: zepplin at exemail.com.au (George) Date: Sat Feb 13 23:58:26 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B773158.2030701@infowall.com> References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com><4B772D33.5080606@infowall.com> <1739788437-1266102453-cardhu_decombobulator_blackberry.rim.net-1349091137-@bda942.bisx.prod.on.blackberry> <4B773158.2030701@infowall.com> Message-ID: <4B773C8E.8000607@exemail.com.au> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100214/b373e7e1/attachment.html From mmcintosh at infowall.com Sun Feb 14 03:55:26 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Sun Feb 14 03:55:49 2010 Subject: MailScanner Upgrade issues In-Reply-To: <4B773C8E.8000607@exemail.com.au> References: <4B738955.5080003@infowall.com> <4B74AF42.1010909@infowall.com><4B772D33.5080606@infowall.com> <1739788437-1266102453-cardhu_decombobulator_blackberry.rim.net-1349091137-@bda942.bisx.prod.on.blackberry> <4B773158.2030701@infowall.com> <4B773C8E.8000607@exemail.com.au> Message-ID: <4B77742E.9070907@infowall.com> George wrote: > On 14/02/2010 10:10 AM, Mark McIntosh Infowall wrote: >> Alex Neuman van der Hans wrote: >>> It's not the default. You must have changed it from the default. >>> -- >>> >>> Alex Neuman van der Hans >>> Reliant Technologies >>> >>> +507 6781-9505 >>> +507 832-6725 >>> BB PIN: 20EA17C5 >>> >>> >>> -----Original Message----- >>> From: Mark McIntosh Infowall >>> Date: Sat, 13 Feb 2010 17:52:35 To: MailScanner >>> discussion >>> Subject: Re: MailScanner Upgrade issues >>> >>> Kai Schaetzl wrote: >>>> Mark McIntosh Infowall wrote on Thu, 11 Feb 2010 20:30:42 -0500: >>>> >>>>> drwxr-xr-x 9 root clamav 4096 Feb 11 20:17 incoming >>>> Youz *did* correct this now? >>>> >>>>> drwxr-x--- 2 root clamav 4096 Feb 11 20:01 24211 >>>>> drwxr-x--- 2 root clamav 4096 Feb 11 20:17 24795 >>>> This is wrong I think, the user should be postfix (compare with the >>>> three other tempdirs). I don't know where this is set, either in >>>> MailScanner.conf or clamd.conf. >>>> >>>> Ahm, can you please stop sending html-only mail? Either use >>>> text/plain only or text and html parts. >>>> >>>> Kai >>>> >>> Kai, >>> >>> Thanks for the assistance I have fixed the permission issue via the >>> MailScanner.conf I had it set incorrectly. I have a question though I >>> still see what may be an error when running Mailscanner --lint >>> (results below) >>> >>> >>> The result in question is: >>> >>> Cannot match against destination IP address when resolving >>> configuration option "dangerscan" at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 624 >>> >>> Is this normal because we are testing against self ??? >>> >>> >>> Mark >>> >>> (ps sorry about the html mail it is default in Thunderbird ) >>> >>> >>> [root@demo ~]# MailScanner --lint >>> Trying to setlogsock(unix) >>> >>> Reading configuration file /etc/MailScanner/MailScanner.conf >>> Reading configuration file /etc/MailScanner/conf.d/README >>> Read 858 hostnames from the phishing whitelist >>> Read 5941 hostnames from the phishing blacklists >>> Config: calling custom init function SQLBlacklist >>> Starting up SQL Blacklist >>> Read 0 blacklist entries >>> Config: calling custom init function MailWatchLogging >>> Started SQL Logging child >>> Config: calling custom init function SQLWhitelist >>> Starting up SQL Whitelist >>> Read 50 whitelist entries >>> >>> Checking version numbers... >>> Version number in MailScanner.conf (4.79.11) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> MailScanner setting GID to (89) >>> MailScanner setting UID to (89) >>> >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> pyzor: check failed: internal error, python traceback seen in response >>> SpamAssassin reported no errors. >>> Connected to Processing Attempts Database >>> Created Processing Attempts Database successfully >>> There are 0 messages in the Processing Attempts Database >>> Using locktype = posix >>> MailScanner.conf says "Virus Scanners = clamav" >>> Found these virus scanners installed: clamav >>> =========================================================================== >>> >>> Cannot match against destination IP address when resolving >>> configuration option "dangerscan" at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 624 >>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>> Cannot match against destination IP address when resolving >>> configuration option "dangerscan" at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 624 >>> Cannot match against destination IP address when resolving >>> configuration option "dangerscan" at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 624 >>> Other Checks: Found 1 problems >>> Virus and Content Scanning: Starting >>> ./1/eicar.com: Eicar-Test-Signature FOUND >>> >>> Virus Scanning: ClamAV found 1 infections >>> Infected message 1 came from 10.1.1.1 >>> Virus Scanning: Found 1 viruses >>> Cannot match against destination IP address when resolving >>> configuration option "dangerscan" at >>> /usr/lib/MailScanner/MailScanner/Config.pm line 624 >>> =========================================================================== >>> >>> >>> If any of your virus scanners (clamav) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> Config: calling custom end function SQLBlacklist >>> Closing down by-domain spam blacklist >>> Config: calling custom end function MailWatchLogging >>> Config: calling custom end function SQLWhitelist >>> Closing down by-domain spam whitelist >>> >>> >>> >> Alex, >> >> >> I did not make any changes to that config file. How does one fix this ??? >> >> Regards, >> >> Mark >> > Try Tools/Options/Composition/General/Send Options > > Here you can select to always send text in plain text and html by adding > domains alternatively you can use you address book to specify preferred > text for recipients. > > Regards, > > - George > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > George, Thanks Mark -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From noel.butler at ausics.net Sun Feb 14 07:31:39 2010 From: noel.butler at ausics.net (Noel Butler) Date: Sun Feb 14 07:32:05 2010 Subject: bug report In-Reply-To: <91785E6E6F064D93A4E6FBCB24C2E46D@tardis2> References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2><4B720726.4050004@farrows.org> <8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT> <91785E6E6F064D93A4E6FBCB24C2E46D@tardis2> Message-ID: <1266132699.21846.10.camel@roswell> Ying, A followup to this mornings mail, just got home and had a good look at it. This issue can be resolved by changing locale state dir from /var/lib to /var/lib/spamassasasin it seems it no longer likes the search path being just /var/lib anymore. I know /var/lib worked as recently as a little over a month ago by looking at logs, and by looking at the timestamps it all stopped here the day I upgraded all perl modules and SA (so it seems it has not been working properly here for month either, yikes!), but everything is working fine for an hour now , every mailscanner score matches that given by amavisd-new, so i can thankfully get rid of that :) Now be it SA or one of the perl modules that saw the ending of its liking /var/lib I have no idea as I did them here all same time, so it is likely that anyone else using the old /var/lib only in that setting will have issues upon upgrading something or other down the track. Julian FYI, this also resolved my "no report template found " problem I told you occurred with these upgrades. I'd send this to the list but as you know I'm marked no posting so maybe you'd like to edit me out of this and resend it on as a reminder to any members still using the old /var/lib to play it safe and add spamassassin to the end of it :) Cheers On Sat, 2010-02-13 at 10:29 +1000, Ying wrote: > Rick, Hello, > Yes I think much lost in translation, mailscanner work like this for > three years fine. > We upgrade spamassassin to 3.3.0, this also also mean we upgrade all > perl modules needed by mailscanner, we check to make sure we have all > required modules, all look good, then start mailscanner back on and > this problem appear now. > > > ----- Original Message ----- > From: Rick Cooper > To: 'MailScanner discussion' > Sent: Thursday, February 11, 2010 2:31 AM > Subject: RE: bug report > > > -- Kind Regards, SSA Noel Butler L.C.P No. 251002 ________________________________________________________________________ This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including any attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents are accepted, do not send Microsoft proprietary formatted documents. ________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100214/b22e64a6/attachment.html From mark at msapiro.net Sun Feb 14 15:04:48 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sun Feb 14 15:05:04 2010 Subject: mailscanner.conf symlink In-Reply-To: References: Message-ID: <4B781110.6050108@msapiro.net> On 11:59 AM, Kai Schaetzl wrote: > Jules, can you stop replacing /etc/mail/mailscanner.conf with a symlink if > it already exists? I do not want this symlink, so I touched a file there. > But you replace that, anyway. And if I remember right, all other ways I > tried in the past to stop it doing that failed as well. Are you saying the MailScanner rpm install creates a /etc/mail/mailscanner.conf symlink even if no /etc/mail/mailscanner.conf exists. This doesn't happen to me. Could it be MailWatch or something else doing this? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From yingyang at exemail.com.au Mon Feb 15 02:30:49 2010 From: yingyang at exemail.com.au (Ying) Date: Mon Feb 15 02:31:06 2010 Subject: bug report References: <4B711CD9.8030205@ecs.soton.ac.uk> <6708380C165243D1849C586A4457E8F8@tardis2><4B720726.4050004@farrows.org> <8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT> <91785E6E6F064D93A4E6FBCB24C2E46D@tardis2> <1266132699.21846.10.camel@roswell> Message-ID: <3EBA013E2F3E48A193DB63FA0502F328@tardis2> Noel, Hello, THANK YOU! All is fix and working good. I look new mailscanner.conf default has this now, but when start here, old package never did, must have change in last years. Thank you much. ----- Original Message ----- From: Noel Butler To: Ying ; MailScanner discussion Sent: Sunday, February 14, 2010 5:31 PM Subject: Re: bug report Ying, A followup to this mornings mail, just got home and had a good look at it. This issue can be resolved by changing locale state dir from /var/lib to /var/lib/spamassasasin it seems it no longer likes the search path being just /var/lib anymore. I know /var/lib worked as recently as a little over a month ago by looking at logs, and by looking at the timestamps it all stopped here the day I upgraded all perl modules and SA (so it seems it has not been working properly here for month either, yikes!), but everything is working fine for an hour now , every mailscanner score matches that given by amavisd-new, so i can thankfully get rid of that :) Now be it SA or one of the perl modules that saw the ending of its liking /var/lib I have no idea as I did them here all same time, so it is likely that anyone else using the old /var/lib only in that setting will have issues upon upgrading something or other down the track. Julian FYI, this also resolved my "no report template found " problem I told you occurred with these upgrades. I'd send this to the list but as you know I'm marked no posting so maybe you'd like to edit me out of this and resend it on as a reminder to any members still using the old /var/lib to play it safe and add spamassassin to the end of it :) Cheers On Sat, 2010-02-13 at 10:29 +1000, Ying wrote: Rick, Hello, Yes I think much lost in translation, mailscanner work like this for three years fine. We upgrade spamassassin to 3.3.0, this also also mean we upgrade all perl modules needed by mailscanner, we check to make sure we have all required modules, all look good, then start mailscanner back on and this problem appear now. ----- Original Message ----- From: Rick Cooper To: 'MailScanner discussion' Sent: Thursday, February 11, 2010 2:31 AM Subject: RE: bug report -- Kind Regards, SSA Noel Butler L.C.P No. 251002 ------------------------------------------------------------------------ This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including any attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents are accepted, do not send Microsoft proprietary formatted documents. ------------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100215/b0ced5e2/attachment.html From MailScanner at ecs.soton.ac.uk Mon Feb 15 09:24:26 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 15 09:24:41 2010 Subject: mailscanner.conf symlink In-Reply-To: References: <4B7912CA.9080503@ecs.soton.ac.uk> Message-ID: No problem. Fixed for the next release. On 13/02/2010 17:31, Kai Schaetzl wrote: > Jules, can you stop replacing /etc/mail/mailscanner.conf with a symlink if > it already exists? I do not want this symlink, so I touched a file there. > But you replace that, anyway. And if I remember right, all other ways I > tried in the past to stop it doing that failed as well. > If someone puts a file there that was obviously done for good reason, it > should not get replaced by an rpm. > > Kai > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 15 09:28:22 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 15 09:28:45 2010 Subject: Multiple inline html signatures In-Reply-To: <254612fc1002131040l488afa7blec1e113c469cb6ef@mail.gmail.com> References: <254612fc1002131040l488afa7blec1e113c469cb6ef@mail.gmail.com> <4B7913B6.3040209@ecs.soton.ac.uk> Message-ID: Looks like I said "yes" in that explanation in the docs when I meant "no", for "Allow Multiple HTML Signatures". Does it then work? Jules. On 13/02/2010 18:40, BlaaT 0001 wrote: > Hello everybody, > > I've been struggling with MailScanner's options to avoid inserting an > additional inline HTML signature. > > We're using the "Sign Clean Messages" option to add a disclaimer to > our outgoing e-mails. Replies to those e-mails include our disclaimer > once the message "comes back in". After a while our disclaimer is > added to the conversation several times and I'm trying to put a stop > to this. > > MailScanner includes options to prevend adding HTML signatures to > e-mails that are allready signed (replies for instance where the > disclaimer is allready part of the body). > > My settings for relevant options: > > Signature Image Filename = %report-dir%/signature.jpg > Signature Image Filename = signature.jpg > Sign Messages Already Processed = no > Sign Clean Messages = %rules-dir%/sign.clean.messages.rules (yes for > outgoing messages) > Attach Image To Signature = %rules-dir%/attach.image.to.signature.rules > Attach Image To HTML Message Only = yes > Allow Multiple HTML Signatures = yes > Dont Sign HTML If Headers Exist = # In-Reply-To: > > > The "Allow Multiple HTML Signatures = yes" is rather funny. "Yes" > means that MailScanner will try to avoid double signatures: > > # This option can be used to stop any duplication of en email signature > # appearing in the HTML of an email message. It looks for the "alt" > # attribute in the tag specifying the image to be inserted int the > # HTML signature. If you want to use this option without inserting an image > # into the signature, simply specify an tag without a "src" attribute. > # > # If the "alt" tag appears, and contains the word "MailScanner" and the > # word "Signature" and the %org-name% you specified at the top of this file, > # then the message is considered to already be signed. If this option is > # also set to "yes", then it will not be signed again. Multiple image > # signatures at the bottom of a message can make the message very large and > # ugly once it has been replied to a couple of times. > # This can also be the filename of a ruleset. > > In my HTML signature I've included the following line: > > MailScanner Signature %org-name% width="153" height="23"> > > (I've allready tried replacing %org-name% with the org-name from the > MailScanner.conf, no spaces in the name like it should) > > The image "signature.jpg" is included in the disclaimer with the right > "ALT" tag as intended. Unfortunately the image + disclaimer are added > to every outgoing mail, including the ones allready signed. > As far as I can think of it should work with the settings specified. > Unfortunately it doesn't. > I've ran out of ideas on how to get this to work. I don't understand > why it's not working. > > Our users are running Outlook 2003 mail clients with a MS Exchange > 2007 server. MailScanner HTML protect features (disarm html) are > disabled (yes, no, disarm settings are always set to "yes" to allow > everything). > > When I configure the "Dont Sign HTML If Headers Exist = # > In-Reply-To:" settings (remove the #-dash) then replies don't include > a signature, so that works. > > Does anybody have any more suggestions on how to stop MailScanner from > adding multiple signatures to outgoing e-mails? > > Cheers. > > > I'm running: > > [root@mailscan01 /opt/MailScanner/bin]# ./MailScanner --version > Running on > FreeBSD mailscan01.abcorp.org 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sun > Dec 6 01:22:01 CET 2009 > root@freebsd80.abcorp.org:/usr/obj/usr/src/sys/GENERIC_WITH_CARP > amd64 > This is Perl version 5.008009 (5.8.9) > > This is MailScanner version 4.79.11 > Module versions are: > 1.00 AnyDBM_File > 1.30 Archive::Zip > 0.23 bignum > 1.10 Carp > 2.015 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_17 Data::Dumper > 2.27 Date::Parse > 1.02 DirHandle > 1.06 Fcntl > 2.77 File::Basename > 2.13 File::Copy > 2.01 FileHandle > 2.07_02 File::Path > 0.22 File::Temp > 0.92 Filesys::Df > 3.60 HTML::Entities > 3.62 HTML::Parser > 3.57 HTML::TokeParser > 1.25 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.08 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.08 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.18 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.08 Pod::Simple > 1.15 POSIX > 1.19 Scalar::Util > 1.81 Socket > 2.21 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.40 Test::Pod > 0.94 Test::Simple > 1.9719 Time::HiRes > 1.02 Time::localtime > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 15 09:31:33 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 15 09:31:49 2010 Subject: Fwd: Re: bug report References: <4B791475.3080709@ecs.soton.ac.uk> Message-ID: As Noel's posting probably never made it to the list: -------- Original Message -------- Subject: Re: bug report Date: Sun, 14 Feb 2010 17:31:39 +1000 From: Noel Butler Reply-To: MailScanner discussion To: Ying , MailScanner discussion Ying, A followup to this mornings mail, just got home and had a good look at it. This issue can be resolved by changing locale state dir from /var/lib to /var/lib/spamassasasin it seems it no longer likes the search path being just /var/lib anymore. I know /var/lib worked as recently as a little over a month ago by looking at logs, and by looking at the timestamps it all stopped here the day I upgraded all perl modules and SA (so it seems it has not been working properly here for month either, yikes!), but everything is working fine for an hour now , every mailscanner score matches that given by amavisd-new, so i can thankfully get rid of that :) Now be it SA or one of the perl modules that saw the ending of its liking /var/lib I have no idea as I did them here all same time, so it is likely that anyone else using the old /var/lib only in that setting will have issues upon upgrading something or other down the track. Julian FYI, this also resolved my "no report template found " problem I told you occurred with these upgrades. I'd send this to the list but as you know I'm marked no posting so maybe you'd like to edit me out of this and resend it on as a reminder to any members still using the old /var/lib to play it safe and add spamassassin to the end of it :) Cheers On Sat, 2010-02-13 at 10:29 +1000, Ying wrote: > Rick, Hello, > Yes I think much lost in translation, mailscanner work like this for > three years fine. > We upgrade spamassassin to 3.3.0, this also also mean we upgrade all > perl modules needed by mailscanner, we check to make sure we have all > required modules, all look good, then start mailscanner back on and > this problem appear now. > > ----- Original Message ----- > > *From:* Rick Cooper > > *To:* 'MailScanner discussion' > > > *Sent:* Thursday, February 11, 2010 2:31 AM > > *Subject:* RE: bug report > > > -- /Kind Regards,/ /SSA Noel Butler/ /L.C.P No. 251002/ ------------------------------------------------------------------------ /This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including any attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents are accepted, do not send Microsoft proprietary formatted documents./ ------------------------------------------------------------------------ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From supunr at lankacom.net Mon Feb 15 10:14:56 2010 From: supunr at lankacom.net (Supun Rathnayake) Date: Mon Feb 15 10:15:31 2010 Subject: debugging mailscanner In-Reply-To: References: <4B7260BA.2070708@lankacom.net> <4B73D7C4.9070703@ecs.soton.ac.uk> Message-ID: <4B791EA0.9040808@lankacom.net> Hi Jules, Thanks for the reply. Before writing to the list, I did all those steps ( yes even went through the code and there I found that MS can debug most of the activities ) that is why I tried "MailScanner --debug " but it did not give me enough info what I wanted to trouble shoot my problem. MailScanner --lint in fact detected the virus scanner correctly but did neither checked the test "Eicar" virus scanning nor gave any error there , but with the clamav So finally what I did is , in parallel I set up and configured amavisd-new for virus scanning with kaspersky and clamav as above in MailScanner and at the first instance itself it showed very clearly in mail logs that there is a permission problem with some log and virus database files pertaining to kaspersky and within a matter of few minutes I was able to fix the setup. Then later with the correct permission set on the kaspersky related files, I switched back to MailScanner and then it started virus scanning with the kaspersky + clamav and now even MailScanner --lint shows correct scanning of Eicar test virus by both virus scanners So if MS was able to show me these error messages, or at lease a part of it, I could have got this setup up and running very early. In fact I had to spent more than two weeks for this config, even after having used MailScanner for couple of years now. It seems the kaspersky command line scanner is really slow compared to clamav, I might have to check KAV daemon version but any way still I like MailScanner because of its' flexibility and versatility. Thanks Guys, Supun. On 02/11/2010 03:41 PM, Julian Field wrote: > MailScanner --lint > will test out most of it and will show you what the virus scanners are > picking up. Also, check your maillog as all the virus scanner output > is logged in there. > > Beyond that, dig into the code :-) > > If you need any help, that's what we are here for! > > Cheers, > Jules. > > On 10/02/2010 07:31, Supun Rathnayake wrote: >> Hi , >> >> It would be great if someone could show me how to debug mailscanner >> >> I wanted to troubleshoot some virus scanning part, but when I run >> MailScanner in the debugging mode as follows ( with --debug flag ) >> it only gives a very few line lines which is not sufficient to get >> into the actual problem. >> >> >> # MailScanner --debug >> >> >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> Building a message batch to scan... >> >> >> Have a batch of 1 message. >> Stopping now as you are debugging me. >> > > Jules > From maillists at conactive.com Mon Feb 15 14:31:27 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 15 14:31:38 2010 Subject: mailscanner.conf symlink In-Reply-To: References: <4B7912CA.9080503@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Mon, 15 Feb 2010 09:24:26 +0000: > No problem. Fixed for the next release. Thanks, Jules, much appreciated. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Feb 15 14:31:27 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 15 14:31:38 2010 Subject: mailscanner.conf symlink In-Reply-To: <4B781110.6050108@msapiro.net> References: <4B781110.6050108@msapiro.net> Message-ID: Mark Sapiro wrote on Sun, 14 Feb 2010 07:04:48 -0800: > Are you saying the MailScanner rpm install creates a > /etc/mail/mailscanner.conf symlink even if no /etc/mail/mailscanner.conf > exists. There's some confusion ;-) The rpm creates a symlink ln -s /etc/MailScanner/spamassassin.prefs.conf /etc/mail/spamassassin/mailscanner.conf (Just see I omitted the "spamassassin" accidentally, but I guess, Jules understood what I meant.) This is not good if you have already a working spamassassin config in /etc/mail/spamassassin. Thus I first removed it and then touched a file there. Still the rpm overwrites that with a symlink. So, one has to correct this with each installation. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From blaat0001 at gmail.com Mon Feb 15 14:33:35 2010 From: blaat0001 at gmail.com (BlaaT 0001) Date: Mon Feb 15 14:33:45 2010 Subject: Multiple inline html signatures In-Reply-To: References: <4B7913B6.3040209@ecs.soton.ac.uk> <254612fc1002131040l488afa7blec1e113c469cb6ef@mail.gmail.com> Message-ID: <254612fc1002150633m3275b3f2ub1252a299c29c7f0@mail.gmail.com> Allow Multiple HTML Signatures = no No, that makes no difference. I do notice in our e-mails the following line: This is a multi-part message in MIME format... Our outgoing mails are send in both text format and html format (in 1 message). Example mail format: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable This is a multi-part message in MIME format... ------------=_1266241617-27606-1 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I don't know if this breaks things? Is this a normal way of formatting emails? I noticed MailScanner has problems scanning the body of our mails. Watermarking also doesn't work as expected. NDR reports with valid watermarks are tagged as "no valid watermark" and the spamscore is raised to reflect this. Any other ideas? Thanks. On Mon, Feb 15, 2010 at 10:28 AM, Julian Field wrote: > Looks like I said "yes" in that explanation in the docs when I meant "no", > for "Allow Multiple HTML Signatures". > Does it then work? > > Jules. > > On 13/02/2010 18:40, BlaaT 0001 wrote: >> >> Hello everybody, From MailScanner at ecs.soton.ac.uk Mon Feb 15 15:32:11 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 15 15:32:32 2010 Subject: Multiple inline html signatures In-Reply-To: <254612fc1002150633m3275b3f2ub1252a299c29c7f0@mail.gmail.com> References: <4B7913B6.3040209@ecs.soton.ac.uk> <254612fc1002131040l488afa7blec1e113c469cb6ef@mail.gmail.com> <254612fc1002150633m3275b3f2ub1252a299c29c7f0@mail.gmail.com> <4B7968FB.3040805@ecs.soton.ac.uk> Message-ID: That message structure looks normal to me. Put a gzipped message queue file on a web server somewhere and send me the link so I can take a look and try out the Allow Multiple... options on it. Jules. On 15/02/2010 14:33, BlaaT 0001 wrote: > Allow Multiple HTML Signatures = no > No, that makes no difference. > > I do notice in our e-mails the following line: > > This is a multi-part message in MIME format... > > Our outgoing mails are send in both text format and html format (in 1 message). > > Example mail format: > > > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > This is a multi-part message in MIME format... > > ------------=_1266241617-27606-1 > Content-Type: text/html; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > > > I don't know if this breaks things? Is this a normal way of formatting emails? > > I noticed MailScanner has problems scanning the body of our mails. > Watermarking also doesn't work as expected. NDR reports with valid > watermarks are tagged as "no valid watermark" and the spamscore is > raised to reflect this. > > Any other ideas? > > Thanks. > > > On Mon, Feb 15, 2010 at 10:28 AM, Julian Field > wrote: > >> Looks like I said "yes" in that explanation in the docs when I meant "no", >> for "Allow Multiple HTML Signatures". >> Does it then work? >> >> Jules. >> >> On 13/02/2010 18:40, BlaaT 0001 wrote: >> >>> Hello everybody, >>> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Mon Feb 15 18:42:58 2010 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 15 18:43:12 2010 Subject: bug report In-Reply-To: <1266132699.21846.10.camel@roswell> References: <4B711CD9.8030205@ecs.soton.ac.uk><6708380C165243D1849C586A4457E8F8@tardis2><4B720726.4050004@farrows.org><8BCD3C6B92F9493A872EC8C6BCE55406@SAHOMELT><91785E6E6F064D93A4E6FBCB24C2E46D@tardis2> <1266132699.21846.10.camel@roswell> Message-ID: <9B464320556A4209B567A5F21936A6AE@SAHOMELT> It seems odd that that ever worked. Near as I can tell the local state dir directive came in around SA V 3.2 (could not find reference in the 3.0/3.1 readme files) and has always been (default) /var/lib/spamassassin and the MailScanner.conf notes for the setting state the default as same. From MailScanner.conf: # The rules created by the "sa-update" tool are searched for here. # This directory contains the 3.001001/updates_spamassassin_org # directory structure beneath it. # Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = /var/lib/spamassassin ( and yes I top posted and did not convert html to text because I don't want to manually fix the quoting) _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Noel Butler Sent: Sunday, February 14, 2010 2:32 AM To: Ying; MailScanner discussion Subject: Re: bug report Ying, A followup to this mornings mail, just got home and had a good look at it. This issue can be resolved by changing locale state dir from /var/lib to /var/lib/spamassasasin it seems it no longer likes the search path being just /var/lib anymore. I know /var/lib worked as recently as a little over a month ago by looking at logs, and by looking at the timestamps it all stopped here the day I upgraded all perl modules and SA (so it seems it has not been working properly here for month either, yikes!), but everything is working fine for an hour now , every mailscanner score matches that given by amavisd-new, so i can thankfully get rid of that :) Now be it SA or one of the perl modules that saw the ending of its liking /var/lib I have no idea as I did them here all same time, so it is likely that anyone else using the old /var/lib only in that setting will have issues upon upgrading something or other down the track. Julian FYI, this also resolved my "no report template found " problem I told you occurred with these upgrades. I'd send this to the list but as you know I'm marked no posting so maybe you'd like to edit me out of this and resend it on as a reminder to any members still using the old /var/lib to play it safe and add spamassassin to the end of it :) Cheers On Sat, 2010-02-13 at 10:29 +1000, Ying wrote: Rick, Hello, Yes I think much lost in translation, mailscanner work like this for three years fine. We upgrade spamassassin to 3.3.0, this also also mean we upgrade all perl modules needed by mailscanner, we check to make sure we have all required modules, all look good, then start mailscanner back on and this problem appear now. ----- Original Message ----- From: Rick Cooper To: 'MailScanner discussion' Sent: Thursday, February 11, 2010 2:31 AM Subject: RE: bug report -- Kind Regards, SSA Noel Butler L.C.P No. 251002 _____ This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate or reveal any part to anyone without the authors express written authority to do so. If you are not the intended recipient, please notify the sender and delete all relevance of this message including any attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents are accepted, do not send Microsoft proprietary formatted documents. _____ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100215/41c475e1/attachment.html From mark at msapiro.net Tue Feb 16 17:27:33 2010 From: mark at msapiro.net (Mark Sapiro) Date: Tue Feb 16 17:27:42 2010 Subject: mailscanner.conf symlink In-Reply-To: References: <4B781110.6050108@msapiro.net> Message-ID: <4B7AD585.4010702@msapiro.net> On 11:59 AM, Kai Schaetzl wrote: > > There's some confusion ;-) The rpm creates a symlink > ln -s /etc/MailScanner/spamassassin.prefs.conf > /etc/mail/spamassassin/mailscanner.conf > > (Just see I omitted the "spamassassin" accidentally, but I guess, Jules > understood what I meant.) Thanks for the clarification. I understand now. > This is not good if you have already a working spamassassin config in > /etc/mail/spamassassin. Thus I first removed it and then touched a file > there. Still the rpm overwrites that with a symlink. So, one has to > correct this with each installation. Or, I think you could just edit /etc/MailScanner/spamassassin.prefs.conf to contain nothing or only things you want. I'm not certain this works, but mine is edited and the rpm doesn't overwrite it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Tue Feb 16 18:31:10 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Feb 16 18:31:22 2010 Subject: mailscanner.conf symlink In-Reply-To: <4B7AD585.4010702@msapiro.net> References: <4B781110.6050108@msapiro.net> <4B7AD585.4010702@msapiro.net> <4B7AE46E.2060707@ecs.soton.ac.uk> Message-ID: On 16/02/2010 17:27, Mark Sapiro wrote: > On 11:59 AM, Kai Schaetzl wrote: > >> There's some confusion ;-) The rpm creates a symlink >> ln -s /etc/MailScanner/spamassassin.prefs.conf >> /etc/mail/spamassassin/mailscanner.conf >> >> (Just see I omitted the "spamassassin" accidentally, but I guess, Jules >> understood what I meant.) >> > > Thanks for the clarification. I understand now. > > > >> This is not good if you have already a working spamassassin config in >> /etc/mail/spamassassin. Thus I first removed it and then touched a file >> there. Still the rpm overwrites that with a symlink. So, one has to >> correct this with each installation. >> > > Or, I think you could just edit /etc/MailScanner/spamassassin.prefs.conf > to contain nothing or only things you want. I'm not certain this works, > but mine is edited and the rpm doesn't overwrite it. > That is quite true, that would work just fine. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Tue Feb 16 20:41:12 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Feb 16 20:41:21 2010 Subject: Yet another "disable outgoing scan" question Message-ID: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> As the subject states, I would like to disable outgoing scan. Now, from what I saw in mailscanner.conf and was explained in the irc channel, I should set Scan Messages = my ruleset file and then have something like From: my.domain.com no FromOrTo: default yes in the file. Question I have is would the first line cause emails pretending to be coming from my domain not to be scanned? If so, how would I make sure only the emails that truly originate from my domain not be scanned? From alex at rtpty.com Tue Feb 16 21:18:55 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Feb 16 21:19:10 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> Message-ID: <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> You should make sure the e-mails that go through your server that say they're from your domain actually *are* from your domain. This is done at the MTA level. On Feb 16, 2010, at 3:41 PM, Mauricio Tavares wrote: > As the subject states, I would like to disable outgoing scan. > Now, from what I saw in mailscanner.conf and was explained in the irc > channel, I should set Scan Messages = my ruleset file and then have > something like > > From: my.domain.com no > FromOrTo: default yes > > in the file. Question I have is would the first line cause emails > pretending to be coming from my domain not to be scanned? If so, how > would I make sure only the emails that truly originate from my domain > not be scanned? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From raubvogel at gmail.com Tue Feb 16 21:30:48 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Feb 16 21:30:56 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> Message-ID: <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> On Tue, Feb 16, 2010 at 4:18 PM, Alex Neuman wrote: > You should make sure the e-mails that go through your server that say they're from your domain actually *are* from your domain. > This is done at the MTA level. > That I think I am already doing: I told my MTA, postfix, to always do smtp auth. Should that suffice? > On Feb 16, 2010, at 3:41 PM, Mauricio Tavares wrote: > >> ? ? ?As the subject states, I would like to disable outgoing scan. >> Now, from what I saw in mailscanner.conf and was explained in the irc >> channel, I should set Scan Messages = my ruleset file and then have >> something like >> >> From: ? ? my.domain.com no >> FromOrTo: default ? ? ? ? ? yes >> >> in the file. Question I have is would the first line cause emails >> pretending to be coming from my domain not to be scanned? If so, how >> would I make sure only the emails that truly originate from my domain >> not be scanned? >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From alex at rtpty.com Tue Feb 16 21:37:06 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Feb 16 21:37:22 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> Message-ID: <6115EA26-576F-40A5-8728-29CF98F2385A@rtpty.com> If you can trust postfix not to allow anyone who "says" they're from your domain to go through your server without authentication, it should be enough. Now, if someone authenticates and sends out a virus or spam, how would you deal with it? Just curious. On Feb 16, 2010, at 4:30 PM, Mauricio Tavares wrote: > On Tue, Feb 16, 2010 at 4:18 PM, Alex Neuman wrote: >> You should make sure the e-mails that go through your server that say they're from your domain actually *are* from your domain. >> This is done at the MTA level. >> > That I think I am already doing: I told my MTA, postfix, to > always do smtp auth. Should that suffice? > >> On Feb 16, 2010, at 3:41 PM, Mauricio Tavares wrote: >> >>> As the subject states, I would like to disable outgoing scan. >>> Now, from what I saw in mailscanner.conf and was explained in the irc >>> channel, I should set Scan Messages = my ruleset file and then have >>> something like >>> >>> From: my.domain.com no >>> FromOrTo: default yes >>> >>> in the file. Question I have is would the first line cause emails >>> pretending to be coming from my domain not to be scanned? If so, how >>> would I make sure only the emails that truly originate from my domain >>> not be scanned? >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jancarel.putter at gmail.com Tue Feb 16 22:49:08 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Tue Feb 16 22:49:18 2010 Subject: MailScanner Dspam Message-ID: Hi everyone, Does someone know of a way to integrate dspam with mailscanner, i configured dspam with postfix but postfix passes the mail to dspam only after mailscanner has scanned the mail, there is a plugin for spamassasin to analize the dspam header and sets a score. Thank you, -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100217/9fb4a60f/attachment.html From J.Ede at birchenallhowden.co.uk Wed Feb 17 09:17:34 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Feb 17 09:17:57 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> Message-ID: <1213490F1F316842A544A850422BFA9635949A12C2@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mauricio Tavares > Sent: 16 February 2010 21:31 > To: MailScanner discussion > Subject: Re: Yet another "disable outgoing scan" question > > On Tue, Feb 16, 2010 at 4:18 PM, Alex Neuman wrote: > > You should make sure the e-mails that go through your server that say > they're from your domain actually *are* from your domain. > > This is done at the MTA level. > > > That I think I am already doing: I told my MTA, postfix, to > always do smtp auth. Should that suffice? Depends... How are you doing SMTP auth? If not using TLS or the like then your credentials will be transmitted in plaintext and so are sniffable if you wanted to. If its an internal network then risk is minimal, but if its over internet then have seen outgoing servers credentials compromised in this way... TLS on postfix is trivial to get working. > > On Feb 16, 2010, at 3:41 PM, Mauricio Tavares wrote: > > > >> ? ? ?As the subject states, I would like to disable outgoing scan. > >> Now, from what I saw in mailscanner.conf and was explained in the > irc > >> channel, I should set Scan Messages = my ruleset file and then have > >> something like > >> > >> From: ? ? my.domain.com no > >> FromOrTo: default ? ? ? ? ? yes > >> > >> in the file. Question I have is would the first line cause emails > >> pretending to be coming from my domain not to be scanned? If so, how > >> would I make sure only the emails that truly originate from my > domain > >> not be scanned? > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From richard at fastnet.co.uk Wed Feb 17 09:37:20 2010 From: richard at fastnet.co.uk (Richard Mealing) Date: Wed Feb 17 09:36:01 2010 Subject: CustomConfig.pm Message-ID: Hi Jules, I am running freebsd and when I update MailScanner, this file gets over written - /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm It's not a big pain, but I am using black / white listing by domain and it's a change that needs to be made every time I upgrade. I'm not sure if this can be omitted from an upgrade? I thought I would just let you know. Many thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100217/7456bd89/attachment.html From maillists at conactive.com Wed Feb 17 10:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 17 10:31:32 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> Message-ID: Mauricio Tavares wrote on Tue, 16 Feb 2010 16:30:48 -0500: > That I think I am already doing: I told my MTA, postfix, to > always do smtp auth. Should that suffice? Still, a spammer can send you mail with your domain. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Feb 17 10:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 17 10:31:32 2010 Subject: mailscanner.conf symlink In-Reply-To: <4B7AD585.4010702@msapiro.net> References: <4B781110.6050108@msapiro.net> <4B7AD585.4010702@msapiro.net> Message-ID: Mark Sapiro wrote on Tue, 16 Feb 2010 09:27:33 -0800: > Or, I think you could just edit /etc/MailScanner/spamassassin.prefs.conf > to contain nothing or only things you want. I'm not certain this works, > but mine is edited and the rpm doesn't overwrite it. Ah, I didn't think about that. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From john at tradoc.fr Wed Feb 17 10:48:56 2010 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 17 10:49:16 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> Message-ID: <4B7BC998.7030908@tradoc.fr> Le 17/02/2010 11:31, Kai Schaetzl a ?crit : > Mauricio Tavares wrote on Tue, 16 Feb 2010 16:30:48 -0500: > >> > That I think I am already doing: I told my MTA, postfix, to >> > always do smtp auth. Should that suffice? > Still, a spammer can send you mail with your domain. They can try, but with reject_sender_login_mismatch in your smtpd_sender_restrictions they won't get very far... John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From vanhorn at whidbey.com Wed Feb 17 11:01:39 2010 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Wed Feb 17 11:01:49 2010 Subject: Zlib and zleb-devel missing, what's unrar, and do I care? Message-ID: <4B7BCC93.1070406@whidbey.com> I just started setting up a new server, which meant a fresh install of MailScanner. I ran the RPM-based installer, as I'm running CentOS, and also used the ClamAV 0.95.3/SpamAssassin 3.3.0 installer. MailScanner reported that there were no AV scanners installed, suggesting frequently in maillog that this wasn't a really bright idea on my part. I reran the Clam/SA installer a couple of times before noticing that it bitched about zlib and zlib-devel not being installed early in the process and just kept running until the final success, which actually wasn't success at all. Manually installing those allowed the install to run, and MailScanner stopped bitching about it. I would think that if these elements are central to the installer running, and if RHEL/CentOS don't consider them part of the basic install, that they ought to be included in the installer (a ton of other things are), or at the very least the installer ought to exit at that point with a clear message about the trivial fix. (yum install zlib zlib-devel) So MS is running merrily along. However, it keeps carping about "/usr/sbin/unrar does not exist or is not executable". Okay, it doesn't exist. So off to "yum provides */unrar", and learn that it doesn't exist in the CentOS universe, apparently. Now what? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From maillists at conactive.com Wed Feb 17 12:31:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 17 12:31:37 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <4B7BC998.7030908@tradoc.fr> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> <4B7BC998.7030908@tradoc.fr> Message-ID: John Wilcock wrote on Wed, 17 Feb 2010 11:48:56 +0100: > They can try, but with reject_sender_login_mismatch in your > smtpd_sender_restrictions they won't get very far... Maybe I'm missing something. This question was about a mailserver that is for incoming *and* outgoing. There was no mention of any anti-spoofing measures for incoming non-authed mail. Any spammer can send to you with a domain of yours. If you exclude these from scanning ... What you rather mean is probably reject_unauthenticated_sender_login_mismatch ? That takes probably longer (three lookups before it can match!) to process than using a simple sender access map with domains that are not allowed to send unauthenticated (one lookup). You can take this list from the list of local hostnames and add an error code. On the other hand reject_authenticated_sender_login_mismatch might have a place when you want to stop *outgoing* spam by authed hosts. But then you have to keep track of all domains your customers may use. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dcurtis at sbschools.net Wed Feb 17 12:39:19 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed Feb 17 12:41:45 2010 Subject: vipre Message-ID: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> We are looking into switching our corporate antivirus package again and we are wondering if anyone is using virpe with MailScanner? ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100217/df9a7ec4/attachment.html From davidj at synaq.com Wed Feb 17 12:44:16 2010 From: davidj at synaq.com (David Jacobson) Date: Wed Feb 17 12:44:44 2010 Subject: Slightly OT : Email Branding Message-ID: Hi Gents, MailScanner can append a signature to the end of all mails (text or html) this is great. A lot of our users are requesting header image insertion... Now without being told by 50 people how bad email branding is, I'm on your side - I think it's bad, however we need to do it for certain people. So with the rants aside... Does anyone know how we could achieve this with MailScanner+Exim ? We've tried AlterMIME it's great for disclaimers (like MS can add) but doesn't offer footer insertion. Any advise appreciated.
David Jacobson
Technical Director
Tel: 011 262 3632
Fax: 086 637 8868
Cell: 083 235 0760
Email: davidj@synaq.com
Web: www.synaq.com

Sandhaven Office Park, Pongola Crescent
Eastgate Ext 17 Sandton
 
 
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100217/b192ad45/attachment.html From prandal at herefordshire.gov.uk Wed Feb 17 13:13:36 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Feb 17 13:13:53 2010 Subject: Zlib and zleb-devel missing, what's unrar, and do I care? In-Reply-To: <4B7BCC93.1070406@whidbey.com> References: <4B7BCC93.1070406@whidbey.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08E408AB@HC-MBX02.herefordshire.gov.uk> You'll find unrar on rpmforge's yum repository. I'm using clamav / clamd from the same repository, rather than from Jules' tarball. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. Armour Van Horn Sent: 17 February 2010 11:02 To: MailScanner discussion Subject: Zlib and zleb-devel missing, what's unrar, and do I care? I just started setting up a new server, which meant a fresh install of MailScanner. I ran the RPM-based installer, as I'm running CentOS, and also used the ClamAV 0.95.3/SpamAssassin 3.3.0 installer. MailScanner reported that there were no AV scanners installed, suggesting frequently in maillog that this wasn't a really bright idea on my part. I reran the Clam/SA installer a couple of times before noticing that it bitched about zlib and zlib-devel not being installed early in the process and just kept running until the final success, which actually wasn't success at all. Manually installing those allowed the install to run, and MailScanner stopped bitching about it. I would think that if these elements are central to the installer running, and if RHEL/CentOS don't consider them part of the basic install, that they ought to be included in the installer (a ton of other things are), or at the very least the installer ought to exit at that point with a clear message about the trivial fix. (yum install zlib zlib-devel) So MS is running merrily along. However, it keeps carping about "/usr/sbin/unrar does not exist or is not executable". Okay, it doesn't exist. So off to "yum provides */unrar", and learn that it doesn't exist in the CentOS universe, apparently. Now what? Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From john at tradoc.fr Wed Feb 17 13:30:58 2010 From: john at tradoc.fr (John Wilcock) Date: Wed Feb 17 13:31:14 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> <4B7BC998.7030908@tradoc.fr> Message-ID: <4B7BEF92.3050206@tradoc.fr> Le 17/02/2010 13:31, Kai Schaetzl a ?crit : > What you rather mean is probably > reject_unauthenticated_sender_login_mismatch ? That takes probably longer > (three lookups before it can match!) to process than using a simple sender > access map with domains that are not allowed to send unauthenticated (one > lookup). You can take this list from the list of local hostnames and add > an error code. Errr, yes, that's what I meant, and that's what I use in conjunction with virtual domains on my servers. But you're right of course, if you don't care about one local user sending mails purporting to be from another local user then a single lookup for a per-domain sender access map is a more efficient way of dealing with spoofing. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maillists at conactive.com Wed Feb 17 14:28:52 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 17 14:29:03 2010 Subject: vipre In-Reply-To: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> Message-ID: wrote on Wed, 17 Feb 2010 07:39:19 -0500: > We are looking into switching our corporate antivirus package again and > we are wondering if anyone is using virpe with MailScanner? How do you want to run it on Linux/Unix? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dcurtis at sbschools.net Wed Feb 17 14:39:37 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed Feb 17 14:46:45 2010 Subject: vipre In-Reply-To: References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> Sorry, yes we have centos that our mailscanner runs on. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Wednesday, February 17, 2010 9:29 AM To: mailscanner@lists.mailscanner.info Subject: Re: vipre wrote on Wed, 17 Feb 2010 07:39:19 -0500: > We are looking into switching our corporate antivirus package again and > we are wondering if anyone is using virpe with MailScanner? How do you want to run it on Linux/Unix? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From mikael at syska.dk Wed Feb 17 15:11:43 2010 From: mikael at syska.dk (Mikael Syska) Date: Wed Feb 17 15:11:57 2010 Subject: vipre In-Reply-To: <73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> <73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> Message-ID: <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> Hi dcurtis, Installation of VIPRE is not supported on Windows 95, 98, NT, or ME, Macintosh or "Linux". So I guess that is what Kai is asking for ... I dont think its supported by mailscanner yet. mvh On Wed, Feb 17, 2010 at 3:39 PM, wrote: > Sorry, yes we have centos that our mailscanner runs on. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai > Schaetzl > Sent: Wednesday, February 17, 2010 9:29 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: vipre > > wrote on Wed, 17 Feb 2010 07:39:19 -0500: > >> We are looking into switching our corporate antivirus package again > and >> we are wondering if anyone is using virpe with MailScanner? > > How do you want to run it on Linux/Unix? > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). ?If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender ?and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mrm at medicine.wisc.edu Wed Feb 17 15:25:15 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Wed Feb 17 15:25:40 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> Message-ID: <4B7BB5FB020000FC00002171@gwmail.medicine.wisc.edu> Assuming your Mailscanner is outside of your internal smart host, just use the ip(s) of the smart host instead of the domain name. This won't stop spam from coming within your organization, but you should have other tools available to watch for that. >>> On 2/16/2010 at 2:41 PM, in message <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com>, Mauricio Tavares wrote: > As the subject states, I would like to disable outgoing scan. > Now, from what I saw in mailscanner.conf and was explained in the irc > channel, I should set Scan Messages = my ruleset file and then have > something like > > From: my.domain.com no > FromOrTo: default yes > > in the file. Question I have is would the first line cause emails > pretending to be coming from my domain not to be scanned? If so, how > would I make sure only the emails that truly originate from my domain > not be scanned? From dcurtis at sbschools.net Wed Feb 17 15:23:43 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Wed Feb 17 15:31:45 2010 Subject: vipre In-Reply-To: <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net><73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> According to their sales rep they have many gateway/mailservers running it. They do have a sdk under the oem part of their website. http://www.sunbeltsoftware.com/Developer/VIPRE-Gateway-SDK/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska Sent: Wednesday, February 17, 2010 10:12 AM To: MailScanner discussion Subject: Re: vipre Hi dcurtis, Installation of VIPRE is not supported on Windows 95, 98, NT, or ME, Macintosh or "Linux". So I guess that is what Kai is asking for ... I dont think its supported by mailscanner yet. mvh On Wed, Feb 17, 2010 at 3:39 PM, wrote: > Sorry, yes we have centos that our mailscanner runs on. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai > Schaetzl > Sent: Wednesday, February 17, 2010 9:29 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: vipre > > wrote on Wed, 17 Feb 2010 07:39:19 -0500: > >> We are looking into switching our corporate antivirus package again > and >> we are wondering if anyone is using virpe with MailScanner? > > How do you want to run it on Linux/Unix? > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). ?If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender ?and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From mrm at medicine.wisc.edu Wed Feb 17 15:50:39 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Wed Feb 17 15:51:02 2010 Subject: vipre In-Reply-To: <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net><73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> Message-ID: <4B7BBBEF020000FC00002181@gwmail.medicine.wisc.edu> Vipre only runs on Windows servers. Mailscanner only runs on Unix varients like Linux, Freebsd, etc... Don't count on any compatability between the two for a really long time. -Mike >>> On 2/17/2010 at 9:23 AM, in message <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net>, wrote: > According to their sales rep they have many gateway/mailservers running it. > They do have a sdk under the oem part of their website. > http://www.sunbeltsoftware.com/Developer/VIPRE-Gateway-SDK/ > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael > Syska > Sent: Wednesday, February 17, 2010 10:12 AM > To: MailScanner discussion > Subject: Re: vipre > > Hi dcurtis, > > Installation of VIPRE is not supported on Windows 95, 98, NT, or ME, > Macintosh or "Linux". > > So I guess that is what Kai is asking for ... I dont think its > supported by mailscanner yet. > > mvh > > On Wed, Feb 17, 2010 at 3:39 PM, wrote: >> Sorry, yes we have centos that our mailscanner runs on. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai >> Schaetzl >> Sent: Wednesday, February 17, 2010 9:29 AM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: vipre >> >> wrote on Wed, 17 Feb 2010 07:39:19 -0500: >> >>> We are looking into switching our corporate antivirus package again >> and >>> we are wondering if anyone is using virpe with MailScanner? >> >> How do you want to run it on Linux/Unix? >> >> Kai >> >> -- >> Get your web at Conactive Internet Services: http://www.conactive.com >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> ______________________________________________________________ >> ______________________________________________________________ >> This email may contain information protected under the Family >> Educational Rights and Privacy Act (FERPA) or the Health Insurance >> Portability and Accountability Act (HIPAA). If this email contains >> confidential and/or privileged health or student information and you >> are not entitled to access such information under FERPA or HIPAA, >> federal regulations require that you destroy this email without >> reviewing it and you may not forward it to anyone. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, ClamAV and Bitdefender and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > From alvaro at hostalia.com Wed Feb 17 15:53:54 2010 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Wed Feb 17 15:53:59 2010 Subject: Notify recipient Message-ID: <4B7C1112.9050602@hostalia.com> Hi, is there any option in MailScanner to use these settings: Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes for recipients? I want to notify my users if some mail addressed to them has been rejected due to a virus or dangerous extension was found. Thank you! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From raubvogel at gmail.com Wed Feb 17 15:58:26 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Feb 17 15:58:39 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <1213490F1F316842A544A850422BFA9635949A12C2@BHLSBS.bhl.local> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> <1213490F1F316842A544A850422BFA9635949A12C2@BHLSBS.bhl.local> Message-ID: <2c6cf52a1002170758j6c1ec986xe9ade85a3964b1a4@mail.gmail.com> On Wed, Feb 17, 2010 at 4:17 AM, Jason Ede wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Mauricio Tavares >> Sent: 16 February 2010 21:31 >> To: MailScanner discussion >> Subject: Re: Yet another "disable outgoing scan" question >> >> On Tue, Feb 16, 2010 at 4:18 PM, Alex Neuman wrote: >> > You should make sure the e-mails that go through your server that say >> they're from your domain actually *are* from your domain. >> > This is done at the MTA level. >> > >> ? ? ? That I think I am already doing: I told my MTA, postfix, to >> always do smtp auth. Should that suffice? > > > Depends... How are you doing SMTP auth? If not using TLS or the like then your credentials will be transmitted in plaintext and so are sniffable if you wanted to. If its an internal network then risk is minimal, but if its over internet then have seen outgoing servers credentials compromised in this way... > > TLS on postfix is trivial to get working. > Yeah, we do that. Though about doing key pairs but that idea was, well, put on the bottom of the pile. From raubvogel at gmail.com Wed Feb 17 16:11:37 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Feb 17 16:11:47 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <251D5827-EBDB-4C59-B3FB-164ED6616AB2@rtpty.com> <2c6cf52a1002161330o706de86aq4b5d975ccac47109@mail.gmail.com> <4B7BC998.7030908@tradoc.fr> Message-ID: <2c6cf52a1002170811j6d13e674vc6ddfc57b4ae5936@mail.gmail.com> On Wed, Feb 17, 2010 at 7:31 AM, Kai Schaetzl wrote: > John Wilcock wrote on Wed, 17 Feb 2010 11:48:56 +0100: > >> They can try, but with reject_sender_login_mismatch in your >> smtpd_sender_restrictions they won't get very far... > > Maybe I'm missing something. This question was about a mailserver that is > for incoming *and* outgoing. There was no mention of any anti-spoofing > measures for incoming non-authed mail. Any spammer can send to you with a > domain of yours. If you exclude these from scanning ... > > What you rather mean is probably > reject_unauthenticated_sender_login_mismatch ? That takes probably longer > (three lookups before it can match!) to process than using a simple sender > access map with domains that are not allowed to send unauthenticated (one > lookup). You can take this list from the list of local hostnames and add > an error code. > > On the other hand reject_authenticated_sender_login_mismatch might have a > place when you want to stop *outgoing* spam by authed hosts. But then you > have to keep track of all domains your customers may use. > > Kai > Interesting; I have not used reject_unauthenticated_sender_login_mismatch before; will need to do some checking on it. Thanks for the suggestion! > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From maillists at conactive.com Wed Feb 17 19:11:25 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Feb 17 19:11:38 2010 Subject: vipre In-Reply-To: <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> <73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> Message-ID: wrote on Wed, 17 Feb 2010 10:23:43 -0500: > According to their sales rep I'm not going by their sales rep, but by their website, look at the requirements. So, how do you want to run it on Linux/Unix? ;-) Interestingly, I also never heard of it before. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From vanhorn at whidbey.com Wed Feb 17 19:44:45 2010 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Wed Feb 17 19:44:58 2010 Subject: Zlib and zleb-devel missing, what's unrar, and do I care? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA08E408AB@HC-MBX02.herefordshire.gov.uk> References: <4B7BCC93.1070406@whidbey.com> <7EF0EE5CB3B263488C8C18823239BEBA08E408AB@HC-MBX02.herefordshire.gov.uk> Message-ID: <4B7C472D.1070407@whidbey.com> Thanks, Phil, that worked. Van On 17/02/2010 05:13, Randal, Phil wrote: > You'll find unrar on rpmforge's yum repository. > > I'm using clamav / clamd from the same repository, rather than from > Jules' tarball. > > Cheers, > > Phil > > > -- > Phil Randal | Networks Engineer > NHS Herefordshire& Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of G. > Armour Van Horn > Sent: 17 February 2010 11:02 > To: MailScanner discussion > Subject: Zlib and zleb-devel missing, what's unrar, and do I care? > > I just started setting up a new server, which meant a fresh install of > MailScanner. > > I ran the RPM-based installer, as I'm running CentOS, and also used the > ClamAV 0.95.3/SpamAssassin 3.3.0 installer. > > MailScanner reported that there were no AV scanners installed, > suggesting frequently in maillog that this wasn't a really bright idea > on my part. I reran the Clam/SA installer a couple of times before > noticing that it bitched about zlib and zlib-devel not being installed > early in the process and just kept running until the final success, > which actually wasn't success at all. Manually installing those allowed > the install to run, and MailScanner stopped bitching about it. I would > think that if these elements are central to the installer running, and > if RHEL/CentOS don't consider them part of the basic install, that they > ought to be included in the installer (a ton of other things are), or at > the very least the installer ought to exit at that point with a clear > message about the trivial fix. (yum install zlib zlib-devel) > > So MS is running merrily along. However, it keeps carping about > "/usr/sbin/unrar does not exist or is not executable". Okay, it doesn't > exist. So off to "yum provides */unrar", and learn that it doesn't exist > in the CentOS universe, apparently. Now what? > > Van > -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From simonmjones at gmail.com Thu Feb 18 11:15:01 2010 From: simonmjones at gmail.com (Simon Jones) Date: Thu Feb 18 11:15:10 2010 Subject: sig - per domain Message-ID: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> hello folks, has anyone configured mailscanner to send out different sigs (/etc/MailScanner/reports/en) for different domain names handled by the system? i.e. could I use sig-1 for domain.com and use a different sig for anotherdomain.com? or even switch the sigs off for particular domains that don't need it. tks! From glenn.steen at gmail.com Thu Feb 18 15:20:49 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 18 15:20:58 2010 Subject: vipre In-Reply-To: References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net> <73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net> <6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com> <73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> Message-ID: <223f97701002180720w266a26l8ba89141e94a85a9@mail.gmail.com> On 17 February 2010 20:11, Kai Schaetzl wrote: > wrote on Wed, 17 Feb 2010 10:23:43 -0500: > >> According to their sales rep > > I'm not going by their sales rep, but by their website, look at the > requirements. So, how do you want to run it on Linux/Unix? ;-) > Interestingly, I also never heard of it before. > > Kai > The SDK claims "any windoze or linux gateway"... But a quick glance around reveals no downloadable stuff ("Request info"? Not likely...;). I'm sure you've heard of some other Sunbelt products, like Kerio Personal Firewall (a.k.a. Tiny Personal Firewall), that used to be quite the rage ... pre-Vista timeframe:-). It's been ... outdated/outperformed by other products (Kerio, that is) for quite some time. I wouldn't go for this one. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Feb 18 15:30:15 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Feb 18 15:30:25 2010 Subject: MailScanner Dspam In-Reply-To: References: Message-ID: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> On 16 February 2010 23:49, JC Putter wrote: > Hi everyone, > > Does someone know of a way to integrate dspam with mailscanner, i configured > dspam with postfix but postfix passes the mail to dspam only after > mailscanner has scanned the mail, there is a plugin for spamassasin to > analize the dspam header and sets a score. > > Thank you, Well, this is a bit like when you need to split messages/recipient... That also happens well after MailScanner. So the somewhat convoluted solution is to configure two postfix instances, where the first one does the DSPAM thing and then pass it on to the second one, that does the MailScanner bit. Look at the wiki page http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient for an example of what it'd entail. Another option might be to try use the Generic Scanner thing in MailScanner, to script DSPAM in that way... I've seen it suggested before, but I don't think I've seen anyone actually DO it:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From correo at miguelangelnieto.net Thu Feb 18 16:09:10 2010 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Thu Feb 18 16:09:49 2010 Subject: different signature image Message-ID: Hi, Its possible to use a ruleset in "Signature Image Filename"? I would like to have different Image files for different domains. Thank you :) -- Lo que har?a ser?a hacerme pasar por sordomudo y as? no tendr?a que hablar. Si quer?an decirme algo, tendr?an que escribirlo en un papelito y ense??rmelo. Al final se hartar?an y ya no tendr?a que hablar el resto de mi vida. From dcurtis at sbschools.net Thu Feb 18 16:17:33 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Feb 18 16:28:54 2010 Subject: vipre In-Reply-To: <223f97701002180720w266a26l8ba89141e94a85a9@mail.gmail.com> References: <73461DFCD2207F44A16F136A461955454733BF@exchange2.sbschools.net><73461DFCD2207F44A16F136A461955454733CE@exchange2.sbschools.net><6beca9db1002170711q345aa149v44cacd1da80b8c0a@mail.gmail.com><73461DFCD2207F44A16F136A461955454733D6@exchange2.sbschools.net> <223f97701002180720w266a26l8ba89141e94a85a9@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A4619554547340A@exchange2.sbschools.net> Thanks for everyone's input. Always nice. I will keep clam and bitdefender running. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Thursday, February 18, 2010 10:21 AM To: MailScanner discussion Subject: Re: vipre On 17 February 2010 20:11, Kai Schaetzl wrote: > wrote on Wed, 17 Feb 2010 10:23:43 -0500: > >> According to their sales rep > > I'm not going by their sales rep, but by their website, look at the > requirements. So, how do you want to run it on Linux/Unix? ;-) > Interestingly, I also never heard of it before. > > Kai > The SDK claims "any windoze or linux gateway"... But a quick glance around reveals no downloadable stuff ("Request info"? Not likely...;). I'm sure you've heard of some other Sunbelt products, like Kerio Personal Firewall (a.k.a. Tiny Personal Firewall), that used to be quite the rage ... pre-Vista timeframe:-). It's been ... outdated/outperformed by other products (Kerio, that is) for quite some time. I wouldn't go for this one. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From maillists at conactive.com Thu Feb 18 19:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Feb 18 19:31:31 2010 Subject: MailScanner Dspam In-Reply-To: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> References: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> Message-ID: > there is a plugin for spamassasin to > > analize the dspam header and sets a score. or he could use what he mentions. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From garry at glendown.de Thu Feb 18 20:05:03 2010 From: garry at glendown.de (Garry) Date: Thu Feb 18 20:13:13 2010 Subject: sig - per domain In-Reply-To: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> Message-ID: <4B7D9D6F.1080707@glendown.de> On 18.02.2010 12:15, Simon Jones wrote: > has anyone configured mailscanner to send out different sigs > (/etc/MailScanner/reports/en) for different domain names handled by > the system? i.e. could I use sig-1 for domain.com and use a different > sig for anotherdomain.com? or even switch the sigs off for particular > domains that don't need it. > Not much too it - just use a file-rule in the Mailscanner.conf: Inline HTML Signature = %rules-dir%/sig-html.rules Inline Text Signature = %rules-dir%/sig-txt.rules then in the rules file do something like this: From: *@domain1.com %report-dir%/inline.sig.domain1.txt From: *@domain2.com %report-dir%/inline.sig.domain2.txt -garry From davejones70 at gmail.com Thu Feb 18 21:36:28 2010 From: davejones70 at gmail.com (Dave Jones) Date: Thu Feb 18 21:36:38 2010 Subject: PDF attachment being dropped silently by MailScanner Message-ID: <67a55ed51002181336u4d15c080k7e0add3d954d01a0@mail.gmail.com> I am running MailScanner version 4.78.17 and have an issue when an HTML email comes in with a PDF attached. Below is the end of the body when the email is not sent through MailScanner. MailScanner is dropping off everything past the "



" line below.



------_=_NextPart_002_01CAB0D0.AD4BE979-- ------_=_NextPart_001_01CAB0D0.AD4BE979 Content-Type: application/pdf; name="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" Content-Transfer-Encoding: base64 Content-Description: Tech U.S.A. Intl Trvlrs Trvlng Today.pdf Content-Disposition: attachment; filename="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" Content-Location: 1_multipart%3F2_Tech%20U.S.A.%20Intl%20Trvlrs%20Trvlng%20Today.pdf [clipped MIME encoding] -- Dave Jones From dcurtis at sbschools.net Fri Feb 19 13:16:21 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Feb 19 13:20:20 2010 Subject: PDF attachment being dropped silently by MailScanner In-Reply-To: <67a55ed51002181336u4d15c080k7e0add3d954d01a0@mail.gmail.com> References: <67a55ed51002181336u4d15c080k7e0add3d954d01a0@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A46195545473421@exchange2.sbschools.net> MailScanner is probably seeing it as a file with many extensions? Ever period will show as an extension. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Jones Sent: Thursday, February 18, 2010 4:36 PM To: mailscanner Subject: PDF attachment being dropped silently by MailScanner I am running MailScanner version 4.78.17 and have an issue when an HTML email comes in with a PDF attached. Below is the end of the body when the email is not sent through MailScanner. MailScanner is dropping off everything past the "



" line below.



------_=_NextPart_002_01CAB0D0.AD4BE979-- ------_=_NextPart_001_01CAB0D0.AD4BE979 Content-Type: application/pdf; name="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" Content-Transfer-Encoding: base64 Content-Description: Tech U.S.A. Intl Trvlrs Trvlng Today.pdf Content-Disposition: attachment; filename="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" Content-Location: 1_multipart%3F2_Tech%20U.S.A.%20Intl%20Trvlrs%20Trvlng%20Today.pdf [clipped MIME encoding] -- Dave Jones -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From davejones70 at gmail.com Sat Feb 20 14:33:15 2010 From: davejones70 at gmail.com (Dave Jones) Date: Sat Feb 20 14:33:24 2010 Subject: MailScanner Digest, Vol 50, Issue 21 In-Reply-To: <201002201201.o1KC0bCL013578@safir.blacknight.ie> References: <201002201201.o1KC0bCL013578@safir.blacknight.ie> Message-ID: <161b1c931002200633v46ce3a00td63e9858d6c94a9@mail.gmail.com> > MailScanner is probably seeing it as a file with many extensions? Ever > period will show as an extension. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Jones > Sent: Thursday, February 18, 2010 4:36 PM > To: mailscanner > Subject: PDF attachment being dropped silently by MailScanner > > I am running MailScanner version 4.78.17 and have an issue when an > HTML email comes in with a PDF attached. Below is the end of the body > when the email is not sent through MailScanner. MailScanner is > dropping off everything past the "



" line below. > > >



> ------_=_NextPart_002_01CAB0D0.AD4BE979-- > > ------_=_NextPart_001_01CAB0D0.AD4BE979 > Content-Type: application/pdf; > name="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" > Content-Transfer-Encoding: base64 > Content-Description: Tech U.S.A. Intl Trvlrs Trvlng Today.pdf > Content-Disposition: attachment; > filename="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" > Content-Location: > 1_multipart%3F2_Tech%20U.S.A.%20Intl%20Trvlrs%20Trvlng%20Today.pdf > > [clipped MIME encoding] > > -- > Dave Jones > It's not being dropped based on the filename since those will notify the recipient along with an admin mailbox. Recent debugging shows that it may be something strange with how the email is being generated. We can't get the originator of the email to give us the details of how it's being created. It seems that the problem is with some automated generation process but when they just create the email using Outlook and attach the PDF, it seems to work fine to all recipients. However, there may be something with how MailScanner (or a Perl library) is processing the email attachment because even when the email was being generated with an automated process, some of the recipients received the PDF fine if they didn't go through MailScanner. The email size seems to stay the full size all the way through multiple email servers including MailScanner but when we "view source" on the client, it's chopped off short. I guess this could be a mail client issue not being able to interpret the MIME encoding if something was a little off. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100220/080d2f8e/attachment.html From maillists at conactive.com Sat Feb 20 18:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Feb 20 18:31:35 2010 Subject: MailScanner Digest, Vol 50, Issue 21 In-Reply-To: <161b1c931002200633v46ce3a00td63e9858d6c94a9@mail.gmail.com> References: <201002201201.o1KC0bCL013578@safir.blacknight.ie> <161b1c931002200633v46ce3a00td63e9858d6c94a9@mail.gmail.com> Message-ID: Dave Jones wrote on Sat, 20 Feb 2010 08:33:15 -0600: > The email size seems to stay the full size all the way through multiple > email servers including MailScanner but when we "view source" on the > client, it's chopped off short. I guess this could be a mail client issue > not being able to interpret the MIME encoding if something was a > little off. if the size stays the same and I interpret that as meaning it's also the same in Outlook then the file is still there but Outlook may not be able to "see" it. Check if it is really there. I don't know how to do that on Outlook. You can *not* rely on the source view of Outlook. (If there is no way to achieve that with Outlook, get a decent mail client and retrieve the mail with it.) And if it's just hat Outlook cannot see it then this might have been caused for instance by adding a signature or disclaimer or whatever by MailScanner. So, you may want to switch off any such options for testing. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From james at gray.net.au Sun Feb 21 07:50:18 2010 From: james at gray.net.au (James Gray) Date: Sun Feb 21 07:50:35 2010 Subject: MailScanner + Zimbra...done :) Message-ID: <29A28171-2D54-4AF5-8EF8-9832A80DB6BA@gray.net.au> Hi All, Just wanted to let everyone know I've re-done my MailScanner + Zimbra integration. Essentially, it's a routine postfix install, but there are a couple of nasty surprises in Zimbra 6.0 (like header checks being ignored: http://www.zimbra.com/forums/administrators/32949-solved-headerchecks.html) and other silliness as a result of the amavis integration. However, with MailScanner I get faster, more accurate filtering, with far more granularity than the default solution with Zimbra. The down side is I loose some of the internal reporting with Zimbra..but that's why we have rrdtool/Cacti/MRTG/etc. As part of the integration I did the standard performance improvements: MailScanner work directories in tmpfs, bayes/awl on SQL, sa-update, redirecting user-identified spam/ham for training bayes etc, etc. So I bit off a fair bit for a one-step (sic), drop-in replacement. Just thought I'd post this for the sake of the archives; but getting Zimbra to play nice with MailScanner and the other services on my server was somewhat troublesome. I can share the pain with those who are interested. Kudos to Jules: without his hard work over many years, MailScanner would never have matured to the robust, simply integrated solution it is today! Thanks! Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100221/facc649b/smime.bin From uxbod at splatnix.net Sun Feb 21 08:36:04 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Feb 21 08:36:24 2010 Subject: MailScanner + Zimbra...done :) In-Reply-To: <29A28171-2D54-4AF5-8EF8-9832A80DB6BA@gray.net.au> Message-ID: <6957708.190.1266741364333.JavaMail.root@office.splatnix.net> ----- "James Gray" wrote: > Hi All, > > Just wanted to let everyone know I've re-done my MailScanner + Zimbra > integration. Essentially, it's a routine postfix install, but there > are a couple of nasty surprises in Zimbra 6.0 (like header checks > being ignored: > http://www.zimbra.com/forums/administrators/32949-solved-headerchecks.html) > and other silliness as a result of the amavis integration. However, > with MailScanner I get faster, more accurate filtering, with far more > granularity than the default solution with Zimbra. The down side is I > loose some of the internal reporting with Zimbra..but that's why we > have rrdtool/Cacti/MRTG/etc. As part of the integration I did the > standard performance improvements: MailScanner work directories in > tmpfs, bayes/awl on SQL, sa-update, redirecting user-identified > spam/ham for training bayes etc, etc. So I bit off a fair bit for a > one-step (sic), drop-in replacement. > > Just thought I'd post this for the sake of the archives; but getting > Zimbra to play nice with MailScanner and the other services on my > server was somewhat troublesome. I can share the pain with those who > are interested. > > Kudos to Jules: without his hard work over many years, MailScanner > would never have matured to the robust, simply integrated solution it > is today! Thanks! > > Cheers, > > James > Support MailScanner development - buy the book off the website! James, so what have you done with respect to the integration ? I have MailScanner talking to Zimbra as well and use a Amavis policy-map to avoid double SA scanning. I lifted the ldap-v*.cf from Zimbra to control LDAP address lookups and am using a central SQL store for Bayes. Next step will be to integrate MailWatch as a Zimlet; I have added a tab to ZCS just need to add the content ;) Happy to share thoughts and ideas. Thanks, Phil From james at gray.net.au Sun Feb 21 10:58:44 2010 From: james at gray.net.au (James Gray) Date: Sun Feb 21 10:59:01 2010 Subject: MailScanner + Zimbra...done :) In-Reply-To: <6957708.190.1266741364333.JavaMail.root@office.splatnix.net> References: <6957708.190.1266741364333.JavaMail.root@office.splatnix.net> Message-ID: <634C1CED-51AF-481A-A6EF-48DCC9AB2433@gray.net.au> On 21/02/2010, at 7:36 PM, --[ UxBoD ]-- wrote: > ----- "James Gray" wrote: > >> Hi All, >> >> Just wanted to let everyone know I've re-done my MailScanner + Zimbra >> integration. Essentially, it's a routine postfix install, but there >> are a couple of nasty surprises in Zimbra 6.0 (like header checks >> being ignored: >> http://www.zimbra.com/forums/administrators/32949-solved-headerchecks.html) >> and other silliness as a result of the amavis integration. However, >> with MailScanner I get faster, more accurate filtering, with far more >> granularity than the default solution with Zimbra. The down side is I >> loose some of the internal reporting with Zimbra..but that's why we >> have rrdtool/Cacti/MRTG/etc. As part of the integration I did the >> standard performance improvements: MailScanner work directories in >> tmpfs, bayes/awl on SQL, sa-update, redirecting user-identified >> spam/ham for training bayes etc, etc. So I bit off a fair bit for a >> one-step (sic), drop-in replacement. >> >> Just thought I'd post this for the sake of the archives; but getting >> Zimbra to play nice with MailScanner and the other services on my >> server was somewhat troublesome. I can share the pain with those who >> are interested. >> >> Kudos to Jules: without his hard work over many years, MailScanner >> would never have matured to the robust, simply integrated solution it >> is today! Thanks! >> >> Cheers, >> >> James >> Support MailScanner development - buy the book off the website! > > James, > > so what have you done with respect to the integration ? I have MailScanner talking to Zimbra as well and use a Amavis policy-map to avoid double SA scanning. I lifted the ldap-v*.cf from Zimbra to control LDAP address lookups and am using a central SQL store for Bayes. > > Next step will be to integrate MailWatch as a Zimlet; I have added a tab to ZCS just need to add the content ;) > > Happy to share thoughts and ideas. > > Thanks, Phil Hi Phil, Basically just used zmprov to turn off all the virus/spam/attachment scanning in zimbra. Now amavis doesn't even start :) Next was just install MailScanner and Julian's clamav/spamassassin installer as I've had problems with the Zimbra-ised versions of these during upgrades of Zimbra. I haven't bothered looking into a zimlet for MailScanner although that sounds like a damn good idea - happy to be a beta tester. As for the MailScanner config, I just left it all in the files, but if I were running a multi-server setup, I'd probably look at storing the config in LDAP (it was supported many eons ago in MailScanner - not sure if Jules kept it though). I still use all the zimbra LDAP/Postfix/IMAP/POP3 fru-fru, but I haven't found an elegant way yet to pick up the mail users identify as ham/spam. All I've done is told them to forward it to ham/spam@.... Plug in a quick-and-dirty shell script that uses fetchmail and sa-learn, add it to a cron job and voila. Fit for purpose, but damn ugly. Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100221/e071ab3e/smime.bin From uxbod at splatnix.net Sun Feb 21 11:11:10 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Feb 21 11:11:22 2010 Subject: MailScanner + Zimbra...done :) In-Reply-To: <6422466.194.1266750668176.JavaMail.root@office.splatnix.net> Message-ID: <26774837.196.1266750670912.JavaMail.root@office.splatnix.net> > > Hi Phil, > > Basically just used zmprov to turn off all the virus/spam/attachment > scanning in zimbra. Now amavis doesn't even start :) Next was just > install MailScanner and Julian's clamav/spamassassin installer as I've > had problems with the Zimbra-ised versions of these during upgrades of > Zimbra. Personally I would leave AV on within Zimbra; rationale is that if a users machine does become infected then they could spread it via email. > > I haven't bothered looking into a zimlet for MailScanner although that > sounds like a damn good idea - happy to be a beta tester. As for the > MailScanner config, I just left it all in the files, but if I were > running a multi-server setup, I'd probably look at storing the config > in LDAP (it was supported many eons ago in MailScanner - not sure if > Jules kept it though). > I just use the Zimbra LDAP to validate the domains and users. Will keep the list posted about the MailWatch integration; just not sure yet whether to use MailWatch or write a simple front-end instead. > I still use all the zimbra LDAP/Postfix/IMAP/POP3 fru-fru, but I > haven't found an elegant way yet to pick up the mail users identify as > ham/spam. All I've done is told them to forward it to ham/spam@.... > Plug in a quick-and-dirty shell script that uses fetchmail and > sa-learn, add it to a cron job and voila. Fit for purpose, but damn > ugly. Simplest way is to migrate the SA bayes into a database. You can then create a custom .cf under /opt/zimbra/conf/spamassassin that uses the database. Adopting this approach allows the AS break out from Zimbra into MailScanner while still allowing your users to train Spam/Ham. This all provides a double whammy due to if you introduce additional mailstores and MTA in the future, using Zimbra, they can all share a common bayes. > > Cheers, > > James -- Thanks - Phil From jens at huenerberg.net Sun Feb 21 15:34:00 2010 From: jens at huenerberg.net (Jens Huenerberg) Date: Sun Feb 21 15:34:10 2010 Subject: ClamAV response not interpreted In-Reply-To: References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> <4B6492C9.2040301@huenerberg.net> Message-ID: <4B815268.1050302@huenerberg.net> Kai Schaetzl wrote on 31 Jan 2010 15:31: > Jens Huenerberg wrote on Sat, 30 Jan 2010 21:12:57 +0100: > >> LibClamAV Warning: *** This version of the ClamAV engine is outdated. >> *** >> LibClamAV Warning: *** DON'T PANIC! Read >> http://www.clamav.net/support/faq *** >> LibClamAV Warning: > > This means you don't have the latest packages from rpmforge or you have > installed another clam that "takes over". Thanks Kai and Jules. You were both pointing into the right direction. In the end, it turned out that I had remaining pieces of an old tarball installation of clamav in /usr/local (bin and lib). The new installation (RPM based) was existing in parallel. Challenge: The tools (clamscan and freshclam) reported to be 0.95.3 though they were using /usr/local/lib 0.95.2 libclamav. This is, why I didn't recognize what was going on. Now, everything is working just fine. Very good work, indeed ... -- Kind regards Jens From mark at msapiro.net Sun Feb 21 16:24:50 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sun Feb 21 16:25:02 2010 Subject: MailScanner Digest, Vol 50, Issue 21 In-Reply-To: <161b1c931002200633v46ce3a00td63e9858d6c94a9@mail.gmail.com> References: <201002201201.o1KC0bCL013578@safir.blacknight.ie> <161b1c931002200633v46ce3a00td63e9858d6c94a9@mail.gmail.com> Message-ID: <4B815E52.50404@msapiro.net> On 11:59 AM, Dave Jones wrote: > > I am running MailScanner version 4.78.17 and have an issue when an > HTML email comes in with a PDF attached. Below is the end of the body > when the email is not sent through MailScanner. MailScanner is > dropping off everything past the "



" line below. > > >



> ------_=_NextPart_002_01CAB0D0.AD4BE979-- > > ------_=_NextPart_001_01CAB0D0.AD4BE979 > Content-Type: application/pdf; [...] > It's not being dropped based on the filename since those will notify the > recipient along with an admin mailbox. > > Recent debugging shows that it may be something strange with how the > email is being generated. We can't get the originator of the email to give > us the details of how it's being created. It seems that the problem is with > some automated generation process but when they just create the email > using Outlook and attach the PDF, it seems to work fine to all recipients. What is the full MIME structure of the message? What you show above is only a piece. Show the Content-Type: header including boundary= for the message itself and also show all boundaries and the Content-Type: from all sub-parts. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From davejones70 at gmail.com Sun Feb 21 17:46:24 2010 From: davejones70 at gmail.com (Dave Jones) Date: Sun Feb 21 17:46:33 2010 Subject: PDF attachment being dropped silently by MailScanner Message-ID: <67a55ed51002210946n146afdcep88f087775359420c@mail.gmail.com> >On 11:59 AM, Dave Jones wrote: >> >> I am running MailScanner version 4.78.17 and have an issue when an >> HTML email comes in with a PDF attached. Below is the end of the body >> when the email is not sent through MailScanner. MailScanner is >> dropping off everything past the "



" line below. >> >> >>



>> ------_=_NextPart_002_01CAB0D0.AD4BE979-- >> >> ------_=_NextPart_001_01CAB0D0.AD4BE979 >> Content-Type: application/pdf; >[...] >> It's not being dropped based on the filename since those will notify the >> recipient along with an admin mailbox. >> >> Recent debugging shows that it may be something strange with how the >> email is being generated. We can't get the originator of the email to give >> us the details of how it's being created. It seems that the problem is with >> some automated generation process but when they just create the email >> using Outlook and attach the PDF, it seems to work fine to all recipients. > > >What is the full MIME structure of the message? What you show above is >only a piece. Show the Content-Type: header including boundary= for the >message itself and also show all boundaries and the Content-Type: from >all sub-parts. > >-- >Mark Sapiro The highway is for gamblers, >San Francisco Bay Area, California better use your sense - B. What I have above is all of the MIME information -- at least all that is shown from Outlook with "View Source". Starting with the [...] is the MIME encoded attachment. I will see if I can get one sent to my gmail account so I can do a real "View Source" to see if it's an incomplete MIME header. I am now suspecting the generating application is problem. -- Dave Jones From mark at msapiro.net Sun Feb 21 21:49:30 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sun Feb 21 21:49:50 2010 Subject: PDF attachment being dropped silently by MailScanner In-Reply-To: <67a55ed51002210946n146afdcep88f087775359420c@mail.gmail.com> Message-ID: Dave Jones quoted Mark Sapiro and wrote: >> >>What is the full MIME structure of the message? What you show above is >>only a piece. Show the Content-Type: header including boundary= for the >>message itself and also show all boundaries and the Content-Type: from >>all sub-parts. > >What I have above is all of the MIME information -- at least all that is shown >from Outlook with "View Source". Starting with the [...] is the MIME encoded >attachment. > >I will see if I can get one sent to my gmail account so I can do a real "View >Source" to see if it's an incomplete MIME header. I am now suspecting the >generating application is problem. I think you must not understand what I'm asking. You showed:



------_=_NextPart_002_01CAB0D0.AD4BE979-- ------_=_NextPart_001_01CAB0D0.AD4BE979 Content-Type: application/pdf; This is only the terminating boundary from a prior multipart part and the beginning of the application/pdf part. The complete message may have headers and boundaries like MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CAB0D0.AD4BE979 [...] ------_=_NextPart_001_01CAB0D0.AD4BE979 Content-Type: multipart/alternative; boundary="----_=_NextPart_002_01CAB0D0.AD4BE979" ------_=_NextPart_002_01CAB0D0.AD4BE979 Content-Type: text/plain [plain text body] ------_=_NextPart_002_01CAB0D0.AD4BE979 Content-Type: text/html [html body] ------_=_NextPart_002_01CAB0D0.AD4BE979-- ------_=_NextPart_001_01CAB0D0.AD4BE979 Content-Type: application/pdf [pdf attachmemt] ------_=_NextPart_001_01CAB0D0.AD4BE979-- That's what I want to see. The above is a properly formed MIME message with structure multipart/mixed multipart/alternative text/plain text/html application/pdf I want to see the equivalent headers and boundaries from your message. Then we will see if the fault is that the message is defective or there is a MailScanner issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From james at gray.net.au Mon Feb 22 05:58:41 2010 From: james at gray.net.au (James Gray) Date: Mon Feb 22 05:59:04 2010 Subject: MailScanner + Zimbra...done :) In-Reply-To: <26774837.196.1266750670912.JavaMail.root@office.splatnix.net> References: <26774837.196.1266750670912.JavaMail.root@office.splatnix.net> Message-ID: <0C1DF74B-A2DC-4C1E-B873-11B39E158669@gray.net.au> On 21/02/2010, at 10:11 PM, --[ UxBoD ]-- wrote: >> >> Hi Phil, >> >> Basically just used zmprov to turn off all the virus/spam/attachment >> scanning in zimbra. Now amavis doesn't even start :) Next was just >> install MailScanner and Julian's clamav/spamassassin installer as I've >> had problems with the Zimbra-ised versions of these during upgrades of >> Zimbra. > > Personally I would leave AV on within Zimbra; rationale is that if a users machine does become infected then they could spread it via email. I still virus check outbound mail via MailScanner so same result, just different implementation. I just didn't want to run amavis AND MailScanner...seems like a waste of RAM. >> I still use all the zimbra LDAP/Postfix/IMAP/POP3 fru-fru, but I >> haven't found an elegant way yet to pick up the mail users identify as >> ham/spam. All I've done is told them to forward it to ham/spam@.... >> Plug in a quick-and-dirty shell script that uses fetchmail and >> sa-learn, add it to a cron job and voila. Fit for purpose, but damn >> ugly. > > Simplest way is to migrate the SA bayes into a database. You can then create a custom .cf under /opt/zimbra/conf/spamassassin that uses the database. Adopting this approach allows the AS break out from Zimbra into MailScanner while still allowing your users to train Spam/Ham. This all provides a double whammy due to if you introduce additional mailstores and MTA in the future, using Zimbra, they can all share a common bayes. Yep - did that :) Exported the Zimbra bayes/awl then once it was set up in the new SA on SQL, did a simple import. The result: ... dbg: bayes: corpus size: nspam = 4607, nham = 22069 Quiet server for home, so not a massive volume, but it is a test bed for some of the systems I maintain ;) Always nice when I can write off tax on test systems I use myself. Cheers, James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100222/997ca60f/smime.bin From glenn.steen at gmail.com Mon Feb 22 09:04:02 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Feb 22 09:04:10 2010 Subject: MailScanner Dspam In-Reply-To: References: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> Message-ID: <223f97701002220104q621067a6hf98a98feea061654@mail.gmail.com> On 18 February 2010 20:31, Kai Schaetzl wrote: > >> there is a plugin for spamassasin to >> > analize the dspam header and sets a score. > > or he could use what he mentions. ? Yes, that is exactly what my first suggestion is all about;-) > Kai Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From E.Bloodaxe at gold.ac.uk Mon Feb 22 10:09:58 2010 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Mon Feb 22 10:10:38 2010 Subject: Incorectly blocking files. Message-ID: <4B8257F6.2070009@gold.ac.uk> Mail Scanner seems to object to MatLab files. One user got a message: At Fri Feb 19 17:19:06 2010 the virus scanner said: MailScanner: Microsoft Access Shortcuts are dangerous in email (Spec_Power_New.mat) The file is not a Access short cut and file on the machine correctly idetifies this as a data file. This is with MailScanner 4.77.10 Can anyone point me to correcting this. Best Erik From lyndonl at mexcom.co.za Mon Feb 22 10:22:09 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Mon Feb 22 10:22:31 2010 Subject: Incorectly blocking files. In-Reply-To: <4B8257F6.2070009@gold.ac.uk> References: <4B8257F6.2070009@gold.ac.uk> Message-ID: <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> On 22 Feb 2010, at 12:09 PM, Erik Bloodaxe wrote: > Mail Scanner seems to object to MatLab files. One user got a message: > > At Fri Feb 19 17:19:06 2010 the virus scanner said: > MailScanner: Microsoft Access Shortcuts are dangerous in email (Spec_Power_New.mat) > > Can anyone point me to correcting this. > Hi Erik, What you need to do is check out the filename.rules file the line you are looking for is this one, deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email you can change that deny to allow or take the "t" out of the \.ma[dfgmaqrstvw] string, -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za From maillists at conactive.com Mon Feb 22 11:31:19 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 22 11:31:34 2010 Subject: PDF attachment being dropped silently by MailScanner In-Reply-To: <67a55ed51002210946n146afdcep88f087775359420c@mail.gmail.com> References: <67a55ed51002210946n146afdcep88f087775359420c@mail.gmail.com> Message-ID: Dave Jones wrote on Sun, 21 Feb 2010 11:46:24 -0600: > What I have above is all of the MIME information -- at least all that is shown > from Outlook with "View Source". Starting with the [...] is the MIME encoded > attachment. One needs to see all of the MIME nesting information. Remove all content (text) and binary stuff (if there is any) from the source, then what's left are the headers of the message, the headers of the MIME compartments and the MIME dividers. That's, what might help to show if there's something wrong with the message. To determine if that what you got in Outlook is the same that came in it's always helpful to store ham and spam messages for a while and be that just a few days. It's also helpful to use Mailwatch. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Feb 22 11:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 22 11:31:35 2010 Subject: MailScanner Dspam In-Reply-To: <223f97701002220104q621067a6hf98a98feea061654@mail.gmail.com> References: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> <223f97701002220104q621067a6hf98a98feea061654@mail.gmail.com> Message-ID: Glenn Steen wrote on Mon, 22 Feb 2010 10:04:02 +0100: > ? Yes, that is exactly what my first suggestion is all about;-) Deleted that thread already. Anyway, your suggestion sounded like something else. If there's an SA plugin he doesn't have to do anything other than set it up. It's then part of the SA scoring. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From GSilver at rampuptech.com Mon Feb 22 15:59:42 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Mon Feb 22 16:00:08 2010 Subject: backscatter / ndr / smtp auth issues Message-ID: Hey all, Pulling my hair out over this. All of a sudden I am getting what looks like NDRs filling up my mail queue here is an example Reporting-MTA: dns; MY_MAILSCANNER_GATEWAY.net X-Postfix-Queue-ID: D882A4003DC X-Postfix-Sender: rfc822; laiaduye4777@telemar.net.br Arrival-Date: Mon, 22 Feb 2010 09:43:14 -0500 (EST) Final-Recipient: rfc822; UNKNOWN_USER@MY_CLIENTS_DOMAIN.com Original-Recipient: rfc822;UNKNOWN_USER@MY_CLIENTS_DOMAIN.com Action: failed Status: 5.1.1 Remote-MTA: dns; MY_CLIENTS_MAILSERVER.com Diagnostic-Code: smtp; 550 5.1.1 User unknown From MAILER-DAEMON@MY_MAILSCANNER_GATEWAY.net (Mail Delivery System) To laiaduye4777@telemar.net.br Date Mon, 22 Feb 2010 09:43:52 -0500 (EST) Subject Undelivered Mail Returned to Sender This is the mail system at MY_MAILSCANNER_GATEWAY.net. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system < UNKNOWN_USER@MY_CLIENTS_DOMAIN.com >: host MY_CLIENTS_MAILSERVER.com[client.server.ip.address] said: 550 5.1.1 User unknown (in reply to RCPT TO command) My mailscanner is running in a gateway setup for multiple domains on ubuntu 8.04LTS / postfix Mailscanenr version is 4.58.9 (*duck* I know! Im going to migrate everyone to a brand new updated version on centos very shortly.. :-/ ) I have smtp auth enabled in postfix according to documentation found on mailscanner.info... so im not sure why my gateway is even sending bounces ---------------------------------- Gavin Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100222/1574ce1b/attachment.html From Garrod.Alwood at lorodoes.com Mon Feb 22 16:07:07 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Feb 22 16:13:46 2010 Subject: backscatter / ndr / smtp auth issues In-Reply-To: References: Message-ID: You can upgrade to the newest version in ubuntu as well as soon Jules puts the deb packages I sent him. So keep an eye out for that if you like ubuntu. Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Feb 22, 2010, at 11:02 AM, "Gavin Silver" > wrote: Hey all, Pulling my hair out over this. All of a sudden I am getting what looks like NDRs filling up my mail queue here is an example Reporting-MTA: dns; MY_MAILSCANNER_GATEWAY.net X-Postfix-Queue-ID: D882A4003DC X-Postfix-Sender: rfc822; laiaduye4777@telemar.net.br Arrival-Date: Mon, 22 Feb 2010 09:43:14 -0500 (EST) Final-Recipient: rfc822; UNKNOWN_USER@MY_CLIENTS_DOMAIN.com Original-Recipient: rfc822;UNKNOWN_USER@MY_CLIENTS_DOMAIN.com Action: failed Status: 5.1.1 Remote-MTA: dns; MY_CLIENTS_MAILSERVER.com Diagnostic-Code: smtp; 550 5.1.1 User unknown From MAILER-DAEMON@MY_MAILSCANNER_GATEWAY.net (Mail Delivery System) To laiaduye4777@telemar.net.br Date Mon, 22 Feb 2010 09:43:52 -0500 (EST) Subject Undelivered Mail Returned to Sender This is the mail system at MY_MAILSCANNER_GATEWAY.net. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system < UNKNOWN_USER@MY_CLIENTS_DOMAIN.com >: host MY_CLIENTS_MAILSERVER.com[client.server.ip.address] said: 550 5.1.1 User unknown (in reply to RCPT TO command) My mailscanner is running in a gateway setup for multiple domains on ubuntu 8.04LTS / postfix Mailscanenr version is 4.58.9 (*duck* I know! Im going to migrate everyone to a brand new updated version on centos very shortly.. :-/ ) I have smtp auth enabled in postfix according to documentation found on mailscanner.info? so im not sure why my gateway is even sending bounces ---------------------------------- Gavin Silver -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100222/90a1f3a6/attachment.html From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:17:52 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:18:10 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <4B82AE30.10409@ecs.soton.ac.uk> Message-ID: On 16/02/2010 20:41, Mauricio Tavares wrote: > As the subject states, I would like to disable outgoing scan. > Now, from what I saw in mailscanner.conf and was explained in the irc > channel, I should set Scan Messages = my ruleset file and then have > something like > > From: my.domain.com no > FromOrTo: default yes > > in the file. Question I have is would the first line cause emails > pretending to be coming from my domain not to be scanned? If so, how > would I make sure only the emails that truly originate from my domain > not be scanned? > Very simple. Instead of putting "my.domain.com" in there, tell it to use the names of the machines instead. You can do this with a rule like this in modern versions of MailScanner: From: host:my.domain.com no FromOrTo: default yes Then any mail coming from computers who have a hostname in the "my.domain.com" domain will not be scanned, but all other mail will be scanned. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:19:02 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:19:15 2010 Subject: CustomConfig.pm In-Reply-To: References: <4B82AE76.6060100@ecs.soton.ac.uk> Message-ID: Put your Custom Functions into their own .pm file in /usr/local/lib/MailScanner/MailScanner/CustomFunctions and then they will always be left alone. All .pm files in that directory will be read for Custom Functions. On 17/02/2010 09:37, Richard Mealing wrote: > > Hi Jules, > > I am running freebsd and when I update MailScanner, this file gets > over written - /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm > > It?s not a big pain, but I am using black / white listing by domain > and it?s a change that needs to be made every time I upgrade. > > I?m not sure if this can be omitted from an upgrade? I thought I would > just let you know. > > Many thanks, > > Rich > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:21:02 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:21:45 2010 Subject: Slightly OT : Email Branding In-Reply-To: References: <4B82AEEE.1070504@ecs.soton.ac.uk> Message-ID: You can't do this at the moment, only append all the images and everything at the bottom. It's such a terrible idea that I never implemented it! :) Jules. On 17/02/2010 12:44, David Jacobson wrote: > > Hi Gents, > > MailScanner can append a signature to the end of all mails (text or > html) this is great. > > A lot of our users are requesting header image insertion... > > Now without being told by 50 people how bad email branding is, I'm on > your side - I think it's bad, however we need to do it for certain people. > > So with the rants aside... > > Does anyone know how we could achieve this with MailScanner+Exim ? > > We've tried AlterMIME it's great for disclaimers (like MS can add) but > doesn't offer footer insertion. > > Any advise appreciated. > > > > > > *David Jacobson* > Technical Director > Tel: 011 262 3632 > Fax: 086 637 8868 > Cell: 083 235 0760 > Email: davidj@synaq.com > Web: www.synaq.com > > Sandhaven Office Park, Pongola Crescent > Eastgate Ext 17 Sandton > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:22:31 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:22:46 2010 Subject: Yet another "disable outgoing scan" question In-Reply-To: <4B7BB5FB020000FC00002171@gwmail.medicine.wisc.edu> References: <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com> <4B7BB5FB020000FC00002171@gwmail.medicine.wisc.edu> <4B82AF47.9040902@ecs.soton.ac.uk> Message-ID: You can now use "host:my.domain.name.here.com" and other such fun things in your ruleset lines, so you don't have to specify raw numeric IP addresses any more. Take a look at the docs in /etc/MailScanner/rules/README some time :-) Jules. On 17/02/2010 15:25, Michael Masse wrote: > Assuming your Mailscanner is outside of your internal smart host, just use the ip(s) of the smart host instead of the domain name. This won't stop spam from coming within your organization, but you should have other tools available to watch for that. > > >>>> On 2/16/2010 at 2:41 PM, in message >>>> > <2c6cf52a1002161241o445cbf14we8bb4df71477a626@mail.gmail.com>, Mauricio Tavares > wrote: > >> As the subject states, I would like to disable outgoing scan. >> Now, from what I saw in mailscanner.conf and was explained in the irc >> channel, I should set Scan Messages = my ruleset file and then have >> something like >> >> From: my.domain.com no >> FromOrTo: default yes >> >> in the file. Question I have is would the first line cause emails >> pretending to be coming from my domain not to be scanned? If so, how >> would I make sure only the emails that truly originate from my domain >> not be scanned? >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:23:54 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:24:06 2010 Subject: Notify recipient In-Reply-To: <4B7C1112.9050602@hostalia.com> References: <4B7C1112.9050602@hostalia.com> <4B82AF9A.4020705@ecs.soton.ac.uk> Message-ID: It will not alert recipients for "Silent Viruses". However, there are a few other things that can be considered "Silent Viruses" and so on. Read the docs in MailScanner.conf above the settings for "Silent Viruses" and "Non-Forging Viruses". Oh, and "Still Deliver Silent Viruses" too. On 17/02/2010 15:53, Alvaro Mar?n wrote: > Hi, > > is there any option in MailScanner to use these settings: > > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > > for recipients? > I want to notify my users if some mail addressed to them has been > rejected due to a virus or dangerous extension was found. > > Thank you! > > Regards, > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:25:12 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:25:29 2010 Subject: sig - per domain In-Reply-To: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> <4B82AFE8.7030805@ecs.soton.ac.uk> Message-ID: Read up on "rulesets". You can set the signature files differently for different domains just in the same way that you can switch features on/off for different domains and the like. See all the docs in /etc/MailScanner/rules. Jules. On 18/02/2010 11:15, Simon Jones wrote: > hello folks, > > has anyone configured mailscanner to send out different sigs > (/etc/MailScanner/reports/en) for different domain names handled by > the system? i.e. could I use sig-1 for domain.com and use a different > sig for anotherdomain.com? or even switch the sigs off for particular > domains that don't need it. > > tks! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:27:03 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:28:11 2010 Subject: different signature image In-Reply-To: References: <4B82B057.1080907@ecs.soton.ac.uk> Message-ID: Yes, you can do that. I missed it out of the documentation, but that setting *does* take a ruleset. Jules. On 18/02/2010 16:09, Miguel Angel Nieto wrote: > Hi, > > Its possible to use a ruleset in "Signature Image Filename"? I would > like to have different Image files for different domains. > > Thank you :) > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Feb 22 16:28:54 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Feb 22 16:29:12 2010 Subject: PDF attachment being dropped silently by MailScanner In-Reply-To: <73461DFCD2207F44A16F136A46195545473421@exchange2.sbschools.net> References: <67a55ed51002181336u4d15c080k7e0add3d954d01a0@mail.gmail.com> <73461DFCD2207F44A16F136A46195545473421@exchange2.sbschools.net> <4B82B0C6.60106@ecs.soton.ac.uk> Message-ID: On 19/02/2010 13:16, dcurtis@sbschools.net wrote: > MailScanner is probably seeing it as a file with many extensions? Ever > period will show as an extension. > No, that's not true. Read the regexp in filename.rules.conf, it's cleverer than that. If you send me a copy of the entire message's raw queue files off-list, I'll take a look for you. Jules. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Jones > Sent: Thursday, February 18, 2010 4:36 PM > To: mailscanner > Subject: PDF attachment being dropped silently by MailScanner > > I am running MailScanner version 4.78.17 and have an issue when an > HTML email comes in with a PDF attached. Below is the end of the body > when the email is not sent through MailScanner. MailScanner is > dropping off everything past the "



" line below. > > >



> ------_=_NextPart_002_01CAB0D0.AD4BE979-- > > ------_=_NextPart_001_01CAB0D0.AD4BE979 > Content-Type: application/pdf; > name="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" > Content-Transfer-Encoding: base64 > Content-Description: Tech U.S.A. Intl Trvlrs Trvlng Today.pdf > Content-Disposition: attachment; > filename="Tech U.S.A. Intl Trvlrs Trvlng Today.pdf" > Content-Location: > 1_multipart%3F2_Tech%20U.S.A.%20Intl%20Trvlrs%20Trvlng%20Today.pdf > > [clipped MIME encoding] > > -- > Dave Jones > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Feb 22 16:54:31 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Feb 22 16:54:42 2010 Subject: backscatter / ndr / smtp auth issues In-Reply-To: References: Message-ID: Gavin Silver wrote on Mon, 22 Feb 2010 10:59:42 -0500: > < UNKNOWN_USER@MY_CLIENTS_DOMAIN.com >: host MY_CLIENTS_MAILSERVER.com[client.server.ip.address] > said: 550 5.1.1 User > unknown (in reply to RCPT TO command) that system is probably not your mailscanner server and thus rejects the non-deliverable mail to your mailscanner server. Not? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From GSilver at rampuptech.com Mon Feb 22 18:41:27 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Mon Feb 22 18:41:42 2010 Subject: backscatter / ndr / smtp auth issues In-Reply-To: References: Message-ID: That server is not my mailscanner but shouldn't mailscanner not accept the message in the first place to relay onto my clients domain if the user doesn't exist (smtp auth) ---------------------------------- Gavin Silver -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Monday, February 22, 2010 11:55 AM To: mailscanner@lists.mailscanner.info Subject: Re: backscatter / ndr / smtp auth issues Gavin Silver wrote on Mon, 22 Feb 2010 10:59:42 -0500: > < UNKNOWN_USER@MY_CLIENTS_DOMAIN.com >: host MY_CLIENTS_MAILSERVER.com[client.server.ip.address] > said: 550 5.1.1 User > unknown (in reply to RCPT TO command) that system is probably not your mailscanner server and thus rejects the non-deliverable mail to your mailscanner server. Not? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- From rcooper at dwford.com Mon Feb 22 20:24:57 2010 From: rcooper at dwford.com (Rick Cooper) Date: Mon Feb 22 20:25:17 2010 Subject: backscatter / ndr / smtp auth issues In-Reply-To: References: Message-ID: <4C40077DC9014AD184FAD83CBAF46E51@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gavin Silver Sent: Monday, February 22, 2010 1:41 PM To: MailScanner discussion Subject: RE: backscatter / ndr / smtp auth issues > That server is not my mailscanner but shouldn't mailscanner not accept > the message in the first place to relay onto my clients domain if the > user doesn't exist (smtp auth) > > Mailscanner doesn't validate users, your MTA does/should. I have had this type of bounce when I deleted a user from the mail system but missed them on a forward. A copy of each sales person's mail is forwarded to a manager and the manager was removed from the user base but not the .forward files. The mail is delivered for the envelope recipient but the manager address in the .forward file results in an internal (from my MTA to my MTA) bounce when the forward is attempted. > > > ---------------------------------- > Gavin Silver > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai > Schaetzl > Sent: Monday, February 22, 2010 11:55 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: backscatter / ndr / smtp auth issues > > Gavin Silver wrote on Mon, 22 Feb 2010 10:59:42 -0500: > >> < UNKNOWN_USER@MY_CLIENTS_DOMAIN.com >: host >> MY_CLIENTS_MAILSERVER.com[client.server.ip.address] said: 550 5.1.1 >> User unknown (in reply to RCPT TO command) > > that system is probably not your mailscanner server and thus rejects the > non-deliverable mail to your mailscanner server. Not? > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From E.Bloodaxe at gold.ac.uk Tue Feb 23 09:49:48 2010 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Tue Feb 23 09:50:31 2010 Subject: Incorectly blocking files. In-Reply-To: <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> References: <4B8257F6.2070009@gold.ac.uk> <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> Message-ID: <4B83A4BC.3070706@gold.ac.uk> Lyndon Labuschagne wrote: > On 22 Feb 2010, at 12:09 PM, Erik Bloodaxe wrote: > > >> Mail Scanner seems to object to MatLab files. One user got a message: >> >> At Fri Feb 19 17:19:06 2010 the virus scanner said: >> MailScanner: Microsoft Access Shortcuts are dangerous in email (Spec_Power_New.mat) >> >> Can anyone point me to correcting this. >> >> > Hi Erik, What you need to do is check out the filename.rules file > the line you are looking for is this one, > deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email > > you can change that deny to allow or take the "t" out of the \.ma[dfgmaqrstvw] string, > > > Thanks for this. I have edited the above line to say: deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email #deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email but the .mat attachemnts are still being blocked. How can I put mail scanner in a debug mode so that I can see it consider each rule in turn? best Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100223/faa1e277/attachment.html From MailScanner at ecs.soton.ac.uk Tue Feb 23 10:19:46 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 23 10:19:58 2010 Subject: Incorectly blocking files. In-Reply-To: <4B83A4BC.3070706@gold.ac.uk> References: <4B8257F6.2070009@gold.ac.uk> <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> <4B83A4BC.3070706@gold.ac.uk> <4B83ABC2.6070206@ecs.soton.ac.uk> Message-ID: On 23/02/2010 09:49, Erik Bloodaxe wrote: > Lyndon Labuschagne wrote: >> On 22 Feb 2010, at 12:09 PM, Erik Bloodaxe wrote: >> >> >>> Mail Scanner seems to object to MatLab files. One user got a message: >>> >>> At Fri Feb 19 17:19:06 2010 the virus scanner said: >>> MailScanner: Microsoft Access Shortcuts are dangerous in email (Spec_Power_New.mat) >>> >>> Can anyone point me to correcting this. >>> >>> >> Hi Erik, What you need to do is check out the filename.rules file >> the line you are looking for is this one, >> deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut attack Microsoft Access Shortcuts are dangerous in email >> >> you can change that deny to allow or take the "t" out of the \.ma[dfgmaqrstvw] string, >> >> >> > Thanks for this. I have edited the above line to say: > > deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut > attack Microsoft Access Shortcuts are dangerous in email > #deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut > attack Microsoft Access Shortcuts are dangerous in email > > but the .mat attachemnts are still being blocked. You did tell MailScanner to re-read its configuration, didn't you? "service MailScanner reload" will do the job on a RedHat or Centos box. > > How can I put mail scanner in a debug mode so that I can see it > consider each rule in turn? > > best > > Rob > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard at fastnet.co.uk Tue Feb 23 10:56:34 2010 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue Feb 23 10:55:27 2010 Subject: CustomConfig.pm In-Reply-To: References: <4B82AE76.6060100@ecs.soton.ac.uk> Message-ID: Hi Jules, >Put your Custom Functions into their own .pm file in >/usr/local/lib/MailScanner/MailScanner/CustomFunctions and then they >will always be left alone. All .pm files in that directory will be read >for Custom Functions. > >On 17/02/2010 09:37, Richard Mealing wrote: >> >> Hi Jules, >> >> I am running freebsd and when I update MailScanner, this file gets >> over written - /usr/local/lib/MailScanner/MailScanner/CustomConfig.pm >> >> It's not a big pain, but I am using black / white listing by domain >> and it's a change that needs to be made every time I upgrade. >> >> I'm not sure if this can be omitted from an upgrade? I thought I would >> just let you know. >> >> Many thanks, >> >> Rich >> >Jules > >-- >Julian Field MEng CITP CEng >www.MailScanner.info >Buy the MailScanner book at www.MailScanner.info/store > >Need help customising MailScanner? >Contact me! >Need help fixing or optimising your systems? >Contact me! >Need help getting you started solving new requirements from your boss? >Contact me! > >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >Follow me at twitter.com/JulesFM and twitter.com/MailScanner This is great. Thanks very much for your help, once again. It didn't work when I copied just the - my $WhitelistDir = 'whatever your dir' line. But when I copied the whole rule it works fine and over writes what ever is in the CustomConfig.pm file. Thanks.! Rich -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From paul.hutchings at mira.co.uk Tue Feb 23 13:24:21 2010 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue Feb 23 13:24:35 2010 Subject: AVG 8.5 support? Message-ID: It's been ages since I've delved too deep into our MailScanner config other than keeping the version up to date as it "just works". Does it work with AVG 8.5 using (presumably) avgscan please? Our license key has been upgraded as they've dropped support for v7, but I don't want to install it if it won't work with MailScanner. Thanks, Paul -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From doctor at doctor.nl2k.ab.ca Tue Feb 23 13:46:01 2010 From: doctor at doctor.nl2k.ab.ca (The Doctor) Date: Tue Feb 23 13:46:12 2010 Subject: AVG 8.5 support? In-Reply-To: References: Message-ID: <20100223134601.GA23632@doctor.nl2k.ab.ca> On Tue, Feb 23, 2010 at 01:24:21PM -0000, Paul Hutchings wrote: > It's been ages since I've delved too deep into our MailScanner config > other than keeping the version up to date as it "just works". > > Does it work with AVG 8.5 using (presumably) avgscan please? > > Our license key has been upgraded as they've dropped support for v7, but > I don't want to install it if it won't work with MailScanner. > > Thanks, > Paul > AFAIK 8.5 is dead and 9.0 is out. > -- > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee USenet NEwsgroups is the ULTIMATE form of blogging and social networking! From MailScanner at ecs.soton.ac.uk Tue Feb 23 13:52:30 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Feb 23 13:52:44 2010 Subject: AVG 8.5 support? In-Reply-To: References: <4B83DD9E.1090002@ecs.soton.ac.uk> Message-ID: Certainly the latest beta 4.80.1 does work with avgscan 8. On 23/02/2010 13:24, Paul Hutchings wrote: > It's been ages since I've delved too deep into our MailScanner config > other than keeping the version up to date as it "just works". > > Does it work with AVG 8.5 using (presumably) avgscan please? > > Our license key has been upgraded as they've dropped support for v7, but > I don't want to install it if it won't work with MailScanner. > > Thanks, > Paul > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Tue Feb 23 14:05:40 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Feb 23 14:13:31 2010 Subject: AVG 8.5 support? In-Reply-To: <20100223134601.GA23632@doctor.nl2k.ab.ca> References: <20100223134601.GA23632@doctor.nl2k.ab.ca> Message-ID: Is that in the list's relative present or future? Can you give us the output of avg 10 or 11 so Jules can prepare in advance? ** DISCLAIMER ** the previous comment was a joke about "The Doctor"... ;-) as I'm sure there are many Doctor Who fans on the list... On Feb 23, 2010, at 8:46 AM, The Doctor wrote: > AFAIK 8.5 is dead and 9.0 is out. From glenn.steen at gmail.com Tue Feb 23 16:17:09 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Feb 23 16:17:17 2010 Subject: MailScanner Dspam In-Reply-To: References: <223f97701002180730m2a9d4196qa31184bd4b051e5f@mail.gmail.com> <223f97701002220104q621067a6hf98a98feea061654@mail.gmail.com> Message-ID: <223f97701002230817i668f6f02p9fdbbcec57b8fc76@mail.gmail.com> On 22 February 2010 12:31, Kai Schaetzl wrote: > Glenn Steen wrote on Mon, 22 Feb 2010 10:04:02 +0100: > >> ? Yes, that is exactly what my first suggestion is all about;-) > > Deleted that thread already. Anyway, your suggestion sounded like > something else. If there's an SA plugin he doesn't have to do anything > other than set it up. It's then part of the SA scoring. > > Kai > Yes, but... his DSPAM setup happens _after_ MailScanner (and hence after SA). That's why he'll need be a bit ... creative;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From E.Bloodaxe at gold.ac.uk Wed Feb 24 12:56:15 2010 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Wed Feb 24 12:57:03 2010 Subject: Incorectly blocking files. In-Reply-To: References: <4B8257F6.2070009@gold.ac.uk> <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> <4B83A4BC.3070706@gold.ac.uk> <4B83ABC2.6070206@ecs.soton.ac.uk> Message-ID: <4B8521EF.3060004@gold.ac.uk> Julian Field wrote: > > > On 23/02/2010 09:49, Erik Bloodaxe wrote: >> Lyndon Labuschagne wrote: >>> On 22 Feb 2010, at 12:09 PM, Erik Bloodaxe wrote: >>> >>> >>>> Mail Scanner seems to object to MatLab files. One user got a message: >>>> >>>> At Fri Feb 19 17:19:06 2010 the virus scanner said: >>>> MailScanner: Microsoft Access Shortcuts are dangerous in email >>>> (Spec_Power_New.mat) >>>> >>>> Can anyone point me to correcting this. >>>> >>>> >>> Hi Erik, What you need to do is check out the filename.rules file >>> the line you are looking for is this one, >>> deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut >>> attack Microsoft Access Shortcuts are >>> dangerous in email >>> >>> you can change that deny to allow or take the "t" out of the >>> \.ma[dfgmaqrstvw] string, >>> >>> >>> >> Thanks for this. I have edited the above line to say: >> >> deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut >> attack Microsoft Access Shortcuts are dangerous in email >> #deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut >> attack Microsoft Access Shortcuts are dangerous in email >> >> but the .mat attachemnts are still being blocked. > You did tell MailScanner to re-read its configuration, didn't you? > "service MailScanner reload" will do the job on a RedHat or Centos box. >> >> How can I put mail scanner in a debug mode so that I can see it >> consider each rule in turn? >> >> best >> >> Rob >> > > Jules > It appears that this file is being stopped for other reasons I do not understand. The system now allows through a plain text file with extension .mat but a .mat file in a zip archive is withheld: This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "Data.zip" is on the list of unacceptable attachments for this site and has been replaced by this warning message. At Wed Feb 24 12:52:08 2010 the virus scanner said: MailScanner: Microsoft Access Shortcuts are dangerous in email (Spec_Power_New.mat) the virus scanner is sophos and it has no problems with the file when I run savscan on it. Can anyone assist? rob From MailScanner at ecs.soton.ac.uk Wed Feb 24 14:58:35 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 24 14:58:51 2010 Subject: Incorectly blocking files. In-Reply-To: <4B8521EF.3060004@gold.ac.uk> References: <4B8257F6.2070009@gold.ac.uk> <545EE423-1105-4AE1-8A41-77B94F719957@mexcom.co.za> <4B83A4BC.3070706@gold.ac.uk> <4B83ABC2.6070206@ecs.soton.ac.uk> <4B8521EF.3060004@gold.ac.uk> <4B853E9B.7050202@ecs.soton.ac.uk> Message-ID: If you read MailScanner.conf, you will discover it now has different rules for files within an archive from rules not within an archive. See the option Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf so you need to remove the "t" from archive.filename.rules.conf. I added this feature as a result of numerous requests. Cheers, Jules. On 24/02/2010 12:56, Erik Bloodaxe wrote: > Julian Field wrote: >> >> >> On 23/02/2010 09:49, Erik Bloodaxe wrote: >>> Lyndon Labuschagne wrote: >>>> On 22 Feb 2010, at 12:09 PM, Erik Bloodaxe wrote: >>>> >>>>> Mail Scanner seems to object to MatLab files. One user got a >>>>> message: >>>>> >>>>> At Fri Feb 19 17:19:06 2010 the virus scanner said: >>>>> MailScanner: Microsoft Access Shortcuts are dangerous in email >>>>> (Spec_Power_New.mat) >>>>> >>>>> Can anyone point me to correcting this. >>>>> >>>> Hi Erik, What you need to do is check out the filename.rules file >>>> the line you are looking for is this one, >>>> deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut >>>> attack Microsoft Access Shortcuts are >>>> dangerous in email >>>> >>>> you can change that deny to allow or take the "t" out of the >>>> \.ma[dfgmaqrstvw] string, >>>> >>>> >>> Thanks for this. I have edited the above line to say: >>> >>> deny \.ma[dfgmqrsvw]$ Possible Microsoft Access Shortcut >>> attack Microsoft Access Shortcuts are dangerous in email >>> #deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut >>> attack Microsoft Access Shortcuts are dangerous in email >>> >>> but the .mat attachemnts are still being blocked. >> You did tell MailScanner to re-read its configuration, didn't you? >> "service MailScanner reload" will do the job on a RedHat or Centos box. >>> >>> How can I put mail scanner in a debug mode so that I can see it >>> consider each rule in turn? >>> >>> best >>> >>> Rob >>> >> >> Jules >> > It appears that this file is being stopped for other reasons I do not > understand. The system now allows through a plain text file with > extension .mat but a .mat file in a zip archive is withheld: > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "Data.zip" > is on the list of unacceptable attachments for this site and has been > replaced by this warning message. > > At Wed Feb 24 12:52:08 2010 the virus scanner said: > > MailScanner: Microsoft Access Shortcuts are dangerous in email > (Spec_Power_New.mat) > > > the virus scanner is sophos and it has no problems with the file when > I run savscan on it. > > Can anyone assist? > > rob > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Wed Feb 24 15:23:19 2010 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Wed Feb 24 15:23:31 2010 Subject: AVG 8.5 support? In-Reply-To: References: <4B83DD9E.1090002@ecs.soton.ac.uk> Message-ID: Thanks Julian, are you suggesting that it won't work with 8.5 (which I believe is the latest AVG for Linux), or that it "should" please? Thanks, Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 23 February 2010 13:53 To: MailScanner discussion Subject: Re: AVG 8.5 support? Certainly the latest beta 4.80.1 does work with avgscan 8. On 23/02/2010 13:24, Paul Hutchings wrote: > It's been ages since I've delved too deep into our MailScanner config > other than keeping the version up to date as it "just works". > > Does it work with AVG 8.5 using (presumably) avgscan please? > > Our license key has been upgraded as they've dropped support for v7, but > I don't want to install it if it won't work with MailScanner. > > Thanks, > Paul > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Wed Feb 24 21:19:34 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Feb 24 21:19:51 2010 Subject: AVG 8.5 support? In-Reply-To: References: <4B83DD9E.1090002@ecs.soton.ac.uk> <4B8597E6.2080507@ecs.soton.ac.uk> Message-ID: It should, yes. Of course, if you have any problems with it, get back to me. On 24/02/2010 15:23, Paul Hutchings wrote: > Thanks Julian, are you suggesting that it won't work with 8.5 (which I > believe is the latest AVG for Linux), or that it "should" please? > > Thanks, > Paul > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: 23 February 2010 13:53 > To: MailScanner discussion > Subject: Re: AVG 8.5 support? > > Certainly the latest beta 4.80.1 does work with avgscan 8. > > On 23/02/2010 13:24, Paul Hutchings wrote: > >> It's been ages since I've delved too deep into our MailScanner config >> other than keeping the version up to date as it "just works". >> >> Does it work with AVG 8.5 using (presumably) avgscan please? >> >> Our license key has been upgraded as they've dropped support for v7, >> > but > >> I don't want to install it if it won't work with MailScanner. >> >> Thanks, >> Paul >> >> >> > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From p.hertel at mazowieckie.com.pl Wed Feb 24 22:44:36 2010 From: p.hertel at mazowieckie.com.pl (Pawel Hertel) Date: Wed Feb 24 22:45:04 2010 Subject: sig - per domain References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com><4B82AFE8.7030805@ecs.soton.ac.uk> Message-ID: <5B85FB29098A47A0BD169876BAD12881@a2h001> Hello, Is there any way to put image into signature, not an url to image ? Best regards, Pawel. ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Monday, February 22, 2010 5:25 PM Subject: Re: sig - per domain > Read up on "rulesets". You can set the signature files differently for > different domains just in the same way that you can switch features > on/off for different domains and the like. > See all the docs in /etc/MailScanner/rules. > > Jules. > > On 18/02/2010 11:15, Simon Jones wrote: >> hello folks, >> >> has anyone configured mailscanner to send out different sigs >> (/etc/MailScanner/reports/en) for different domain names handled by >> the system? i.e. could I use sig-1 for domain.com and use a different >> sig for anotherdomain.com? or even switch the sigs off for particular >> domains that don't need it. >> >> tks! >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > "Koleje Mazowieckie - KM" sp. z o.o. 03-802 Warszawa ul. Lubelska 1 Numer KRS: 0000222735, Sad Rejonowy dla m.st. Warszawy, XIII Wydzial Gospodarczy Krajowego Rejestru Sadowego. Kapital zakladowy: 297 379 000,00 zl. NIP: 1132520369, REGON: 015876404. Czy musisz drukowac te wiadomosc ? Pomysl o srodowisku? ______________________ Wiadomosc jest przeznaczona tylko dla jej adrasata/adresatow. Dostep do tej wiadomosci osob trzecich jest zabroniony. Jezeli nie jest Pan/i adresatem tej wiadomosci prosimy o poinformowanie nadawcy bez otwierania zalacznikow. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. From paul at tartan.co.za Thu Feb 25 07:18:58 2010 From: paul at tartan.co.za (Paul Malherbe) Date: Thu Feb 25 07:19:11 2010 Subject: update_bad_phishing_emails In-Reply-To: <4B60600F.3000707@tradoc.fr> References: <4B60451F.90200@tradoc.fr> <4B605CBD.30903@ecs.soton.ac.uk> <4B60600F.3000707@tradoc.fr> Message-ID: <4B862462.5010703@tartan.co.za> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100225/64ad5091/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: graphics1 Type: image/jpeg Size: 1329 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100225/64ad5091/graphics1.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: graphics2 Type: image/jpeg Size: 1511 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100225/64ad5091/graphics2.jpe From john at tradoc.fr Thu Feb 25 07:53:25 2010 From: john at tradoc.fr (John Wilcock) Date: Thu Feb 25 07:53:40 2010 Subject: update_bad_phishing_emails In-Reply-To: <4B862462.5010703@tartan.co.za> References: <4B60451F.90200@tradoc.fr> <4B605CBD.30903@ecs.soton.ac.uk> <4B60600F.3000707@tradoc.fr> <4B862462.5010703@tartan.co.za> Message-ID: <4B862C75.4040505@tradoc.fr> Le 25/02/2010 08:18, Paul Malherbe a ?crit : > I was wondering if you had completed your gebtoo ebuild and if so how I > can get a copy :-) I really ought to get round to submitting something back to the official tree, but in the meantime I've put a copy at http://www.tradoc.fr/gentoo/MailScanner-ebuild.tgz (along with the inelegant but functional conf.d and init.d files taken from the very old ebuild in the gentoo tree). Treat it as a work in progress, in that only the options I actually use are properly tested :-) All comments welcome... FWIW there's also a spamassassin 3.3 ebuild available from https://bugs.gentoo.org/show_bug.cgi?id=301119 John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From paul at tartan.co.za Thu Feb 25 08:03:01 2010 From: paul at tartan.co.za (Paul Malherbe) Date: Thu Feb 25 08:03:15 2010 Subject: update_bad_phishing_emails In-Reply-To: <4B862C75.4040505@tradoc.fr> References: <4B60451F.90200@tradoc.fr> <4B605CBD.30903@ecs.soton.ac.uk> <4B60600F.3000707@tradoc.fr> <4B862462.5010703@tartan.co.za> <4B862C75.4040505@tradoc.fr> Message-ID: <4B862EB5.1020109@tartan.co.za> John Wilcock wrote: > Le 25/02/2010 08:18, Paul Malherbe a ?crit : >> I was wondering if you had completed your gebtoo ebuild and if so how I >> can get a copy :-) > > I really ought to get round to submitting something back to the > official tree, but in the meantime I've put a copy at > http://www.tradoc.fr/gentoo/MailScanner-ebuild.tgz (along with the > inelegant but functional conf.d and init.d files taken from the very > old ebuild in the gentoo tree). Treat it as a work in progress, in > that only the options I actually use are properly tested :-) All > comments welcome... > > FWIW there's also a spamassassin 3.3 ebuild available from > https://bugs.gentoo.org/show_bug.cgi?id=301119 > > John. > Thanks, will give any feedback if any. Paul -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 25 08:49:10 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 25 08:49:24 2010 Subject: sig - per domain In-Reply-To: <5B85FB29098A47A0BD169876BAD12881@a2h001> References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com><4B82AFE8.7030805@ecs.soton.ac.uk> <5B85FB29098A47A0BD169876BAD12881@a2h001> <4B863986.9060704@ecs.soton.ac.uk> Message-ID: # When using an image in the signature, there are 2 filenames which need # to be set. The first is the location in this server's filesystem of the # image file itself. The second is the name of the image as it is stored in # the attachment. The HTML version of the signature will refer to this # second name in the HTML tag. # Note: the filename extension will be used as the MIME subtype, so a GIF # image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case) # See "Attach Image To Signature" for notes on how to use this. Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg On 24/02/2010 22:44, Pawel Hertel wrote: > Hello, > > Is there any way to put image into signature, not an url to image ? > > > Best regards, > Pawel. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 22, 2010 5:25 PM > Subject: Re: sig - per domain > > >> Read up on "rulesets". You can set the signature files differently >> for different domains just in the same way that you can switch >> features on/off for different domains and the like. >> See all the docs in /etc/MailScanner/rules. >> >> Jules. >> >> On 18/02/2010 11:15, Simon Jones wrote: >>> hello folks, >>> >>> has anyone configured mailscanner to send out different sigs >>> (/etc/MailScanner/reports/en) for different domain names handled by >>> the system? i.e. could I use sig-1 for domain.com and use a different >>> sig for anotherdomain.com? or even switch the sigs off for particular >>> domains that don't need it. >>> >>> tks! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > > "Koleje Mazowieckie - KM" sp. z o.o. > 03-802 Warszawa > ul. Lubelska 1 > > Numer KRS: 0000222735, Sad Rejonowy dla m.st. Warszawy, > XIII Wydzial Gospodarczy Krajowego Rejestru Sadowego. > Kapital zakladowy: 297 379 000,00 zl. > NIP: 1132520369, REGON: 015876404. > > Czy musisz drukowac te wiadomosc ? Pomysl o srodowisku? > > > ______________________ > > Wiadomosc jest przeznaczona tylko dla jej adrasata/adresatow. > Dostep do tej wiadomosci osob trzecich jest zabroniony. > Jezeli nie jest Pan/i adresatem tej wiadomosci prosimy o > poinformowanie nadawcy bez otwierania zalacznikow. > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. This message contains confidential information and > is intended only for the individual named. If you are not the named > addressee you should not disseminate, distribute or copy this e-mail. > Please notify the sender immediately by e-mail if you have received > this e-mail by mistake and delete this e-mail from your system. If you > are not the intended recipient you are notified that disclosing, > copying, distributing or taking any action in reliance on the contents > of this information is strictly prohibited. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Feb 25 09:02:05 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Feb 25 09:02:26 2010 Subject: sig - per domain In-Reply-To: <5B85FB29098A47A0BD169876BAD12881@a2h001> References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com><4B82AFE8.7030805@ecs.soton.ac.uk> <5B85FB29098A47A0BD169876BAD12881@a2h001> <4B863C8D.4090004@ecs.soton.ac.uk> Message-ID: Easy, read this bit in the MailScanner.conf file: # When using an image in the signature, there are 2 filenames which need # to be set. The first is the location in this server's filesystem of the # image file itself. The second is the name of the image as it is stored in # the attachment. The HTML version of the signature will refer to this # second name in the HTML tag. # Note: the filename extension will be used as the MIME subtype, so a GIF # image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case) # See "Attach Image To Signature" for notes on how to use this. Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg This image will be embedded into the message. On 24/02/2010 22:44, Pawel Hertel wrote: > Hello, > > Is there any way to put image into signature, not an url to image ? > > > Best regards, > Pawel. > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Monday, February 22, 2010 5:25 PM > Subject: Re: sig - per domain > > >> Read up on "rulesets". You can set the signature files differently >> for different domains just in the same way that you can switch >> features on/off for different domains and the like. >> See all the docs in /etc/MailScanner/rules. >> >> Jules. >> >> On 18/02/2010 11:15, Simon Jones wrote: >>> hello folks, >>> >>> has anyone configured mailscanner to send out different sigs >>> (/etc/MailScanner/reports/en) for different domain names handled by >>> the system? i.e. could I use sig-1 for domain.com and use a different >>> sig for anotherdomain.com? or even switch the sigs off for particular >>> domains that don't need it. >>> >>> tks! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > > "Koleje Mazowieckie - KM" sp. z o.o. > 03-802 Warszawa > ul. Lubelska 1 > > Numer KRS: 0000222735, Sad Rejonowy dla m.st. Warszawy, > XIII Wydzial Gospodarczy Krajowego Rejestru Sadowego. > Kapital zakladowy: 297 379 000,00 zl. > NIP: 1132520369, REGON: 015876404. > > Czy musisz drukowac te wiadomosc ? Pomysl o srodowisku? > > > ______________________ > > Wiadomosc jest przeznaczona tylko dla jej adrasata/adresatow. > Dostep do tej wiadomosci osob trzecich jest zabroniony. > Jezeli nie jest Pan/i adresatem tej wiadomosci prosimy o > poinformowanie nadawcy bez otwierania zalacznikow. > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. This message contains confidential information and > is intended only for the individual named. If you are not the named > addressee you should not disseminate, distribute or copy this e-mail. > Please notify the sender immediately by e-mail if you have received > this e-mail by mistake and delete this e-mail from your system. If you > are not the intended recipient you are notified that disclosing, > copying, distributing or taking any action in reliance on the contents > of this information is strictly prohibited. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandrews at andrewscompanies.com Fri Feb 26 14:42:53 2010 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Feb 26 14:43:06 2010 Subject: scan for spam after filetype violation Message-ID: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> I'm getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we're getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren't done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/312b05ec/attachment.html From Garrod.Alwood at lorodoes.com Fri Feb 26 14:47:39 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Fri Feb 26 14:53:50 2010 Subject: scan for spam after filetype violation In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> Message-ID: turn off notifications. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 9:42 AM To: MailScanner discussion Subject: scan for spam after filetype violation I?m getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we?re getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren?t done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/820e56bb/attachment.html From sandrews at andrewscompanies.com Fri Feb 26 15:42:34 2010 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Feb 26 15:42:44 2010 Subject: scan for spam after filetype violation In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> Unfortunately, we need the notifications because of the legit emails that come in (user names file with 14 periods, etc). From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 9:48 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation turn off notifications. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 9:42 AM To: MailScanner discussion Subject: scan for spam after filetype violation I'm getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we're getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren't done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/c112aba7/attachment.html From Garrod.Alwood at lorodoes.com Fri Feb 26 15:40:15 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Fri Feb 26 15:46:58 2010 Subject: scan for spam after filetype violation In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> , <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> Message-ID: Mailscanner is smarter than that to know the difference. Also you shouldn't be accepting .exe's anyway. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 10:42 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation Unfortunately, we need the notifications because of the legit emails that come in (user names file with 14 periods, etc). From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 9:48 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation turn off notifications. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 9:42 AM To: MailScanner discussion Subject: scan for spam after filetype violation I?m getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we?re getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren?t done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/9d14e1c5/attachment.html From alex at rtpty.com Fri Feb 26 15:47:36 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Feb 26 15:47:49 2010 Subject: scan for spam after filetype violation In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> Message-ID: <87B13570-C881-4D9C-9DED-BE84478D51EE@rtpty.com> Turn them on for legitimate users only? From specific IP's only? Turn them off for specific IP's? On Feb 26, 2010, at 10:42 AM, Steven Andrews wrote: > Unfortunately, we need the notifications because of the legit emails that come in (user names file with 14 periods, etc). > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood > Sent: Friday, February 26, 2010 9:48 AM > To: MailScanner discussion > Subject: RE: scan for spam after filetype violation > > turn off notifications. > > > Garrod M. Alwood > Consultant > garrod.alwood@lorodoes.com > 904.738.4988 > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] > Sent: Friday, February 26, 2010 9:42 AM > To: MailScanner discussion > Subject: scan for spam after filetype violation > > I?m getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we?re getting slammed with the resultant notifications. > > I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren?t done if the file dumps out for the violation, virus, etc. > > Is there any way to pass these message on thru so my SA rule traps them? > > Thanks, > > Steven R. Andrews, President > Andrews Companies Incorporated > Small Business Information Technology Consultants > sandrews@andrewscompanies.com > Phone: 317.536.1807 > "If your only tool is a hammer, every problem looks like a nail." > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Fri Feb 26 20:57:46 2010 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Feb 26 20:58:00 2010 Subject: scan for spam after filetype violation In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com>, <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB0E30F34@winchester.andrewscompanies.com> Never said I was. They're blocked in filetype.rules. What I'm after is having the message continue to score so that SA rules can intervene and take it up to the highspam action. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 10:40 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation Mailscanner is smarter than that to know the difference. Also you shouldn't be accepting .exe's anyway. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 10:42 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation Unfortunately, we need the notifications because of the legit emails that come in (user names file with 14 periods, etc). From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 9:48 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation turn off notifications. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 9:42 AM To: MailScanner discussion Subject: scan for spam after filetype violation I'm getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we're getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren't done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/4b6b8c1c/attachment.html From Garrod.Alwood at lorodoes.com Fri Feb 26 21:13:25 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Fri Feb 26 21:14:31 2010 Subject: scan for spam after filetype violation In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30F34@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30F23@winchester.andrewscompanies.com>, <1964AAFBC212F742958F9275BF63DBB0E30F2C@winchester.andrewscompanies.com> <1964AAFBC212F742958F9275BF63DBB0E30F34@winchester.andrewscompanies.com> Message-ID: I agree with the earlier email saying use rules for the notifications. Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Feb 26, 2010, at 3:56 PM, "Steven Andrews" > wrote: Never said I was. They?re blocked in filetype.rules. What I?m after is having the message continue to score so that SA rules can intervene and take it up to the highspam action. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 10:40 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation Mailscanner is smarter than that to know the difference. Also you shouldn't be accepting .exe's anyway. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 10:42 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation Unfortunately, we need the notifications because of the legit emails that come in (user names file with 14 periods, etc). From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood Sent: Friday, February 26, 2010 9:48 AM To: MailScanner discussion Subject: RE: scan for spam after filetype violation turn off notifications. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews [sandrews@andrewscompanies.com] Sent: Friday, February 26, 2010 9:42 AM To: MailScanner discussion Subject: scan for spam after filetype violation I?m getting a boatload of messages with a settings.exe or zip in them and the attachment filetype rules are triggering just fine, but we?re getting slammed with the resultant notifications. I thought I could make a simple spamassassin rule to catch these, but it appears spam checks aren?t done if the file dumps out for the violation, virus, etc. Is there any way to pass these message on thru so my SA rule traps them? Thanks, Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100226/4be28571/attachment.html