From ajcartmell at fonant.com Fri Jan 1 09:52:06 2010 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Jan 1 09:52:21 2010 Subject: FH_DATE_PAST_20XX false positives Message-ID: Dear all, Happy New Year! Just a quick note about a bug noted on the SpamAssassin list: you might want to set FH_DATE_PAST_20XX to have a score of zero, or edit the rule, as it currently applies to all mail sent in 2010. The rule adds a score of 3.19 to messages by default, so could easily cause false positives for slightly-spammy messages sent this year. Best wishes, Anthony -- www.fonant.com - Quality web sites Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Grafton Lodge, 15 Grafton Road, Worthing, West Sussex, BN11 1QR From hvdkooij at vanderkooij.org Fri Jan 1 10:10:05 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jan 1 10:10:15 2010 Subject: Happy 2010: FH_DATE_PAST_20XX 3.19 Message-ID: <4B3DC9FD.8080403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Best wishes to everyone, I just got quite a few messages with this extra tag: FH_DATE_PAST_20XX 3.19 So if you miss some messages today they may have baen shot down due to the extra 3.19 points. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAks9yfoACgkQBvzDRVjxmYE8VgCfU+C/80vPtOIF4IDd2Krxp3Bs l2AAoKMuXm9TGozciuQXUw2J6dN9+ULN =e3cA -----END PGP SIGNATURE----- From alex at skynet-srl.com Fri Jan 1 15:05:58 2010 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Fri Jan 1 15:06:10 2010 Subject: Fix urgente MailScanner + Spamassassin Message-ID: <4B3E0F56.8080606@skynet-srl.com> La data 2010 non viene rilevata correttamente da Spamassassin, quindi ? stato necessario eseguire una riconfigurazione dei server SMTP in attesa del fix definitivo Saluti AB -- *SKYNET S.r.l.* - *Piazza XXV Aprile 14 - 28021 Borgomanero (No)* *tel. +39 0322-836487/834765 - fax +39 0322-836608 - www.skynet-srl.com* Autorizzazione Ministeriale n.197 Le informazioni contenute in questo messaggio sono riservate e confidenziali ed ? vietata la diffusione in qualunque modo eseguita. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene gentilmente comunicazione. Per qualsiasi informazione si prega di contattare (e-mail dell'azienda). Rif. D.L. 196/2003 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100101/63501e26/attachment.html From ms-list at alexb.ch Fri Jan 1 15:18:27 2010 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jan 1 15:18:35 2010 Subject: Fix urgente MailScanner + Spamassassin In-Reply-To: <4B3E0F56.8080606@skynet-srl.com> References: <4B3E0F56.8080606@skynet-srl.com> Message-ID: <4B3E1243.3050401@alexb.ch> On 01/01/10 04:05, Alessandro Bianchi wrote: > La data 2010 non viene rilevata correttamente da Spamassassin, quindi ? > stato necessario eseguire una riconfigurazione dei server SMTP in attesa > del fix definitivo > > Saluti > > AB > Google translate said: "The date 2010 is not detected correctly by SpamAssassin, so it was necessary to perform a reconfiguration of the SMTP server waiting for final fix" in local.cf : score FH_DATE_PAST_20XX 0.0 that should fix the problem / che dovrebbe risolvere il problema that rule will be fixed/replaced but don't wait for it - score to 0 asap. Alex From hvdkooij at vanderkooij.org Fri Jan 1 15:21:09 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jan 1 15:21:36 2010 Subject: Fix urgente MailScanner + Spamassassin In-Reply-To: <4B3E0F56.8080606@skynet-srl.com> References: <4B3E0F56.8080606@skynet-srl.com> Message-ID: <4B3E12E5.9020100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/01/10 16:05, Alessandro Bianchi wrote: > La data 2010 non viene rilevata correttamente da Spamassassin, quindi ? > stato necessario eseguire una riconfigurazione dei server SMTP in attesa > del fix definitivo Any change of posting this in plain English? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAks+EuMACgkQBvzDRVjxmYF7ZACcDPDLgF/p6/vc08MCWeo+L+g4 t44Anii2lKqpF/9yxcwoYOo025O1ihOz =AM5F -----END PGP SIGNATURE----- From rich at mail.wvnet.edu Fri Jan 1 15:48:48 2010 From: rich at mail.wvnet.edu (Richard Lynch) Date: Fri Jan 1 15:49:04 2010 Subject: Fix urgente MailScanner + Spamassassin In-Reply-To: <4B3E1243.3050401@alexb.ch> References: <4B3E0F56.8080606@skynet-srl.com> <4B3E1243.3050401@alexb.ch> Message-ID: <4B3E1960.7050305@mail.wvnet.edu> Alex Broens wrote: > On 01/01/10 04:05, Alessandro Bianchi wrote: >> La data 2010 non viene rilevata correttamente da Spamassassin, quindi >> ? stato necessario eseguire una riconfigurazione dei server SMTP in >> attesa del fix definitivo >> >> Saluti >> >> AB >> > > Google translate said: > > "The date 2010 is not detected correctly by SpamAssassin, so it was > necessary to perform a reconfiguration of the SMTP server waiting for > final fix" > > in local.cf : > > score FH_DATE_PAST_20XX 0.0 > > that should fix the problem / che dovrebbe risolvere il problema > > that rule will be fixed/replaced but don't wait for it - > score to 0 asap. > > Alex Note: I was still seeing some of these after applying the above fix. It turns out that I also had to remove the spamassassin cache used by MailScanner. I issued the following while MailScanner was down. > rm -fr /var/spool/MailScanner/incoming/SpamAssassin* --Rich -- Obstacles are those frightening things we see when we take our eyes off our goal. Henry Ford From lhaig at haigmail.com Sat Jan 2 02:27:47 2010 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jan 2 02:28:08 2010 Subject: Fix urgente MailScanner + Spamassassin In-Reply-To: <4B3E1960.7050305@mail.wvnet.edu> References: <4B3E0F56.8080606@skynet-srl.com> <4B3E1243.3050401@alexb.ch> <4B3E1960.7050305@mail.wvnet.edu> Message-ID: <4B3EAF23.4070003@haigmail.com> Just Run sa-update and it will be fixed Lance On 01/01/2010 03:48 PM, Richard Lynch wrote: > Alex Broens wrote: >> On 01/01/10 04:05, Alessandro Bianchi wrote: >>> La data 2010 non viene rilevata correttamente da Spamassassin, quindi >>> ? stato necessario eseguire una riconfigurazione dei server SMTP in >>> attesa del fix definitivo >>> >>> Saluti >>> >>> AB >>> >> >> Google translate said: >> >> "The date 2010 is not detected correctly by SpamAssassin, so it was >> necessary to perform a reconfiguration of the SMTP server waiting for >> final fix" >> >> in local.cf : >> >> score FH_DATE_PAST_20XX 0.0 >> >> that should fix the problem / che dovrebbe risolvere il problema >> >> that rule will be fixed/replaced but don't wait for it - >> score to 0 asap. >> >> Alex > > Note: I was still seeing some of these after applying the above fix. It > turns out that I also had to remove the spamassassin cache used by > MailScanner. I issued the following while MailScanner was down. > > > rm -fr /var/spool/MailScanner/incoming/SpamAssassin* > > > --Rich > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Mon Jan 4 15:59:01 2010 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jan 4 15:59:07 2010 Subject: More taint mode problems (please help) Message-ID: Hello, There seems to be more taint mode related problems in the latest version of MS. As of now, most of emails with attachments are unable to process and I'm at a loss on how to fix this as i am not a perl programmer. When running in debug mode the following error is shown. This is perl, v5.8.9 built for amd64-freebsd --- Building a message batch to scan... Have a batch of 1 message. Insecure dependency in open while running with -T switch at /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185. /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner --- I tried to manually hack File.pm and added a function to untaint the file open function. This worked, however it triggered another taint mode error inside of MS itself. --- Insecure dependency in chown while running with -T switch at /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505. --- If someone could help i would greatly appreciate it, I'm sure other FreeBSD users will be experiencing this too. Thanks. From Garrod.Alwood at lorodoes.com Mon Jan 4 16:30:17 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 4 16:35:51 2010 Subject: clamd In-Reply-To: References: Message-ID: <6C86D5A9-5072-408D-85ED-BCE6AE47EC19@mimectl> Ok guys I really need help with this one. I have 7 boxes running the old 4.78 with out an issue and clamd the newest clamd on ubuntu 9.04 and now also 1 box running 7.49 on ubuntu 9.10 with newest clamd. I have made all sorts of changes to clamd permissions. As of right now I have clamd using the Unix socket (same as the other 7 boxes, but the rest of the prefences are not) running as primary group under root, also with /var/spool/Mailscanner/incoming permissions set in the Mailscanner.conf as user=postfix group=clamav and permissions=0777 now i know i shouldn't have permissions set to 0777 for security issues, but every time I run Mailscanner --lint on the ubuntu 9.10 box i get clamd permission denied error when it scans the file. I am hoping someone has an idea as to what is causing this. I have also restarted both services. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100104/76c90521/attachment.html From maillists at conactive.com Mon Jan 4 17:55:32 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 4 17:55:41 2010 Subject: clamd In-Reply-To: <6C86D5A9-5072-408D-85ED-BCE6AE47EC19@mimectl> References: <6C86D5A9-5072-408D-85ED-BCE6AE47EC19@mimectl> Message-ID: Please repost this as a new message and not as a reply. No, replying with a changed subject is *not* a new message. When you do this, you may want to consider enhancing readability of your message. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Garrod.Alwood at lorodoes.com Mon Jan 4 17:54:42 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 4 18:00:16 2010 Subject: Clamd issue Message-ID: <811846A2-E34B-424E-AD37-E6E0C22F6DCA@mimectl> Ok guys I really need help with this one. I have 7 boxes running the old 4.78 with out an issue and clamd the newest clamd on ubuntu 9.04 and now also 1 box running 7.49 on ubuntu 9.10 with newest clamd. I have made all sorts of changes to clamd permissions. As of right now I have clamd using the Unix socket (same as the other 7 boxes, but the rest of the prefences are not) running as primary group under root, also with /var/spool/Mailscanner/incoming permissions set in the Mailscanner.conf as user=postfix group=clamav and permissions=0777 now i know i shouldn't have permissions set to 0777 for security issues, but every time I run Mailscanner --lint on the ubuntu 9.10 box i get clamd permission denied error when it scans the file. I am hoping someone has an idea as to what is causing this. I have also restarted both services. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100104/3d09baf6/attachment.html From Garrod.Alwood at lorodoes.com Mon Jan 4 18:05:32 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 4 18:11:06 2010 Subject: Clamd issue In-Reply-To: <811846A2-E34B-424E-AD37-E6E0C22F6DCA@mimectl> References: <811846A2-E34B-424E-AD37-E6E0C22F6DCA@mimectl> Message-ID: cancel that. I found the issue. It was apparmor stopping it. I thought I had removed it but I guess not. Thank all of you for your help. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garrod M. Alwood [Garrod.Alwood@lorodoes.com] Sent: Monday, January 04, 2010 12:54 PM To: MailScanner discussion Subject: Clamd issue Ok guys I really need help with this one. I have 7 boxes running the old 4.78 with out an issue and clamd the newest clamd on ubuntu 9.04 and now also 1 box running 7.49 on ubuntu 9.10 with newest clamd. I have made all sorts of changes to clamd permissions. As of right now I have clamd using the Unix socket (same as the other 7 boxes, but the rest of the prefences are not) running as primary group under root, also with /var/spool/Mailscanner/incoming permissions set in the Mailscanner.conf as user=postfix group=clamav and permissions=0777 now i know i shouldn't have permissions set to 0777 for security issues, but every time I run Mailscanner --lint on the ubuntu 9.10 box i get clamd permission denied error when it scans the file. I am hoping someone has an idea as to what is causing this. I have also restarted both services. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100104/64e8fe46/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Jan 4 19:15:25 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Jan 4 19:15:38 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: References: Message-ID: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> Anthony Cartmell wrote: > Dear all, > > Happy New Year! > > Just a quick note about a bug noted on the SpamAssassin list: you > might want to set FH_DATE_PAST_20XX to have a score of zero, or edit > the rule, as it currently applies to all mail sent in 2010. The rule > adds a score of > 3.19 to messages by default, so could easily cause false positives > for slightly-spammy messages sent this year. As noted, sa_update will cure those ills, but a manual fix is easy too. Just cd to /var/lib/spamassassin/3.002005/updates_spamassassin_org/ then in 72_active.cf change: 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] To: 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] Watch the line wrap. In short, change the [1-9] to [2-9]... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From cfisk at qwicnet.com Mon Jan 4 19:34:18 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Jan 4 19:34:39 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> Message-ID: > As noted, sa_update will cure those ills, but a manual > fix is easy too. Just cd to > /var/lib/spamassassin/3.002005/updates_spamassassin_org/ > then in 72_active.cf change: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ > /20[1-9][0-9]/ [if-unset: 2006] > To: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ > /20[2-9][0-9]/ [if-unset: 2006] > Watch the line wrap. In short, change the [1-9] to > [2-9]... Seems to me (and I'm not a programming in any sense of the word) that this fix is incomplete. the 2-9 means anything in this decade will be considered ok. Seems like a second rule to include 201[1-9] is needed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From patrick at vande-walle.eu Mon Jan 4 19:49:52 2010 From: patrick at vande-walle.eu (Patrick Vande Walle) Date: Mon Jan 4 19:51:13 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> Message-ID: <4B424660.7060105@vande-walle.eu> Alternatively, you may want to try the method described here: http://www.heise.de/newsticker/foren/S-Das-Peinliche-daran-ist/forum-171865/msg-17874835/read/ The post is in German, but the code is pretty self explanatory Patrick Kevin Miller wrote, On 04/01/10 20:15: > Anthony Cartmell wrote: > >> Dear all, >> >> Happy New Year! >> >> Just a quick note about a bug noted on the SpamAssassin list: you >> might want to set FH_DATE_PAST_20XX to have a score of zero, or edit >> the rule, as it currently applies to all mail sent in 2010. The rule >> adds a score of >> 3.19 to messages by default, so could easily cause false positives >> for slightly-spammy messages sent this year. >> > As noted, sa_update will cure those ills, but a manual fix is easy too. Just cd to > /var/lib/spamassassin/3.002005/updates_spamassassin_org/ then in 72_active.cf change: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] > To: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] > > Watch the line wrap. In short, change the [1-9] to [2-9]... > > > ...Kevin > From maillists at conactive.com Mon Jan 4 22:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 4 22:31:32 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: References: Message-ID: Actually, the rule will get removed. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From NWL002 at shsu.edu Mon Jan 4 22:41:57 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Mon Jan 4 22:42:07 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> Message-ID: <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? I have two copies of that particular rule file with the version under /var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. MailScanner services have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. -Norman -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller Sent: Monday, January 04, 2010 1:15 PM To: 'MailScanner discussion' Subject: RE: FH_DATE_PAST_20XX false positives Anthony Cartmell wrote: > Dear all, > > Happy New Year! > > Just a quick note about a bug noted on the SpamAssassin list: you > might want to set FH_DATE_PAST_20XX to have a score of zero, or edit > the rule, as it currently applies to all mail sent in 2010. The rule > adds a score of > 3.19 to messages by default, so could easily cause false positives > for slightly-spammy messages sent this year. As noted, sa_update will cure those ills, but a manual fix is easy too. Just cd to /var/lib/spamassassin/3.002005/updates_spamassassin_org/ then in 72_active.cf change: 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] To: 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] Watch the line wrap. In short, change the [1-9] to [2-9]... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500-- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dchee at uci.edu Mon Jan 4 23:05:26 2010 From: dchee at uci.edu (Derek Chee) Date: Mon Jan 4 23:05:38 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> Message-ID: <74BF49E4-37BB-49C8-958B-BCA30584259A@uci.edu> "MailScanner --debug-sa" will tell you what SpamAssassin is up to. You can also run --debug with spamassassin command-line tool, but to be really sure what MailScanner is doing, use the MailScanner command. I just found out that I had messed up my MailScanner config and it was doing things differently than the command-line issued spamassassin command. -- Derek On Jan 4, 2010, at 2:41 PM, Laskie, Norman wrote: > Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? I have two copies of that particular rule file with the version under /var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. MailScanner services have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. > > -Norman > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller > Sent: Monday, January 04, 2010 1:15 PM > To: 'MailScanner discussion' > Subject: RE: FH_DATE_PAST_20XX false positives > > Anthony Cartmell wrote: >> Dear all, >> >> Happy New Year! >> >> Just a quick note about a bug noted on the SpamAssassin list: you >> might want to set FH_DATE_PAST_20XX to have a score of zero, or edit >> the rule, as it currently applies to all mail sent in 2010. The rule >> adds a score of >> 3.19 to messages by default, so could easily cause false positives >> for slightly-spammy messages sent this year. > > As noted, sa_update will cure those ills, but a manual fix is easy too. Just cd to > /var/lib/spamassassin/3.002005/updates_spamassassin_org/ then in 72_active.cf change: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006] > To: > 72_active.cf:header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] > > Watch the line wrap. In short, change the [1-9] to [2-9]... > > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Tue Jan 5 08:05:46 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 5 08:05:54 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> Message-ID: <223f97701001050005u71b0667fy1b9a947c99039ec1@mail.gmail.com> 2010/1/4 Laskie, Norman : > Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? ?I have two copies of that particular rule file with the version under /var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. ?MailScanner services have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. > > -Norman > As Derek notes there is a "MailScanner --debug --debug-sa" that will tell you *everything*;-). If it still scores the bad rule, perhaps you've been running sa-update by hand and either forgot to sa-compile after the sa-update, or perhaps forgot to do "service MailScanner reload" to make MS copy of SA aware of the changes ... All this is done by Jules update_spamassassin tool...;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lists at elasticmind.net Tue Jan 5 12:18:59 2010 From: lists at elasticmind.net (mog) Date: Tue Jan 5 12:19:17 2010 Subject: More taint mode problems (please help) In-Reply-To: References: Message-ID: <4B432E33.9080602@elasticmind.net> On 04/01/2010 15:59, Mike Jakubik wrote: > Hello, > > There seems to be more taint mode related problems in the latest version > of MS. As of now, most of emails with attachments are unable to process > and I'm at a loss on how to fix this as i am not a perl programmer. > > When running in debug mode the following error is shown. > > This is perl, v5.8.9 built for amd64-freebsd > > --- > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at > /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185. > /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner > --- > > I tried to manually hack File.pm and added a function to untaint the file > open function. This worked, however it triggered another taint mode error > inside of MS itself. > > --- > Insecure dependency in chown while running with -T switch at > /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505. > --- > > If someone could help i would greatly appreciate it, I'm sure other > FreeBSD users will be experiencing this too. > > Thanks. > Hi, Try upgrading perl to 'perl-5.10.1' and make sure you are using at least MailScanner version 'MailScanner-4.79.4' (both from ports). You should find that the taint mode problem goes away. Regards, mog From repcsike at gmail.com Tue Jan 5 12:49:41 2010 From: repcsike at gmail.com (=?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?=) Date: Tue Jan 5 12:49:51 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B432E33.9080602@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> Message-ID: Hello, I'm using FreeBSD, and I had the same error, after some days on the mailwatch list they solved it. You need perl 5.8.8 < this is what I'm using right now and it's working Or perl 5.10.0 I tried 5.10.1 but it wasn't working! Regards, Bal?zs. 2010/1/5 mog > On 04/01/2010 15:59, Mike Jakubik wrote: > >> Hello, >> >> There seems to be more taint mode related problems in the latest version >> of MS. As of now, most of emails with attachments are unable to process >> and I'm at a loss on how to fix this as i am not a perl programmer. >> >> When running in debug mode the following error is shown. >> >> This is perl, v5.8.9 built for amd64-freebsd >> >> --- >> Building a message batch to scan... >> Have a batch of 1 message. >> Insecure dependency in open while running with -T switch at >> /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185. >> /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner >> --- >> >> I tried to manually hack File.pm and added a function to untaint the file >> open function. This worked, however it triggered another taint mode error >> inside of MS itself. >> >> --- >> Insecure dependency in chown while running with -T switch at >> /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505. >> --- >> >> If someone could help i would greatly appreciate it, I'm sure other >> FreeBSD users will be experiencing this too. >> >> Thanks. >> >> > > > Hi, > > Try upgrading perl to 'perl-5.10.1' and make sure you are using at least > MailScanner version 'MailScanner-4.79.4' (both from ports). You should find > that the taint mode problem goes away. > > Regards, > mog > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/73a8b5ba/attachment.html From richard.siddall at elirion.net Tue Jan 5 12:53:41 2010 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Jan 5 12:53:53 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <4B424660.7060105@vande-walle.eu> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <4B424660.7060105@vande-walle.eu> Message-ID: <4B433655.9010604@elirion.net> Patrick Vande Walle wrote: > Alternatively, you may want to try the method described here: > > http://www.heise.de/newsticker/foren/S-Das-Peinliche-daran-ist/forum-171865/msg-17874835/read/ > > The post is in German, but the code is pretty self explanatory > > Patrick > It strikes me as a bad idea to use the FH_DATE_PAST_20XX rule name for a completely different rule. I think it would be better to score the official FH_DATE_PAST_20XX to zero in your local.cf and just define a new rule using the better algorithm. That should avoid problems with sa-update overwriting your new version too. Regards, Richard Siddall From NWL002 at shsu.edu Tue Jan 5 13:14:40 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Tue Jan 5 13:14:51 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <223f97701001050005u71b0667fy1b9a947c99039ec1@mail.gmail.com> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> <223f97701001050005u71b0667fy1b9a947c99039ec1@mail.gmail.com> Message-ID: <8FAC1E47484E43469AA28DBF35C955E4A49AB00053@EXMBX.SHSU.EDU> Thanks for the info. We are using the update_spamassassin tool via cron, but after running MailScanner --debug --debug-sa to me it appears that MailScanner / SpamAssassin isn't picking up the updated rules from /var/lib/spamassassin/3.002004/updates_spamassassin_org. Running spamassassin in debug mode shows that it is using the updates directory. MailScanner --debug --debug-sa: 06:36:33 [14115] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 06:36:33 [14115] dbg: config: using "/usr/share/spamassassin" for default rules dir spamassassin -D --lint 2>&1: [1032] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [1032] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir As a disclaimer we are running an older version of MailScanner (This is Red Hat Enterprise Linux Server release 5.3 (Tikanga), This is Perl version 5.008008 (5.8.8), This is MailScanner version 4.69.9) -Norman -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, January 05, 2010 2:06 AM To: MailScanner discussion Subject: Re: FH_DATE_PAST_20XX false positives 2010/1/4 Laskie, Norman : > Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? ?I have two copies of that particular rule file with the version under /var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. ?MailScanner services have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. > > -Norman > As Derek notes there is a "MailScanner --debug --debug-sa" that will tell you *everything*;-). If it still scores the bad rule, perhaps you've been running sa-update by hand and either forgot to sa-compile after the sa-update, or perhaps forgot to do "service MailScanner reload" to make MS copy of SA aware of the changes ... All this is done by Jules update_spamassassin tool...;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at elasticmind.net Tue Jan 5 13:39:01 2010 From: lists at elasticmind.net (mog) Date: Tue Jan 5 13:39:09 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B432E33.9080602@elasticmind.net> Message-ID: <4B4340F5.8020002@elasticmind.net> On 05/01/2010 12:49, Bal?zs M?t?ffy wrote: > Hello, > > I'm using FreeBSD, and I had the same error, after some days on the > mailwatch list they solved it. > > You need perl 5.8.8 < this is what I'm using right now and it's working > Or perl 5.10.0 > > I tried 5.10.1 but it wasn't working! > > > Regards, > > Bal?zs. Hi, When you tried 5.10.1, what version of MailScanner were you using? mog From repcsike at gmail.com Tue Jan 5 13:44:13 2010 From: repcsike at gmail.com (=?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?=) Date: Tue Jan 5 13:44:22 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B4340F5.8020002@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> Message-ID: Hi, The Latest stable from the freebsd ports tree at that time. MailScanner-4.78.17 2010/1/5 mog > On 05/01/2010 12:49, Bal?zs M?t?ffy wrote: > >> Hello, >> >> I'm using FreeBSD, and I had the same error, after some days on the >> mailwatch list they solved it. >> >> You need perl 5.8.8 < this is what I'm using right now and it's working >> Or perl 5.10.0 >> >> I tried 5.10.1 but it wasn't working! >> >> >> Regards, >> >> Bal?zs. >> > > > Hi, > > When you tried 5.10.1, what version of MailScanner were you using? > > mog > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/67d7a228/attachment.html From mrebsamen at unimatrix0.ch Tue Jan 5 13:53:20 2010 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Tue Jan 5 13:53:35 2010 Subject: Filename/-type Checking Message-ID: Hi I got troubles with this filename/-type checking. What I want is, that simple .exe or .dll files are not delivered. But If I put them into a ZIP or RAR file they should pass. I tried setting the path to the rar and gzip commands to "empty", I tried setting the filetype "executable" in the rules file to allowed.... Useless, I can't send my mail. Can somebody tell me how to configure MailScanner like that ? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/f7692ce7/attachment.html From lists at elasticmind.net Tue Jan 5 13:54:52 2010 From: lists at elasticmind.net (mog) Date: Tue Jan 5 13:55:03 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> Message-ID: <4B4344AC.8070803@elasticmind.net> Ya, you need to use MailScanner-4.79.4 which was available a couple weeks ago from ports. It will work then. mog On 05/01/2010 13:44, Bal?zs M?t?ffy wrote: > Hi, > > The Latest stable from the freebsd ports tree at that time. > > MailScanner-4.78.17 > > 2010/1/5 mog > > > On 05/01/2010 12:49, Bal?zs M?t?ffy wrote: > > Hello, > > I'm using FreeBSD, and I had the same error, after some days > on the mailwatch list they solved it. > > You need perl 5.8.8 < this is what I'm using right now and > it's working > Or perl 5.10.0 > > I tried 5.10.1 but it wasn't working! > > > Regards, > > Bal?zs. > > > > Hi, > > When you tried 5.10.1, what version of MailScanner were you using? > > mog > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/96c856eb/attachment.html From repcsike at gmail.com Tue Jan 5 14:14:20 2010 From: repcsike at gmail.com (=?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?=) Date: Tue Jan 5 14:14:29 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B4344AC.8070803@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> Message-ID: Thanks for the info! 2010/1/5 mog > Ya, you need to use MailScanner-4.79.4 which was available a couple weeks > ago from ports. It will work then. > > mog > > > > On 05/01/2010 13:44, Bal?zs M?t?ffy wrote: > > Hi, > > The Latest stable from the freebsd ports tree at that time. > > MailScanner-4.78.17 > > 2010/1/5 mog > >> On 05/01/2010 12:49, Bal?zs M?t?ffy wrote: >> >>> Hello, >>> >>> I'm using FreeBSD, and I had the same error, after some days on the >>> mailwatch list they solved it. >>> >>> You need perl 5.8.8 < this is what I'm using right now and it's working >>> Or perl 5.10.0 >>> >>> I tried 5.10.1 but it wasn't working! >>> >>> >>> Regards, >>> >>> Bal?zs. >>> >> >> >> Hi, >> >> When you tried 5.10.1, what version of MailScanner were you using? >> >> mog >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/5200da63/attachment.html From NWL002 at shsu.edu Tue Jan 5 15:40:04 2010 From: NWL002 at shsu.edu (Laskie, Norman) Date: Tue Jan 5 15:40:14 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E4A49AB00053@EXMBX.SHSU.EDU> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <8FAC1E47484E43469AA28DBF35C955E4A49AB00051@EXMBX.SHSU.EDU> <223f97701001050005u71b0667fy1b9a947c99039ec1@mail.gmail.com> <8FAC1E47484E43469AA28DBF35C955E4A49AB00053@EXMBX.SHSU.EDU> Message-ID: <8FAC1E47484E43469AA28DBF35C955E4A49AB00055@EXMBX.SHSU.EDU> I have located and corrected the problem. The SpamAssassin Local State Dir wasn't defined properly. -Norman -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Laskie, Norman Sent: Tuesday, January 05, 2010 7:15 AM To: 'MailScanner discussion' Subject: RE: FH_DATE_PAST_20XX false positives Thanks for the info. We are using the update_spamassassin tool via cron, but after running MailScanner --debug --debug-sa to me it appears that MailScanner / SpamAssassin isn't picking up the updated rules from /var/lib/spamassassin/3.002004/updates_spamassassin_org. Running spamassassin in debug mode shows that it is using the updates directory. MailScanner --debug --debug-sa: 06:36:33 [14115] dbg: config: using "/usr/share/spamassassin" for sys rules pre files 06:36:33 [14115] dbg: config: using "/usr/share/spamassassin" for default rules dir spamassassin -D --lint 2>&1: [1032] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [1032] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir As a disclaimer we are running an older version of MailScanner (This is Red Hat Enterprise Linux Server release 5.3 (Tikanga), This is Perl version 5.008008 (5.8.8), This is MailScanner version 4.69.9) -Norman -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, January 05, 2010 2:06 AM To: MailScanner discussion Subject: Re: FH_DATE_PAST_20XX false positives 2010/1/4 Laskie, Norman : > Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? ?I have two copies of that particular rule file with the version under /var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. ?MailScanner services have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. > > -Norman > As Derek notes there is a "MailScanner --debug --debug-sa" that will tell you *everything*;-). If it still scores the bad rule, perhaps you've been running sa-update by hand and either forgot to sa-compile after the sa-update, or perhaps forgot to do "service MailScanner reload" to make MS copy of SA aware of the changes ... All this is done by Jules update_spamassassin tool...;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandrews at andrewscompanies.com Tue Jan 5 15:53:24 2010 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Tue Jan 5 15:53:33 2010 Subject: sendmail header removal Message-ID: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> I've got a couple sendmail/mailscanner boxes that we use to front end our exchange boxes inbound and outbound. We've run into a problem with any email going to mxlogic.net's clients as they do a deep header analysis and find private IPs in the headers and then the block based on that. This has happened multiple times and we always have to involve the receiving customer in the conversation with mxlogic to get it fixed on a per domain basis, and then months later it just comes back. They know they're not supposed to block based on that, but they really don't care. So, what I'd like to do is find a way to rip out the private IPs of the message headers when we send them, or massage them into public IPs. Is there any way to do this with sendmail? Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/08641466/attachment.html From davejones70 at gmail.com Tue Jan 5 16:00:45 2010 From: davejones70 at gmail.com (Dave Jones) Date: Tue Jan 5 16:00:56 2010 Subject: FH_DATE_PAST_20XX false positives Message-ID: <161b1c931001050800x4c5b82c9j24d9355075cac8dc@mail.gmail.com> >>2010/1/4 Laskie, Norman : >> Is there an easy way to tell what directory SpamAssassin / MailScanner is using for rules? I have two copies of that particular rule file with the version under >>/var/lib/spamassassin/3.002004/updates_spamassassin_org being updated and a version under /usr/share/spamassassin not being updated. MailScanner services >>have been restarted, SpamAssassin caches dumped and multiple sa-updates have been run. >> >> -Norman >> >As Derek notes there is a "MailScanner --debug --debug-sa" that will >tell you *everything*;-). If it still scores the bad rule, perhaps >you've been running sa-update by hand and either forgot to sa-compile >after the sa-update, or perhaps forgot to do "service MailScanner >reload" to make MS copy of SA aware of the changes ... All this is >done by Jules update_spamassassin tool...;) > >Cheers >-- >-- Glenn >email: glenn < dot > steen < at > gmail < dot > com >work: glenn < dot > steen < at > ap1 < dot > se So when you run MailScanner --debug-sa and it shows that it's loading the 72_active.cf from multiple SA versions, what do you do? I have SA in /var/lib/spamassassin/3.002003 and 3.00.2.004 and only the newer version got updated. Am I supposed to remove the previous versions of rules? I am still getting hits on the rule so I have had to score it as 0 until I get this fixed. Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/a5c967ef/attachment.html From jethro.binks at strath.ac.uk Tue Jan 5 16:01:14 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Jan 5 16:01:24 2010 Subject: sendmail header removal In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> Message-ID: On Tue, 5 Jan 2010, Steven Andrews wrote: > I've got a couple sendmail/mailscanner boxes that we use to front end > our exchange boxes inbound and outbound. We've run into a problem with > any email going to mxlogic.net's clients as they do a deep header > analysis and find private IPs in the headers and then the block based on > that. > > This has happened multiple times and we always have to involve the > receiving customer in the conversation with mxlogic to get it fixed on a > per domain basis, and then months later it just comes back. They know > they're not supposed to block based on that, but they really don't care. Suggest informing the clients of mxlogic's broken attitude. What an ironic name for a company. Can't say I would have much faith in their services. You might have more luck asking your question on a sendmail list though. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From prandal at herefordshire.gov.uk Tue Jan 5 16:13:41 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 5 16:14:58 2010 Subject: sendmail header removal In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> Be careful.... If you start removing Sendmail's "Received" headers you're likely to break Sendmail's mail loop detection. Been there, done it, got the t-shirt :-) Cheers, Phil ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: 05 January 2010 15:53 To: MailScanner discussion Subject: sendmail header removal I've got a couple sendmail/mailscanner boxes that we use to front end our exchange boxes inbound and outbound. We've run into a problem with any email going to mxlogic.net's clients as they do a deep header analysis and find private IPs in the headers and then the block based on that. This has happened multiple times and we always have to involve the receiving customer in the conversation with mxlogic to get it fixed on a per domain basis, and then months later it just comes back. They know they're not supposed to block based on that, but they really don't care. So, what I'd like to do is find a way to rip out the private IPs of the message headers when we send them, or massage them into public IPs. Is there any way to do this with sendmail? Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/7b3f15e2/attachment.html From oliver at linux-kernel.at Tue Jan 5 16:19:06 2010 From: oliver at linux-kernel.at (Oliver Falk) Date: Tue Jan 5 16:19:28 2010 Subject: sendmail header removal In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> Message-ID: <4B43667A.8080405@linux-kernel.at> Am 05.01.2010 16:53, schrieb Steven Andrews: > I?ve got a couple sendmail/mailscanner boxes that we use to front end > our exchange boxes inbound and outbound. We?ve run into a problem with > any email going to mxlogic.net?s clients as they do a deep header > analysis and find private IPs in the headers and then the block based on > that. [ ...] > So, what I?d like to do is find a way to rip out the private IPs of the > message headers when we send them, or massage them into public IPs. Is > there any way to do this with sendmail? I had a similar problem (I believe it was some Barracuda Spam Firewall) months ago. What helped in the end was to hide the client IP on my SMTP (SM/MS). Try adding this (or similar) to the sendmail.mc and rebuild your sendmail.cf: dnl # dnl # Hide client IP define(`confRECEIVED_HEADER',`by $j $?r with $r$. id $i; $b')dnl Well... If it is the received header which is your problem. Please note: Under some circumstances this *could* cause your troubles when trying to debug other kind of mail delivery problems; however none come to my mind immediately. :-) BR, -of From gary at sgluk.com Tue Jan 5 16:21:58 2010 From: gary at sgluk.com (Gary Pentland) Date: Tue Jan 5 16:22:13 2010 Subject: OT sendmail header removal In-Reply-To: References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> Message-ID: >From what I remember you cannot remove headers in cf code, in a normal sendmail. There are some source code edits in google YMMV but I would go about this. If I had to do it and bend a few RFCs as a result, I'd do it via a milter, MIMEdefang using a bit of perl is probably simplest. Gary -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jethro R Binks Sent: 05 January 2010 16:01 To: MailScanner discussion Subject: Re: sendmail header removal On Tue, 5 Jan 2010, Steven Andrews wrote: > I've got a couple sendmail/mailscanner boxes that we use to front end > our exchange boxes inbound and outbound. We've run into a problem with > any email going to mxlogic.net's clients as they do a deep header > analysis and find private IPs in the headers and then the block based on > that. > > This has happened multiple times and we always have to involve the > receiving customer in the conversation with mxlogic to get it fixed on a > per domain basis, and then months later it just comes back. They know > they're not supposed to block based on that, but they really don't care. Suggest informing the clients of mxlogic's broken attitude. What an ironic name for a company. Can't say I would have much faith in their services. You might have more luck asking your question on a sendmail list though. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From oliver at linux-kernel.at Tue Jan 5 16:23:56 2010 From: oliver at linux-kernel.at (Oliver Falk) Date: Tue Jan 5 16:24:14 2010 Subject: sendmail header removal In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> Message-ID: <4B43679C.7090501@linux-kernel.at> Am 05.01.2010 17:13, schrieb Randal, Phil: > Be careful.... If you start removing Sendmail's "Received" headers > you're likely to break Sendmail's mail loop detection. > Been there, done it, got the t-shirt :-) Ah. Good point. I knew there was some trouble involved :-) However, if you have a working installation it shouldn't be too bad, since you shouldn't have any mail loops, right? -of From lhaig at haigmail.com Tue Jan 5 16:32:58 2010 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jan 5 16:33:42 2010 Subject: sendmail header removal In-Reply-To: <4B43679C.7090501@linux-kernel.at> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> <4B43679C.7090501@linux-kernel.at> Message-ID: <90051267-6F79-4C51-9802-4801B7016ABA@haigmail.com> you never know about the future :-) Lance On 5 Jan 2010, at 16:23, Oliver Falk wrote: > Am 05.01.2010 17:13, schrieb Randal, Phil: >> Be careful.... If you start removing Sendmail's "Received" headers >> you're likely to break Sendmail's mail loop detection. >> Been there, done it, got the t-shirt :-) > > Ah. Good point. I knew there was some trouble involved :-) > However, if you have a working installation it shouldn't be too bad, since you shouldn't have any mail loops, right? > > -of > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message was scanned by Better Hosted and is believed to be clean. > Click here to report this message as spam. http://mx1.betterhosted.com/cgi-bin/learn-msg.cgi?id=D49E39F9F8.A3945 > > -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From prandal at herefordshire.gov.uk Tue Jan 5 16:37:36 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 5 16:37:52 2010 Subject: sendmail header removal In-Reply-To: <4B43679C.7090501@linux-kernel.at> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com><7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> <4B43679C.7090501@linux-kernel.at> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFCA@HC-MBX02.herefordshire.gov.uk> Indeed, but one misconfigured box somewhere is all it takes... Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Oliver Falk Sent: 05 January 2010 16:24 To: mailscanner@lists.mailscanner.info Subject: Re: sendmail header removal Am 05.01.2010 17:13, schrieb Randal, Phil: > Be careful.... If you start removing Sendmail's "Received" headers > you're likely to break Sendmail's mail loop detection. > Been there, done it, got the t-shirt :-) Ah. Good point. I knew there was some trouble involved :-) However, if you have a working installation it shouldn't be too bad, since you shouldn't have any mail loops, right? -of -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From oliver at linux-kernel.at Tue Jan 5 16:46:58 2010 From: oliver at linux-kernel.at (Oliver Falk) Date: Tue Jan 5 16:47:13 2010 Subject: sendmail header removal In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CFCA@HC-MBX02.herefordshire.gov.uk> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com><7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> <4B43679C.7090501@linux-kernel.at> <7EF0EE5CB3B263488C8C18823239BEBA03CFCA@HC-MBX02.herefordshire.gov.uk> Message-ID: <4B436D02.10706@linux-kernel.at> Am 05.01.2010 17:37, schrieb Randal, Phil: > Indeed, but one misconfigured box somewhere is all it takes... OK. Let's pretend we're perfect and never make any configuration mistakes :-) -of From shuttlebox at gmail.com Tue Jan 5 16:58:30 2010 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jan 5 16:59:00 2010 Subject: Possible to archive based on attachments? Message-ID: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> We have found a nasty PDF attachment (targeted specifically against a client of mine) and we would like to archive all PDF's passing through MailScanner for analysis. I don't know how to do this in a simple and transparent way. If I use the filename/type rules it either blocks the PDF's or replaces the original recipients, this won't fly as most PDF's are going to be OK, the users shouldn't notice this. The only way I can think of is to archive *all* mail and then find which df-files (Sendmail) contains PDF's and extract them and delete the rest. Is this how I should collect the samples? Or is there a better way? -- /peter From alex at rtpty.com Tue Jan 5 17:03:06 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 5 17:03:20 2010 Subject: Possible to archive based on attachments? In-Reply-To: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> Message-ID: <702199C8-461F-4A74-99E8-B2641CA4EA0D@rtpty.com> What about MCP? On Jan 5, 2010, at 11:58 AM, shuttlebox wrote: > We have found a nasty PDF attachment (targeted specifically against a > client of mine) and we would like to archive all PDF's passing through > MailScanner for analysis. > > I don't know how to do this in a simple and transparent way. If I use > the filename/type rules it either blocks the PDF's or replaces the > original recipients, this won't fly as most PDF's are going to be OK, > the users shouldn't notice this. > > The only way I can think of is to archive *all* mail and then find > which df-files (Sendmail) contains PDF's and extract them and delete > the rest. Is this how I should collect the samples? Or is there a > better way? > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Jan 5 17:03:09 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 5 17:03:47 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <161b1c931001050800x4c5b82c9j24d9355075cac8dc@mail.gmail.com> References: <161b1c931001050800x4c5b82c9j24d9355075cac8dc@mail.gmail.com> Message-ID: > > So when you run MailScanner --debug-sa and it shows that it's loading the > 72_active.cf from multiple SA versions, what do > you do? ?I have SA in? > /var/lib/spamassassin/3.002003 and 3.00.2.004 and only the newer version > got updated. ?Am I supposed to remove the previous versions of rules? ?I am > still getting hits on the rule so I have had to score it as 0 until I > get this fixed. > > Dave > I try and remove the old ones after an upgrade... They just take space. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/c418bab1/signature.bin From prandal at herefordshire.gov.uk Tue Jan 5 17:07:02 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 5 17:07:17 2010 Subject: Possible to archive based on attachments? In-Reply-To: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> Write a spamassassin rule to detect PDF attachments, and then use MailScanner's "Spamassassin Rule Action" functionality to archive all hits. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: 05 January 2010 16:59 To: MailScanner discussion Subject: Possible to archive based on attachments? We have found a nasty PDF attachment (targeted specifically against a client of mine) and we would like to archive all PDF's passing through MailScanner for analysis. I don't know how to do this in a simple and transparent way. If I use the filename/type rules it either blocks the PDF's or replaces the original recipients, this won't fly as most PDF's are going to be OK, the users shouldn't notice this. The only way I can think of is to archive *all* mail and then find which df-files (Sendmail) contains PDF's and extract them and delete the rest. Is this how I should collect the samples? Or is there a better way? -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From alex at rtpty.com Tue Jan 5 17:22:42 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 5 17:22:58 2010 Subject: Possible to archive based on attachments? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> Message-ID: <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> Good call Phil. What do you think would be a good way to catch all the different ways PDF files can be attached? On Jan 5, 2010, at 12:07 PM, Randal, Phil wrote: > Write a spamassassin rule to detect PDF attachments, and then use > MailScanner's "Spamassassin Rule Action" functionality to archive all > hits. From patrick at isoc.lu Tue Jan 5 17:35:25 2010 From: patrick at isoc.lu (Patrick Vande Walle) Date: Tue Jan 5 17:36:12 2010 Subject: FH_DATE_PAST_20XX false positives In-Reply-To: <4B433655.9010604@elirion.net> References: <4A09477D575C2C4B86497161427DD94C137B7E93DE@city-exchange07> <4B424660.7060105@vande-walle.eu> <4B433655.9010604@elirion.net> Message-ID: <4B43785D.6060102@isoc.lu> Richard Siddall wrote, On 05/01/10 13:53: > Patrick Vande Walle wrote: >> Alternatively, you may want to try the method described here: >> >> http://www.heise.de/newsticker/foren/S-Das-Peinliche-daran-ist/forum-171865/msg-17874835/read/ >> > > It strikes me as a bad idea to use the FH_DATE_PAST_20XX rule name for > a completely different rule. I think it would be better to score the > official FH_DATE_PAST_20XX to zero in your local.cf and just define a > new rule using the better algorithm. That should avoid problems with > sa-update overwriting your new version too. Richard, You are, of course, absolutely right that one should avoid reusing one of the default rules with another algorithm. It is just that testing messages with dates in the future is useful for scoring. Setting the FH_DATE_PAST_20XX rule with a score of 0 is only a partial solution. Hence, I created a new rule based on the above-mentioned post. Kind regards, Patrick Vande Walle From prandal at herefordshire.gov.uk Tue Jan 5 17:37:53 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 5 17:38:10 2010 Subject: Possible to archive based on attachments? In-Reply-To: <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com><7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> You could use a rule like (off the top of my head, so don't shoot me if it isn't correct): ifplugin Mail::SpamAssassin::Plugin::MIMEHeader mimeheader LOCAL_ATTACHED_PDF Content-Disposition =~ /filename=\".{1,32}\.pdf\"/i score LOCAL_ATTACHED_PDF 0.01 endif Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: 05 January 2010 17:23 To: MailScanner discussion Subject: Re: Possible to archive based on attachments? Good call Phil. What do you think would be a good way to catch all the different ways PDF files can be attached? On Jan 5, 2010, at 12:07 PM, Randal, Phil wrote: > Write a spamassassin rule to detect PDF attachments, and then use > MailScanner's "Spamassassin Rule Action" functionality to archive all > hits. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From alex at rtpty.com Tue Jan 5 17:48:42 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 5 17:50:09 2010 Subject: Possible to archive based on attachments? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com><7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> Message-ID: <305738BE-643B-4537-B727-0F9922C94F2E@rtpty.com> Would this work with some otherwise braindead and/or broken mailers like, I dunno, Outlook Express or whatever? On Jan 5, 2010, at 12:37 PM, Randal, Phil wrote: > You could use a rule like (off the top of my head, so don't shoot me if > it isn't correct): > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader > mimeheader LOCAL_ATTACHED_PDF Content-Disposition =~ > /filename=\".{1,32}\.pdf\"/i > score LOCAL_ATTACHED_PDF 0.01 > endif From shuttlebox at gmail.com Tue Jan 5 18:16:02 2010 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Jan 5 18:16:30 2010 Subject: Possible to archive based on attachments? In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> Message-ID: <625385e31001051016g494f963bg8b0c46110619e67@mail.gmail.com> On Tue, Jan 5, 2010 at 6:37 PM, Randal, Phil wrote: > You could use a rule like (off the top of my head, so don't shoot me if > it isn't correct): > > ifplugin Mail::SpamAssassin::Plugin::MIMEHeader > mimeheader LOCAL_ATTACHED_PDF ?Content-Disposition =~ > /filename=\".{1,32}\.pdf\"/i > score LOCAL_ATTACHED_PDF 0.01 > endif Thanks! This together with a rule action should do what I want. -- /peter From Denis.Beauchemin at USherbrooke.ca Tue Jan 5 21:16:02 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Jan 5 21:16:24 2010 Subject: Filename/-type Checking In-Reply-To: References: Message-ID: <4B43AC12.2010809@USherbrooke.ca> Le 2010-01-05 08:53, Marco Rebsamen a ?crit : > > Hi > > I got troubles with this filename/-type checking. > > What I want is, that simple .exe or .dll files are not delivered. But > If I put them into a ZIP or RAR file they should pass. > > I tried setting the path to the rar and gzip commands to ?empty?, I > tried setting the filetype ?executable? in the rules file to allowed?. > Useless, I can?t send my mail. > > Can somebody tell me how to configure MailScanner like that ? > > Thank you > Marco, Look at: # The maximum depth to which zip archives, rar archives and Microsoft Office # documents will be unpacked, to allow for checking filenames and filetypes # within zip and rar archives and embedded within Office documents. # # Note: This setting does *not* affect virus scanning in archives at all. # # To disable this feature set this to 0. # A common useful setting is this option = 0, and Allow Password-Protected # Archives = no. That block password-protected archives but does not do # any filename/filetype checks on the files within the archive. # This can also be the filename of a ruleset. Maximum Archive Depth = 0 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From rcooper at dwford.com Tue Jan 5 22:18:13 2010 From: rcooper at dwford.com (Rick Cooper) Date: Tue Jan 5 22:18:29 2010 Subject: Filename/-type Checking In-Reply-To: <4B43AC12.2010809@USherbrooke.ca> References: <4B43AC12.2010809@USherbrooke.ca> Message-ID: <960C186CCB8542CD8AF8C7CE70B131CA@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Tuesday, January 05, 2010 4:16 PM To: MailScanner discussion Subject: Re: Filename/-type Checking > Le 2010-01-05 08:53, Marco Rebsamen a ?crit : >> >> Hi >> >> I got troubles with this filename/-type checking. >> >> What I want is, that simple .exe or .dll files are not delivered. But >> If I put them into a ZIP or RAR file they should pass. >> >> I tried setting the path to the rar and gzip commands to ?empty?, I >> tried setting the filetype ?executable? in the rules file to allowed . >> Useless, I can?t send my mail. >> >> Can somebody tell me how to configure MailScanner like that ? >> >> Thank you >> > Marco, > > Look at: > # The maximum depth to which zip archives, rar archives and Microsoft > Office # documents will be unpacked, to allow for checking filenames and > filetypes # within zip and rar archives and embedded within Office > documents. # > # Note: This setting does *not* affect virus scanning in archives at all. > # > # To disable this feature set this to 0. > # A common useful setting is this option = 0, and Allow Password-Protected > # Archives = no. That block password-protected archives but does not do > # any filename/filetype checks on the files within the archive. > # This can also be the filename of a ruleset. > Maximum Archive Depth = 0 > Should be able to use the archive.filename.rules/types to handle this. In the archive related just put an allow line at the top. If using a later version then look for "Archives: Allow Filenames =" in the config file and use the rule file or just make it Archives: Allow Filenames = \.exe$ \.dll$ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From eric at linuxsystems.net Tue Jan 5 22:54:01 2010 From: eric at linuxsystems.net (Eric Peters) Date: Tue Jan 5 22:54:12 2010 Subject: Perl Issues? I think? Message-ID: Hello all, Thanks for taking the time to read this. Basically just did a clean install of Ubuntu 9.10 server with MailScanner w/ Mailwatch but when starting up I see the following in the mail.log "Could not use Custom Function code........SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;"" Same error with the MailWatch.pm Anybody have any iders? Ubuntu 9.10 Perl 5.10.0 Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=linux, osvers=2.6.24-23-server, archname=x86_64-linux-gnu-thread-multi uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 utc 2009 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef MailScanner E-Mail Virus Scanner version 4.74.16 starting... Could not use Custom Function code /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;" Could not use Custom Function code /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be "require"d. Make sure the last line of the file says "1;" Read 848 hostnames from the phishing whitelist Read 4278 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Thanks, Eric From ms-list at alexb.ch Tue Jan 5 23:03:28 2010 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jan 5 23:03:37 2010 Subject: Perl Issues? I think? In-Reply-To: References: Message-ID: <4B43C540.7040909@alexb.ch> seen that... what was it? permissions? On 01/05/10 11:54, Eric Peters wrote: > Hello all, > > Thanks for taking the time to read this. > > Basically just did a clean install of Ubuntu 9.10 server with > MailScanner w/ Mailwatch but when starting up I see the following in > the mail.log "Could not use Custom Function > code........SQLBlackWhiteList.pm, it could not be "require"d. Make > sure the last line of the file says "1;"" Same error with the > MailWatch.pm > > Anybody have any iders? > > Ubuntu 9.10 > Perl 5.10.0 > > Summary of my perl5 (revision 5 version 10 subversion 0) configuration: > Platform: > osname=linux, osvers=2.6.24-23-server, > archname=x86_64-linux-gnu-thread-multi > uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 > utc 2009 x86_64 gnulinux ' > config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN > -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr > -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local > -Dsitelib=/usr/local/share/perl/5.10.0 > -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 > -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl > -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio > -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib > -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' > hint=recommended, useposix=true, d_sigaction=define > useithreads=define, usemultiplicity=define > useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef > use64bitint=define, use64bitall=define, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > > MailScanner E-Mail Virus Scanner version 4.74.16 starting... > > Could not use Custom Function code > /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be > "require"d. Make sure the last line of the file says "1;" > Could not use Custom Function code > /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be > "require"d. Make sure the last line of the file says "1;" > > Read 848 hostnames from the phishing whitelist > Read 4278 hostnames from the phishing blacklist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Enabling SpamAssassin auto-whitelist functionality... > Using locktype = flock > > > Thanks, > Eric From eric at linuxsystems.net Tue Jan 5 23:33:23 2010 From: eric at linuxsystems.net (Eric Peters) Date: Tue Jan 5 23:33:33 2010 Subject: Perl Issues? I think? In-Reply-To: <4B43C540.7040909@alexb.ch> References: <4B43C540.7040909@alexb.ch> Message-ID: Don't know yet. Can't seem to find the issue? Have you seen this before? I searched the list here at most of the problems that people been experiencing with the /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1; error are mostly on the FreeBSD side... Permissions on the the SQLBlackWhiteList .pm are the following -rw-r--r-- 1 root root I'll change it to postfix:postfix same as mailscanner let ya know if that worked. Cheers, Eric On Tue, Jan 5, 2010 at 3:03 PM, Alex Broens wrote: > seen that... what was it? > permissions? > > On 01/05/10 11:54, Eric Peters wrote: >> >> Hello all, >> >> ? ? Thanks for taking the time to read this. >> >> Basically just did a clean install of Ubuntu 9.10 server with >> MailScanner w/ Mailwatch but when starting up I see the following in >> the mail.log "Could not use Custom Function >> code........SQLBlackWhiteList.pm, it could not be "require"d. Make >> sure the last line of the file says "1;"" Same error with the >> MailWatch.pm >> >> Anybody have any iders? >> >> Ubuntu 9.10 >> Perl 5.10.0 >> >> Summary of my perl5 (revision 5 version 10 subversion 0) configuration: >> ?Platform: >> ? ?osname=linux, osvers=2.6.24-23-server, >> archname=x86_64-linux-gnu-thread-multi >> ? ?uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 >> utc 2009 x86_64 gnulinux ' >> ? ?config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN >> -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr >> -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 >> -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 >> -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local >> -Dsitelib=/usr/local/share/perl/5.10.0 >> -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 >> -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 >> -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl >> -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio >> -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib >> -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' >> ? ?hint=recommended, useposix=true, d_sigaction=define >> ? ?useithreads=define, usemultiplicity=define >> ? ?useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef >> ? ?use64bitint=define, use64bitall=define, uselongdouble=undef >> ? ?usemymalloc=n, bincompat5005=undef >> >> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >> >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be >> "require"d. Make sure the last line of the file says "1;" >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >> "require"d. Make sure the last line of the file says "1;" >> >> Read 848 hostnames from the phishing whitelist >> Read 4278 hostnames from the phishing blacklist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLWhitelist >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> Enabling SpamAssassin auto-whitelist functionality... >> Using locktype = flock >> >> >> Thanks, >> Eric > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikael at syska.dk Wed Jan 6 00:18:19 2010 From: mikael at syska.dk (Mikael Syska) Date: Wed Jan 6 00:18:33 2010 Subject: Perl Issues? I think? In-Reply-To: References: Message-ID: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> Hi, First thing ... you are using a 1 year old version of MailScanner ... update would be the first thing Julian says. I think ... Debian/Ubuntu package are old ... and its been here many times before. They are ( as I know ) not being maintained. Install from the source ...: http://mailscanner.info/downloads.html I'm running a FreeBSD here ... and we have had the same issue I think .. and many other because of Perl/MailScanner ... so I'm always aware of any issue before installing on my production server. This could probably be resolved by downgrading Perl or as above ... update to newest MailScanner. mvh Mikael Syska On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters wrote: > Hello all, > > Thanks for taking the time to read this. > > Basically just did a clean install of Ubuntu 9.10 server with > MailScanner w/ Mailwatch but when starting up I see the following in > the mail.log "Could not use Custom Function > code........SQLBlackWhiteList.pm, it could not be "require"d. Make > sure the last line of the file says "1;"" Same error with the > MailWatch.pm > > Anybody have any iders? > > Ubuntu 9.10 > Perl 5.10.0 > > Summary of my perl5 (revision 5 version 10 subversion 0) configuration: > Platform: > osname=linux, osvers=2.6.24-23-server, > archname=x86_64-linux-gnu-thread-multi > uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 > utc 2009 x86_64 gnulinux ' > config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN > -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr > -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 > -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 > -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local > -Dsitelib=/usr/local/share/perl/5.10.0 > -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 > -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 > -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl > -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio > -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib > -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' > hint=recommended, useposix=true, d_sigaction=define > useithreads=define, usemultiplicity=define > useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef > use64bitint=define, use64bitall=define, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > > MailScanner E-Mail Virus Scanner version 4.74.16 starting... > > Could not use Custom Function code > /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be > "require"d. Make sure the last line of the file says "1;" > Could not use Custom Function code > /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be > "require"d. Make sure the last line of the file says "1;" > > Read 848 hostnames from the phishing whitelist > Read 4278 hostnames from the phishing blacklist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Enabling SpamAssassin auto-whitelist functionality... > Using locktype = flock > > > Thanks, > Eric > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100106/233cef34/attachment.html From Garrod.Alwood at lorodoes.com Wed Jan 6 02:03:17 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 6 02:04:01 2010 Subject: Perl Issues? I think? In-Reply-To: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> Message-ID: <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> Since you are using ubuntu 9.10 you need MailScanner 4.79.1 Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 5, 2010, at 7:14 PM, "Mikael Syska" > wrote: Hi, First thing ... you are using a 1 year old version of MailScanner ... update would be the first thing Julian says. I think ... Debian/Ubuntu package are old ... and its been here many times before. They are ( as I know ) not being maintained. Install from the source ...: http://mailscanner.info/downloads.html I'm running a FreeBSD here ... and we have had the same issue I think .. and many other because of Perl/MailScanner ... so I'm always aware of any issue before installing on my production server. This could probably be resolved by downgrading Perl or as above ... update to newest MailScanner. mvh Mikael Syska On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters <eric@linuxsystems.net> wrote: Hello all, Thanks for taking the time to read this. Basically just did a clean install of Ubuntu 9.10 server with MailScanner w/ Mailwatch but when starting up I see the following in the mail.log "Could not use Custom Function code........SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;"" Same error with the MailWatch.pm Anybody have any iders? Ubuntu 9.10 Perl 5.10.0 Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=linux, osvers=2.6.24-23-server, archname=x86_64-linux-gnu-thread-multi uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 utc 2009 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef MailScanner E-Mail Virus Scanner version 4.74.16 starting... Could not use Custom Function code /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;" Could not use Custom Function code /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be "require"d. Make sure the last line of the file says "1;" Read 848 hostnames from the phishing whitelist Read 4278 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Thanks, Eric -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/0a13c375/attachment.html From eric at linuxsystems.net Wed Jan 6 02:14:50 2010 From: eric at linuxsystems.net (Eric) Date: Wed Jan 6 02:15:10 2010 Subject: Perl Issues? I think? In-Reply-To: <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> Message-ID: <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> Thanks all, Found a deb (which I shouldn't of used) that was 4.78 because of a time crunch. I'll roll the newest ver in by hand in the morning. I have been out of the mailscanner scene for a bit, 2005 was the last time I deployed it. So any issues using mailwatch with the latest greatest mailscanner? Cause mailwatch is looking a bit stale. Cheers, E Sent from my iPhone On Jan 5, 2010, at 6:03 PM, "Garrod M. Alwood" wrote: > Since you are using ubuntu 9.10 you need MailScanner 4.79.1 > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 5, 2010, at 7:14 PM, "Mikael Syska" wrote: > >> Hi, >> >> First thing ... you are using a 1 year old version of >> MailScanner ... update would be the first thing Julian says. >> >> I think ... Debian/Ubuntu package are old ... and its been here >> many times before. They are ( as I know ) not being maintained. >> >> Install from the source ...: >> http://mailscanner.info/downloads.html >> >> I'm running a FreeBSD here ... and we have had the same issue I >> think .. and many other because of Perl/MailScanner ... so I'm >> always aware of any issue before installing on my production server. >> This could probably be resolved by downgrading Perl or as above ... >> update to newest MailScanner. >> >> mvh >> Mikael Syska >> >> On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters >> wrote: >> Hello all, >> >> Thanks for taking the time to read this. >> >> Basically just did a clean install of Ubuntu 9.10 server with >> MailScanner w/ Mailwatch but when starting up I see the following in >> the mail.log "Could not use Custom Function >> code........SQLBlackWhiteList.pm, it could not be "require"d. Make >> sure the last line of the file says "1;"" Same error with the >> MailWatch.pm >> >> Anybody have any iders? >> >> Ubuntu 9.10 >> Perl 5.10.0 >> >> Summary of my perl5 (revision 5 version 10 subversion 0) >> configuration: >> Platform: >> osname=linux, osvers=2.6.24-23-server, >> archname=x86_64-linux-gnu-thread-multi >> uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 >> utc 2009 x86_64 gnulinux ' >> config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN >> -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr >> -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 >> -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 >> -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local >> -Dsitelib=/usr/local/share/perl/5.10.0 >> -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 >> -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 >> -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl >> -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio >> -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib >> -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' >> hint=recommended, useposix=true, d_sigaction=define >> useithreads=define, usemultiplicity=define >> useperlio=define, d_sfio=undef, uselargefiles=define, >> usesocks=undef >> use64bitint=define, use64bitall=define, uselongdouble=undef >> usemymalloc=n, bincompat5005=undef >> >> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >> >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not >> be >> "require"d. Make sure the last line of the file says "1;" >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >> "require"d. Make sure the last line of the file says "1;" >> >> Read 848 hostnames from the phishing whitelist >> Read 4278 hostnames from the phishing blacklist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLWhitelist >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> Enabling SpamAssassin auto-whitelist functionality... >> Using locktype = flock >> >> >> Thanks, >> Eric >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/d89d7b50/attachment.html From Garrod.Alwood at lorodoes.com Wed Jan 6 02:20:27 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 6 02:21:10 2010 Subject: Perl Issues? I think? In-Reply-To: <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> Message-ID: <9FF680B1-0FE6-4850-89F0-54CE7E228F8E@lorodoes.com> Well 4.78 wont work on 9.10. I created my 4.79.1 with alien after untarring the rpm I just would use alien to create a very good deb. I have had no problems except for with apparmor. 4.79.1 is working perfect for me. If you want it I'll send it. Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 5, 2010, at 9:10 PM, "Eric" > wrote: Thanks all, Found a deb (which I shouldn't of used) that was 4.78 because of a time crunch. I'll roll the newest ver in by hand in the morning. I have been out of the mailscanner scene for a bit, 2005 was the last time I deployed it. So any issues using mailwatch with the latest greatest mailscanner? Cause mailwatch is looking a bit stale. Cheers, E Sent from my iPhone On Jan 5, 2010, at 6:03 PM, "Garrod M. Alwood" <Garrod.Alwood@lorodoes.com> wrote: Since you are using ubuntu 9.10 you need MailScanner 4.79.1 Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 5, 2010, at 7:14 PM, "Mikael Syska" <mikael@syska.dk> wrote: Hi, First thing ... you are using a 1 year old version of MailScanner ... update would be the first thing Julian says. I think ... Debian/Ubuntu package are old ... and its been here many times before. They are ( as I know ) not being maintained. Install from the source ...: http://mailscanner.info/downloads.html I'm running a FreeBSD here ... and we have had the same issue I think .. and many other because of Perl/MailScanner ... so I'm always aware of any issue before installing on my production server. This could probably be resolved by downgrading Perl or as above ... update to newest MailScanner. mvh Mikael Syska On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters <eric@linuxsystems.net> wrote: Hello all, Thanks for taking the time to read this. Basically just did a clean install of Ubuntu 9.10 server with MailScanner w/ Mailwatch but when starting up I see the following in the mail.log "Could not use Custom Function code........SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;"" Same error with the MailWatch.pm Anybody have any iders? Ubuntu 9.10 Perl 5.10.0 Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=linux, osvers=2.6.24-23-server, archname=x86_64-linux-gnu-thread-multi uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 utc 2009 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef MailScanner E-Mail Virus Scanner version 4.74.16 starting... Could not use Custom Function code /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;" Could not use Custom Function code /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be "require"d. Make sure the last line of the file says "1;" Read 848 hostnames from the phishing whitelist Read 4278 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Thanks, Eric -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/750de3e1/attachment-0001.html From mikael at syska.dk Wed Jan 6 02:27:20 2010 From: mikael at syska.dk (Mikael Syska) Date: Wed Jan 6 02:27:34 2010 Subject: Perl Issues? I think? In-Reply-To: <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> Message-ID: <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> Hi, No problems for me with the latest version ... using the last version 1.0.4 of mailwatch. Its a paid program now ... even though I dont know where to buy it or the prices. mvh On Wed, Jan 6, 2010 at 3:14 AM, Eric wrote: > Thanks all, > > Found a deb (which I shouldn't of used) that was 4.78 because of a time > crunch. I'll roll the newest ver in by hand in the morning. > > I have been out of the mailscanner scene for a bit, 2005 was the last time > I deployed it. So any issues using mailwatch with the latest greatest > mailscanner? Cause mailwatch is looking a bit stale. > > Cheers, > E > > Sent from my iPhone > > On Jan 5, 2010, at 6:03 PM, "Garrod M. Alwood" > wrote: > > Since you are using ubuntu 9.10 you need MailScanner 4.79.1 > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 5, 2010, at 7:14 PM, "Mikael Syska" < > mikael@syska.dk> wrote: > > Hi, > > First thing ... you are using a 1 year old version of MailScanner ... > update would be the first thing Julian says. > > I think ... Debian/Ubuntu package are old ... and its been here many times > before. They are ( as I know ) not being maintained. > > Install from the source ...: > > http://mailscanner.info/downloads.html > > I'm running a FreeBSD here ... and we have had the same issue I think .. > and many other because of Perl/MailScanner ... so I'm always aware of any > issue before installing on my production server. > This could probably be resolved by downgrading Perl or as above ... update > to newest MailScanner. > > mvh > Mikael Syska > > On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters < > eric@linuxsystems.net> wrote: > >> Hello all, >> >> Thanks for taking the time to read this. >> >> Basically just did a clean install of Ubuntu 9.10 server with >> MailScanner w/ Mailwatch but when starting up I see the following in >> the mail.log "Could not use Custom Function >> code........SQLBlackWhiteList.pm, it could not be "require"d. Make >> sure the last line of the file says "1;"" Same error with the >> MailWatch.pm >> >> Anybody have any iders? >> >> Ubuntu 9.10 >> Perl 5.10.0 >> >> Summary of my perl5 (revision 5 version 10 subversion 0) configuration: >> Platform: >> osname=linux, osvers=2.6.24-23-server, >> archname=x86_64-linux-gnu-thread-multi >> uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 >> utc 2009 x86_64 gnulinux ' >> config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN >> -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr >> -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 >> -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 >> -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local >> -Dsitelib=/usr/local/share/perl/5.10.0 >> -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 >> -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 >> -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl >> -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio >> -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib >> -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' >> hint=recommended, useposix=true, d_sigaction=define >> useithreads=define, usemultiplicity=define >> useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef >> use64bitint=define, use64bitall=define, uselongdouble=undef >> usemymalloc=n, bincompat5005=undef >> >> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >> >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be >> "require"d. Make sure the last line of the file says "1;" >> Could not use Custom Function code >> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >> "require"d. Make sure the last line of the file says "1;" >> >> Read 848 hostnames from the phishing whitelist >> Read 4278 hostnames from the phishing blacklist >> Config: calling custom init function SQLBlacklist >> Config: calling custom init function MailWatchLogging >> Config: calling custom init function SQLWhitelist >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> Enabling SpamAssassin auto-whitelist functionality... >> Using locktype = flock >> >> >> Thanks, >> Eric >> -- >> MailScanner mailing list >> >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100106/0a6d6779/attachment.html From Garrod.Alwood at lorodoes.com Wed Jan 6 02:35:12 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 6 02:35:54 2010 Subject: Perl Issues? I think? In-Reply-To: <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> Message-ID: Mailwatch 1.0.4 is free and released under the gnu because it is on sourceforge, but the mailscanner issue is a tainted perl problem which is fixed by mailscanner 4.79.1 Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 5, 2010, at 9:23 PM, "Mikael Syska" > wrote: Hi, No problems for me with the latest version ... using the last version 1.0.4 of mailwatch. Its a paid program now ... even though I dont know where to buy it or the prices. mvh On Wed, Jan 6, 2010 at 3:14 AM, Eric <eric@linuxsystems.net> wrote: Thanks all, Found a deb (which I shouldn't of used) that was 4.78 because of a time crunch. I'll roll the newest ver in by hand in the morning. I have been out of the mailscanner scene for a bit, 2005 was the last time I deployed it. So any issues using mailwatch with the latest greatest mailscanner? Cause mailwatch is looking a bit stale. Cheers, E Sent from my iPhone On Jan 5, 2010, at 6:03 PM, "Garrod M. Alwood" <Garrod.Alwood@lorodoes.com> wrote: Since you are using ubuntu 9.10 you need MailScanner 4.79.1 Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 5, 2010, at 7:14 PM, "Mikael Syska" <mikael@syska.dk> wrote: Hi, First thing ... you are using a 1 year old version of MailScanner ... update would be the first thing Julian says. I think ... Debian/Ubuntu package are old ... and its been here many times before. They are ( as I know ) not being maintained. Install from the source ...: http://mailscanner.info/downloads.html I'm running a FreeBSD here ... and we have had the same issue I think .. and many other because of Perl/MailScanner ... so I'm always aware of any issue before installing on my production server. This could probably be resolved by downgrading Perl or as above ... update to newest MailScanner. mvh Mikael Syska On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters <eric@linuxsystems.net> wrote: Hello all, Thanks for taking the time to read this. Basically just did a clean install of Ubuntu 9.10 server with MailScanner w/ Mailwatch but when starting up I see the following in the mail.log "Could not use Custom Function code........SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;"" Same error with the MailWatch.pm Anybody have any iders? Ubuntu 9.10 Perl 5.10.0 Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=linux, osvers=2.6.24-23-server, archname=x86_64-linux-gnu-thread-multi uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 utc 2009 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef MailScanner E-Mail Virus Scanner version 4.74.16 starting... Could not use Custom Function code /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be "require"d. Make sure the last line of the file says "1;" Could not use Custom Function code /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be "require"d. Make sure the last line of the file says "1;" Read 848 hostnames from the phishing whitelist Read 4278 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist Using SpamAssassin results cache Connected to SpamAssassin cache database Enabling SpamAssassin auto-whitelist functionality... Using locktype = flock Thanks, Eric -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100105/092762a3/attachment.html From ricardo at wenn.com Wed Jan 6 02:41:15 2010 From: ricardo at wenn.com (Ricardo Branco) Date: Wed Jan 6 02:41:26 2010 Subject: Perl Issues? I think? In-Reply-To: References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com><426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com><715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net><6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> Message-ID: <198113086-1262745674-cardhu_decombobulator_blackberry.rim.net-43820177-@bda203.bisx.produk.on.blackberry> Sent from my BlackBerry? wireless device -----Original Message----- From: "Garrod M. Alwood" Date: Tue, 5 Jan 2010 21:35:12 To: MailScanner discussion Subject: Re: Perl Issues? I think? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eric at linuxsystems.net Wed Jan 6 03:11:33 2010 From: eric at linuxsystems.net (Eric Peters) Date: Wed Jan 6 03:11:44 2010 Subject: Perl Issues? I think? In-Reply-To: <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> Message-ID: Really now? MailWatch is commercial now? Thanks for the heads up will have to check into that. Cheers, E On Tue, Jan 5, 2010 at 6:27 PM, Mikael Syska wrote: > Hi, > > No problems for me with the latest version ... using the last version 1.0.4 > of mailwatch. > > Its a paid program now ... even though I dont know where to buy it or the > prices. > > mvh > > On Wed, Jan 6, 2010 at 3:14 AM, Eric wrote: >> >> Thanks all, >> Found a deb (which I shouldn't of used) that was 4.78 because of a time >> crunch. I'll roll the newest ver in by hand in the morning. >> I have been out of the mailscanner scene for a bit, 2005 was the last time >> I deployed it. So any issues using mailwatch with the latest greatest >> mailscanner? Cause mailwatch is looking a bit stale. >> Cheers, >> E >> >> Sent from my iPhone >> On Jan 5, 2010, at 6:03 PM, "Garrod M. Alwood" >> wrote: >> >> Since you are using ubuntu 9.10 you need MailScanner 4.79.1 >> >> Garrod Alwood >> Open Source Consultant >> 9047384988 >> Garrod.alwood@lorodoes.com >> Sent from my iPod >> On Jan 5, 2010, at 7:14 PM, "Mikael Syska" wrote: >> >> Hi, >> >> First thing ... you are using a 1 year old version of MailScanner ... >> update would be the first thing Julian says. >> >> I think ... Debian/Ubuntu package are old ... and its been here many times >> before. They are ( as I know ) not being maintained. >> >> Install from the source ...: >> http://mailscanner.info/downloads.html >> >> I'm running a FreeBSD here ... and we have had the same issue I think .. >> and many other because of Perl/MailScanner ... so I'm always aware of any >> issue before installing on my production server. >> This could probably be resolved by downgrading Perl or as above ... update >> to newest MailScanner. >> >> mvh >> Mikael Syska >> >> On Tue, Jan 5, 2010 at 11:54 PM, Eric Peters >> wrote: >>> >>> Hello all, >>> >>> ? ? Thanks for taking the time to read this. >>> >>> Basically just did a clean install of Ubuntu 9.10 server with >>> MailScanner w/ Mailwatch but when starting up I see the following in >>> the mail.log "Could not use Custom Function >>> code........SQLBlackWhiteList.pm, it could not be "require"d. Make >>> sure the last line of the file says "1;"" Same error with the >>> MailWatch.pm >>> >>> Anybody have any iders? >>> >>> Ubuntu 9.10 >>> Perl 5.10.0 >>> >>> Summary of my perl5 (revision 5 version 10 subversion 0) configuration: >>> ?Platform: >>> ? ?osname=linux, osvers=2.6.24-23-server, >>> archname=x86_64-linux-gnu-thread-multi >>> ? ?uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 >>> utc 2009 x86_64 gnulinux ' >>> ? ?config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN >>> -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr >>> -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 >>> -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 >>> -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local >>> -Dsitelib=/usr/local/share/perl/5.10.0 >>> -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 >>> -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 >>> -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl >>> -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio >>> -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib >>> -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' >>> ? ?hint=recommended, useposix=true, d_sigaction=define >>> ? ?useithreads=define, usemultiplicity=define >>> ? ?useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef >>> ? ?use64bitint=define, use64bitall=define, uselongdouble=undef >>> ? ?usemymalloc=n, bincompat5005=undef >>> >>> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>> >>> Could not use Custom Function code >>> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be >>> "require"d. Make sure the last line of the file says "1;" >>> Could not use Custom Function code >>> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >>> "require"d. Make sure the last line of the file says "1;" >>> >>> Read 848 hostnames from the phishing whitelist >>> Read 4278 hostnames from the phishing blacklist >>> Config: calling custom init function SQLBlacklist >>> Config: calling custom init function MailWatchLogging >>> Config: calling custom init function SQLWhitelist >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> Enabling SpamAssassin auto-whitelist functionality... >>> Using locktype = flock >>> >>> >>> Thanks, >>> Eric >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From mikej at rogers.com Wed Jan 6 16:56:14 2010 From: mikej at rogers.com (Mike Jakubik) Date: Wed Jan 6 16:56:00 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B4344AC.8070803@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> Message-ID: On Tue, January 5, 2010 8:54 am, mog wrote: > Ya, you need to use MailScanner-4.79.4 which was available a couple > weeks ago from ports. It will work then. > > mog It wont work correctly, I'm the person thats been maintaining FreeBSD mailscanner port for the last few versions, please stop spreading false information. This also isn't specific to perl on FreeBSD, Linux users have reported this issue as well. While MS will start and will appear to work, certain attachments (appears to be zip files) will trigger a taint mode error. See my original post. Since the MS community isn't addressing this, i have made a work around which runs the master script as he run as user, this disabled taint mode. The new port should be available shortly. From Garrod.Alwood at lorodoes.com Wed Jan 6 17:03:41 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 6 17:09:26 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net>, Message-ID: <4124621E-70EB-41F3-A2E9-5D6D9318E20E@mimectl> I was having the taint mode on Ubuntu linux and 4.79.1 fixed it. I know FreeBSD is completely different, but this did fix this issue for me. So yeah 4.79.1 might not fix the taint issue, but remember FreeBSD is unix not Linux and there is a slight difference, but enough to make a difference. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik [mikej@rogers.com] Sent: Wednesday, January 06, 2010 11:56 AM To: MailScanner discussion Subject: Re: More taint mode problems (please help) On Tue, January 5, 2010 8:54 am, mog wrote: > Ya, you need to use MailScanner-4.79.4 which was available a couple > weeks ago from ports. It will work then. > > mog It wont work correctly, I'm the person thats been maintaining FreeBSD mailscanner port for the last few versions, please stop spreading false information. This also isn't specific to perl on FreeBSD, Linux users have reported this issue as well. While MS will start and will appear to work, certain attachments (appears to be zip files) will trigger a taint mode error. See my original post. Since the MS community isn't addressing this, i have made a work around which runs the master script as he run as user, this disabled taint mode. The new port should be available shortly. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100106/0a97be06/attachment.html From J.Ede at birchenallhowden.co.uk Wed Jan 6 18:10:20 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 6 18:15:19 2010 Subject: OT postfix recipient verification Message-ID: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> Recipient verification has been working fine for years, but we've just had a problem crop up. Someone is sending status/error emails from their webserver back to their office. Some of the emails primary 'to' address is to someone who has left, but the other recipients are still valid. Recipient verification still rejects the email. Is there a way round this without having to run another postfix instance and split the email up into emails? My response so far has been that they need to fix their list of email recipients to all be valid addresses as basic maintenance anyway, but they're worried that if someone on the To list leaves then emails will suddenly stop coming through again. Any ways round this? Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100106/f2b9390e/attachment.html From alex at rtpty.com Wed Jan 6 18:26:18 2010 From: alex at rtpty.com (Alex Neuman) Date: Wed Jan 6 18:26:33 2010 Subject: OT postfix recipient verification In-Reply-To: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> Message-ID: <5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com> Not the way you define it, no. You either change what comes into the system (by splitting recipients so recipient verification works) or you change what the system does (by disabling recipient verification, which is potentially catastrophic). On Jan 6, 2010, at 1:10 PM, Jason Ede wrote: > My response so far has been that they need to fix their list of email recipients to all be valid addresses as basic maintenance anyway, but they?re worried that if someone on the To list leaves then emails will suddenly stop coming through again. Any ways round this? > From apu at nocservices.com Wed Jan 6 18:26:58 2010 From: apu at nocservices.com (Apu) Date: Wed Jan 6 18:27:13 2010 Subject: OT postfix recipient verification In-Reply-To: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> Message-ID: <4B44D5F2.7020003@nocservices.com> On 1/6/10 1:10 PM, Jason Ede wrote: > My response so far has been that they need to fix their list of email > recipients to all be valid addresses as basic maintenance anyway, but > they?re worried that if someone on the To list leaves then emails will > suddenly stop coming through again. Any ways round this? Can you have them send to an e-mail alias that expands to the right list of recipients? webteam@example.com that then gets delivered to the various individuals. If someone leaves, the webteam@example.com address is still a valid recipient. -- Apu NOC Services Corp. www.nocservices.com From steve.freegard at fsl.com Wed Jan 6 18:57:55 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jan 6 18:58:07 2010 Subject: OT postfix recipient verification In-Reply-To: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> Message-ID: <4B44DD33.8000406@fsl.com> On 06/01/10 18:10, Jason Ede wrote: > Recipient verification has been working fine for years, but we?ve just > had a problem crop up. Someone is sending status/error emails from their > webserver back to their office. Some of the emails primary ?to? address > is to someone who has left, but the other recipients are still valid. > Recipient verification still rejects the email. Is there a way round > this without having to run another postfix instance and split the email > up into emails? That doesn't sound right at all. How are you doing the verification? via the verify daemon? Recipient verification should only affect the invalid recipient and shouldn't affect the other valid recipients unless the senders server is so poorly implemented and gives up sending the entire message as soon as one of the recipients is rejected... Maybe you could provide an example? Cheers, Steve. From rcooper at dwford.com Wed Jan 6 20:13:04 2010 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jan 6 20:13:20 2010 Subject: OT postfix recipient verification In-Reply-To: <5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com> Message-ID: <26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Wednesday, January 06, 2010 1:26 PM To: MailScanner discussion Subject: Re: OT postfix recipient verification > Not the way you define it, no. You either change what comes into the > system (by splitting recipients so recipient verification works) or you > change what the system does (by disabling recipient verification, which > is potentially catastrophic). Why would recipient verification be catastrophic? I would think any responsible system would verify recipients before accepting the mail. > > On Jan 6, 2010, at 1:10 PM, Jason Ede wrote: > >> My response so far has been that they need to fix their list of email >> recipients to all be valid addresses as basic maintenance anyway, but >> they're worried that if someone on the To list leaves then emails will >> suddenly stop coming through again. Any ways round this? The way I handle these distributions within our company(s) is these types of mails are sent to an alias that explodes into the actual recipients. I do this for the very reason stated, it's easier for me to replace someone on the alias list than manage all the points from which the contact might originate. Anything that relates to say sales@abc.com, service@abc.com is handled the same way. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Wed Jan 6 20:15:36 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 6 20:17:25 2010 Subject: OT postfix recipient verification In-Reply-To: <4B44D5F2.7020003@nocservices.com> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <4B44D5F2.7020003@nocservices.com> Message-ID: <1213490F1F316842A544A850422BFA96128C18BA4F@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Apu > Sent: 06 January 2010 18:27 > To: MailScanner discussion > Subject: Re: OT postfix recipient verification > > On 1/6/10 1:10 PM, Jason Ede wrote: > > My response so far has been that they need to fix their list of email > > recipients to all be valid addresses as basic maintenance anyway, but > > they?re worried that if someone on the To list leaves then emails > will > > suddenly stop coming through again. Any ways round this? > > Can you have them send to an e-mail alias that expands to the right > list > of recipients? webteam@example.com that then gets delivered to the > various individuals. If someone leaves, the webteam@example.com > address > is still a valid recipient. > Now why didn't I think of that. That is ideal! I'll suggest that tomorrow. Also this should be easier to maintain as well as there won't be lists of recipients on the web server. Jason From J.Ede at birchenallhowden.co.uk Wed Jan 6 20:24:30 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 6 20:25:07 2010 Subject: OT postfix recipient verification In-Reply-To: <4B44DD33.8000406@fsl.com> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <4B44DD33.8000406@fsl.com> Message-ID: <1213490F1F316842A544A850422BFA96128C18BA50@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Steve Freegard > Sent: 06 January 2010 18:58 > To: MailScanner discussion > Subject: Re: OT postfix recipient verification > > On 06/01/10 18:10, Jason Ede wrote: > > Recipient verification has been working fine for years, but we've > just > > had a problem crop up. Someone is sending status/error emails from > their > > webserver back to their office. Some of the emails primary 'to' > address > > is to someone who has left, but the other recipients are still valid. > > Recipient verification still rejects the email. Is there a way round > > this without having to run another postfix instance and split the > email > > up into emails? > > That doesn't sound right at all. How are you doing the verification? > via the verify daemon? Verification is via the receipt verification within postfix. I've a btree database file as per the postfix docs. > Recipient verification should only affect the invalid recipient and > shouldn't affect the other valid recipients unless the senders server > is > so poorly implemented and gives up sending the entire message as soon > as > one of the recipients is rejected... I've not had any of the bounces yet, but am trying to get hold of them. I've had to whitelist their server from greylisting as it doesn't seem to handle it very well. All I know of the server itself is that it uses a Microsoft SMTP service. > Maybe you could provide an example? When I get an actual bounce I'll know a lot more. > Cheers, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at rtpty.com Wed Jan 6 20:26:09 2010 From: alex at rtpty.com (Alex Neuman) Date: Wed Jan 6 20:26:29 2010 Subject: OT postfix recipient verification In-Reply-To: <26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com> <26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> Message-ID: <09B88F5C-34BF-48EB-9C61-0F041A877F09@rtpty.com> **DISABLING*** verification is potentially catastrophic, as it opens the possibility for someone to abuse your server. I don't believe servers should blindly accept e-mail for their users without verifying that those users exist in the first place. On Jan 6, 2010, at 3:13 PM, Rick Cooper wrote: >> change what the system does (by disabling recipient verification, which >> is potentially catastrophic). > > Why would recipient verification be catastrophic? I would think any > responsible system would verify recipients before accepting the mail. >> >> On Jan 6, 2010, at 1:10 PM, Jason Ede wrote: >> >>> My response so far has been that they need to fix their list of email >>> recipients to all be valid addresses as basic maintenance anyway, but >>> they're worried that if someone on the To list leaves then emails will >>> suddenly stop coming through again. Any ways round this? > > The way I handle these distributions within our company(s) is these types of > mails are sent to an alias that explodes into the actual recipients. I do > this for the very reason stated, it's easier for me to replace someone on > the alias list than manage all the points from which the contact might > originate. Anything that relates to say sales@abc.com, service@abc.com is > handled the same way. From Kevin_Miller at ci.juneau.ak.us Wed Jan 6 20:34:18 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jan 6 20:34:29 2010 Subject: OT postfix recipient verification In-Reply-To: <26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com> <26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> Message-ID: <4A09477D575C2C4B86497161427DD94C137B7E93FA@city-exchange07> Rick Cooper wrote: > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman Sent: Wednesday, January 06, 2010 1:26 PM To: MailScanner > discussion > Subject: Re: OT postfix recipient verification > >> Not the way you define it, no. You either change what comes into the >> system (by splitting recipients so recipient verification works) or >> you change what the system does (by disabling recipient verification, >> which is potentially catastrophic). > > Why would recipient verification be catastrophic? I would think any > responsible system would verify recipients before accepting the mail. Reread it - he's saying *disabling* recipient verification would be... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From rcooper at dwford.com Wed Jan 6 20:40:14 2010 From: rcooper at dwford.com (Rick Cooper) Date: Wed Jan 6 20:40:29 2010 Subject: OT postfix recipient verification In-Reply-To: <09B88F5C-34BF-48EB-9C61-0F041A877F09@rtpty.com> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local><5E2A65FC-D149-46D5-A68F-258099C1FA12@rtpty.com><26BE0B284CDC439BA8B0FB4D9142D97D@SAHOMELT> <09B88F5C-34BF-48EB-9C61-0F041A877F09@rtpty.com> Message-ID: ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Wednesday, January 06, 2010 3:26 PM To: MailScanner discussion Subject: Re: OT postfix recipient verification > **DISABLING*** verification is potentially catastrophic, as it opens the > possibility for someone to abuse your server. I don't believe servers > should blindly accept e-mail for their users without verifying that those > users exist in the first place. Duh, now that I have pulled my head from the dark place I see I miss read the inflection My bad > > On Jan 6, 2010, at 3:13 PM, Rick Cooper wrote: > >>> change what the system does (by disabling recipient verification, which >>> is potentially catastrophic). >> >> Why would recipient verification be catastrophic? I would think any >> responsible system would verify recipients before accepting the mail. >>> >>> On Jan 6, 2010, at 1:10 PM, Jason Ede wrote: >>> >>>> My response so far has been that they need to fix their list of email >>>> recipients to all be valid addresses as basic maintenance anyway, but >>>> they're worried that if someone on the To list leaves then emails will >>>> suddenly stop coming through again. Any ways round this? >> >> The way I handle these distributions within our company(s) is these >> types of mails are sent to an alias that explodes into the actual >> recipients. I do this for the very reason stated, it's easier for me to >> replace someone on the alias list than manage all the points from which >> the contact might originate. Anything that relates to say sales@abc.com, >> service@abc.com is handled the same way. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Jan 6 23:43:26 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jan 6 23:43:35 2010 Subject: OT postfix recipient verification In-Reply-To: <1213490F1F316842A544A850422BFA96128C18BA50@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <4B44DD33.8000406@fsl.com> <1213490F1F316842A544A850422BFA96128C18BA50@BHLSBS.bhl.local> Message-ID: <223f97701001061543y527aaae1y26f73affcdc0a9b1@mail.gmail.com> 2010/1/6 Jason Ede : >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Steve Freegard >> Sent: 06 January 2010 18:58 >> To: MailScanner discussion >> Subject: Re: OT postfix recipient verification >> >> On 06/01/10 18:10, Jason Ede wrote: >> > Recipient verification has been working fine for years, but we've >> just >> > had a problem crop up. Someone is sending status/error emails from >> their >> > webserver back to their office. Some of the emails primary 'to' >> address >> > is to someone who has left, but the other recipients are still valid. >> > Recipient verification still rejects the email. Is there a way round >> > this without having to run another postfix instance and split the >> email >> > up into emails? >> >> That doesn't sound right at all. ? How are you doing the verification? >> via the verify daemon? > > Verification is via the receipt verification within postfix. I've a btree database file as per the postfix docs. > > >> Recipient verification should only affect the invalid recipient and >> shouldn't affect the other valid recipients unless the senders server >> is >> so poorly implemented and gives up sending the entire message as soon >> as >> one of the recipients is rejected... > > I've not had any of the bounces yet, but am trying to get hold of them. I've had to whitelist their server from greylisting as it doesn't seem to handle it very well. All I know of the server itself is that it uses a Microsoft SMTP service. > > >> Maybe you could provide an example? > > When I get an actual bounce I'll know a lot more. > Unless M$ managed to botch even that, this sounds like a bit of FUD from your users:-). It's as Steve says. the recipient verification simply can't (or at least SHOULDN'T) have the effect described, at least not for a true MTA. The good thing is that ANY problem is squarely in THEIR court. Make sure to mention that any problems incurred is due to their systems misbehavior, and that anything you do to fix it is a pure courtesy;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Thu Jan 7 06:22:52 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 7 06:23:12 2010 Subject: sendmail header removal In-Reply-To: <4B436D02.10706@linux-kernel.at> References: <1964AAFBC212F742958F9275BF63DBB0E30A3A@winchester.andrewscompanies.com><7EF0EE5CB3B263488C8C18823239BEBA03CFC9@HC-MBX02.herefordshire.gov.uk> <4B43679C.7090501@linux-kernel.at> <7EF0EE5CB3B263488C8C18823239BEBA03CFCA@HC-MBX02.herefordshire.gov.uk> <4B436D02.10706@linux-kernel.at> Message-ID: <4B457DBC.1070802@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/01/10 17:46, Oliver Falk wrote: > Am 05.01.2010 17:37, schrieb Randal, Phil: >> Indeed, but one misconfigured box somewhere is all it takes... > > OK. Let's pretend we're perfect and never make any configuration > mistakes :-) OINK is in the air. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktFfbkACgkQBvzDRVjxmYFstQCfYQfeKF4iXBqkjN/1qDvD8Wjc Wp8AoIOhLtkWyLI6ON/oLJ1s/t88DZbi =iRUe -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Jan 7 06:25:36 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 7 06:25:45 2010 Subject: Possible to archive based on attachments? In-Reply-To: <305738BE-643B-4537-B727-0F9922C94F2E@rtpty.com> References: <625385e31001050858h19e93fedybc490db5266437bf@mail.gmail.com><7EF0EE5CB3B263488C8C18823239BEBA03CFCB@HC-MBX02.herefordshire.gov.uk> <698C0E3D-EC28-4DDA-B057-C3C39BFAA3E3@rtpty.com> <7EF0EE5CB3B263488C8C18823239BEBA03CFCC@HC-MBX02.herefordshire.gov.uk> <305738BE-643B-4537-B727-0F9922C94F2E@rtpty.com> Message-ID: <4B457E60.4010307@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/01/10 18:48, Alex Neuman wrote: > Would this work with some otherwise braindead and/or broken mailers like, I dunno, Outlook Express or whatever? It will fail on uuencoded files ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktFfl4ACgkQBvzDRVjxmYE+5wCeIb2L8xAqvdq3O8cwgjkA4VZQ 7u8AnjemUpXYdtE90QocVbAqLVrH/4ok =79zE -----END PGP SIGNATURE----- From uxbod at splatnix.net Thu Jan 7 10:05:35 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 7 10:18:19 2010 Subject: [OT] ScamNailer Message-ID: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> Hi, Have started to use the scamnailer clam signatures but it does not appear to have been updated since: -rw-r--r-- 1 clamav clamav 4503678 Dec 15 12:28 scamnailer.ndb Is that correct ? Thanks - Phil From jaearick at colby.edu Thu Jan 7 11:57:39 2010 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Jan 7 11:57:52 2010 Subject: [OT] ScamNailer In-Reply-To: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> Message-ID: Hi, I'm running ScamNailer on my box (Solaris 10), I see SCAMNAILER sigs in my SpamAssassin syslogs, and I don't find that file anyplace on my system. I'm running version 2.07 of ScamNailer. Jeff Earickson On Thu, 7 Jan 2010, --[ UxBoD ]-- wrote: > Date: Thu, 7 Jan 2010 10:05:35 +0000 (GMT) > From: "--[ UxBoD ]--" > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: [OT] ScamNailer > > Hi, > > Have started to use the scamnailer clam signatures but it does not appear to have been updated since: > > -rw-r--r-- 1 clamav clamav 4503678 Dec 15 12:28 scamnailer.ndb > > Is that correct ? > > Thanks - Phil > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From richard at fastnet.co.uk Thu Jan 7 12:06:28 2010 From: richard at fastnet.co.uk (Richard Mealing) Date: Thu Jan 7 12:05:09 2010 Subject: [OT] ScamNailer In-Reply-To: References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> Message-ID: Mine is the same as Phil's. 15th Dec. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson Sent: 07 January 2010 11:58 To: MailScanner discussion Subject: Re: [OT] ScamNailer Hi, I'm running ScamNailer on my box (Solaris 10), I see SCAMNAILER sigs in my SpamAssassin syslogs, and I don't find that file anyplace on my system. I'm running version 2.07 of ScamNailer. Jeff Earickson On Thu, 7 Jan 2010, --[ UxBoD ]-- wrote: > Date: Thu, 7 Jan 2010 10:05:35 +0000 (GMT) > From: "--[ UxBoD ]--" > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: [OT] ScamNailer > > Hi, > > Have started to use the scamnailer clam signatures but it does not appear to have been updated since: > > -rw-r--r-- 1 clamav clamav 4503678 Dec 15 12:28 scamnailer.ndb > > Is that correct ? > > Thanks - Phil > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at elasticmind.net Thu Jan 7 13:57:30 2010 From: lists at elasticmind.net (mog) Date: Thu Jan 7 13:57:52 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> Message-ID: <4B45E84A.40802@elasticmind.net> On 06/01/2010 16:56, Mike Jakubik wrote: > On Tue, January 5, 2010 8:54 am, mog wrote: > >> Ya, you need to use MailScanner-4.79.4 which was available a couple >> weeks ago from ports. It will work then. >> >> mog >> > It wont work correctly, I'm the person thats been maintaining FreeBSD > mailscanner port for the last few versions, please stop spreading false > information. This also isn't specific to perl on FreeBSD, Linux users have > reported this issue as well. > > While MS will start and will appear to work, certain attachments (appears > to be zip files) will trigger a taint mode error. See my original post. > > Since the MS community isn't addressing this, i have made a work around > which runs the master script as he run as user, this disabled taint mode. > The new port should be available shortly. > > Oh right, so unfortunately the problem still hasn't been fully overcome. Sorry, I was not aware of this until now and thought everything was working fine when using the lastest MailScanner version and perl 5.10.1 - based on the following extract from one of your previous messages and upgrades I'd done myself: "FreeBSD admins rejoice, you can finally update perl without breaking MailScanner. I have tested the latest version and it works great. I've also submited a pr to update the port so it will be available soon." I hope that wasn't your intention, but I find myself being slightly offended by being accused of spreading false information. I also maintain FreeBSD ports so can appreciate the difficulties in porting software and would *never* knowingly distribute incorrect information; all it would have taken was for someone to point out the misunderstanding (which in an unpleasant way you did, so thanks for that I guess). I'd like to express my apologies to anyone who may have been caught up in the confusion, I think I may have been thrown by the previous post at the time as it mentions using an old version of Perl. As it happens, we are also today beginning to notice the problems you describe whereby some messages containing attachments are not successfully scanned and delivered. I'm not sure if Julian is aware of the problems yet but hopefully he might be able to shed some light on it when he's back. *fingers crossed* Obviously this problem will be affecting a lot of people but unfortunately I don't know much about Perl at all. If there's anything else I can do to help (like testing port patches etc), please let me know. Kind regards, mog From dcurtis at sbschools.net Thu Jan 7 15:01:19 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 15:09:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B45E84A.40802@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> <4B45E84A.40802@elasticmind.net> Message-ID: <73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net> I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ecasarero at gmail.com Thu Jan 7 15:15:44 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Jan 7 15:16:13 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> <4B45E84A.40802@elasticmind.net> <73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net> Message-ID: <7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> 2010/1/7 > I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but > what I am trying is to setup the spam.assassin.prefs.conf file. I have > it set to score at 0.00 and it is not obeying this setting. I have > looked at other scores and they are not obeying the settings I have in > this file. > > Where do I start to look to find out why my spam.assassin.prefs.conf > file is no longer obeying the score settings? > > We have two servers with the same setup and both are centos 5.2. > MailScanner 4.76.25. I have been ignoring this for a while but it has > been going on for many MailScanner revisions so not sure of where to > start. > > Thanks, > Dave > Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/f19ecda9/attachment.html From mark at msapiro.net Thu Jan 7 15:24:20 2010 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jan 7 15:24:32 2010 Subject: [OT] ScamNailer In-Reply-To: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> Message-ID: <4B45FCA4.8030802@msapiro.net> On 11:59 AM, --[ UxBoD ]-- wrote: > Hi, > > Have started to use the scamnailer clam signatures but it does not > appear to have been updated since: > > -rw-r--r-- 1 clamav clamav 4503678 Dec 15 12:28 scamnailer.ndb > > Is that correct ? It is correct that the file at http://www.mailscanner.eu/scamnailer.ndb has not been updated since 2009 Dec 15 12:28 UTC, however it should have been. If you get the list from http://www.mailscanner.tv/emails.*, it has been updated regularly (and more than the name changes). It would probably be preferable to make the sigs yourself using the ClamNailer script from -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mikej at rogers.com Thu Jan 7 15:54:17 2010 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jan 7 15:53:54 2010 Subject: Perl Issues? I think? In-Reply-To: References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> Message-ID: <4303377db7631840a31e8f7b41910d5b.squirrel@wettoast.dyndns.org> On Tue, January 5, 2010 10:11 pm, Eric Peters wrote: >>>> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>>> >>>> Could not use Custom Function code >>>> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be >>>> "require"d. Make sure the last line of the file says "1;" >>>> Could not use Custom Function code >>>> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >>>> "require"d. Make sure the last line of the file says "1;" This is caused by taint mode incompatibilities between MS and newer versions of perl. You can downgrade perl or update to the latest MS, however the latest version still has taint mode problems with certain attachments. From dcurtis at sbschools.net Thu Jan 7 15:55:14 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 15:59:16 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net> <7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> I have no custom.cf in the /etc/mail/spamassassin folder. I could create one but MailScanner puts a mailscanner.cf in the spamassassin folder so it should already be obeying the rule from there? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 10:16 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/3adeabe5/attachment.html From ecasarero at gmail.com Thu Jan 7 16:08:59 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Jan 7 16:09:29 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> References: <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> <4B45E84A.40802@elasticmind.net> <73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net> <7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> Message-ID: <7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com> yes it should be obeying from any .cf. 2010/1/7 > I have no custom.cf in the /etc/mail/spamassassin folder. I could create > one but MailScanner puts a mailscanner.cf in the spamassassin folder so it > should already be obeying the rule from there? > > > > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Eduardo > Casarero > *Sent:* Thursday, January 07, 2010 10:16 AM > *To:* MailScanner discussion > *Subject:* Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > > > 2010/1/7 > > I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but > what I am trying is to setup the spam.assassin.prefs.conf file. I have > it set to score at 0.00 and it is not obeying this setting. I have > looked at other scores and they are not obeying the settings I have in > this file. > > Where do I start to look to find out why my spam.assassin.prefs.conf > file is no longer obeying the score settings? > > We have two servers with the same setup and both are centos 5.2. > MailScanner 4.76.25. I have been ignoring this for a while but it has > been going on for many MailScanner revisions so not sure of where to > start. > > Thanks, > Dave > > > > Did you restart mailscanner? if you use re2c you have to do an sa-compile. > > > > in my /etc/mail/spamassassin/custom.cf i have: > > > > score FH_DATE_PAST_20XX 0 > > > > and it works for me. > > > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family Educational > Rights and Privacy Act (FERPA) or the Health Insurance Portability and > Accountability Act (HIPAA). If this email contains confidential and/or > privileged health or student information and you are not entitled to access > such information under FERPA or HIPAA, federal regulations require that you > destroy this email without reviewing it and you may not forward it to > anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* ,*ClamAV > * and *Bitdefender* , > and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/1f3ce7c4/attachment.html From dcurtis at sbschools.net Thu Jan 7 16:07:19 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 16:14:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> I just added custom.cf with the score FH_DATE_PAST_20XX 0 In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. Any other suggestions? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Thursday, January 07, 2010 10:55 AM To: mailscanner@lists.mailscanner.info Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 I have no custom.cf in the /etc/mail/spamassassin folder. I could create one but MailScanner puts a mailscanner.cf in the spamassassin folder so it should already be obeying the rule from there? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 10:16 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/e628d73e/attachment.html From k.joch at kmjeuro.com Thu Jan 7 16:22:32 2010 From: k.joch at kmjeuro.com (Karl M. Joch) Date: Thu Jan 7 16:22:48 2010 Subject: AW: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> Message-ID: had the same Problem today on a few servers. run sa-update and restart MailScanner solved the problem. >-----Urspr?ngliche Nachricht----- >Von: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag >von dcurtis@sbschools.net >Gesendet: Donnerstag, 07. J?nner 2010 17:07 >An: mailscanner@lists.mailscanner.info >Betreff: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > >I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > > >Any other suggestions? > > > >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of dcurtis@sbschools.net >Sent: Thursday, January 07, 2010 10:55 AM >To: mailscanner@lists.mailscanner.info >Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > >I have no custom.cf in the /etc/mail/spamassassin folder. I >could create one but MailScanner puts a mailscanner.cf in the >spamassassin folder so it should already be obeying the rule >from there? > > > >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Eduardo Casarero >Sent: Thursday, January 07, 2010 10:16 AM >To: MailScanner discussion >Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > > >2010/1/7 > >I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but >what I am trying is to setup the spam.assassin.prefs.conf file. I have >it set to score at 0.00 and it is not obeying this setting. I have >looked at other scores and they are not obeying the settings I have in >this file. > >Where do I start to look to find out why my spam.assassin.prefs.conf >file is no longer obeying the score settings? > >We have two servers with the same setup and both are centos 5.2. >MailScanner 4.76.25. I have been ignoring this for a while but it has >been going on for many MailScanner revisions so not sure of where to >start. > >Thanks, >Dave > > > >Did you restart mailscanner? if you use re2c you have to do an >sa-compile. > > > >in my /etc/mail/spamassassin/custom.cf i have: > > > >score FH_DATE_PAST_20XX 0 > > > >and it works for me. > > > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the >Health Insurance > Portability and Accountability Act (HIPAA). If this >email contains > confidential and/or privileged health or student >information and you > are not entitled to access such information under FERPA >or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > >______________________________________________________________ >______________________________________________________________ >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. >-- >This message has been scanned for viruses and >dangerous content by MailScanner > ,ClamAV > and Bitdefender > , and is >believed to be clean. > > >______________________________________________________________ >______________________________________________________________ >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. >-- >This message has been scanned for viruses and >dangerous content by MailScanner > ,ClamAV > and Bitdefender > , and is >believed to be clean. > > From ms-list at alexb.ch Thu Jan 7 16:23:57 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Jan 7 16:24:05 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> Message-ID: <4B460A9D.2020605@alexb.ch> have you cleared MailScanner's Spamasassin "cache" ? (that guy can be a pita) have you restarted MailScanner? get hold of a msg and pipe it manually thru SA: cat msg |spamassassin what does that report look like? is the rule still active? h2h Alex On 01/07/10 05:07, dcurtis@sbschools.net wrote: > I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > > > Any other suggestions? > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > dcurtis@sbschools.net > Sent: Thursday, January 07, 2010 10:55 AM > To: mailscanner@lists.mailscanner.info > Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > I have no custom.cf in the /etc/mail/spamassassin folder. I could create > one but MailScanner puts a mailscanner.cf in the spamassassin folder so > it should already be obeying the rule from there? > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo > Casarero > Sent: Thursday, January 07, 2010 10:16 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > > > 2010/1/7 > > I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but > what I am trying is to setup the spam.assassin.prefs.conf file. I have > it set to score at 0.00 and it is not obeying this setting. I have > looked at other scores and they are not obeying the settings I have in > this file. > > Where do I start to look to find out why my spam.assassin.prefs.conf > file is no longer obeying the score settings? > > We have two servers with the same setup and both are centos 5.2. > MailScanner 4.76.25. I have been ignoring this for a while but it has > been going on for many MailScanner revisions so not sure of where to > start. > > Thanks, > Dave > > > > Did you restart mailscanner? if you use re2c you have to do an > sa-compile. > > > > in my /etc/mail/spamassassin/custom.cf i have: > > > > score FH_DATE_PAST_20XX 0 > > > > and it works for me. > > > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health > Insurance > Portability and Accountability Act (HIPAA). If this email > contains > confidential and/or privileged health or student information and > you > are not entitled to access such information under FERPA or > HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you are > not entitled to access such information under FERPA or HIPAA, federal > regulations require that you destroy this email without reviewing it and > you may not forward it to anyone. > From dcurtis at sbschools.net Thu Jan 7 16:22:43 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 16:24:16 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com> References: <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> Is there some MailScanner setting I might be overlooking telling it to ignore these rules or possibly what directory to use for the .cf files? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 11:09 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 yes it should be obeying from any .cf. 2010/1/7 I have no custom.cf in the /etc/mail/spamassassin folder. I could create one but MailScanner puts a mailscanner.cf in the spamassassin folder so it should already be obeying the rule from there? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 10:16 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/620a5e5a/attachment-0001.html From raymond at prolocation.net Thu Jan 7 16:26:07 2010 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Jan 7 16:26:16 2010 Subject: AW: FH_DATE_PAST_20XX 3.38 In-Reply-To: References: Message-ID: Hi! > had the same Problem today on a few servers. run > > sa-update > > and restart MailScanner solved the problem. And ! Delete the SA cache files that MailScanner is using. It can also be cached results! Bye, Rayomnd. From Denis.Beauchemin at USherbrooke.ca Thu Jan 7 16:27:31 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 7 16:28:22 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> Message-ID: <4B460B73.60806@USherbrooke.ca> Le 2010-01-07 11:07, dcurtis@sbschools.net a ?crit : > > I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > Any other suggestions? > > Are these from cached results? If so, you have to stop MS, delete /var/spool/MailScanner/incoming/SpamAssassin.cache.db and restart MS. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From dcurtis at sbschools.net Thu Jan 7 16:28:02 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 16:29:13 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E02@exchange2.sbschools.net> I run sa-update as a cron job nightly and this has been going on for a long time. I just ran sa-update again and restart mailscanner. Still getting the score of 3.38. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Karl M. Joch Sent: Thursday, January 07, 2010 11:23 AM To: MailScanner discussion Subject: AW: [({Spam?})] FH_DATE_PAST_20XX 3.38 had the same Problem today on a few servers. run sa-update and restart MailScanner solved the problem. >-----Urspr?ngliche Nachricht----- >Von: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag >von dcurtis@sbschools.net >Gesendet: Donnerstag, 07. J?nner 2010 17:07 >An: mailscanner@lists.mailscanner.info >Betreff: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > >I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > > >Any other suggestions? > > > >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of dcurtis@sbschools.net >Sent: Thursday, January 07, 2010 10:55 AM >To: mailscanner@lists.mailscanner.info >Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > >I have no custom.cf in the /etc/mail/spamassassin folder. I >could create one but MailScanner puts a mailscanner.cf in the >spamassassin folder so it should already be obeying the rule >from there? > > > >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >Of Eduardo Casarero >Sent: Thursday, January 07, 2010 10:16 AM >To: MailScanner discussion >Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > > >2010/1/7 > >I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but >what I am trying is to setup the spam.assassin.prefs.conf file. I have >it set to score at 0.00 and it is not obeying this setting. I have >looked at other scores and they are not obeying the settings I have in >this file. > >Where do I start to look to find out why my spam.assassin.prefs.conf >file is no longer obeying the score settings? > >We have two servers with the same setup and both are centos 5.2. >MailScanner 4.76.25. I have been ignoring this for a while but it has >been going on for many MailScanner revisions so not sure of where to >start. > >Thanks, >Dave > > > >Did you restart mailscanner? if you use re2c you have to do an >sa-compile. > > > >in my /etc/mail/spamassassin/custom.cf i have: > > > >score FH_DATE_PAST_20XX 0 > > > >and it works for me. > > > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the >Health Insurance > Portability and Accountability Act (HIPAA). If this >email contains > confidential and/or privileged health or student >information and you > are not entitled to access such information under FERPA >or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > >______________________________________________________________ >______________________________________________________________ >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. >-- >This message has been scanned for viruses and >dangerous content by MailScanner > ,ClamAV > and Bitdefender > , and is >believed to be clean. > > >______________________________________________________________ >______________________________________________________________ >This email may contain information protected under the Family >Educational Rights and Privacy Act (FERPA) or the Health >Insurance Portability and Accountability Act (HIPAA). If this >email contains confidential and/or privileged health or >student information and you are not entitled to access such >information under FERPA or HIPAA, federal regulations require >that you destroy this email without reviewing it and you may >not forward it to anyone. >-- >This message has been scanned for viruses and >dangerous content by MailScanner > ,ClamAV > and Bitdefender > , and is >believed to be clean. > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Jan 7 16:35:12 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 7 16:36:00 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> References: <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> Message-ID: <4B460D40.9040007@USherbrooke.ca> Le 2010-01-07 11:22, dcurtis@sbschools.net a ?crit : > > Is there some MailScanner setting I might be overlooking telling it to > ignore these rules or possibly what directory to use for the .cf files? > > Your cf files should go into /etc/mail/spamassassin; you should have the following link in there: /etc/mail/spamassassin/mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Garrod.Alwood at lorodoes.com Thu Jan 7 16:42:06 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Thu Jan 7 16:47:55 2010 Subject: Perl Issues? I think? In-Reply-To: <4303377db7631840a31e8f7b41910d5b.squirrel@wettoast.dyndns.org> References: <6beca9db1001051618oaa773a4sc438b03f50467b75@mail.gmail.com> <426B8FF9-7CC6-49CB-A086-D78CA29E57F0@lorodoes.com> <715DC415-9799-4463-A9B5-35336069B760@linuxsystems.net> <6beca9db1001051827p73f26935pac33a09c3d8c8470@mail.gmail.com> , <4303377db7631840a31e8f7b41910d5b.squirrel@wettoast.dyndns.org> Message-ID: <19139C74-1338-4A61-89C2-CF01DCBEF534@mimectl> Does anyone have a fix for this, cause you are right, I have found like one or two type of attachments that Mailscanner just doesn't like and I thought it was working perfectly, until someone wanted to send us a certian type of attachment. If anyone has any ideas on how to fix this please let me know. Also when was the last time anyone heard anything from Juilan about this issue? Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Jakubik [mikej@rogers.com] Sent: Thursday, January 07, 2010 10:54 AM To: MailScanner discussion Subject: Re: Perl Issues? I think? On Tue, January 5, 2010 10:11 pm, Eric Peters wrote: >>>> MailScanner E-Mail Virus Scanner version 4.74.16 starting... >>>> >>>> Could not use Custom Function code >>>> /etc/MailScanner/CustomFunctions/SQLBlackWhiteList.pm, it could not be >>>> "require"d. Make sure the last line of the file says "1;" >>>> Could not use Custom Function code >>>> /etc/MailScanner/CustomFunctions/MailWatch.pm, it could not be >>>> "require"d. Make sure the last line of the file says "1;" This is caused by taint mode incompatibilities between MS and newer versions of perl. You can downgrade perl or update to the latest MS, however the latest version still has taint mode problems with certain attachments. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/bc66a8d2/attachment.html From richard at fastnet.co.uk Thu Jan 7 16:50:25 2010 From: richard at fastnet.co.uk (Richard Mealing) Date: Thu Jan 7 16:49:07 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> References: <4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com><73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> Message-ID: I thought SA fixed the issue with the false positives? If you run sa-update it should fix the bug - for another 10 years. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269 I'm still seeing it but not at all as much as I did Monday! It should be correctly tagging now.? But yes if you want to change the rule, delete cache and restart ms. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: 07 January 2010 16:23 To: mailscanner@lists.mailscanner.info Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 Is there some MailScanner setting I might be overlooking telling it to ignore these rules or possibly what directory to use for the .cf files? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 11:09 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 yes it should be obeying from any .cf. 2010/1/7 I have no custom.cf in the /etc/mail/spamassassin folder. I could create one but MailScanner puts a mailscanner.cf in the spamassassin folder so it should already be obeying the rule from there? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 10:16 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/834add87/attachment.html From dcurtis at sbschools.net Thu Jan 7 17:17:42 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 17:19:13 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B460A9D.2020605@alexb.ch> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460A9D.2020605@alexb.ch> Message-ID: <73461DFCD2207F44A16F136A46195545472E04@exchange2.sbschools.net> How do I clear the cache? Yes restarted MailScanner after every change. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Thursday, January 07, 2010 11:24 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 have you cleared MailScanner's Spamasassin "cache" ? (that guy can be a pita) have you restarted MailScanner? get hold of a msg and pipe it manually thru SA: cat msg |spamassassin what does that report look like? is the rule still active? h2h Alex On 01/07/10 05:07, dcurtis@sbschools.net wrote: > I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > > > Any other suggestions? > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > dcurtis@sbschools.net > Sent: Thursday, January 07, 2010 10:55 AM > To: mailscanner@lists.mailscanner.info > Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > I have no custom.cf in the /etc/mail/spamassassin folder. I could create > one but MailScanner puts a mailscanner.cf in the spamassassin folder so > it should already be obeying the rule from there? > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo > Casarero > Sent: Thursday, January 07, 2010 10:16 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > > > > > 2010/1/7 > > I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but > what I am trying is to setup the spam.assassin.prefs.conf file. I have > it set to score at 0.00 and it is not obeying this setting. I have > looked at other scores and they are not obeying the settings I have in > this file. > > Where do I start to look to find out why my spam.assassin.prefs.conf > file is no longer obeying the score settings? > > We have two servers with the same setup and both are centos 5.2. > MailScanner 4.76.25. I have been ignoring this for a while but it has > been going on for many MailScanner revisions so not sure of where to > start. > > Thanks, > Dave > > > > Did you restart mailscanner? if you use re2c you have to do an > sa-compile. > > > > in my /etc/mail/spamassassin/custom.cf i have: > > > > score FH_DATE_PAST_20XX 0 > > > > and it works for me. > > > > > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health > Insurance > Portability and Accountability Act (HIPAA). If this email > contains > confidential and/or privileged health or student information and > you > are not entitled to access such information under FERPA or > HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you are > not entitled to access such information under FERPA or HIPAA, federal > regulations require that you destroy this email without reviewing it and > you may not forward it to anyone. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Thu Jan 7 17:23:33 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 17:24:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B460B73.60806@USherbrooke.ca> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> Message-ID: <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> Deleted the cache file and still getting the 3.38 score. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Thursday, January 07, 2010 11:28 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 Le 2010-01-07 11:07, dcurtis@sbschools.net a ?crit : > > I just added custom.cf with the score FH_DATE_PAST_20XX 0 > > In it. MailScanner is still scoring FH_DATE_PAST_20XX as 3.38. > > Any other suggestions? > > Are these from cached results? If so, you have to stop MS, delete /var/spool/MailScanner/incoming/SpamAssassin.cache.db and restart MS. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Thu Jan 7 17:21:22 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 17:24:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com><73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E05@exchange2.sbschools.net> I run sa-update daily via a cron job and have manually run it many times since I first started seeing this problem. I know SA has supposedly fixed it. I am running SA 3.2.5 should I upgrade? I am reluctant to change the rule, because I have so many custom scores that are not being obeyed I thing I need to resolve this problem. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Mealing Sent: Thursday, January 07, 2010 11:50 AM To: MailScanner discussion Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 I thought SA fixed the issue with the false positives? If you run sa-update it should fix the bug - for another 10 years. https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269 I'm still seeing it but not at all as much as I did Monday! It should be correctly tagging now.? But yes if you want to change the rule, delete cache and restart ms. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: 07 January 2010 16:23 To: mailscanner@lists.mailscanner.info Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 Is there some MailScanner setting I might be overlooking telling it to ignore these rules or possibly what directory to use for the .cf files? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 11:09 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 yes it should be obeying from any .cf. 2010/1/7 I have no custom.cf in the /etc/mail/spamassassin folder. I could create one but MailScanner puts a mailscanner.cf in the spamassassin folder so it should already be obeying the rule from there? From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, January 07, 2010 10:16 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 I know there has been a resolution to this FH_DATE_PAST_20XX 3.38, but what I am trying is to setup the spam.assassin.prefs.conf file. I have it set to score at 0.00 and it is not obeying this setting. I have looked at other scores and they are not obeying the settings I have in this file. Where do I start to look to find out why my spam.assassin.prefs.conf file is no longer obeying the score settings? We have two servers with the same setup and both are centos 5.2. MailScanner 4.76.25. I have been ignoring this for a while but it has been going on for many MailScanner revisions so not sure of where to start. Thanks, Dave Did you restart mailscanner? if you use re2c you have to do an sa-compile. in my /etc/mail/spamassassin/custom.cf i have: score FH_DATE_PAST_20XX 0 and it works for me. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100107/0e83f4cf/attachment.html From dcurtis at sbschools.net Thu Jan 7 17:25:06 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 17:29:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B460D40.9040007@USherbrooke.ca> References: <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <7d9b3cf21001070808w2641654ex8bd902b941d91a26@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E01@exchange2.sbschools.net> <4B460D40.9040007@USherbrooke.ca> Message-ID: <73461DFCD2207F44A16F136A46195545472E07@exchange2.sbschools.net> Yes I have the link for mailscanner.cf pointing to /etc/MailScanner/spam.assassin.pref.conf all owned by root. And have added a custom.cf with the score setting and still getting scored 3.38 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: Thursday, January 07, 2010 11:35 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 Le 2010-01-07 11:22, dcurtis@sbschools.net a ?crit : > > Is there some MailScanner setting I might be overlooking telling it to > ignore these rules or possibly what directory to use for the .cf files? > > Your cf files should go into /etc/mail/spamassassin; you should have the following link in there: /etc/mail/spamassassin/mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From doc at maddoc.net Thu Jan 7 17:30:39 2010 From: doc at maddoc.net (Doc Schneider) Date: Thu Jan 7 17:30:49 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> Message-ID: <4B461A3F.50108@maddoc.net> dcurtis@sbschools.net wrote: > Deleted the cache file and still getting the 3.38 score. run sa-compile since it sounds like you're running compiled rules. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ms-list at alexb.ch Thu Jan 7 17:31:43 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Jan 7 17:31:51 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> Message-ID: <4B461A7F.5090302@alexb.ch> On 01/07/10 06:23, dcurtis@sbschools.net wrote: > Deleted the cache file and still getting the 3.38 score. 2nd time: get hold of a msg and pipe it manually thru SA: cat msg |spamassassin what does that report look like? is the rule still active? From dcurtis at sbschools.net Thu Jan 7 17:55:12 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 17:59:19 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B461A3F.50108@maddoc.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A3F.50108@maddoc.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E0B@exchange2.sbschools.net> This is what I get with sa-compile [18553] info: generic: base extraction starting. this can take a while... [18553] info: generic: extracting from rules of type body_0 100% [======================================================================= ======================================================================== =================] 60.41 rules/sec 00m27s DONE 100% [======================================================================= ======================================================================== =================] 98.06 bases/sec 00m29s DONE [18553] info: body_0: 2296 base strings extracted in 57 seconds [18553] info: generic: extracting from rules of type body_500 100% [======================================================================= ======================================================================== =================] 58.35 rules/sec 00m00s DONE 100% [======================================================================= ======================================================================== =================] 3300.00 bases/sec 00m00s DONE [18553] info: body_500: 2 base strings extracted in 0 seconds cd /tmp/.spamassassin18553wyuHD5tmp cd Mail-SpamAssassin-CompiledRegexps-body_0 re2c -i -b -o scanner1.c scanner1.re Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line 287, <$fh> line 2935. command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935 Ran with sa-compile -D -p /etc/MailScanner/spam.assassin.pref.conf got a ton more info but still failed with: cd /tmp/.spamassassin20497d8jsCxtmp cd Mail-SpamAssassin-CompiledRegexps-body_0 re2c -i -b -o scanner1.c scanner1.re Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line 287, <$fh> line 2935. command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, January 07, 2010 12:31 PM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 dcurtis@sbschools.net wrote: > Deleted the cache file and still getting the 3.38 score. run sa-compile since it sounds like you're running compiled rules. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From campbell at cnpapers.com Thu Jan 7 18:11:50 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Jan 7 18:12:03 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E0B@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A3F.50108@maddoc.net> <73461DFCD2207F44A16F136A46195545472E0B@exchange2.sbschools.net> Message-ID: <4B4623E6.2080203@cnpapers.com> dcurtis@sbschools.net wrote: > This is what I get with sa-compile > [18553] info: generic: base extraction starting. this can take a > while... > [18553] info: generic: extracting from rules of type body_0 > 100% > [======================================================================= > ======================================================================== > =================] 60.41 rules/sec 00m27s DONE > 100% > [======================================================================= > ======================================================================== > =================] 98.06 bases/sec 00m29s DONE > [18553] info: body_0: 2296 base strings extracted in 57 seconds > [18553] info: generic: extracting from rules of type body_500 > 100% > [======================================================================= > ======================================================================== > =================] 58.35 rules/sec 00m00s DONE > 100% > [======================================================================= > ======================================================================== > =================] 3300.00 bases/sec 00m00s DONE > [18553] info: body_500: 2 base strings extracted in 0 seconds > cd /tmp/.spamassassin18553wyuHD5tmp > cd Mail-SpamAssassin-CompiledRegexps-body_0 > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line > 287, <$fh> line 2935. > command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935 > > > Ran with sa-compile -D -p /etc/MailScanner/spam.assassin.pref.conf got a > ton more info but still failed with: > cd /tmp/.spamassassin20497d8jsCxtmp > cd Mail-SpamAssassin-CompiledRegexps-body_0 > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line > 287, <$fh> line 2935. > command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, January 07, 2010 12:31 PM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > dcurtis@sbschools.net wrote: > >> Deleted the cache file and still getting the 3.38 score. >> > > run sa-compile since it sounds like you're running compiled rules. > > > I figured I'd check and see what's on my machine. I zeroed out the rule in my spam.assassin.pref.conf file the other day and mine seems OK. The funny thing is I checked for re2c on my machine, and I only see the header rpm file from rpmforge, but no rpm is installed. Just my pennies in case it matters or helps. Steve Campbell From dcurtis at sbschools.net Thu Jan 7 18:10:35 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 18:14:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B461A7F.5090302@alexb.ch> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> Message-ID: <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> I just grabbed a message out of the postfix incoming and ran it and (below) this is the output. I am assuming I need a real message that breaks the FH_DATE_PAST rule? We just pass all out mail through postfix/mailscanner to Exchange. How do I grab a message from Exchange and send it back in? [root@sbmail downloads]# cat 822C56E6566 |spamassassin Received: from localhost by sbmail.sbschools.net with SpamAssassin (version 3.2.5); Thu, 07 Jan 2010 13:05:24 -0500 Subject: [SPAM] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sbmail.sbschools.net X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.3 required=5.0 tests=HEAD_ILLEGAL_CHARS,HEAD_LONG, MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT, NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,NULL_IN_BODY,TVD_SPACE_RATIO, UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_4B462264.B7ED9CC2" This is a multi-part message in MIME format. ------------=_4B462264.B7ED9CC2 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "sbmail.sbschools.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: .style36 {Nfont-size: 14px;N6font-family: Georgia, "Times New Roman", Times, serif;Nfont-weight: bold;N}N .style58 {Nfont-size: 8pt;N3font-family: Verdana, Arial, Helvetica, sans-serif;Ncolor: #CC0000;Nfont-weight: normal;N}N .bstextlink {N3font-family: Verdana, Arial, Helvetica, sans-serif;Nfont-size: 14px;Nfont-weight: bold;N}a:link {Ncolor: #990000;N}N a:visited {Ncolor: #990000;N}N a:hover {Ncolor: #990000;N}N a:active {Ncolor: #990000;N}N [...] Content analysis details: (19.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 MISSING_MID Missing Message-Id: header 0.0 MISSING_DATE Missing Date: header 3.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template -0.0 NO_RELAYS Informational: message was not relayed via SMTP 2.5 MISSING_HB_SEP Missing blank line between message header and body 2.5 HEAD_LONG Message headers are very long 3.7 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters 1.6 MISSING_HEADERS Missing To: header 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO 1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message 1.3 MISSING_SUBJECT Missing Subject: header -0.0 NO_RECEIVED Informational: message has no Received headers 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers ------------=_4B462264.B7ED9CC2 Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: inline Content-Transfer-Encoding: 8bit -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Thursday, January 07, 2010 12:32 PM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 On 01/07/10 06:23, dcurtis@sbschools.net wrote: > Deleted the cache file and still getting the 3.38 score. 2nd time: get hold of a msg and pipe it manually thru SA: cat msg |spamassassin what does that report look like? is the rule still active? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Thu Jan 7 18:51:41 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 18:54:14 2010 Subject: [({Spam?})] RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B4623E6.2080203@cnpapers.com> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A3F.50108@maddoc.net><73461DFCD2207F44A16F136A46195545472E0B@exchange2.sbschools.net> <4B4623E6.2080203@cnpapers.com> Message-ID: <73461DFCD2207F44A16F136A46195545472E0F@exchange2.sbschools.net> Can't seem to catch one yet but just as an example I have spam.assassin.prefs.conf setup with score MISSING_SUBJECT 0.00 and as you see the output below it is ignoring this scoring also. root@sbmail incoming]# cat D51536E64FD |spamassassin [24866] warn: pyzor: check failed: internal error Received: from localhost by sbmail.sbschools.net with SpamAssassin (version 3.2.5); Thu, 07 Jan 2010 13:48:16 -0500 Subject: [SPAM] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sbmail.sbschools.net X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.5 required=5.0 tests=FUZZY_VLIUM,HEAD_LONG, J_BACKHAIR_12,J_CHICKENPOX_13,J_CHICKENPOX_14,J_CHICKENPOX_18,J_CHICKENP OX_21, J_CHICKENPOX_210,J_CHICKENPOX_23,J_CHICKENPOX_24,J_CHICKENPOX_25, J_CHICKENPOX_26,J_CHICKENPOX_27,J_CHICKENPOX_31,J_CHICKENPOX_32, J_CHICKENPOX_33,J_CHICKENPOX_34,J_CHICKENPOX_36,J_CHICKENPOX_37, J_CHICKENPOX_41,J_CHICKENPOX_42,J_CHICKENPOX_43,J_CHICKENPOX_44, J_CHICKENPOX_45,J_CHICKENPOX_51,J_CHICKENPOX_52,J_CHICKENPOX_55, J_CHICKENPOX_61,J_CHICKENPOX_62,J_CHICKENPOX_63,J_CHICKENPOX_64, J_CHICKENPOX_65,J_CHICKENPOX_71,J_CHICKENPOX_73,J_CHICKENPOX_82, J_CHICKENPOX_83,J_CHICKENPOX_84,J_CHICKENPOX_92,MISSING_DATE,MISSING_HB_ SEP, MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIV ED, NO_RELAYS,NULL_IN_BODY,SARE_HTML_USL_OBFU,SARE_UNI,SARE_URI_EQUALS, TVD_SPACE_RATIO,UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_4B462C70.A88C41DD" This is a multi-part message in MIME format. ------------=_4B462C70.A88C41DD Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "sbmail.sbschools.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: wireless">NGReading this on a mobile device? Try our optimized mobile version here:NLhttp: =N

NLNNL
NNLN
January 7, 2010NLNNLN
Sign upForwardArchiveAdvertise
N
NL This is what I get with sa-compile > [18553] info: generic: base extraction starting. this can take a > while... > [18553] info: generic: extracting from rules of type body_0 > 100% > [======================================================================= > ======================================================================== > =================] 60.41 rules/sec 00m27s DONE > 100% > [======================================================================= > ======================================================================== > =================] 98.06 bases/sec 00m29s DONE > [18553] info: body_0: 2296 base strings extracted in 57 seconds > [18553] info: generic: extracting from rules of type body_500 > 100% > [======================================================================= > ======================================================================== > =================] 58.35 rules/sec 00m00s DONE > 100% > [======================================================================= > ======================================================================== > =================] 3300.00 bases/sec 00m00s DONE > [18553] info: body_500: 2 base strings extracted in 0 seconds > cd /tmp/.spamassassin18553wyuHD5tmp > cd Mail-SpamAssassin-CompiledRegexps-body_0 > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line > 287, <$fh> line 2935. > command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935 > > > Ran with sa-compile -D -p /etc/MailScanner/spam.assassin.pref.conf got a > ton more info but still failed with: > cd /tmp/.spamassassin20497d8jsCxtmp > cd Mail-SpamAssassin-CompiledRegexps-body_0 > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at /usr/bin/sa-compile line > 287, <$fh> line 2935. > command failed! at /usr/bin/sa-compile line 288, <$fh> line 2935. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc > Schneider > Sent: Thursday, January 07, 2010 12:31 PM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > dcurtis@sbschools.net wrote: > >> Deleted the cache file and still getting the 3.38 score. >> > > run sa-compile since it sounds like you're running compiled rules. > > > I figured I'd check and see what's on my machine. I zeroed out the rule in my spam.assassin.pref.conf file the other day and mine seems OK. The funny thing is I checked for re2c on my machine, and I only see the header rpm file from rpmforge, but no rpm is installed. Just my pennies in case it matters or helps. Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Thu Jan 7 19:17:26 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 19:19:14 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B461A3F.50108@maddoc.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A3F.50108@maddoc.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E10@exchange2.sbschools.net> Was finally able to get sa-compile run without error had to install re2c. Still my scores are not being obeyed. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Doc Schneider Sent: Thursday, January 07, 2010 12:31 PM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 dcurtis@sbschools.net wrote: > Deleted the cache file and still getting the 3.38 score. run sa-compile since it sounds like you're running compiled rules. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ms-list at alexb.ch Thu Jan 7 19:55:02 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Jan 7 19:55:12 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> Message-ID: <4B463C16.3080709@alexb.ch> On 01/07/10 07:10, dcurtis@sbschools.net wrote: > I just grabbed a message out of the postfix incoming and ran it and > (below) this is the output. I am assuming I need a real message that > breaks the FH_DATE_PAST rule? A Postfix Q file won't work. > We just pass all out mail through postfix/mailscanner to Exchange. How > do I grab a message from Exchange and send it back in? Save a msg from Outlook, or whatever you use as a MUA. (not ideal, but better to parse that than a Pfix Q file :-) save msg as .eml file run it against spamassassin. > [root@sbmail downloads]# cat 822C56E6566 |spamassassin > Received: from localhost by sbmail.sbschools.net > with SpamAssassin (version 3.2.5); > Thu, 07 Jan 2010 13:05:24 -0500 > Subject: [SPAM] > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on > sbmail.sbschools.net > X-Spam-Level: ******************* > X-Spam-Status: Yes, score=19.3 required=5.0 > tests=HEAD_ILLEGAL_CHARS,HEAD_LONG, > > MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT, > > NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,NULL_IN_BODY,TVD_SPACE_RATIO, > UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5 > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----------=_4B462264.B7ED9CC2" > > This is a multi-part message in MIME format. > > ------------=_4B462264.B7ED9CC2 > Content-Type: text/plain; charset=iso-8859-1 > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > Spam detection software, running on the system "sbmail.sbschools.net", > has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or label > similar future email. If you have any questions, see > the administrator of that system for details. > > Content preview: .style36 {Nfont-size: 14px;N6font-family: Georgia, > "Times > New Roman", Times, serif;Nfont-weight: bold;N}N .style58 > {Nfont-size: > 8pt;N3font-family: Verdana, Arial, Helvetica, sans-serif;Ncolor: > #CC0000;Nfont-weight: > normal;N}N .bstextlink {N3font-family: Verdana, Arial, Helvetica, > sans-serif;Nfont-size: > 14px;Nfont-weight: bold;N}a:link {Ncolor: #990000;N}N a:visited > {Ncolor: > #990000;N}N a:hover {Ncolor: #990000;N}N a:active {Ncolor: > #990000;N}N > [...] > > Content analysis details: (19.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 MISSING_MID Missing Message-Id: header > 0.0 MISSING_DATE Missing Date: header > 3.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template > -0.0 NO_RELAYS Informational: message was not relayed via > SMTP > 2.5 MISSING_HB_SEP Missing blank line between message header > and body > 2.5 HEAD_LONG Message headers are very long > 3.7 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters > 1.6 MISSING_HEADERS Missing To: header > 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO > 1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in > message > 1.3 MISSING_SUBJECT Missing Subject: header > -0.0 NO_RECEIVED Informational: message has no Received > headers > 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 > headers > > > > ------------=_4B462264.B7ED9CC2 > Content-Type: message/rfc822; x-spam-type=original > Content-Description: original message before SpamAssassin > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Broens > Sent: Thursday, January 07, 2010 12:32 PM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > On 01/07/10 06:23, dcurtis@sbschools.net wrote: >> Deleted the cache file and still getting the 3.38 score. > > 2nd time: > > get hold of a msg and pipe it manually thru SA: > > cat msg |spamassassin > > what does that report look like? is the rule still active? > From dcurtis at sbschools.net Thu Jan 7 20:04:24 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Thu Jan 7 20:07:25 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B463C16.3080709@alexb.ch> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> Message-ID: <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> I did that from and mailarchiva message it still triggers the 3.38 score. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: Thursday, January 07, 2010 2:55 PM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 On 01/07/10 07:10, dcurtis@sbschools.net wrote: > I just grabbed a message out of the postfix incoming and ran it and > (below) this is the output. I am assuming I need a real message that > breaks the FH_DATE_PAST rule? A Postfix Q file won't work. > We just pass all out mail through postfix/mailscanner to Exchange. How > do I grab a message from Exchange and send it back in? Save a msg from Outlook, or whatever you use as a MUA. (not ideal, but better to parse that than a Pfix Q file :-) save msg as .eml file run it against spamassassin. > [root@sbmail downloads]# cat 822C56E6566 |spamassassin > Received: from localhost by sbmail.sbschools.net > with SpamAssassin (version 3.2.5); > Thu, 07 Jan 2010 13:05:24 -0500 > Subject: [SPAM] > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on > sbmail.sbschools.net > X-Spam-Level: ******************* > X-Spam-Status: Yes, score=19.3 required=5.0 > tests=HEAD_ILLEGAL_CHARS,HEAD_LONG, > > MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT, > > NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,NULL_IN_BODY,TVD_SPACE_RATIO, > UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5 > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----------=_4B462264.B7ED9CC2" > > This is a multi-part message in MIME format. > > ------------=_4B462264.B7ED9CC2 > Content-Type: text/plain; charset=iso-8859-1 > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > Spam detection software, running on the system "sbmail.sbschools.net", > has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or label > similar future email. If you have any questions, see > the administrator of that system for details. > > Content preview: .style36 {Nfont-size: 14px;N6font-family: Georgia, > "Times > New Roman", Times, serif;Nfont-weight: bold;N}N .style58 > {Nfont-size: > 8pt;N3font-family: Verdana, Arial, Helvetica, sans-serif;Ncolor: > #CC0000;Nfont-weight: > normal;N}N .bstextlink {N3font-family: Verdana, Arial, Helvetica, > sans-serif;Nfont-size: > 14px;Nfont-weight: bold;N}a:link {Ncolor: #990000;N}N a:visited > {Ncolor: > #990000;N}N a:hover {Ncolor: #990000;N}N a:active {Ncolor: > #990000;N}N > [...] > > Content analysis details: (19.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 MISSING_MID Missing Message-Id: header > 0.0 MISSING_DATE Missing Date: header > 3.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template > -0.0 NO_RELAYS Informational: message was not relayed via > SMTP > 2.5 MISSING_HB_SEP Missing blank line between message header > and body > 2.5 HEAD_LONG Message headers are very long > 3.7 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters > 1.6 MISSING_HEADERS Missing To: header > 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO > 1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in > message > 1.3 MISSING_SUBJECT Missing Subject: header > -0.0 NO_RECEIVED Informational: message has no Received > headers > 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 > headers > > > > ------------=_4B462264.B7ED9CC2 > Content-Type: message/rfc822; x-spam-type=original > Content-Description: original message before SpamAssassin > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Broens > Sent: Thursday, January 07, 2010 12:32 PM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > On 01/07/10 06:23, dcurtis@sbschools.net wrote: >> Deleted the cache file and still getting the 3.38 score. > > 2nd time: > > get hold of a msg and pipe it manually thru SA: > > cat msg |spamassassin > > what does that report look like? is the rule still active? > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ms-list at alexb.ch Thu Jan 7 20:19:27 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Jan 7 20:19:37 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> References: <4B432E33.9080602@elasticmind.net><4B4340F5.8020002@elasticmind.net><4B4344AC.8070803@elasticmind.net><4B45E84A.40802@elasticmind.net><73461DFCD2207F44A16F136A46195545472DED@exchange2.sbschools.net><7d9b3cf21001070715p3f1e8653s75544bbcc4fa9739@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> Message-ID: <4B4641CF.9070809@alexb.ch> On 01/07/10 09:04, dcurtis@sbschools.net wrote: > I did that from and mailarchiva message it still triggers the 3.38 > score. - What OS are you using for MailScanner - How did you install Spamassassin - Run "spamassassin --lint -D" and paste the output to pastebin > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Broens > Sent: Thursday, January 07, 2010 2:55 PM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > On 01/07/10 07:10, dcurtis@sbschools.net wrote: >> I just grabbed a message out of the postfix incoming and ran it and >> (below) this is the output. I am assuming I need a real message that >> breaks the FH_DATE_PAST rule? > > A Postfix Q file won't work. > >> We just pass all out mail through postfix/mailscanner to Exchange. How >> do I grab a message from Exchange and send it back in? > > Save a msg from Outlook, or whatever you use as a MUA. > (not ideal, but better to parse that than a Pfix Q file :-) > > save msg as .eml file > > run it against spamassassin. > >> [root@sbmail downloads]# cat 822C56E6566 |spamassassin >> Received: from localhost by sbmail.sbschools.net >> with SpamAssassin (version 3.2.5); >> Thu, 07 Jan 2010 13:05:24 -0500 >> Subject: [SPAM] >> X-Spam-Flag: YES >> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on >> sbmail.sbschools.net >> X-Spam-Level: ******************* >> X-Spam-Status: Yes, score=19.3 required=5.0 >> tests=HEAD_ILLEGAL_CHARS,HEAD_LONG, >> >> > MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT, >> >> NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,NULL_IN_BODY,TVD_SPACE_RATIO, >> UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5 >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; > boundary="----------=_4B462264.B7ED9CC2" >> This is a multi-part message in MIME format. >> >> ------------=_4B462264.B7ED9CC2 >> Content-Type: text/plain; charset=iso-8859-1 >> Content-Disposition: inline >> Content-Transfer-Encoding: 8bit >> >> Spam detection software, running on the system "sbmail.sbschools.net", >> has >> identified this incoming email as possible spam. The original message >> has been attached to this so you can view it (if it isn't spam) or > label >> similar future email. If you have any questions, see >> the administrator of that system for details. >> >> Content preview: .style36 {Nfont-size: 14px;N6font-family: Georgia, >> "Times >> New Roman", Times, serif;Nfont-weight: bold;N}N .style58 >> {Nfont-size: >> 8pt;N3font-family: Verdana, Arial, Helvetica, sans-serif;Ncolor: >> #CC0000;Nfont-weight: >> normal;N}N .bstextlink {N3font-family: Verdana, Arial, Helvetica, >> sans-serif;Nfont-size: >> 14px;Nfont-weight: bold;N}a:link {Ncolor: #990000;N}N a:visited >> {Ncolor: >> #990000;N}N a:hover {Ncolor: #990000;N}N a:active {Ncolor: >> #990000;N}N >> [...] >> >> Content analysis details: (19.3 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 0.0 MISSING_MID Missing Message-Id: header >> 0.0 MISSING_DATE Missing Date: header >> 3.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template >> -0.0 NO_RELAYS Informational: message was not relayed via >> SMTP >> 2.5 MISSING_HB_SEP Missing blank line between message header >> and body >> 2.5 HEAD_LONG Message headers are very long >> 3.7 HEAD_ILLEGAL_CHARS Headers have too many raw illegal > characters >> 1.6 MISSING_HEADERS Missing To: header >> 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO >> 1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in >> message >> 1.3 MISSING_SUBJECT Missing Subject: header >> -0.0 NO_RECEIVED Informational: message has no Received >> headers >> 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 >> headers >> >> >> >> ------------=_4B462264.B7ED9CC2 >> Content-Type: message/rfc822; x-spam-type=original >> Content-Description: original message before SpamAssassin >> Content-Disposition: inline >> Content-Transfer-Encoding: 8bit >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex >> Broens >> Sent: Thursday, January 07, 2010 12:32 PM >> To: MailScanner discussion >> Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 >> >> On 01/07/10 06:23, dcurtis@sbschools.net wrote: >>> Deleted the cache file and still getting the 3.38 score. >> 2nd time: >> >> get hold of a msg and pipe it manually thru SA: >> >> cat msg |spamassassin >> >> what does that report look like? is the rule still active? >> From rlopezcnm at gmail.com Thu Jan 7 22:53:56 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Thu Jan 7 22:54:06 2010 Subject: [OT] ScamNailer In-Reply-To: <4B45FCA4.8030802@msapiro.net> References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> <4B45FCA4.8030802@msapiro.net> Message-ID: On Thu, Jan 7, 2010 at 8:24 AM, Mark Sapiro wrote: > It is correct that the file at http://www.mailscanner.eu/scamnailer.ndb > has not been updated since 2009 Dec 15 12:28 UTC, however it should have > been. If you get the list from http://www.mailscanner.tv/emails.*, it > has been updated regularly (and more than the name changes). Are you sure about that last url. I get a Page Not Found error from it. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From Andrew.Chester at ukuvuma.co.za Fri Jan 8 06:51:38 2010 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Fri Jan 8 06:11:24 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/01/25) Message-ID: I am out of the office until 2010/01/25. I will respond to your message when I return. In case of emergency, please log a call on our helpdesk at http://www.ukuvuma.co.za/Public/Helpdesk.nsf. Note: This is an automated response to your message "Re: [OT] ScamNailer" sent on 1/8/10 0:53:56. This is the only notification you will receive while this person is away. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From glenn.steen at gmail.com Fri Jan 8 09:44:09 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 8 09:44:20 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <4B4641CF.9070809@alexb.ch> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> Message-ID: <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> 2010/1/7 Alex Broens : > On 01/07/10 09:04, dcurtis@sbschools.net wrote: >> >> I did that from and mailarchiva message it still triggers the 3.38 >> score. > > - What OS are you using for MailScanner > - How did you install Spamassassin > - Run "spamassassin --lint -D" and paste the output to pastebin > Further... When you run the "spamassassin --D --lint" and the "spamassassin -t -D < /path/to/a/message/file/probably/found/in/the/spam/quarantine", do so as the user you run postfix as... Else you might get some slight problems due to permissions. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mark at msapiro.net Fri Jan 8 16:08:03 2010 From: mark at msapiro.net (Mark Sapiro) Date: Fri Jan 8 16:08:15 2010 Subject: [OT] ScamNailer In-Reply-To: References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> <4B45FCA4.8030802@msapiro.net> Message-ID: <4B475863.5000305@msapiro.net> On 11:59 AM, Robert Lopez wrote: > On Thu, Jan 7, 2010 at 8:24 AM, Mark Sapiro wrote: > >> It is correct that the file at http://www.mailscanner.eu/scamnailer.ndb >> has not been updated since 2009 Dec 15 12:28 UTC, however it should have >> been. If you get the list from http://www.mailscanner.tv/emails.*, it >> has been updated regularly (and more than the name changes). > > Are you sure about that last url. > I get a Page Not Found error from it. That is not a complete URL. You need to do something like dig +short txt emails.msupdate.greylist.bastionmail.com to get the actual last part. At this moment, the result of the above dig is "emails.2010-015.0" which yields the URL http://www.mailscanner.tv/emails.2010-015 for the current base. If the last bit is non-zero, there are one or more updates at http://www.mailscanner.tv/emails.2010-015.1 etc. But you don't need to know any of that. Just use the ClamNailer script from http://www.scamnailer.info/downloads.html to download the file(s) and make the Clam sigs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From campbell at cnpapers.com Fri Jan 8 16:18:11 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jan 8 16:18:31 2010 Subject: host parm Message-ID: <4B475AC3.50700@cnpapers.com> I seem to recall something about using the parameter "host" in one or some of the rules/conf files. Can someone refresh my memory on how/where that's used and what version did it become available? I'm getting a ton of emails from one of those hosting domains, and although I could block the entire class C in my access file, some of the individual IPs are not necessarily bad and and the envelop doesn't contain the domain name of the hosting class c. So, if I could put something in a file like "host: softlayer.com" or something like that, it'd be great as the IPs resolve to this domain, but might actually show a differing domain name in the envelop. Thanks for any help. steve campbell From mikael at syska.dk Fri Jan 8 16:38:56 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 8 16:39:09 2010 Subject: host parm In-Reply-To: <4B475AC3.50700@cnpapers.com> References: <4B475AC3.50700@cnpapers.com> Message-ID: <6beca9db1001080838y5cc29ecbu93bb0e53baf53f47@mail.gmail.com> Hi, I would look into the EXAMPLES file in the rules directory. Its all explained there ... Dont know when is was available in MailScanner ... but i'm running 4.78.9 and its available here. mvh Mikael Syska On Fri, Jan 8, 2010 at 5:18 PM, Steve Campbell wrote: > I seem to recall something about using the parameter "host" in one or some > of the rules/conf files. Can someone refresh my memory on how/where that's > used and what version did it become available? > > I'm getting a ton of emails from one of those hosting domains, and although > I could block the entire class C in my access file, some of the individual > IPs are not necessarily bad and and the envelop doesn't contain the domain > name of the hosting class c. > > So, if I could put something in a file like "host: softlayer.com" or > something like that, it'd be great as the IPs resolve to this domain, but > might actually show a differing domain name in the envelop. > > Thanks for any help. > > steve campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100108/93d279e2/attachment.html From dcurtis at sbschools.net Fri Jan 8 16:22:08 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 8 16:57:36 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> Where/how do I send the output to pastebin? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, January 08, 2010 4:44 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 Alex Broens : > On 01/07/10 09:04, dcurtis@sbschools.net wrote: >> >> I did that from and mailarchiva message it still triggers the 3.38 >> score. > > - What OS are you using for MailScanner > - How did you install Spamassassin > - Run "spamassassin --lint -D" and paste the output to pastebin > Further... When you run the "spamassassin --D --lint" and the "spamassassin -t -D < /path/to/a/message/file/probably/found/in/the/spam/quarantine", do so as the user you run postfix as... Else you might get some slight problems due to permissions. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From apu at nocservices.com Fri Jan 8 17:05:13 2010 From: apu at nocservices.com (Apu) Date: Fri Jan 8 17:05:31 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> Message-ID: <4B4765C9.9030406@nocservices.com> On 1/8/10 11:22 AM, dcurtis@sbschools.net wrote: > Where/how do I send the output to pastebin? http://pastebin.com/ -- Apu Chief Operating Officer NOC Services Corp. www.nocservices.com From GSilver at rampuptech.com Fri Jan 8 17:06:54 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Fri Jan 8 17:07:09 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> Message-ID: Copy paste to http://pastebin.com/ get the link and reply -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Friday, January 08, 2010 11:22 AM To: mailscanner@lists.mailscanner.info Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 Where/how do I send the output to pastebin? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, January 08, 2010 4:44 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 Alex Broens : > On 01/07/10 09:04, dcurtis@sbschools.net wrote: >> >> I did that from and mailarchiva message it still triggers the 3.38 >> score. > > - What OS are you using for MailScanner > - How did you install Spamassassin > - Run "spamassassin --lint -D" and paste the output to pastebin > Further... When you run the "spamassassin --D --lint" and the "spamassassin -t -D < /path/to/a/message/file/probably/found/in/the/spam/quarantine", do so as the user you run postfix as... Else you might get some slight problems due to permissions. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dcurtis at sbschools.net Fri Jan 8 17:43:05 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 8 17:42:36 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E30@exchange2.sbschools.net> Done http://pastebin.com/m169fe863 Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gavin Silver Sent: Friday, January 08, 2010 12:07 PM To: MailScanner discussion Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 Copy paste to http://pastebin.com/ get the link and reply -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Friday, January 08, 2010 11:22 AM To: mailscanner@lists.mailscanner.info Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 Where/how do I send the output to pastebin? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, January 08, 2010 4:44 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/7 Alex Broens : > On 01/07/10 09:04, dcurtis@sbschools.net wrote: >> >> I did that from and mailarchiva message it still triggers the 3.38 >> score. > > - What OS are you using for MailScanner > - How did you install Spamassassin > - Run "spamassassin --lint -D" and paste the output to pastebin > Further... When you run the "spamassassin --D --lint" and the "spamassassin -t -D < /path/to/a/message/file/probably/found/in/the/spam/quarantine", do so as the user you run postfix as... Else you might get some slight problems due to permissions. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From Rob.Poe at plattesheriff.org Fri Jan 8 22:25:13 2010 From: Rob.Poe at plattesheriff.org (Rob Poe) Date: Fri Jan 8 22:31:33 2010 Subject: Network Issues / MailScanner Message-ID: <6985F42721AB334587016FB5E12D034085B5B7A99A@PCS-MAILBOX.pcs.plattesheriff.org> I've been working on an issue we've seen for a while. The problem started after a yum update (where the kernel updated). Box is a Centos 5.x. The problem was on a Dell server, and I've not come to here until today, because there were other processes in play (pptp server, squid). Today I separated MailScanner onto a VMWare ESXi server, brand new install of MailScanner / Centos 5.4 / clam-sa install. The issue is when you try to connect, sometimes it will refuse the connection. Doesn't matter what port. Sometimes you'll be working on it, and you'll get a "connection aborted" and be disconnected from the box. We have an identical install - same media, same ESXi server. Only differing thing is that server has PPTP (poptop) on it, not sendmail/mailscanner. It's not showing this symptom. So it's either related to MailScanner or sendmail. Or spamassassin / clam. Any ideas / anyone else having or had this issue? Thanks! Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100108/0ce938ed/attachment.html From alex at rtpty.com Fri Jan 8 23:56:29 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri Jan 8 23:57:03 2010 Subject: Network Issues / MailScanner In-Reply-To: <6985F42721AB334587016FB5E12D034085B5B7A99A@PCS-MAILBOX.pcs.plattesheriff.org> References: <6985F42721AB334587016FB5E12D034085B5B7A99A@PCS-MAILBOX.pcs.plattesheriff.org> Message-ID: <1375603613-1262995007-cardhu_decombobulator_blackberry.rim.net-1103259720-@bda461.bisx.prod.on.blackberry> Correlation is not causation. Dropped connections like the ones you describe point to layer 3 issues - since layer 1 and 2 are common in your case. The problem you describe sounds like connection states dropped at the firewall. One way you can positively confirm or exclude the ip of the vm in question is to change it - or swap it with the one that works. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Rob Poe Date: Fri, 8 Jan 2010 16:25:13 To: 'mailscanner@lists.mailscanner.info' Subject: Network Issues / MailScanner -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Sat Jan 9 00:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 9 00:31:29 2010 Subject: Network Issues / MailScanner In-Reply-To: <6985F42721AB334587016FB5E12D034085B5B7A99A@PCS-MAILBOX.pcs.plattesheriff.org> References: <6985F42721AB334587016FB5E12D034085B5B7A99A@PCS-MAILBOX.pcs.plattesheriff.org> Message-ID: Rob Poe wrote on Fri, 8 Jan 2010 16:25:13 -0600: > The issue is when you try to connect, sometimes it will refuse the > connection. Doesn't matter what port. Sometimes you'll be working > on it, and you'll get a "connection aborted" and be disconnected from > the box. The only issue I would connect to that is extreme overload. On the system or on the wire (like lots of spamming servers saturating the link). And that's not really a software flaw. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ram at netcore.co.in Sat Jan 9 05:35:50 2010 From: ram at netcore.co.in (Ramprasad) Date: Sat Jan 9 05:36:20 2010 Subject: Disable clamav scan Message-ID: <4B4815B6.9060002@netcore.co.in> Clamav is detecting almost all mails as virus http://www.zimbra.com/forums/administrators/36295-every-new-message-flagged-exploit-pdf-9669-nothing-getting-through.html From dave.list at pixelhammer.com Sat Jan 9 05:53:20 2010 From: dave.list at pixelhammer.com (DAve) Date: Sat Jan 9 05:53:52 2010 Subject: Disable clamav scan In-Reply-To: <4B4815B6.9060002@netcore.co.in> References: <4B4815B6.9060002@netcore.co.in> Message-ID: <4B4819D0.3080202@pixelhammer.com> Ramprasad wrote: > Clamav is detecting almost all mails as virus > > http://www.zimbra.com/forums/administrators/36295-every-new-message-flagged-exploit-pdf-9669-nothing-getting-through.html Old habits die hard, I just logged in to check on my servers before I went to bed and saw we had stopped 2000 virus since 8pm. We normally see maybe 2 a day. I checked the AV scan report for my FTP server and saw *everything* was tagged as spam. I found the zimbra link and edited the daily.hdb file and everything has returned to normal. I am turning off Freshclam until I hear this is sorted out. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Adams http://appleseedinfo.org From lhaig at haigmail.com Sat Jan 9 09:17:59 2010 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jan 9 09:18:40 2010 Subject: RBL Errors Message-ID: <4B4849C7.3070004@haigmail.com> I get a load of these errors in my system has anyone seen something like this before? 186.139.162.87.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=186.139.162.87.list.dsbl.org type=A: Host not found, try again : 1 Time(s) Any help is appreciated. Regards Lance -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From raymond at prolocation.net Sat Jan 9 09:23:21 2010 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jan 9 09:23:30 2010 Subject: RBL Errors In-Reply-To: <4B4849C7.3070004@haigmail.com> References: <4B4849C7.3070004@haigmail.com> Message-ID: Hi! > I get a load of these errors in my system has anyone seen something like this > before? > 186.139.162.87.list.dsbl.org: RBL lookup error: Host or domain name not > found. Name service error for name=186.139.162.87.list.dsbl.org type=A: Host > not found, try again : 1 Time(s) > > Any help is appreciated. >From their website: DSBL's list nameservers gone Mon, 03/09/2009 - 21:02 . riel DSBL's list nameservers have continued to answer queries for 10 months after the list went off. From now on, DSBL list queries (to *.list.dsbl.org, *.multihop.dsbl.org and *.unconfirmed.dsbl.org) will go to the nonexistant nameserver stop-using-dsbl.dsbl.org, which resolves to the unroutable example IP address 192.0.2.1. This should keep nameservers everywhere working like they should, while slowing down spam filters that are still using DSBL. Hopefully the annoyance of the slowdown will convince the remaining DSBL users to stop using DSBL. DNS timeouts should not cause any email to get lost. Please stop using DSBL. The list has been empty for almost a year. Bye, Raymond. From lhaig at haigmail.com Sat Jan 9 09:24:40 2010 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jan 9 09:25:22 2010 Subject: RBL Errors In-Reply-To: <4B4849C7.3070004@haigmail.com> References: <4B4849C7.3070004@haigmail.com> Message-ID: <4B484B58.70906@haigmail.com> oh and i see allot of this as well. connection refused resolving '42.167.213.196.sa-other.bondedsender.org/TXT/IN': 84.243.213.38#53: 1 Time(s) am i missing something? thanks Lance On 01/09/2010 09:17 AM, Lance Haig wrote: > I get a load of these errors in my system has anyone seen something like > this before? > > > 186.139.162.87.list.dsbl.org: RBL lookup error: Host or domain name not > found. Name service error for name=186.139.162.87.list.dsbl.org type=A: > Host not found, try again : 1 Time(s) > > > Any help is appreciated. > > Regards > > Lance > > -- > This message was scanned by Better Hosted and is believed to be clean. > http://www.betterhosted.com > -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From raymond at prolocation.net Sat Jan 9 09:46:19 2010 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Sat Jan 9 09:46:26 2010 Subject: RBL Errors In-Reply-To: <4B484B58.70906@haigmail.com> References: <4B4849C7.3070004@haigmail.com> <4B484B58.70906@haigmail.com> Message-ID: Hi! > connection refused resolving > '42.167.213.196.sa-other.bondedsender.org/TXT/IN': 84.243.213.38#53: 1 > Time(s) > > am i missing something? That one i dont know, DSBL you should disable/remove .... Bonded sender might have blocked you due to volume. Bye, Raymond. From maillists at conactive.com Sat Jan 9 11:25:52 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 9 11:26:01 2010 Subject: Disable clamav scan In-Reply-To: <4B4815B6.9060002@netcore.co.in> References: <4B4815B6.9060002@netcore.co.in> Message-ID: Well, I may be wrong, but after looking at my servers it appears to me that if you are still using a daily.hdb then you are using an *old* version of clamav (at least half a year old). Not updating finally bites you :-) I'm not having this problem with an up-to-date daily.cld. But thanks for the warning, anyway. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From J.Ede at birchenallhowden.co.uk Sun Jan 10 16:31:26 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sun Jan 10 16:32:14 2010 Subject: OT postfix recipient verification In-Reply-To: <223f97701001061543y527aaae1y26f73affcdc0a9b1@mail.gmail.com> References: <1213490F1F316842A544A850422BFA96128C18BA4E@BHLSBS.bhl.local> <4B44DD33.8000406@fsl.com> <1213490F1F316842A544A850422BFA96128C18BA50@BHLSBS.bhl.local> <223f97701001061543y527aaae1y26f73affcdc0a9b1@mail.gmail.com> Message-ID: <1213490F1F316842A544A850422BFA96128C18BB2E@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 06 January 2010 23:43 > To: MailScanner discussion > Subject: Re: OT postfix recipient verification > > 2010/1/6 Jason Ede : > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Steve Freegard > >> Sent: 06 January 2010 18:58 > >> To: MailScanner discussion > >> Subject: Re: OT postfix recipient verification > >> > >> On 06/01/10 18:10, Jason Ede wrote: > >> > Recipient verification has been working fine for years, but we've > >> just > >> > had a problem crop up. Someone is sending status/error emails from > >> their > >> > webserver back to their office. Some of the emails primary 'to' > >> address > >> > is to someone who has left, but the other recipients are still > valid. > >> > Recipient verification still rejects the email. Is there a way > round > >> > this without having to run another postfix instance and split the > >> email > >> > up into emails? > >> > >> That doesn't sound right at all. ? How are you doing the > verification? > >> via the verify daemon? > > > > Verification is via the receipt verification within postfix. I've a > btree database file as per the postfix docs. > > > > > >> Recipient verification should only affect the invalid recipient and > >> shouldn't affect the other valid recipients unless the senders > server > >> is > >> so poorly implemented and gives up sending the entire message as > soon > >> as > >> one of the recipients is rejected... > > > > I've not had any of the bounces yet, but am trying to get hold of > them. I've had to whitelist their server from greylisting as it doesn't > seem to handle it very well. All I know of the server itself is that it > uses a Microsoft SMTP service. > > > > > >> Maybe you could provide an example? > > > > When I get an actual bounce I'll know a lot more. > > > Unless M$ managed to botch even that, this sounds like a bit of FUD > from your users:-). It's as Steve says. the recipient verification > simply can't (or at least SHOULDN'T) have the effect described, at > least not for a true MTA. The good thing is that ANY problem is > squarely in THEIR court. Make sure to mention that any problems > incurred is due to their systems misbehavior, and that anything you do > to fix it is a pure courtesy;-). I've checked both our mail servers as thoroughly as I can, and recipient verification is working as it should do and no matter how many bad addresses are there it finds and allows mail through to valid users from the to, cc and bcc field. The only issue on our system is that I found the recipient verification code (for non-existent addresses) on one of our servers was 450, which I've changed to 550. For now they've fixed the problem by removing all their invalid addresses and I've suggested the idea of a distribution list for all of their future web server work as it makes life much easier for both us and them and they seem to think it was a great idea and wondered why they hadn't thought of that before. I've not been able to get hold of one of their bounce messages that didn't get through and looking back at the smtp logs it seems that verification was done ok on all addresses that it was requested on. Suspect a problem at their end, possibly in the mail generation. Jason From submit at zuka.net Sun Jan 10 20:17:36 2010 From: submit at zuka.net (Dave Filchak) Date: Sun Jan 10 20:19:40 2010 Subject: Advise please Message-ID: <4B4A35E0.6030006@zuka.net> I have come to realize that I have two versions of clamscan and two versions of freshclam installed on my machine. This after getting the "Your ClamAV Installation is OUTDATED". As well, have duplicate libraries, two versions of clamd etc. I would like advise as to how to clean this up and get it down to only one of each. I am using clamd for scanning. I would prefer to use rpms for this but am not adverse to compiling things. I am only one taking care of the servers and have lots of other things on the go so quick and efficient is always good. Below are the specs. I know the OS is old and needs to be updated. All are scheduled to be replaced this year but may be later in the year so would like to get things in the proper place, not duplicated and easy to update until I have a new machine and a chance to deal with it. Had another fellow doing this before but now is just myself. All help is very much appreciated. Let me know if any more info is required. Cheers, Dave whereis clamav clamav: /usr/include/clamav.h whereis clamd clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz whereis freshclam freshclam: /usr/bin/freshclam /etc/freshclam.conf /usr/local/bin/freshclam /usr/local/etc/freshclam.conf /usr/share/man/man1/freshclam.1.gz whereis clamscan clamscan: /usr/bin/clamscan /usr/local/bin/clamscan /usr/share/man/man1/clamscan.1.gz ldd /usr/bin/freshclam libclamav.so.6 => /usr/lib64/libclamav.so.6 (0x0000002a95568000) libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) libpthread.so.0 => /lib64/tls/libpthread.so.0 (0x0000003c2f500000) libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) ldd /usr/local/bin/freshclam libclamav.so.4 => /usr/local/lib/libclamav.so.4 (0x0000002a95568000) libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) libpthread.so.0 => /lib64/tls/libpthread.so.0 (0x0000003c2f500000) libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) libclamunrar_iface.so.4 => /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 (0x0000002a9591e000) MailScanner -V Running on Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.78.17 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.23 bignum 1.03 Carp 2.005 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.16 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.6 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.23 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.607 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.38 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML From david at gnsa.us Sun Jan 10 23:27:03 2010 From: david at gnsa.us (David Nalley) Date: Sun Jan 10 23:27:32 2010 Subject: Bitdefender autoupdate problems - request for patch review and hopefully inclusion Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian, et al: The bitdefender autoupdate script has recently, when my MS instance was under heavy load, caused the machine to OOM itself and restart. (the bitdefender-autoupdate instance when I looked in on it was consuming 700MB of memory) Searching the list I have seen similar complaints as recently as a few months ago. http://lists.mailscanner.info/pipermail/mailscanner/2009-November/093937.html http://lists.mailscanner.info/pipermail/mailscanner/2009-November/094023.html http://lists.mailscanner.info/pipermail/mailscanner/2009-April/091283.html Achim Latz submitted a patch to the list a little over a year ago which at least in the past few hours of my watching seems to fix the issue. This patch doesn't seem to have made it's way into MailScanner, and there are no responses to the thread. http://lists.mailscanner.info/pipermail/mailscanner/2008-October/088090.html Is there a possibility this can be reviewed and considered for inclusion? Thanks, David Nalley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.10) iEYEARECAAYFAktKYkMACgkQkZOYj+cNI1c9SwCeOg9cCq2DHre1WFFCOERxbyQ1 mdoAnRv10f13FxH61kGP93CiadRszUz2 =7cs5 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Mon Jan 11 11:57:48 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 11:58:04 2010 Subject: Bitdefender autoupdate problems - request for patch review and hopefully inclusion In-Reply-To: References: <4B4B123C.8000006@ecs.soton.ac.uk> Message-ID: I have put in this fix (basically remove a load of stuff from it). It will be in the next release. Cheers, Jules. On 10/01/2010 23:27, David Nalley wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian, et al: > > The bitdefender autoupdate script has recently, when my MS instance > was under heavy load, caused the machine to OOM itself and restart. > (the bitdefender-autoupdate instance when I looked in on it was > consuming 700MB of memory) Searching the list I have seen similar > complaints as recently as a few months ago. > http://lists.mailscanner.info/pipermail/mailscanner/2009-November/093937.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-November/094023.html > http://lists.mailscanner.info/pipermail/mailscanner/2009-April/091283.html > > > Achim Latz submitted a patch to the list a little over a year ago > which at least in the past few hours of my watching seems to fix the > issue. This patch doesn't seem to have made it's way into MailScanner, > and there are no responses to the thread. > http://lists.mailscanner.info/pipermail/mailscanner/2008-October/088090.html > > Is there a possibility this can be reviewed and considered for inclusion? > > Thanks, > > David Nalley > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.10) > > iEYEARECAAYFAktKYkMACgkQkZOYj+cNI1c9SwCeOg9cCq2DHre1WFFCOERxbyQ1 > mdoAnRv10f13FxH61kGP93CiadRszUz2 > =7cs5 > -----END PGP SIGNATURE----- > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 12:00:34 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 12:00:53 2010 Subject: Advise please In-Reply-To: <4B4A35E0.6030006@zuka.net> References: <4B4A35E0.6030006@zuka.net> <4B4B12E2.4080902@ecs.soton.ac.uk> Message-ID: Find every directory and file under /usr/local whose name mentions "clam" in it anywhere, and delete it. Then install the clamd and related RPMs from packages.sw.be and make sure your /etc/clamd.conf contains the same socket location as your MailScanner.conf file does, or else they won't talk to each other. Also change your virus.scanners.conf to point to the new location and not /usr/local or whatever it says now. "MailScanner --lint" will show you if your setup is basically correct, it should find some viruses in its test message and complete without any errors. Jules On 10/01/2010 20:17, Dave Filchak wrote: > I have come to realize that I have two versions of clamscan and two > versions of freshclam installed on my machine. This after getting the > "Your ClamAV Installation is OUTDATED". As well, have duplicate > libraries, two versions of clamd etc. I would like advise as to how to > clean this up and get it down to only one of each. I am using clamd > for scanning. > > I would prefer to use rpms for this but am not adverse to compiling > things. I am only one taking care of the servers and have lots of > other things on the go so quick and efficient is always good. Below > are the specs. I know the OS is old and needs to be updated. All are > scheduled to be replaced this year but may be later in the year so > would like to get things in the proper place, not duplicated and easy > to update until I have a new machine and a chance to deal with it. > > Had another fellow doing this before but now is just myself. All help > is very much appreciated. > > Let me know if any more info is required. > > Cheers, > > Dave > > whereis clamav > clamav: /usr/include/clamav.h > > whereis clamd > clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd > /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz > > whereis freshclam > freshclam: /usr/bin/freshclam /etc/freshclam.conf > /usr/local/bin/freshclam /usr/local/etc/freshclam.conf > /usr/share/man/man1/freshclam.1.gz > > whereis clamscan > clamscan: /usr/bin/clamscan /usr/local/bin/clamscan > /usr/share/man/man1/clamscan.1.gz > > ldd /usr/bin/freshclam > libclamav.so.6 => /usr/lib64/libclamav.so.6 (0x0000002a95568000) > libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000003c2f500000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) > libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) > libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) > /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) > > ldd /usr/local/bin/freshclam > libclamav.so.4 => /usr/local/lib/libclamav.so.4 > (0x0000002a95568000) > libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000003c2f500000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) > libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) > libclamunrar_iface.so.4 => > /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) > libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) > /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) > libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 > (0x0000002a9591e000) > > MailScanner -V > Running on > Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 > x86_64 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.78.17 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.23 bignum > 1.03 Carp > 2.005 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.16 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.6 Test::Simple > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.23 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.25 DBD::SQLite > 1.607 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.65 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.52 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Jan 11 12:06:47 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jan 11 12:07:02 2010 Subject: Advise please In-Reply-To: <18608608.56.1263211532762.JavaMail.root@office.splatnix.net> Message-ID: <16064899.58.1263211607471.JavaMail.root@office.splatnix.net> ----- "Dave Filchak" wrote: | I have come to realize that I have two versions of clamscan and two | versions of freshclam installed on my machine. This after getting the | | "Your ClamAV Installation is OUTDATED". As well, have duplicate | libraries, two versions of clamd etc. I would like advise as to how to | | clean this up and get it down to only one of each. I am using clamd | for | scanning. | | I would prefer to use rpms for this but am not adverse to compiling | things. I am only one taking care of the servers and have lots of | other | things on the go so quick and efficient is always good. Below are the | | specs. I know the OS is old and needs to be updated. All are scheduled | | to be replaced this year but may be later in the year so would like to | | get things in the proper place, not duplicated and easy to update | until | I have a new machine and a chance to deal with it. | | Had another fellow doing this before but now is just myself. All help | is | very much appreciated. | | Let me know if any more info is required. | | Cheers, | | Dave | | whereis clamav | clamav: /usr/include/clamav.h | | whereis clamd | clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd | /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz | | whereis freshclam | freshclam: /usr/bin/freshclam /etc/freshclam.conf | /usr/local/bin/freshclam /usr/local/etc/freshclam.conf | /usr/share/man/man1/freshclam.1.gz | | whereis clamscan | clamscan: /usr/bin/clamscan /usr/local/bin/clamscan | /usr/share/man/man1/clamscan.1.gz | | ldd /usr/bin/freshclam | libclamav.so.6 => /usr/lib64/libclamav.so.6 | (0x0000002a95568000) | libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) | libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) | libpthread.so.0 => /lib64/tls/libpthread.so.0 | (0x0000003c2f500000) | libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) | libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) | libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) | /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) | | ldd /usr/local/bin/freshclam | libclamav.so.4 => /usr/local/lib/libclamav.so.4 | (0x0000002a95568000) | libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) | libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) | libpthread.so.0 => /lib64/tls/libpthread.so.0 | (0x0000003c2f500000) | libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) | libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) | libclamunrar_iface.so.4 => | /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) | libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) | /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) | libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 | (0x0000002a9591e000) | | MailScanner -V | Running on | Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 | | x86_64 GNU/Linux | This is CentOS release 4.3 (Final) | This is Perl version 5.008005 (5.8.5) | | This is MailScanner version 4.78.17 | Module versions are: | 1.00 AnyDBM_File | 1.20 Archive::Zip | 0.23 bignum | 1.03 Carp | 2.005 Compress::Zlib | 1.119 Convert::BinHex | 0.17 Convert::TNEF | 2.121 Data::Dumper | 2.27 Date::Parse | 1.00 DirHandle | 1.05 Fcntl | 2.73 File::Basename | 2.08 File::Copy | 2.01 FileHandle | 1.06 File::Path | 0.20 File::Temp | 0.78 Filesys::Df | 1.35 HTML::Entities | 3.56 HTML::Parser | 2.37 HTML::TokeParser | 1.23 IO | 1.14 IO::File | 1.13 IO::Pipe | 2.04 Mail::Header | 1.89 Math::BigInt | 0.22 Math::BigRat | 3.05 MIME::Base64 | 5.427 MIME::Decoder | 5.427 MIME::Decoder::UU | 5.427 MIME::Head | 5.427 MIME::Parser | 3.03 MIME::QuotedPrint | 5.427 MIME::Tools | 0.13 Net::CIDR | 1.25 Net::IP | 0.16 OLE::Storage_Lite | 1.04 Pod::Escapes | 3.05 Pod::Simple | 1.08 POSIX | 1.19 Scalar::Util | 1.77 Socket | 2.16 Storable | 1.4 Sys::Hostname::Long | 0.27 Sys::Syslog | 1.26 Test::Pod | 0.6 Test::Simple | 1.68 Time::HiRes | 1.02 Time::localtime | | Optional module versions are: | 1.32 Archive::Tar | 0.23 bignum | 1.82 Business::ISBN | 1.10 Business::ISBN::Data | 1.08 Data::Dump | 1.814 DB_File | 1.25 DBD::SQLite | 1.607 DBI | 1.10 Digest | 1.01 Digest::HMAC | 2.36 Digest::MD5 | 2.11 Digest::SHA1 | 1.00 Encode::Detect | 0.17008 Error | 0.19 ExtUtils::CBuilder | 2.18 ExtUtils::ParseXS | 2.38 Getopt::Long | 0.44 Inline | 1.08 IO::String | 1.04 IO::Zlib | 2.21 IP::Country | 0.22 Mail::ClamAV | 3.002005 Mail::SpamAssassin | v2.004 Mail::SPF | 1.999001 Mail::SPF::Query | 0.2808 Module::Build | 0.20 Net::CIDR::Lite | 0.65 Net::DNS | 0.002.2 Net::DNS::Resolver::Programmable | 0.31 Net::LDAP | 4.004 NetAddr::IP | 1.94 Parse::RecDescent | missing SAVI | 2.52 Test::Harness | 0.95 Test::Manifest | 1.98 Text::Balanced | 1.35 URI | 0.7203 version | 0.65 YAML | | -- | MailScanner mailing list | mailscanner@lists.mailscanner.info | http://lists.mailscanner.info/mailman/listinfo/mailscanner | | Before posting, read http://wiki.mailscanner.info/posting | | Support MailScanner development - buy the book off the website! You could strip all versions of clam and then enable DAG repositories ? # rpm -qa | grep -i clam clamav-db-0.95.3-1.el5.rf clamd-0.95.3-1.el5.rf clamav-0.95.3-1.el5.rf http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/ -- Thanks - Phil From Hostmaster at computerservicecentre.com Mon Jan 11 12:23:43 2010 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jan 11 12:23:55 2010 Subject: Advise please In-Reply-To: References: <4B4A35E0.6030006@zuka.net> <4B4B12E2.4080902@ecs.soton.ac.uk> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2ACFA3AF@commssrv01.computerservicecentre.com> >Find every directory and file under /usr/local whose name mentions >"clam" in it anywhere, and delete it. Dave, If you feel that you may have a RPM version of clam installed already, or want a nice easy way to track down what is not RPM-installed, you might find: "locate clam |xargs rpm -qf |grep "is not owned by any package"" useful. I am sure there are more elegant ways of doing it, but this was the fastest I could come up with. Richard On 10/01/2010 20:17, Dave Filchak wrote: > I have come to realize that I have two versions of clamscan and two > versions of freshclam installed on my machine. This after getting the > "Your ClamAV Installation is OUTDATED". As well, have duplicate > libraries, two versions of clamd etc. I would like advise as to how to > clean this up and get it down to only one of each. I am using clamd > for scanning. > > I would prefer to use rpms for this but am not adverse to compiling > things. I am only one taking care of the servers and have lots of > other things on the go so quick and efficient is always good. Below > are the specs. I know the OS is old and needs to be updated. All are > scheduled to be replaced this year but may be later in the year so > would like to get things in the proper place, not duplicated and easy > to update until I have a new machine and a chance to deal with it. > > Had another fellow doing this before but now is just myself. All help > is very much appreciated. > > Let me know if any more info is required. > > Cheers, > > Dave > > whereis clamav > clamav: /usr/include/clamav.h > > whereis clamd > clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd > /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz > > whereis freshclam > freshclam: /usr/bin/freshclam /etc/freshclam.conf > /usr/local/bin/freshclam /usr/local/etc/freshclam.conf > /usr/share/man/man1/freshclam.1.gz > > whereis clamscan > clamscan: /usr/bin/clamscan /usr/local/bin/clamscan > /usr/share/man/man1/clamscan.1.gz > > ldd /usr/bin/freshclam > libclamav.so.6 => /usr/lib64/libclamav.so.6 (0x0000002a95568000) > libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000003c2f500000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) > libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) > libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) > /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) > > ldd /usr/local/bin/freshclam > libclamav.so.4 => /usr/local/lib/libclamav.so.4 > (0x0000002a95568000) > libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) > libpthread.so.0 => /lib64/tls/libpthread.so.0 > (0x0000003c2f500000) > libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) > libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) > libclamunrar_iface.so.4 => > /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) > libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) > /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) > libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 > (0x0000002a9591e000) > > MailScanner -V > Running on > Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 > x86_64 GNU/Linux > This is CentOS release 4.3 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.78.17 > Module versions are: > 1.00 AnyDBM_File > 1.20 Archive::Zip > 0.23 bignum > 1.03 Carp > 2.005 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.20 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.05 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.03 MIME::QuotedPrint > 5.427 MIME::Tools > 0.13 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.05 Pod::Simple > 1.08 POSIX > 1.19 Scalar::Util > 1.77 Socket > 2.16 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.6 Test::Simple > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.32 Archive::Tar > 0.23 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.25 DBD::SQLite > 1.607 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.19 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.38 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.22 Mail::ClamAV > 3.002005 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.65 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.31 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.52 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.65 YAML > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:03:03 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:03:40 2010 Subject: [OT] ScamNailer In-Reply-To: <4B45FCA4.8030802@msapiro.net> References: <33551238.186.1262858735177.JavaMail.root@office.splatnix.net> <4B45FCA4.8030802@msapiro.net> <4B4B2187.2040105@ecs.soton.ac.uk> Message-ID: I am having trouble getting through the host firewall on the web server that hosts the scamnailer.ndb file. I am working with my ISP to try to resolve this issue. It appears to be independent of the server I use at my end. Jules. On 07/01/2010 15:24, Mark Sapiro wrote: > On 11:59 AM, --[ UxBoD ]-- wrote: > >> Hi, >> >> Have started to use the scamnailer clam signatures but it does not >> appear to have been updated since: >> >> -rw-r--r-- 1 clamav clamav 4503678 Dec 15 12:28 scamnailer.ndb >> >> Is that correct ? >> > > It is correct that the file at http://www.mailscanner.eu/scamnailer.ndb > has not been updated since 2009 Dec 15 12:28 UTC, however it should have > been. If you get the list from http://www.mailscanner.tv/emails.*, it > has been updated regularly (and more than the name changes). > > It would probably be preferable to make the sigs yourself using the > ClamNailer script from > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:03:50 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:04:04 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B45E84A.40802@elasticmind.net> References: <4B432E33.9080602@elasticmind.net> <4B4340F5.8020002@elasticmind.net> <4B4344AC.8070803@elasticmind.net> <4B45E84A.40802@elasticmind.net> <4B4B21B6.1040903@ecs.soton.ac.uk> Message-ID: On 07/01/2010 13:57, mog wrote: > On 06/01/2010 16:56, Mike Jakubik wrote: >> On Tue, January 5, 2010 8:54 am, mog wrote: >>> Ya, you need to use MailScanner-4.79.4 which was available a couple >>> weeks ago from ports. It will work then. >>> >>> mog >> It wont work correctly, I'm the person thats been maintaining FreeBSD >> mailscanner port for the last few versions, please stop spreading false >> information. This also isn't specific to perl on FreeBSD, Linux users >> have >> reported this issue as well. >> >> While MS will start and will appear to work, certain attachments >> (appears >> to be zip files) will trigger a taint mode error. See my original post. >> >> Since the MS community isn't addressing this, i have made a work around >> which runs the master script as he run as user, this disabled taint >> mode. >> The new port should be available shortly. >> > > > Oh right, so unfortunately the problem still hasn't been fully > overcome. Sorry, I was not aware of this until now and thought > everything was working fine when using the lastest MailScanner version > and perl 5.10.1 - based on the following extract from one of your > previous messages and upgrades I'd done myself: > > "FreeBSD admins rejoice, you can finally update perl without breaking > MailScanner. I have tested the latest version and it works great. I've > also submited a pr to update the port so it will be available soon." > > I hope that wasn't your intention, but I find myself being slightly > offended by being accused of spreading false information. I also > maintain FreeBSD ports so can appreciate the difficulties in porting > software and would *never* knowingly distribute incorrect information; > all it would have taken was for someone to point out the > misunderstanding (which in an unpleasant way you did, so thanks for > that I guess). I'd like to express my apologies to anyone who may have > been caught up in the confusion, I think I may have been thrown by the > previous post at the time as it mentions using an old version of Perl. > > As it happens, we are also today beginning to notice the problems you > describe whereby some messages containing attachments are not > successfully scanned and delivered. I'm not sure if Julian is aware of > the problems yet but hopefully he might be able to shed some light on > it when he's back. *fingers crossed* > > Obviously this problem will be affecting a lot of people but > unfortunately I don't know much about Perl at all. If there's anything > else I can do to help (like testing port patches etc), please let me > know. > > Kind regards, > mog What are the outstanding taint-related problems? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:06:08 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:06:24 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> Message-ID: I have fixed this one. I'll do another beta release this afternoon so you all have the latest code. Jules. On 04/01/2010 15:59, Mike Jakubik wrote: > Hello, > > There seems to be more taint mode related problems in the latest version > of MS. As of now, most of emails with attachments are unable to process > and I'm at a loss on how to fix this as i am not a perl programmer. > > When running in debug mode the following error is shown. > > This is perl, v5.8.9 built for amd64-freebsd > > --- > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at > /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185. > /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner > --- > > I tried to manually hack File.pm and added a function to untaint the file > open function. This worked, however it triggered another taint mode error > inside of MS itself. > > --- > Insecure dependency in chown while running with -T switch at > /usr/local/lib/MailScanner/MailScanner/Message.pm line 2505. > --- > > If someone could help i would greatly appreciate it, I'm sure other > FreeBSD users will be experiencing this too. > > Thanks. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:16:49 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:17:02 2010 Subject: ScamNailer script unnecessarily updates the ScamNailer.cf file In-Reply-To: References: <4B4B24C1.9070900@ecs.soton.ac.uk> Message-ID: Many thanks for the update. I am publishing 2.08 now. On 27/12/2009 19:08, Mark Sapiro wrote: > The ScamNailer script knows when it actually retrieved new data, but it > builds a new output file and runs the mailscanner_restart command even > when it hasn't got new data. > > The main problem with this occurs if the site compiles it's rules. If > the mailscanner_restart command includes possible rule compilation, it > will recompile unchanged rules, and if it doesn't recompile, the > compiled rules will potentially be ignored until the next compile > because the ScamNailer output file is newer than the compiled rules. > > The attached diff.txt patch fixes this by returning the '$generate' > flag from the GetPhishingUpdate() function, and calling > GetPhishingUpdate() first and skiping the rest if its return is false. > > Also note that the current script still contains > > # Filename of list of extra addresses you have added, 1 per line. > # Does not matter if this file does not exist. > my $local_extras = '/etc/MailScanner/ScamNailer.local.addresses'; > > even though the code to process that file is gone. This is actually a > good thing from the point of view of the patch because it is more > complicated to know if the local_extras file has changed, although > this can be done by checking if it is newer than the output file. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:20:49 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:21:04 2010 Subject: update_spamassassin does unnecessary sa_compile and doesn't remove log. In-Reply-To: References: <4B4B25B1.2050900@ecs.soton.ac.uk> Message-ID: Many thanks for that. Incorporated in to the next release. On 27/12/2009 16:47, Mark Sapiro wrote: > The /usr/sbin/update_spamassassin script doesn't properly handle the > exit status from sa_update. > > In particular, an exit status of 1 means no fresh updates were > available. In this case and also probably in error cases (exit status > >> 1), sa-compile should not be run. Also, an exit status of 1 should >> > not retain the log. > > I suggest the patch in the attached diff.txt to fix both issues. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:35:35 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:35:46 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: <66C91A9F-C323-44DF-804E-22B3BFEBBB82@mlrw.com> References: <20091223094812.f74e1c30.lists@buschor.ch> <66C91A9F-C323-44DF-804E-22B3BFEBBB82@mlrw.com> <4B4B2927.7070507@ecs.soton.ac.uk> Message-ID: I'm not sure I quite understand you. There are a myriad of issues here, which all need sensible answers. What happens when 1 scanner finds a spamvirus and another scanner finds a real virus? What happens when the same scanner finds both a spamvirus and a real virus? There are umpteen combinations of these issues and others, and I'm not sure I can produce a working solution for all of them. In fact I don't think one can exist in theory. What does it not do at the moment, and what would you like to do instead? And what about all the problems of multiple infections and/or multiple scanners? How do they affect your answer? I'm not trying to be mean, just that this stuff is a lot more awkward than it may at first appear. Jules. On 23/12/2009 21:06, Mike Wallace wrote: > The order checking change is only good if you use Sanesecurity. If you don't, it can create major problems such as mine where infected messages are being delivered. > > My environment requires that all infected attachments be removed from messages before delivery and all messages with a spam score of 5.0 or greater delivered to a special mailbox. I use the Sought, OpenProtect and a couple of custom rules and have a false positive rate of 0.16% and a false negative rate of 0.87% (if I exclude the viruses that passed), so I don't think that I need the Sanesecurity rules. > > I just checked the last 12 infected message that went through with spamassassin and it scored at an average of 23.0, the lowest was 11.5 the highest was 40.4. So if they were spam checked, then they never would have been delivered to the user. > > You would think that if MailScanner flags something as being infected, it would be handled identically. > > Does anyone know how to force MailScanner to spam check every non-blacklisted or non-whitelisted message like it used to? > > Mike Wallace > mike@mlrw.com > > > > On Dec 23, 2009, at 1:31 PM, Kai Schaetzl wrote: > > >> Mike Wallace wrote on Wed, 23 Dec 2009 11:16:09 -0500: >> >> >>> What I occasionally see is that clamav 0.95.3 finds an infection but >>> the message never gets spam checked. >>> >> The order of checking has been reverted lately. No need for a spamcheck if >> it already contains a virus. >> >> Kai >> >> -- >> Kai Sch?tzl, Berlin, Germany >> Get your web at Conactive Internet Services: http://www.conactive.com >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:37:05 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:37:17 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: <20091223094812.f74e1c30.lists@buschor.ch> References: <20091223094812.f74e1c30.lists@buschor.ch> <4B4B2981.7050907@ecs.soton.ac.uk> Message-ID: Which of your two options would you prefer? I suspect the "correct spam processing" is what you actually want. Jules. On 23/12/2009 08:48, ThB wrote: > I'm running MailScanner and SA, ClamAV + sanesecurity signatures but also Sophos SAVI as a comercial virus scanner. Lately I reconfigured MS to recognize sanesecurity hits as spam. In my configuration viruses should be replaced by a warning message but still be delivered, so the users know they got a message. > > > From time to time there are messages which seem to be detected by Sophos as virus and by ClamAV as spam because of sanesecurity signatures. Such messages have the SpamVirus header but an empty SpamCheck header and no SpamScore. Such messages also are tagged as "Found to be infected" but the body part is not replaced. > > X-MailScanner: Found to be infected > X-MailScanner-SpamVirus-Report: Sanesecurity.Junk.19516.UNOFFICIAL > X-MailScanner-SpamCheck: > > This now is neither the correct "virus" nor "spam" behaviour as configured. > My request: do either the correct virus processing or the correct spam processing. > > > MailScanner 4.79.4 > SpamAssassin 3.2.5 > ClamAV 0.95.3 > Sophos 4.48.0 > > thanks and merry xmas > Thomas > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simonmjones at gmail.com Mon Jan 11 13:37:28 2010 From: simonmjones at gmail.com (Simon Jones) Date: Mon Jan 11 13:37:38 2010 Subject: Q reps - Message-ID: <70572c511001110537q578d16d2rbf63e20a8446fea9@mail.gmail.com> Hello folks, sorry for posting to this forum but i can't seem to get anything through to the mailwatch forum and no bounces either... I just need to know where the url that is printed in the "view" link in mailwatch message quarantine reports is specified as I need to change it - also anyone managed to pass the user login straight off the quarantine report so you don't have to login when clicking the link in the email? tks in advance! Si. From MailScanner at ecs.soton.ac.uk Mon Jan 11 13:38:26 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 13:38:38 2010 Subject: MS unable to process xlsx file (taint mode prob again?) In-Reply-To: <5002fe2d3649296a67d126ee328ee264.squirrel@wettoast.dyndns.org> References: <75658973142c15a9d694ad67abec8ae8.squirrel@wettoast.dyndns.org> <5002fe2d3649296a67d126ee328ee264.squirrel@wettoast.dyndns.org> <4B4B29D2.4090409@ecs.soton.ac.uk> Message-ID: Is this issue fixed with the new code I'm publishing today? Jules. On 18/12/2009 18:50, Mike Jakubik wrote: > On Fri, December 18, 2009 1:42 pm, Mike Jakubik wrote: > >> Hi, >> >> I have an Excel file that is causing MS to timeout when scanning the >> email. I'm not sure if its a problem with MS or one of the Perl modules, >> but it does not happen on one of my older mail servers. I am attaching the >> spreadsheet that is causing the problem, perhaps some else could try it? >> > I just ran MS in debug mode on and this is what i got: > > Building a message batch to scan... > Have a batch of 1 message. > Insecure dependency in open while running with -T switch at > /usr/local/lib/perl5/site_perl/5.8.9/mach/IO/File.pm line 185. > /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner > > Could this be the cause? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From submit at zuka.net Mon Jan 11 15:28:29 2010 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 11 15:30:34 2010 Subject: Problem Messages Message-ID: <4B4B439D.40106@zuka.net> I have been using MailScanner for some time now and was surprised to find several of these messages in my inbox: Currently being processed: Number of messages: 3 Tries Message Next Try At ===== ======= =========== 2 C9971538001.AC06C Mon Jan 11 01:56:09 2010 2 3AF5D538002.A3A93 Mon Jan 11 01:56:03 2010 2 5C03F538003.AEBBD Mon Jan 11 01:55:26 2010 -- MailScanner Is this a new function of the latest version of MailScanner and does it mean these messages are stuck or waht? Cheers Dave From MailScanner at ecs.soton.ac.uk Mon Jan 11 15:44:10 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 11 15:44:22 2010 Subject: New Year's Resolution References: <4B4B474A.8020109@ecs.soton.ac.uk> Message-ID: Mine is to try my hardest to keep up with the mailing list rather better, and generally stay up to date with MailScanner, as I have been rather slack about it over the past few months as my day job has been so horribly busy. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Mon Jan 11 15:50:28 2010 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jan 11 15:50:34 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> Message-ID: <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> On Mon, January 11, 2010 8:06 am, Jules Field wrote: > I have fixed this one. I'll do another beta release this afternoon so > you all have the latest code. > > Jules. Thanks Jules. I have updated the FreeBSD port to run the master perl process as the "run as" user, to disable taint mode. I will test the new version and let you know/update the port. From shuttlebox at gmail.com Mon Jan 11 15:53:42 2010 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jan 11 15:54:11 2010 Subject: Problem Messages In-Reply-To: <4B4B439D.40106@zuka.net> References: <4B4B439D.40106@zuka.net> Message-ID: <625385e31001110753uc9a0f6dy911b1608144391ea@mail.gmail.com> On Mon, Jan 11, 2010 at 4:28 PM, Dave Filchak wrote: > I have been using MailScanner for some time now and was surprised to find > several of these messages in my inbox: > > Currently being processed: > > Number of messages: 3 > Tries ? Message Next Try At > ===== ? ======= =========== > 2 ? ? ? C9971538001.AC06C ? ? ? Mon Jan 11 01:56:09 2010 > 2 ? ? ? 3AF5D538002.A3A93 ? ? ? Mon Jan 11 01:56:03 2010 > 2 ? ? ? 5C03F538003.AEBBD ? ? ? Mon Jan 11 01:55:26 2010 > > -- MailScanner > > Is this a new function of the latest version of MailScanner and does it mean > these messages are stuck or waht? Should be this: 1/4/2009 New in Version 4.75.11-1 ================================= * New Features and Improvements * 2 Implemented crash-protection, by limiting the number of attempts made at processing any given message. There are 2 new configuration settings: "Maximum Processing Attempts" which is set to 6 by default, and "Processing Attempts Database" which is set to /var/spool/MailScanner/ incoming/Processing.db by default. To disable this feature, just set "Maximum Processing Attempts = 0". To clean out the database, just stop MailScanner and delete the database file. Many thanks to David Lee at Durham University, UK for the ideas behind this new system. 3 New script "processing_messages_alert" which will be installed in /usr/sbin on Linux systems and in /opt/MailScanner/bin on other systems. Also, in Linux, this is enabled as an hourly cron job. It executes the command "MailScanner --processing" which prints the contents of the "messages being processed" database, excluding any messages which are being processed for the first time. If there is nothing to print, it outputs nothing and no mail message is generated by the cron job. It sends the mail message from the "Notices From" address to the "Notices To" address. To edit the text of the message, just edit the "processing_messages_alert" script, it is very simple. -- /peter From mikael at syska.dk Mon Jan 11 16:28:10 2010 From: mikael at syska.dk (Mikael Syska) Date: Mon Jan 11 16:28:23 2010 Subject: More taint mode problems (please help) In-Reply-To: <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> Message-ID: <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> Hi, Mostly for Mike Jakubik ... Dont know how FreeBSD accepts package to the ports tree ... but I guess you know :-) Since you are in the package maintainer, maybe you coult get the old mailscanner-devel deleted as its very old and not used any more. Just so new people dont think its a never version of the port. I will be happy to test the pakckage, when its released. I have been holding back from upgrading the package cause of all the taint problems there have been. Hopefully its soon over ... mvh Mikael Syska On Mon, Jan 11, 2010 at 4:50 PM, Mike Jakubik wrote: > > On Mon, January 11, 2010 8:06 am, Jules Field wrote: > > I have fixed this one. I'll do another beta release this afternoon so > > you all have the latest code. > > > > Jules. > > Thanks Jules. I have updated the FreeBSD port to run the master perl > process as the "run as" user, to disable taint mode. I will test the new > version and let you know/update the port. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From submit at zuka.net Mon Jan 11 16:39:55 2010 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 11 16:42:02 2010 Subject: Advise please In-Reply-To: References: <4B4A35E0.6030006@zuka.net> <4B4B12E2.4080902@ecs.soton.ac.uk> Message-ID: <4B4B545B.2010406@zuka.net> Jules, Basically, what I have done is remove all references to clam* from /usr/loca/bin and sbin. I already had the latest clamd installed under /usr/bin and /usr/sbin. Updated the references under virus.scanners.conf to point to the clamd installation under /usr/sbin and mad sure the /etc/clamd.conf and MailScanner.conf socket directory entries were both set to /tmp/ However, when I run MailScanner --lint, it says: =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Cannot find Socket (/tmp/clamd.socket) Exiting! at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3689 The socket file is indeed in /tmp so why can't it find it? Also, confused about the previous entry: MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamavmodule Shouldn't the second line say clamd as well? Dave On 11/01/2010 7:00 AM, Jules Field wrote: > Find every directory and file under /usr/local whose name mentions > "clam" in it anywhere, and delete it. > Then install the clamd and related RPMs from packages.sw.be and make > sure your /etc/clamd.conf contains the same socket location as your > MailScanner.conf file does, or else they won't talk to each other. > Also change your virus.scanners.conf to point to the new location and > not /usr/local or whatever it says now. > > "MailScanner --lint" will show you if your setup is basically correct, > it should find some viruses in its test message and complete without > any errors. > > Jules > > On 10/01/2010 20:17, Dave Filchak wrote: >> I have come to realize that I have two versions of clamscan and two >> versions of freshclam installed on my machine. This after getting the >> "Your ClamAV Installation is OUTDATED". As well, have duplicate >> libraries, two versions of clamd etc. I would like advise as to how >> to clean this up and get it down to only one of each. I am using >> clamd for scanning. >> >> I would prefer to use rpms for this but am not adverse to compiling >> things. I am only one taking care of the servers and have lots of >> other things on the go so quick and efficient is always good. Below >> are the specs. I know the OS is old and needs to be updated. All are >> scheduled to be replaced this year but may be later in the year so >> would like to get things in the proper place, not duplicated and easy >> to update until I have a new machine and a chance to deal with it. >> >> Had another fellow doing this before but now is just myself. All help >> is very much appreciated. >> >> Let me know if any more info is required. >> >> Cheers, >> >> Dave >> >> whereis clamav >> clamav: /usr/include/clamav.h >> >> whereis clamd >> clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd >> /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz >> >> whereis freshclam >> freshclam: /usr/bin/freshclam /etc/freshclam.conf >> /usr/local/bin/freshclam /usr/local/etc/freshclam.conf >> /usr/share/man/man1/freshclam.1.gz >> >> whereis clamscan >> clamscan: /usr/bin/clamscan /usr/local/bin/clamscan >> /usr/share/man/man1/clamscan.1.gz >> >> ldd /usr/bin/freshclam >> libclamav.so.6 => /usr/lib64/libclamav.so.6 (0x0000002a95568000) >> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) >> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >> libpthread.so.0 => /lib64/tls/libpthread.so.0 >> (0x0000003c2f500000) >> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >> libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) >> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >> >> ldd /usr/local/bin/freshclam >> libclamav.so.4 => /usr/local/lib/libclamav.so.4 >> (0x0000002a95568000) >> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) >> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >> libpthread.so.0 => /lib64/tls/libpthread.so.0 >> (0x0000003c2f500000) >> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >> libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) >> libclamunrar_iface.so.4 => >> /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) >> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >> libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 >> (0x0000002a9591e000) >> >> MailScanner -V >> Running on >> Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 >> x86_64 x86_64 GNU/Linux >> This is CentOS release 4.3 (Final) >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.78.17 >> Module versions are: >> 1.00 AnyDBM_File >> 1.20 Archive::Zip >> 0.23 bignum >> 1.03 Carp >> 2.005 Compress::Zlib >> 1.119 Convert::BinHex >> 0.17 Convert::TNEF >> 2.121 Data::Dumper >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.20 File::Temp >> 0.78 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.04 Mail::Header >> 1.89 Math::BigInt >> 0.22 Math::BigRat >> 3.05 MIME::Base64 >> 5.427 MIME::Decoder >> 5.427 MIME::Decoder::UU >> 5.427 MIME::Head >> 5.427 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.427 MIME::Tools >> 0.13 Net::CIDR >> 1.25 Net::IP >> 0.16 OLE::Storage_Lite >> 1.04 Pod::Escapes >> 3.05 Pod::Simple >> 1.08 POSIX >> 1.19 Scalar::Util >> 1.77 Socket >> 2.16 Storable >> 1.4 Sys::Hostname::Long >> 0.27 Sys::Syslog >> 1.26 Test::Pod >> 0.6 Test::Simple >> 1.68 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.32 Archive::Tar >> 0.23 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.25 DBD::SQLite >> 1.607 DBI >> 1.10 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.11 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.19 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.38 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.22 Mail::ClamAV >> 3.002005 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.65 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> 0.31 Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.52 Test::Harness >> 0.95 Test::Manifest >> 1.98 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.65 YAML >> > > Jules > From submit at zuka.net Mon Jan 11 16:54:24 2010 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 11 16:56:27 2010 Subject: Advise please In-Reply-To: <4B4B545B.2010406@zuka.net> References: <4B4A35E0.6030006@zuka.net> <4B4B12E2.4080902@ecs.soton.ac.uk> <4B4B545B.2010406@zuka.net> Message-ID: <4B4B57C0.5090702@zuka.net> Ignore my last email around the socket. My bad ... typo :-( Damn these fingers!! Dave On 11/01/2010 11:39 AM, Dave Filchak wrote: > Jules, > > Basically, what I have done is remove all references to clam* from > /usr/loca/bin and sbin. I already had the latest clamd installed under > /usr/bin and /usr/sbin. Updated the references under > virus.scanners.conf to point to the clamd installation under /usr/sbin > and mad sure the /etc/clamd.conf and MailScanner.conf socket directory > entries were both set to /tmp/ However, when I run MailScanner --lint, > it says: > > > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot find Socket (/tmp/clamd.socket) Exiting! at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3689 > > The socket file is indeed in /tmp so why can't it find it? Also, > confused about the previous entry: > > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamavmodule > > Shouldn't the second line say clamd as well? > > Dave > > On 11/01/2010 7:00 AM, Jules Field wrote: >> Find every directory and file under /usr/local whose name mentions >> "clam" in it anywhere, and delete it. >> Then install the clamd and related RPMs from packages.sw.be and make >> sure your /etc/clamd.conf contains the same socket location as your >> MailScanner.conf file does, or else they won't talk to each other. >> Also change your virus.scanners.conf to point to the new location and >> not /usr/local or whatever it says now. >> >> "MailScanner --lint" will show you if your setup is basically >> correct, it should find some viruses in its test message and complete >> without any errors. >> >> Jules >> >> On 10/01/2010 20:17, Dave Filchak wrote: >>> I have come to realize that I have two versions of clamscan and two >>> versions of freshclam installed on my machine. This after getting >>> the "Your ClamAV Installation is OUTDATED". As well, have duplicate >>> libraries, two versions of clamd etc. I would like advise as to how >>> to clean this up and get it down to only one of each. I am using >>> clamd for scanning. >>> >>> I would prefer to use rpms for this but am not adverse to compiling >>> things. I am only one taking care of the servers and have lots of >>> other things on the go so quick and efficient is always good. Below >>> are the specs. I know the OS is old and needs to be updated. All are >>> scheduled to be replaced this year but may be later in the year so >>> would like to get things in the proper place, not duplicated and >>> easy to update until I have a new machine and a chance to deal with it. >>> >>> Had another fellow doing this before but now is just myself. All >>> help is very much appreciated. >>> >>> Let me know if any more info is required. >>> >>> Cheers, >>> >>> Dave >>> >>> whereis clamav >>> clamav: /usr/include/clamav.h >>> >>> whereis clamd >>> clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd >>> /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz >>> >>> whereis freshclam >>> freshclam: /usr/bin/freshclam /etc/freshclam.conf >>> /usr/local/bin/freshclam /usr/local/etc/freshclam.conf >>> /usr/share/man/man1/freshclam.1.gz >>> >>> whereis clamscan >>> clamscan: /usr/bin/clamscan /usr/local/bin/clamscan >>> /usr/share/man/man1/clamscan.1.gz >>> >>> ldd /usr/bin/freshclam >>> libclamav.so.6 => /usr/lib64/libclamav.so.6 >>> (0x0000002a95568000) >>> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) >>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >>> libpthread.so.0 => /lib64/tls/libpthread.so.0 >>> (0x0000003c2f500000) >>> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >>> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) >>> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >>> >>> ldd /usr/local/bin/freshclam >>> libclamav.so.4 => /usr/local/lib/libclamav.so.4 >>> (0x0000002a95568000) >>> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) >>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >>> libpthread.so.0 => /lib64/tls/libpthread.so.0 >>> (0x0000003c2f500000) >>> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >>> libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) >>> libclamunrar_iface.so.4 => >>> /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) >>> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >>> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >>> libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 >>> (0x0000002a9591e000) >>> >>> MailScanner -V >>> Running on >>> Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 >>> x86_64 x86_64 GNU/Linux >>> This is CentOS release 4.3 (Final) >>> This is Perl version 5.008005 (5.8.5) >>> >>> This is MailScanner version 4.78.17 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.20 Archive::Zip >>> 0.23 bignum >>> 1.03 Carp >>> 2.005 Compress::Zlib >>> 1.119 Convert::BinHex >>> 0.17 Convert::TNEF >>> 2.121 Data::Dumper >>> 2.27 Date::Parse >>> 1.00 DirHandle >>> 1.05 Fcntl >>> 2.73 File::Basename >>> 2.08 File::Copy >>> 2.01 FileHandle >>> 1.06 File::Path >>> 0.20 File::Temp >>> 0.78 Filesys::Df >>> 1.35 HTML::Entities >>> 3.56 HTML::Parser >>> 2.37 HTML::TokeParser >>> 1.23 IO >>> 1.14 IO::File >>> 1.13 IO::Pipe >>> 2.04 Mail::Header >>> 1.89 Math::BigInt >>> 0.22 Math::BigRat >>> 3.05 MIME::Base64 >>> 5.427 MIME::Decoder >>> 5.427 MIME::Decoder::UU >>> 5.427 MIME::Head >>> 5.427 MIME::Parser >>> 3.03 MIME::QuotedPrint >>> 5.427 MIME::Tools >>> 0.13 Net::CIDR >>> 1.25 Net::IP >>> 0.16 OLE::Storage_Lite >>> 1.04 Pod::Escapes >>> 3.05 Pod::Simple >>> 1.08 POSIX >>> 1.19 Scalar::Util >>> 1.77 Socket >>> 2.16 Storable >>> 1.4 Sys::Hostname::Long >>> 0.27 Sys::Syslog >>> 1.26 Test::Pod >>> 0.6 Test::Simple >>> 1.68 Time::HiRes >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.32 Archive::Tar >>> 0.23 bignum >>> 1.82 Business::ISBN >>> 1.10 Business::ISBN::Data >>> 1.08 Data::Dump >>> 1.814 DB_File >>> 1.25 DBD::SQLite >>> 1.607 DBI >>> 1.10 Digest >>> 1.01 Digest::HMAC >>> 2.36 Digest::MD5 >>> 2.11 Digest::SHA1 >>> 1.00 Encode::Detect >>> 0.17008 Error >>> 0.19 ExtUtils::CBuilder >>> 2.18 ExtUtils::ParseXS >>> 2.38 Getopt::Long >>> 0.44 Inline >>> 1.08 IO::String >>> 1.04 IO::Zlib >>> 2.21 IP::Country >>> 0.22 Mail::ClamAV >>> 3.002005 Mail::SpamAssassin >>> v2.004 Mail::SPF >>> 1.999001 Mail::SPF::Query >>> 0.2808 Module::Build >>> 0.20 Net::CIDR::Lite >>> 0.65 Net::DNS >>> 0.002.2 Net::DNS::Resolver::Programmable >>> 0.31 Net::LDAP >>> 4.004 NetAddr::IP >>> 1.94 Parse::RecDescent >>> missing SAVI >>> 2.52 Test::Harness >>> 0.95 Test::Manifest >>> 1.98 Text::Balanced >>> 1.35 URI >>> 0.7203 version >>> 0.65 YAML >>> >> >> Jules >> From wtogami at redhat.com Mon Jan 11 15:32:15 2010 From: wtogami at redhat.com (Warren Togami) Date: Mon Jan 11 16:58:18 2010 Subject: REMINDER: 3.3.0 final cut January 15th, 2010 In-Reply-To: <6c399e450912290427s6bdebca3r7d10b01f7d3fde6c@mail.gmail.com> References: <4B37FF5E.40000@redhat.com> <6c399e450912290427s6bdebca3r7d10b01f7d3fde6c@mail.gmail.com> Message-ID: <4B4B447F.1000500@redhat.com> This is a reminder that the 3.3.0 final cut is scheduled for Friday, January 15th. http://tinyurl.com/yd8n96m Please review the bugs. Only priority P1 bugs are considered blockers for 3.3.0. Warren Togami wtogami@redhat.com On 12/29/2009 07:27 AM, Justin Mason wrote: > +1. I expect there'll be a lot more tickets at that point, but that > happens every release; most SA users tend to wait for the GA. > > --j. > > On Mon, Dec 28, 2009 at 00:44, Warren Togami wrote: >> I would like to propose a cut date for 3.3.0 final release. Friday, January >> 15th, 2010 would give us a total of 3 weeks of validation of 3.3.0-rc1. At >> that point we will cut a proposed tarball for 3.3.0 and and call for the 3 >> votes necessary for release. >> >> http://tinyurl.com/yd8n96m >> Bugs targeting 3.3.0, P1 priority are considered release blockers. Please >> promote additional bugs to P1 if you believe they must be fixed before >> release. >> >> Any objections to this proposed cut date? >> >> Warren Togami >> wtogami@redhat.com >> >> > > > From submit at zuka.net Mon Jan 11 17:09:36 2010 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 11 17:11:41 2010 Subject: last little bit Message-ID: <4B4B5B50.9030000@zuka.net> Just about there and thank you to Jules and all others who reponded with help. It is appreciated. Just one last little bit here: freshclam is in /usr/bin and the path in the freshclam script in cron.daily is correct. /usr/bin is in my $PATH but when I run freshclam from the command line with out a full path to the current install directory, it says freshclam cannot be found. It is looking in the old location. Is there a cache or something? Could be a bit brain dead on this one but can someone enlighten me on this? Thanks Dave From s66576 at alice.it Mon Jan 11 17:18:11 2010 From: s66576 at alice.it (s66576@alice.it) Date: Mon Jan 11 17:18:58 2010 Subject: mail disapears in the postfix queue Message-ID: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> Hi, this strange thing happens on my local linux server, it's a simple installation of Mailscanner + postfix on ubuntu lts: Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, sasl_username=smtpuser@XXX.com Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id F19BD354E2??for ; Sun, 10 Jan 2010 10:3 from -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= to= proto=ESMTP helo= Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> After this I don't see any trace of this queueid F19BD354E2 in my mail.log, that's the first time happen to me. No message was wrote on filesystem, and the postfix queues are empty ( hold,deferred... ). Should I try to increase Mailscanner log verbosity ? Or is better look for postfix queue ? Mailscanner fetches mails from hold and leave them incoming, it's a default installation. Anyone with similar problems ? Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100111/2f8e7edd/attachment.html From maillists at conactive.com Mon Jan 11 17:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 11 17:31:32 2010 Subject: New Year's Resolution In-Reply-To: References: <4B4B474A.8020109@ecs.soton.ac.uk> Message-ID: Julian, for me, it's been good enough, anyway :-) I enjoy it that there's not so many new releases. Wish you a, under the circumstances, healthy new year! Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From igueths at lava-net.com Mon Jan 11 18:16:45 2010 From: igueths at lava-net.com (Igor Gueths) Date: Mon Jan 11 18:15:04 2010 Subject: mail disapears in the postfix queue In-Reply-To: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> References: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> Message-ID: <20100111181645.GA3255@lava-net.com> Hi. On Mon, Jan 11, 2010 at 06:18:11PM +0100, s66576@alice.it wrote: > Hi, > > this strange thing happens on my local linux server, it's a simple installation of Mailscanner + postfix on ubuntu lts: > > Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, sasl_username=smtpuser@XXX.com > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id F19BD354E2??for ; Sun, 10 Jan 2010 10:3 from -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= to= proto=ESMTP helo= > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> > > After this I don't see any trace of this queueid F19BD354E2 in my mail.log, that's the first time happen to me. No message was wrote on filesystem, and the postfix queues are empty ( hold,deferred... ). Should I try to increase Mailscanner log verbosity ? Or is better look for postfix queue ? > Before you try increasing MailScanner's log verbosity, try sending a message to yourself via Telnet on Netcat, to see if the server is perhaps responding in a way that it shouldn't be. Here is a simple example: telnet host (replace with your actual mail server's hostname or IP address) 25 helo your domain mail from: someuser@yourdomain rcpt to: ou@yourdomain data ANy other headers and text here, such as To, Subject, etc. . Don't forget the final ".", as this is what tells the server that you have finished your message, and to queue what it has in its input. > > Mailscanner fetches mails from hold and leave them incoming, it's a default installation. > Anyone with similar problems ? > Regards. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Igor -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100111/d89aa9e1/attachment.bin From uxbod at splatnix.net Mon Jan 11 18:20:13 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jan 11 18:20:40 2010 Subject: New Year's Resolution In-Reply-To: Message-ID: <7242020.108.1263234012995.JavaMail.root@office.splatnix.net> ----- "Kai Schaetzl" wrote: > Julian, for me, it's been good enough, anyway :-) I enjoy it that > there's > not so many new releases. Wish you a, under the circumstances, healthy > new > year! > > Kai > Seconded! Hope 2010 is better for you Jules -- Thanks, Phil From amelein at dantumadiel.eu Mon Jan 11 18:42:51 2010 From: amelein at dantumadiel.eu (Arjan Melein) Date: Mon Jan 11 18:43:08 2010 Subject: Message attempted to kill mailscanner Message-ID: <4B4B7F3B0200008E00012862@10.1.0.206> is there any way to set the limit of dying mailscanner childs to + 2 before it triggers the 'attempted to kill' detection ? I keep getting the 'message attempted to kill mailscanner' error more and more frequently because greylisting is keeping out so much spam on my low volume system that every now and then a valid e-mail triggers the 'dying of old age' for every thread and gets marked as an attempt to kill MS. - Arjan From Garrod.Alwood at lorodoes.com Mon Jan 11 18:46:29 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 11 18:52:40 2010 Subject: Message attempted to kill mailscanner In-Reply-To: <4B4B7F3B0200008E00012862@10.1.0.206> References: <4B4B7F3B0200008E00012862@10.1.0.206> Message-ID: <2FDB1A57-7A12-46B7-A3D1-3B27649371BE@mimectl> I am seeing office 2007 file type trying to Kill mailscanner and I'm wondering if that is because of tainted perl issue. Anyone have any ideas? Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Arjan Melein [amelein@dantumadiel.eu] Sent: Monday, January 11, 2010 1:42 PM To: mailscanner@lists.mailscanner.info Subject: Message attempted to kill mailscanner is there any way to set the limit of dying mailscanner childs to + 2 before it triggers the 'attempted to kill' detection ? I keep getting the 'message attempted to kill mailscanner' error more and more frequently because greylisting is keeping out so much spam on my low volume system that every now and then a valid e-mail triggers the 'dying of old age' for every thread and gets marked as an attempt to kill MS. - Arjan -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100111/ad0905c0/attachment.html From dcurtis at sbschools.net Mon Jan 11 19:51:36 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Jan 11 19:52:23 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> Any other idea's on this topic. I have too many emails making it into the end users junk mail to keep ignoring our mailscanner not obeying our scoring rules. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From mike at mlrw.com Mon Jan 11 20:26:43 2010 From: mike at mlrw.com (Mike Wallace) Date: Mon Jan 11 20:26:55 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> Message-ID: <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> I find it's best to run /usr/sbin/update_spamassassin (Jules update script) to update sa rules as it will call sa-update and sa-compile if you have them both installed. Mike On Jan 11, 2010, at 2:51 PM, wrote: > Any other idea's on this topic. I have too many emails making it into > the end users junk mail to keep ignoring our mailscanner not obeying our > scoring rules. > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > From dcurtis at sbschools.net Mon Jan 11 20:55:50 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Mon Jan 11 20:58:13 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> Message-ID: <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> Thanks already tried that. I have moved the FH_DATE_PAST rule to the top of the conf file. I have created a custom.cf file with only the score FH_DATE_PAST_20XX 0.00 and no matter where I put it that and many other custom scores are being ignored. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Wallace Sent: Monday, January 11, 2010 3:27 PM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 I find it's best to run /usr/sbin/update_spamassassin (Jules update script) to update sa rules as it will call sa-update and sa-compile if you have them both installed. Mike On Jan 11, 2010, at 2:51 PM, wrote: > Any other idea's on this topic. I have too many emails making it into > the end users junk mail to keep ignoring our mailscanner not obeying our > scoring rules. > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From Garrod.Alwood at lorodoes.com Mon Jan 11 21:01:32 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 11 21:07:42 2010 Subject: Office 2007 Message-ID: Hey, I was wondering if anyone else is having trouble with office 2007 files attempting to kill MailScanner? I'm not sure if this part of the taint issue or not, but can somebody please advise? Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100111/c0c61e27/attachment.html From hvdkooij at vanderkooij.org Mon Jan 11 21:26:12 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 11 21:26:21 2010 Subject: Office 2007 In-Reply-To: References: Message-ID: <4B4B9774.2040707@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/10 22:01, Garrod M. Alwood wrote: > Hey, I was wondering if anyone else is having trouble with office 2007 > files attempting to kill MailScanner? I'm not sure if this part of the > taint issue or not, but can somebody please advise? Can you explain what you see happening? And I am sure there is something of an OS installed and some version details would go nicely with that as well. Hugo. (Or as James T. Kirk said it: I never trusted consultants, I guess I never will. ;-) ) - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktLl3IACgkQBvzDRVjxmYGAsQCglFf3QwmuyMy2aCAZIwJ1O1x8 OR4AnRCAc1DIbycjFkuiTv9JOcZMaBtP =tkYu -----END PGP SIGNATURE----- From Garrod.Alwood at lorodoes.com Mon Jan 11 21:30:36 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Mon Jan 11 21:36:48 2010 Subject: Office 2007 In-Reply-To: <4B4B9774.2040707@vanderkooij.org> References: , <4B4B9774.2040707@vanderkooij.org> Message-ID: <41F53744-2B35-4073-AFDA-16C62C8EE1B3@mimectl> Sure, no problem. I have the newest 4.79.5-1 mailscanner installed (fixed a few filetypes), Ubuntu 9.10, Perl 5.10 and when someone sends xlsx and docx files, the email doesn't send and gets repeatedly attempted to send and after 6 tries it kills the emails and logs it as a Emal attempted to kill MailScanner. I have the office 2007 documents in the filetype and filename rules marked as ok (I know that probably doesn't matter for this, but wanted to give more than enough info.) I have watched my log files as one comes in and it keeps trying and it just can't do anything with it and the bad part is I can't see what exactly is causing the error. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij [hvdkooij@vanderkooij.org] Sent: Monday, January 11, 2010 4:26 PM To: mailscanner@lists.mailscanner.info Subject: Re: Office 2007 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/10 22:01, Garrod M. Alwood wrote: > Hey, I was wondering if anyone else is having trouble with office 2007 > files attempting to kill MailScanner? I'm not sure if this part of the > taint issue or not, but can somebody please advise? Can you explain what you see happening? And I am sure there is something of an OS installed and some version details would go nicely with that as well. Hugo. (Or as James T. Kirk said it: I never trusted consultants, I guess I never will. ;-) ) - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktLl3IACgkQBvzDRVjxmYGAsQCglFf3QwmuyMy2aCAZIwJ1O1x8 OR4AnRCAc1DIbycjFkuiTv9JOcZMaBtP =tkYu -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100111/a564ed7f/attachment.html From mike at mlrw.com Mon Jan 11 22:03:04 2010 From: mike at mlrw.com (Mike Wallace) Date: Mon Jan 11 22:03:26 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: References: <20091223094812.f74e1c30.lists@buschor.ch> <66C91A9F-C323-44DF-804E-22B3BFEBBB82@mlrw.com> <4B4B2927.7070507@ecs.soton.ac.uk> Message-ID: <64E0B3D3-D004-4AFE-A8D6-E35880AC6ABD@mlrw.com> I am trying to get MailScanner to work like it used to. In older versions, it would scan the message for viruses with clamav and if it's infected, remove the virus and insert the warning message and then spam score it. Then based on the score either deliver it to the recipient or forward it to a specific mailbox for review. Now if clamav finds a virus, MailScanner just marks it as {Virus} and delivers it. It also seems that {Disarmed} and {Fraud} don't work the same. I see messages marked with {Disarmed}, but in the body I see "MailScanner has detected a possible fraud attempt from". So did it disarm a WebBug, is it phishing or is it both? In older versions the only time I saw {Disarmed} was when a WebBug was replaced with http://www.mailscanner.tv/1x1spacer.gif (which is still true). What changes in MailScanner changed this behavior? Is it "ClamAV Full Message Scan = yes" and the order of av scan and spamassassin or is there other changes? Other than MailScanner passing viruses I love the product and recommend it. I just want to get back to the old behaviour. Mike Wallace mike@mlrw.com On Jan 11, 2010, at 8:35 AM, Jules Field wrote: > I'm not sure I quite understand you. > There are a myriad of issues here, which all need sensible answers. > What happens when 1 scanner finds a spamvirus and another scanner finds a real virus? > What happens when the same scanner finds both a spamvirus and a real virus? > There are umpteen combinations of these issues and others, and I'm not sure I can produce a working solution for all of them. In fact I don't think one can exist in theory. > > What does it not do at the moment, and what would you like to do instead? > And what about all the problems of multiple infections and/or multiple scanners? How do they affect your answer? > > I'm not trying to be mean, just that this stuff is a lot more awkward than it may at first appear. > > Jules. > > On 23/12/2009 21:06, Mike Wallace wrote: >> The order checking change is only good if you use Sanesecurity. If you don't, it can create major problems such as mine where infected messages are being delivered. >> >> My environment requires that all infected attachments be removed from messages before delivery and all messages with a spam score of 5.0 or greater delivered to a special mailbox. I use the Sought, OpenProtect and a couple of custom rules and have a false positive rate of 0.16% and a false negative rate of 0.87% (if I exclude the viruses that passed), so I don't think that I need the Sanesecurity rules. >> >> I just checked the last 12 infected message that went through with spamassassin and it scored at an average of 23.0, the lowest was 11.5 the highest was 40.4. So if they were spam checked, then they never would have been delivered to the user. >> >> You would think that if MailScanner flags something as being infected, it would be handled identically. >> >> Does anyone know how to force MailScanner to spam check every non-blacklisted or non-whitelisted message like it used to? >> >> Mike Wallace >> mike@mlrw.com >> >> >> >> On Dec 23, 2009, at 1:31 PM, Kai Schaetzl wrote: >> >> >>> Mike Wallace wrote on Wed, 23 Dec 2009 11:16:09 -0500: >>> >>> >>>> What I occasionally see is that clamav 0.95.3 finds an infection but >>>> the message never gets spam checked. >>>> >>> The order of checking has been reverted lately. No need for a spamcheck if >>> it already contains a virus. >>> >>> Kai >>> >>> -- >>> Kai Sch?tzl, Berlin, Germany >>> Get your web at Conactive Internet Services: http://www.conactive.com >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. >>> >>> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > From hvdkooij at vanderkooij.org Mon Jan 11 22:16:14 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 11 22:16:28 2010 Subject: Office 2007 In-Reply-To: <41F53744-2B35-4073-AFDA-16C62C8EE1B3@mimectl> References: , <4B4B9774.2040707@vanderkooij.org> <41F53744-2B35-4073-AFDA-16C62C8EE1B3@mimectl> Message-ID: <4B4BA32E.2060804@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/10 22:30, Garrod M. Alwood wrote: > Sure, no problem. I have the newest 4.79.5-1 mailscanner installed > (fixed a few filetypes), Ubuntu 9.10, Perl 5.10 and when someone sends > xlsx and docx files, the email doesn't send and gets repeatedly > attempted to send and after 6 tries it kills the emails and logs it as a > Emal attempted to kill MailScanner. I have the office 2007 documents in > the filetype and filename rules marked as ok (I know that probably > doesn't matter for this, but wanted to give more than enough info.) I > have watched my log files as one comes in and it keeps trying and it > just can't do anything with it and the bad part is I can't see what > exactly is causing the error. Well I usually run top while testing something I can reproduce. If you can easily reproduce the issue you may want to look into the archives for the exact debugging steps. I might tell you where this get mixed up. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktLoywACgkQBvzDRVjxmYGCngCgj/MCW27cNNut5E/S4XkTUiRo EqAAn0eaRZtBk5mooNoO/8sRRTq0ThUW =Ge40 -----END PGP SIGNATURE----- From maillists at conactive.com Tue Jan 12 00:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 12 00:31:29 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> Message-ID: Did you notice you are going in circles? This list has given you a lot of advice and still it's not working for you. Honestly, it would surprise me that this is because of non-fitting or missing advice. It's rather that you may have understood, deduced or implemented something the wrong way. And you are likely to do that a second time even if we walk you through everything again. Time to consider hiring someone to have a look at your system. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jan 12 00:38:03 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 12 00:38:12 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: <64E0B3D3-D004-4AFE-A8D6-E35880AC6ABD@mlrw.com> References: <20091223094812.f74e1c30.lists@buschor.ch> <66C91A9F-C323-44DF-804E-22B3BFEBBB82@mlrw.com> <4B4B2927.7070507@ecs.soton.ac.uk> <64E0B3D3-D004-4AFE-A8D6-E35880AC6ABD@mlrw.com> Message-ID: Mike Wallace wrote on Mon, 11 Jan 2010 17:03:04 -0500: > In older versions, it would scan the message for viruses with clamav No. It would first spamscan and then viruscan the message. If it was found to be spam and the action was to quarantine it, no further viruscan would happen at this stage. Now it's the other way around. > and if it's infected, remove the virus and insert the warning message did it? Not by default I think. Default for viruses was/is to put the message in quarantine. Full stop. There's no point in "disinfecting" virus laden messages, because there are *no* messages that contain a virus *and* a legitimate message at the same time. > and then spam score it. Then based on the score either deliver it > to the recipient or forward it to a specific mailbox for review. Now > if clamav finds a virus, MailScanner just marks it as {Virus} and > delivers it. That's because you misconfigured your MS. Again, there is no point in delivering a message with a virus, with the virus removed or not. > > It also seems that {Disarmed} and {Fraud} don't work the same. I see > messages marked with {Disarmed}, but in the body I see "MailScanner > has detected a possible fraud attempt from". So did it disarm a WebBug, > is it phishing or is it both? In older versions the only time I saw > {Disarmed} was when a WebBug was replaced with http://www.mailscanner.tv/1x1spacer.gif > (which is still true). Disarmed also removes objectionable HTML tags etc. That's why it is called "disarmed". It has nothing to do with fraud or phishing, it can be a legitimate mail. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ram at netcore.co.in Tue Jan 12 05:57:54 2010 From: ram at netcore.co.in (ram) Date: Tue Jan 12 05:58:06 2010 Subject: OT: Which virus scanners to use Message-ID: <1263275874.14072.25.camel@darkstar.netcore.co.in> Hi We have been running f-prot (commercial ) and clamavmodule on our servers but both of them are performance intensive Also clam signatures are prone to errors in some cases. Is there a good lighter alternative (commercial ok) that Mailscanner users may be using. Thanks Ram -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100112/67607b0b/attachment.html From steve.freegard at fsl.com Tue Jan 12 07:58:24 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jan 12 07:58:35 2010 Subject: OT: Which virus scanners to use In-Reply-To: <1263275874.14072.25.camel@darkstar.netcore.co.in> References: <1263275874.14072.25.camel@darkstar.netcore.co.in> Message-ID: <4B4C2BA0.1080508@fsl.com> On 12/01/10 05:57, ram wrote: > Hi > > We have been running f-prot (commercial ) and clamavmodule on our > servers but both of them are performance intensive > Also clam signatures are prone to errors in some cases. > > Is there a good lighter alternative (commercial ok) that Mailscanner > users may be using. IMO - you've already got the best two. Just convert to clamd instead of clamavmodule and fpscand (can't remember if MailScanner supports this or not though). Cheers, Steve. From MailScanner at ecs.soton.ac.uk Tue Jan 12 08:35:51 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Jan 12 08:36:13 2010 Subject: More taint mode problems (please help) In-Reply-To: <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> Message-ID: On 11/01/2010 16:28, Mikael Syska wrote: > Hi, > > Mostly for Mike Jakubik ... > Dont know how FreeBSD accepts package to the ports tree ... but I > guess you know :-) > Not the faintest idea, sorry. > Since you are in the package maintainer, maybe you coult get the old > mailscanner-devel deleted as its very old and not used any more. Just > so new people dont think its a never version of the port. > Any ideas where I should start? > I will be happy to test the pakckage, when its released. I have been > holding back from upgrading the package cause of all the taint > problems there have been. Hopefully its soon over ... > I've released 4.79.5, which I would gratefully appreciate you testing. Thanks, Jules. > mvh > Mikael Syska > > On Mon, Jan 11, 2010 at 4:50 PM, Mike Jakubik wrote: > >> On Mon, January 11, 2010 8:06 am, Jules Field wrote: >> >>> I have fixed this one. I'll do another beta release this afternoon so >>> you all have the latest code. >>> >>> Jules. >>> >> Thanks Jules. I have updated the FreeBSD port to run the master perl >> process as the "run as" user, to disable taint mode. I will test the new >> version and let you know/update the port. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 08:38:50 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Jan 12 08:39:06 2010 Subject: Advise please In-Reply-To: <4B4B545B.2010406@zuka.net> References: <4B4A35E0.6030006@zuka.net> <4B4B12E2.4080902@ecs.soton.ac.uk> <4B4B545B.2010406@zuka.net> <4B4C351A.6090509@ecs.soton.ac.uk> Message-ID: Check /usr/local/lib and /usr/local/share as well, you will find references in there too. You need to check all of usr/local. This should help: find /usr/local -name '*clam*' -print On 11/01/2010 16:39, Dave Filchak wrote: > Jules, > > Basically, what I have done is remove all references to clam* from > /usr/loca/bin and sbin. I already had the latest clamd installed under > /usr/bin and /usr/sbin. Updated the references under > virus.scanners.conf to point to the clamd installation under /usr/sbin > and mad sure the /etc/clamd.conf and MailScanner.conf socket directory > entries were both set to /tmp/ However, when I run MailScanner --lint, > it says: > > > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Cannot find Socket (/tmp/clamd.socket) Exiting! at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3689 > > The socket file is indeed in /tmp so why can't it find it? Also, > confused about the previous entry: No it isn't. Is your clamd running at all? The socket file must be called "clamd.socket" in /tmp, not just be in /tmp somewhere, the name has to match too. > > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamavmodule That implies it can't find the socket file. Check your /etc/clamd.conf for the full name of the socket file. > > Shouldn't the second line say clamd as well? > > Dave > > On 11/01/2010 7:00 AM, Jules Field wrote: >> Find every directory and file under /usr/local whose name mentions >> "clam" in it anywhere, and delete it. >> Then install the clamd and related RPMs from packages.sw.be and make >> sure your /etc/clamd.conf contains the same socket location as your >> MailScanner.conf file does, or else they won't talk to each other. >> Also change your virus.scanners.conf to point to the new location and >> not /usr/local or whatever it says now. >> >> "MailScanner --lint" will show you if your setup is basically >> correct, it should find some viruses in its test message and complete >> without any errors. >> >> Jules >> >> On 10/01/2010 20:17, Dave Filchak wrote: >>> I have come to realize that I have two versions of clamscan and two >>> versions of freshclam installed on my machine. This after getting >>> the "Your ClamAV Installation is OUTDATED". As well, have duplicate >>> libraries, two versions of clamd etc. I would like advise as to how >>> to clean this up and get it down to only one of each. I am using >>> clamd for scanning. >>> >>> I would prefer to use rpms for this but am not adverse to compiling >>> things. I am only one taking care of the servers and have lots of >>> other things on the go so quick and efficient is always good. Below >>> are the specs. I know the OS is old and needs to be updated. All are >>> scheduled to be replaced this year but may be later in the year so >>> would like to get things in the proper place, not duplicated and >>> easy to update until I have a new machine and a chance to deal with it. >>> >>> Had another fellow doing this before but now is just myself. All >>> help is very much appreciated. >>> >>> Let me know if any more info is required. >>> >>> Cheers, >>> >>> Dave >>> >>> whereis clamav >>> clamav: /usr/include/clamav.h >>> >>> whereis clamd >>> clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd >>> /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz >>> >>> whereis freshclam >>> freshclam: /usr/bin/freshclam /etc/freshclam.conf >>> /usr/local/bin/freshclam /usr/local/etc/freshclam.conf >>> /usr/share/man/man1/freshclam.1.gz >>> >>> whereis clamscan >>> clamscan: /usr/bin/clamscan /usr/local/bin/clamscan >>> /usr/share/man/man1/clamscan.1.gz >>> >>> ldd /usr/bin/freshclam >>> libclamav.so.6 => /usr/lib64/libclamav.so.6 >>> (0x0000002a95568000) >>> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000) >>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >>> libpthread.so.0 => /lib64/tls/libpthread.so.0 >>> (0x0000003c2f500000) >>> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >>> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000) >>> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >>> >>> ldd /usr/local/bin/freshclam >>> libclamav.so.4 => /usr/local/lib/libclamav.so.4 >>> (0x0000002a95568000) >>> libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000) >>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000) >>> libpthread.so.0 => /lib64/tls/libpthread.so.0 >>> (0x0000003c2f500000) >>> libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000) >>> libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000) >>> libclamunrar_iface.so.4 => >>> /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000) >>> libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000) >>> /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000) >>> libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 >>> (0x0000002a9591e000) >>> >>> MailScanner -V >>> Running on >>> Linux 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 >>> x86_64 x86_64 GNU/Linux >>> This is CentOS release 4.3 (Final) >>> This is Perl version 5.008005 (5.8.5) >>> >>> This is MailScanner version 4.78.17 >>> Module versions are: >>> 1.00 AnyDBM_File >>> 1.20 Archive::Zip >>> 0.23 bignum >>> 1.03 Carp >>> 2.005 Compress::Zlib >>> 1.119 Convert::BinHex >>> 0.17 Convert::TNEF >>> 2.121 Data::Dumper >>> 2.27 Date::Parse >>> 1.00 DirHandle >>> 1.05 Fcntl >>> 2.73 File::Basename >>> 2.08 File::Copy >>> 2.01 FileHandle >>> 1.06 File::Path >>> 0.20 File::Temp >>> 0.78 Filesys::Df >>> 1.35 HTML::Entities >>> 3.56 HTML::Parser >>> 2.37 HTML::TokeParser >>> 1.23 IO >>> 1.14 IO::File >>> 1.13 IO::Pipe >>> 2.04 Mail::Header >>> 1.89 Math::BigInt >>> 0.22 Math::BigRat >>> 3.05 MIME::Base64 >>> 5.427 MIME::Decoder >>> 5.427 MIME::Decoder::UU >>> 5.427 MIME::Head >>> 5.427 MIME::Parser >>> 3.03 MIME::QuotedPrint >>> 5.427 MIME::Tools >>> 0.13 Net::CIDR >>> 1.25 Net::IP >>> 0.16 OLE::Storage_Lite >>> 1.04 Pod::Escapes >>> 3.05 Pod::Simple >>> 1.08 POSIX >>> 1.19 Scalar::Util >>> 1.77 Socket >>> 2.16 Storable >>> 1.4 Sys::Hostname::Long >>> 0.27 Sys::Syslog >>> 1.26 Test::Pod >>> 0.6 Test::Simple >>> 1.68 Time::HiRes >>> 1.02 Time::localtime >>> >>> Optional module versions are: >>> 1.32 Archive::Tar >>> 0.23 bignum >>> 1.82 Business::ISBN >>> 1.10 Business::ISBN::Data >>> 1.08 Data::Dump >>> 1.814 DB_File >>> 1.25 DBD::SQLite >>> 1.607 DBI >>> 1.10 Digest >>> 1.01 Digest::HMAC >>> 2.36 Digest::MD5 >>> 2.11 Digest::SHA1 >>> 1.00 Encode::Detect >>> 0.17008 Error >>> 0.19 ExtUtils::CBuilder >>> 2.18 ExtUtils::ParseXS >>> 2.38 Getopt::Long >>> 0.44 Inline >>> 1.08 IO::String >>> 1.04 IO::Zlib >>> 2.21 IP::Country >>> 0.22 Mail::ClamAV >>> 3.002005 Mail::SpamAssassin >>> v2.004 Mail::SPF >>> 1.999001 Mail::SPF::Query >>> 0.2808 Module::Build >>> 0.20 Net::CIDR::Lite >>> 0.65 Net::DNS >>> 0.002.2 Net::DNS::Resolver::Programmable >>> 0.31 Net::LDAP >>> 4.004 NetAddr::IP >>> 1.94 Parse::RecDescent >>> missing SAVI >>> 2.52 Test::Harness >>> 0.95 Test::Manifest >>> 1.98 Text::Balanced >>> 1.35 URI >>> 0.7203 version >>> 0.65 YAML >>> >> >> Jules >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 08:40:15 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Jan 12 08:40:24 2010 Subject: last little bit In-Reply-To: <4B4B5B50.9030000@zuka.net> References: <4B4B5B50.9030000@zuka.net> <4B4C356F.8080108@ecs.soton.ac.uk> Message-ID: On 11/01/2010 17:09, Dave Filchak wrote: > Just about there and thank you to Jules and all others who reponded > with help. It is appreciated. > > Just one last little bit here: freshclam is in /usr/bin and the path > in the freshclam script in cron.daily is correct. The MailScanner clamav-autoupdate will be called once per hour and do a freshclam for you, so you don't need to put freshclam in cron.daily as well. > /usr/bin is in my $PATH but when I run freshclam from the command line > with out a full path to the current install directory, it says > freshclam cannot be found. It is looking in the old location. Is there > a cache or something? Could be a bit brain dead on this one but can > someone enlighten me on this? What does the command "which freshclam" say? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 09:59:24 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 10:00:00 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: References: <20091223094812.f74e1c30.lists@buschor.ch> <66C91A9F-C323-44DF-804E-22B3BFEBBB82@mlrw.com> <4B4B2927.7070507@ecs.soton.ac.uk> <4B4C47FC.2020903@ecs.soton.ac.uk> Message-ID: I have just done a quick test of the spam-virus code. When I send it a message containing a spam-virus, I get this in the headers of the message: X-JKF-MailScanner: Found to be clean X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL X-JKF-MailScanner-SpamScore: ss X-JKF-MailScanner-From: toucanv@rondalynresort.com X-Spam-Status: No which is exactly what I want. It is not virus-infected, it has a spamvirus, and its spam-status is no because the score added by the rule in spam.assassin.prefs.conf wasn't enough to get it over the spam threshold. If I set the score in spam.assassin.prefs.conf file to something above the high-score threshold, I get this: X-JKF-MailScanner: Found to be clean X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL X-JKF-MailScanner-SpamCheck: spam, SpamAssassin (score=17.878, required 6, BAYES_50 0.00, HTML_IMAGE_ONLY_20 1.55, HTML_MESSAGE 0.00, MS_FOUND_SPAMVIRUS 15.00, RCVD_IN_SORBS_WEB 0.62, SARE_RECV_IP_FROMIP3 0.71) X-JKF-MailScanner-SpamScore: sssssssssssssssss X-JKF-MailScanner-From: toucanv@rondalynresort.com X-Spam-Status: High Again, it has taken the correct spam action and not marked it as a virus. Note that setting up the SpamVirus stuff involves taking a quick peek into /etc/MailScanner/spam.assassin.prefs.conf as well as /etc/MailScanner/MailScanner.conf as SpamAssassin needs to know what header name it is looking for to assign the spam score. Hope that helps resolve your difficulties. It does all appear to work as I intended. Jules. On 11/01/2010 13:35, Jules Field wrote: > I'm not sure I quite understand you. > There are a myriad of issues here, which all need sensible answers. > What happens when 1 scanner finds a spamvirus and another scanner > finds a real virus? > What happens when the same scanner finds both a spamvirus and a real > virus? > There are umpteen combinations of these issues and others, and I'm not > sure I can produce a working solution for all of them. In fact I don't > think one can exist in theory. > > What does it not do at the moment, and what would you like to do instead? > And what about all the problems of multiple infections and/or multiple > scanners? How do they affect your answer? > > I'm not trying to be mean, just that this stuff is a lot more awkward > than it may at first appear. > > Jules. > > On 23/12/2009 21:06, Mike Wallace wrote: >> The order checking change is only good if you use Sanesecurity. If >> you don't, it can create major problems such as mine where infected >> messages are being delivered. >> >> My environment requires that all infected attachments be removed from >> messages before delivery and all messages with a spam score of 5.0 or >> greater delivered to a special mailbox. I use the Sought, OpenProtect >> and a couple of custom rules and have a false positive rate of 0.16% >> and a false negative rate of 0.87% (if I exclude the viruses that >> passed), so I don't think that I need the Sanesecurity rules. >> >> I just checked the last 12 infected message that went through with >> spamassassin and it scored at an average of 23.0, the lowest was 11.5 >> the highest was 40.4. So if they were spam checked, then they never >> would have been delivered to the user. >> >> You would think that if MailScanner flags something as being >> infected, it would be handled identically. >> >> Does anyone know how to force MailScanner to spam check every >> non-blacklisted or non-whitelisted message like it used to? >> >> Mike Wallace >> mike@mlrw.com >> >> >> >> On Dec 23, 2009, at 1:31 PM, Kai Schaetzl wrote: >> >>> Mike Wallace wrote on Wed, 23 Dec 2009 11:16:09 -0500: >>> >>>> What I occasionally see is that clamav 0.95.3 finds an infection but >>>> the message never gets spam checked. >>> The order of checking has been reverted lately. No need for a >>> spamcheck if >>> it already contains a virus. >>> >>> Kai >>> >>> -- >>> Kai Sch?tzl, Berlin, Germany >>> Get your web at Conactive Internet Services: http://www.conactive.com >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 10:11:18 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 10:11:35 2010 Subject: Office 2007 In-Reply-To: <41F53744-2B35-4073-AFDA-16C62C8EE1B3@mimectl> References: , <4B4B9774.2040707@vanderkooij.org> <41F53744-2B35-4073-AFDA-16C62C8EE1B3@mimectl> <4B4C4AC6.3070703@ecs.soton.ac.uk> Message-ID: Please find one of the offending messages, stop your MailScanner, put it on its own in the queue and run "MailScanner --debug" and then email me the output (or post it here). I don't have Perl 5.10 so can't reproduce these problems myself. Many thanks! Jules. On 11/01/2010 21:30, Garrod M. Alwood wrote: > Sure, no problem. I have the newest 4.79.5-1 mailscanner installed > (fixed a few filetypes), Ubuntu 9.10, Perl 5.10 and when someone sends > xlsx and docx files, the email doesn't send and gets repeatedly > attempted to send and after 6 tries it kills the emails and logs it as > a Emal attempted to kill MailScanner. I have the office 2007 documents > in the filetype and filename rules marked as ok (I know that probably > doesn't matter for this, but wanted to give more than enough info.) I > have watched my log files as one comes in and it keeps trying and it > just can't do anything with it and the bad part is I can't see what > exactly is causing the error. > Garrod M. Alwood > Consultant > garrod.alwood@lorodoes.com > 904.738.4988 > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der > Kooij [hvdkooij@vanderkooij.org] > *Sent:* Monday, January 11, 2010 4:26 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Re: Office 2007 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/01/10 22:01, Garrod M. Alwood wrote: > > Hey, I was wondering if anyone else is having trouble with office 2007 > > files attempting to kill MailScanner? I'm not sure if this part of the > > taint issue or not, but can somebody please advise? > > Can you explain what you see happening? And I am sure there is something > of an OS installed and some version details would go nicely with that as > well. > > Hugo. (Or as James T. Kirk said it: I never trusted consultants, I guess > I never will. ;-) ) > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAktLl3IACgkQBvzDRVjxmYGAsQCglFf3QwmuyMy2aCAZIwJ1O1x8 > OR4AnRCAc1DIbycjFkuiTv9JOcZMaBtP > =tkYu > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 10:16:46 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 10:17:02 2010 Subject: OT: Which virus scanners to use In-Reply-To: <1263275874.14072.25.camel@darkstar.netcore.co.in> References: <1263275874.14072.25.camel@darkstar.netcore.co.in> <4B4C4C0E.60908@ecs.soton.ac.uk> Message-ID: I use f-protd-6 and clamd (among others such as f-secure and sophossavi) and neither of them are performance intensive at all. The daemons use much less RAM and CPU than the command-line scanners, that is why I wrote all the daemon support code. Jules. On 12/01/2010 05:57, ram wrote: > Hi > > We have been running f-prot (commercial ) and clamavmodule on our > servers but both of them are performance intensive > Also clam signatures are prone to errors in some cases. > > Is there a good lighter alternative (commercial ok) that Mailscanner > users may be using. > > > > Thanks > Ram > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 10:17:13 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 10:17:40 2010 Subject: OT: Which virus scanners to use In-Reply-To: <4B4C2BA0.1080508@fsl.com> References: <1263275874.14072.25.camel@darkstar.netcore.co.in> <4B4C2BA0.1080508@fsl.com> <4B4C4C29.3050703@ecs.soton.ac.uk> Message-ID: On 12/01/2010 07:58, Steve Freegard wrote: > On 12/01/10 05:57, ram wrote: >> Hi >> >> We have been running f-prot (commercial ) and clamavmodule on our >> servers but both of them are performance intensive >> Also clam signatures are prone to errors in some cases. >> >> Is there a good lighter alternative (commercial ok) that Mailscanner >> users may be using. > > IMO - you've already got the best two. > > Just convert to clamd instead of clamavmodule and fpscand (can't > remember if MailScanner supports this or not though). Yes it does, both versions (v4 and v6). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Jan 12 10:55:46 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 12 10:55:56 2010 Subject: mail disapears in the postfix queue In-Reply-To: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> References: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> Message-ID: <223f97701001120255w304be548i9a2eef9ddb5790aa@mail.gmail.com> 2010/1/11 : > Hi, > > this strange thing happens on my local linux server, it's a simple > installation of Mailscanner + postfix on ubuntu lts: > > Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: > client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, > sasl_username=smtpuser@XXX.com > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header > Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it > [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id F19BD354E2??for > ; Sun, 10 Jan 2010 10:3 from > -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= > to= proto=ESMTP helo= > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: > message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> > You really should've rejected this one out of hand, since it has "helo="... which is in violation of the RFCs. Then again, that would render you with a normal "NOQUEUE: reject: .... Helo command rejected: need fully-qualified hostname;..." log line:). > After this I don't see any trace of this queueid? F19BD354E2 in my mail.log, > that's the first time happen to me. No message was wrote on filesystem, and > the postfix queues are empty ( hold,deferred... ). Should I try to increase > Mailscanner log verbosity ? Or is better look for postfix queue ? > Mailscanner fetches mails from hold and leave them incoming, it's a default > installation. > Anyone with similar problems ? > Regards. > Saying that the innstall is a "normal MS+postfix on Ubuntu" really doesn't tell us enough... What versions do you have (of pretty much everything)? What did the unaltered log look like (including some "context")? Do you do log spluitting? What does it look like in the syslog? For some cut'n'paste examples of telnet tests (as suggested by Igor), please look at: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ilikeuce at bornefeld-ettmann.de Tue Jan 12 11:36:39 2010 From: ilikeuce at bornefeld-ettmann.de (Ralph Bornefeld-Ettmann) Date: Tue Jan 12 11:37:15 2010 Subject: Q reps - In-Reply-To: <70572c511001110537q578d16d2rbf63e20a8446fea9@mail.gmail.com> References: <70572c511001110537q578d16d2rbf63e20a8446fea9@mail.gmail.com> Message-ID: Am 11.01.2010 14:37, schrieb Simon Jones: > Hello folks, sorry for posting to this forum but i can't seem to get > anything through to the mailwatch forum and no bounces either... > > I just need to know where the url that is printed in the "view" link > in mailwatch message quarantine reports is specified as I need to > change it - also anyone managed to pass the user login straight off > the quarantine report so you don't have to login when clicking the > link in the email? > > tks in advance! > > Si. hi, 1. you can modify the link in quarantine_report.php 2. I have changed some things to omit the user login by using a local URL shortening service. Now you click in "Release" in the mail and receive the quarantined mail. Due to the shortening service the mail can only be relesed to the original recipient - so I do not see a chance to manipulate the release mechanism. Ralph From glenn.steen at gmail.com Tue Jan 12 11:49:36 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 12 11:49:45 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> References: <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> Message-ID: <223f97701001120349i266a02c9oe187c7762ea748b3@mail.gmail.com> 2010/1/11 : > Thanks already tried that. I have moved the FH_DATE_PAST rule to the top > of the conf file. I have created a custom.cf file with only the score > FH_DATE_PAST_20XX 0.00 and no matter where I put it that and many other > custom scores are being ignored. > Have you considered my advice regarding access/permissions? The thing is that the debug output you shouw actually include the configuration files you cite, so either something is very wrong in them (which shou?d've shown up in a lint), or your postfix user simply cannot read the files you create/edit. Since MailScanner will be running as that user, it is pretty important that it can;-). Assuming your postfix user is named "postfix, try becoming that user via "su - postfix -s /bin/bash", then try reading the files with any tool (like "less")... Can you? If so, go on to try running "spamassassin -D --lint" and (using a message from your quarantine, or similar) "spamassassin -t -D < /path/to/mail/file"... Does that differ from your previous run, and if so... in what ways? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Jan 12 11:58:28 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 12 11:58:37 2010 Subject: last little bit In-Reply-To: <4B4B5B50.9030000@zuka.net> References: <4B4B5B50.9030000@zuka.net> Message-ID: <223f97701001120358n14eb25edof50cdb6bc0cea2b8@mail.gmail.com> 2010/1/11 Dave Filchak : > Just about there and thank you to Jules and all others who reponded with > help. It is appreciated. > > Just one last little bit here: freshclam is in /usr/bin and the path in the > freshclam script in cron.daily is correct. /usr/bin is in my $PATH but when > I run freshclam from the command line with out a full path to the current > install directory, it says freshclam cannot be found. It is looking in the > old location. Is there a cache or something? Could be a bit brain dead on > this one but can someone enlighten me on this? > > Thanks > > Dave Prabably a bash-ism... try help hash and hash -r and you should be fine... Or log off/back in:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dcurtis at sbschools.net Tue Jan 12 12:23:30 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 12:23:26 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net> Good point, and the one question that goes un answered as to what else might be causing the scores to not be obeyed. I have be administering several mailscanner installs over the past several years. I am not sure what advice I could have missed or no understood. I have tried every piece of advice given. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Monday, January 11, 2010 7:31 PM To: mailscanner@lists.mailscanner.info Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 Did you notice you are going in circles? This list has given you a lot of advice and still it's not working for you. Honestly, it would surprise me that this is because of non-fitting or missing advice. It's rather that you may have understood, deduced or implemented something the wrong way. And you are likely to do that a second time even if we walk you through everything again. Time to consider hiring someone to have a look at your system. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From maillists at conactive.com Tue Jan 12 12:59:38 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 12 12:59:52 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net> Message-ID: wrote on Tue, 12 Jan 2010 07:23:30 -0500: > Good point, and the one question that goes un answered as to what else > might be causing the scores to not be obeyed. I have be administering > several mailscanner installs over the past several years. I am not sure > what advice I could have missed or no understood. I have tried every > piece of advice given. I believe that, but I think you are interpreting something on your system or in this thread the wrong way and thus don't see the probably very obvious problem. Not being able to set custom scores is a serious problem. I just realize that you use a spam threshold of 3.75. This alone is indicative for me that some things on your system must be misconfigured. This threshold is the main reason why this single rule is creating trouble for you. There's also no point in adding all of this information to your outgoing mail, although the chance of sensitive information being revealed that way is slim. If you like me to have a look at your system you can drop me a PM. I will charge a nominal fee for this on success as I think I shouldn't do others work for free. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dcurtis at sbschools.net Tue Jan 12 13:48:10 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 13:51:33 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> See current post, I now have the rules being obeyed. Obviously I could increase my spam threshold to a higher number and this would have fixed the issue, but I run all my mailscanners this low and have prevent many spams due to the low score and for 5 years now had no issue with such a low threshold. I still have no idea why (with the same file ownership) that creating a link to the spam.assassin.prefs.conf file as user_prefs in /var/spool/postfix/.spamassassin/ folder works when the same link in /etc/mail/spamassassin folder does not. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Tuesday, January 12, 2010 8:00 AM To: mailscanner@lists.mailscanner.info Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 07:23:30 -0500: > Good point, and the one question that goes un answered as to what else > might be causing the scores to not be obeyed. I have be administering > several mailscanner installs over the past several years. I am not sure > what advice I could have missed or no understood. I have tried every > piece of advice given. I believe that, but I think you are interpreting something on your system or in this thread the wrong way and thus don't see the probably very obvious problem. Not being able to set custom scores is a serious problem. I just realize that you use a spam threshold of 3.75. This alone is indicative for me that some things on your system must be misconfigured. This threshold is the main reason why this single rule is creating trouble for you. There's also no point in adding all of this information to your outgoing mail, although the chance of sensitive information being revealed that way is slim. If you like me to have a look at your system you can drop me a PM. I will charge a nominal fee for this on success as I think I shouldn't do others work for free. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Tue Jan 12 13:48:23 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 13:51:34 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <223f97701001120349i266a02c9oe187c7762ea748b3@mail.gmail.com> References: <4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> <223f97701001120349i266a02c9oe187c7762ea748b3@mail.gmail.com> Message-ID: <73461DFCD2207F44A16F136A46195545472E97@exchange2.sbschools.net> So not sure what rabbit hole to go down next. If I own all the files as postix and run the file though spamassassin as root and as postfix I still get the FH_DATE_PAST score as the same for both users. If I create /var/spool/postfix/.spamassassin/user_prefs and add score FH_DATE_PAST and run the file as postfix it does not score the date and this is what I want. Why is my question. It must have something to do with rights but where/how does it have something to do with rights if I own all the files as postfix? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, January 12, 2010 6:50 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 2010/1/11 : > Thanks already tried that. I have moved the FH_DATE_PAST rule to the top > of the conf file. I have created a custom.cf file with only the score > FH_DATE_PAST_20XX 0.00 and no matter where I put it that and many other > custom scores are being ignored. > Have you considered my advice regarding access/permissions? The thing is that the debug output you shouw actually include the configuration files you cite, so either something is very wrong in them (which shou?d've shown up in a lint), or your postfix user simply cannot read the files you create/edit. Since MailScanner will be running as that user, it is pretty important that it can;-). Assuming your postfix user is named "postfix, try becoming that user via "su - postfix -s /bin/bash", then try reading the files with any tool (like "less")... Can you? If so, go on to try running "spamassassin -D --lint" and (using a message from your quarantine, or similar) "spamassassin -t -D < /path/to/mail/file"... Does that differ from your previous run, and if so... in what ways? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 14:04:53 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 14:05:08 2010 Subject: ScamNailer updates References: <4B4C8185.5040402@ecs.soton.ac.uk> Message-ID: These should all now be working again properly, and will stay working at last! Thanks to Niall at Blacknight.com for his help resolving this problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drew.marshall at trunknetworks.com Tue Jan 12 14:15:18 2010 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Tue Jan 12 14:15:48 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E97@exchange2.sbschools.net> References: <4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> <223f97701001120349i266a02c9oe187c7762ea748b3@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E97@exchange2.sbschools.net> Message-ID: <67BE4D5C-4BF1-4EA0-B349-47314AD4D0F3@trunknetworks.com> On 12 Jan 2010, at 13:48, wrote: > So not sure what rabbit hole to go down next. If I own all the files > as postix and run the file though spamassassin as root and as > postfix I still get the FH_DATE_PAST score as the same for both > users. If I create /var/spool/postfix/.spamassassin/user_prefs and > add score FH_DATE_PAST and run the file as postfix it does not score > the date and this is what I want. > > Why is my question. It must have something to do with rights but > where/how does it have something to do with rights if I own all the > files as postfix? I think this is the option you are looking for: # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin It's in MailScanner.conf and should be set if you are a Postfix user. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ From maillists at conactive.com Tue Jan 12 14:29:33 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 12 14:29:48 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net> <4B460B73.60806@USherbrooke.ca> <73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net> <4B461A7F.5090302@alexb.ch> <73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net> <4B463C16.3080709@alexb.ch> <73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net> <4B4641CF.9070809@alexb.ch> <223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com> <73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net> <40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com> <73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> Message-ID: wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating a > link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From alex at rtpty.com Tue Jan 12 14:38:06 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Tue Jan 12 14:38:40 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> Message-ID: <1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry> He may need some time. Remember, he assumes he's been doing it right for five years. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Kai Schaetzl Date: Tue, 12 Jan 2010 15:29:33 To: Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating a > link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dcurtis at sbschools.net Tue Jan 12 14:51:27 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 14:51:33 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <67BE4D5C-4BF1-4EA0-B349-47314AD4D0F3@trunknetworks.com> References: <4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><223f97701001120349i266a02c9oe187c7762ea748b3@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E97@exchange2.sbschools.net> <67BE4D5C-4BF1-4EA0-B349-47314AD4D0F3@trunknetworks.com> Message-ID: <73461DFCD2207F44A16F136A46195545472EA3@exchange2.sbschools.net> Ok, it is starting to make a little more sense but not sure why my MailScanner.conf has /var/spool/postfix/.spamassassin instead of /var/spool/MailScanner/spamassassin ( I am going to assume that was a default for mailscanner way back). My question is what should the file name be in /var/spool/MailScanner/spamassasin be called. I just changed the config and created a symbolic link to /etc/MailScanner/spam.assassin.prefs.conf and it did not work. Can I assume it still needs to be called user_prefs? Thanks for all the help. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew Marshall Sent: Tuesday, January 12, 2010 9:15 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 On 12 Jan 2010, at 13:48, wrote: > So not sure what rabbit hole to go down next. If I own all the files > as postix and run the file though spamassassin as root and as > postfix I still get the FH_DATE_PAST score as the same for both > users. If I create /var/spool/postfix/.spamassassin/user_prefs and > add score FH_DATE_PAST and run the file as postfix it does not score > the date and this is what I want. > > Why is my question. It must have something to do with rights but > where/how does it have something to do with rights if I own all the > files as postfix? I think this is the option you are looking for: # The per-user files (bayes, auto-whitelist, user_prefs) are looked # for here and in ~/.spamassassin/. Note the files are mutable. # If this is unset then no extra places are searched for. # If using Postfix, you probably want to set this as shown in the example # line at the end of this comment, and do # mkdir /var/spool/MailScanner/spamassassin # chown postfix.postfix /var/spool/MailScanner/spamassassin # NOTE: SpamAssassin is always called from MailScanner as the same user, # and that is the "Run As" user specified above. So you can only # have 1 set of "per-user" files, it's just that you might possibly # need to modify this location. # You should not normally need to set this at all. SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin It's in MailScanner.conf and should be set if you are a Postfix user. HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From lists at buschor.ch Tue Jan 12 14:57:37 2010 From: lists at buschor.ch (ThB) Date: Tue Jan 12 14:57:49 2010 Subject: Sophos & ClamAV + Sanesecurity Message-ID: <55196.130.59.6.127.1263308257.squirrel@webmail.buschor.ch> On Tue, 12 Jan 2010 09:59:24, Julian Field wrote: > > I have just done a quick test of the spam-virus code. > When I send it a message containing a spam-virus, I get this in the > headers of the message: > > X-JKF-MailScanner: Found to be clean > X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL > X-JKF-MailScanner-SpamScore: ss > X-JKF-MailScanner-From: toucanv@rondalynresort.com > X-Spam-Status: No Yes, this is what I expect. This result I get when only using ClamAV & SA is used, but no additional virus scanner. I use ClamAV _and_ Sophos at the same Time and I suspect the problem only occurs when ClamAV says that it's a spam-virus but Sophos says it's a real virus. In this special case SA is not run (and therefore the SpamScore is missing) but the Message is also not quarantined. If ClamAV and/or Sophos say it's a real virus then the message is quarantined. If only ClamAV says it's a spam-virus then SA correctly sets the SpamScore. > which is exactly what I want. It is not virus-infected, it has a > spamvirus, and its spam-status is no because the score added by the rule > in spam.assassin.prefs.conf wasn't enough to get it over the spam > threshold. I agree as long as there is not any other virus scanner telling me that's a virus. In my opinion must the message be treated as infected, if one of several virus scanner tell me it contains a real virus. Even if ClamAV tells it's only a spam virus. > > If I set the score in spam.assassin.prefs.conf file to something above > the high-score threshold, I get this: > > X-JKF-MailScanner: Found to be clean > X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL > X-JKF-MailScanner-SpamCheck: spam, SpamAssassin (score=17.878, required 6, > BAYES_50 0.00, HTML_IMAGE_ONLY_20 1.55, HTML_MESSAGE 0.00, > MS_FOUND_SPAMVIRUS 15.00, RCVD_IN_SORBS_WEB 0.62, > SARE_RECV_IP_FROMIP3 0.71) > X-JKF-MailScanner-SpamScore: sssssssssssssssss > X-JKF-MailScanner-From: toucanv@rondalynresort.com > X-Spam-Status: High > > Again, it has taken the correct spam action and not marked it as a virus. Yes, it exactly works this way if Sophos (or any other virus scanner?) does not detect a virus in the very same message. > Note that setting up the SpamVirus stuff involves taking a quick peek > into /etc/MailScanner/spam.assassin.prefs.conf as well as > /etc/MailScanner/MailScanner.conf as SpamAssassin needs to know what > header name it is looking for to assign the spam score. > > Hope that helps resolve your difficulties. > > It does all appear to work as I intended. > > Jules. > regards Thomas PS: Sorry for breaking the thread, but it's not possible to reply when using text digest of this list. From s66576 at alice.it Tue Jan 12 15:04:41 2010 From: s66576 at alice.it (s66576@alice.it) Date: Tue Jan 12 15:05:42 2010 Subject: mail disapears in the postfix queue References: <201001121202.o0CC1pKW005088@safir.blacknight.ie> Message-ID: <0493927970A4A3439F8A777035F5D1680F631382@FBCMST09V01.fbc.local> Message: 7 Date: Tue, 12 Jan 2010 11:55:46 +0100 From: Glenn Steen Subject: Re: mail disapears in the postfix queue To: MailScanner discussion Message-ID: <223f97701001120255w304be548i9a2eef9ddb5790aa@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 2010/1/11 : > Hi, > > this strange thing happens on my local linux server, it's a simple > installation of Mailscanner + postfix on ubuntu lts: > > Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: > client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, > sasl_username=smtpuser@XXX.com > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header > Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it > [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id F19BD354E2??for > ; Sun, 10 Jan 2010 10:3 from > -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= > to= proto=ESMTP helo= > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: > message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> > You really should've rejected this one out of hand, since it has "helo="... which is in violation of the RFCs. Then again, that would render you with a normal "NOQUEUE: reject: .... Helo command rejected: need fully-qualified hostname;..." log line:). > After this I don't see any trace of this queueid? F19BD354E2 in my mail.log, > that's the first time happen to me. No message was wrote on filesystem, and > the postfix queues are empty ( hold,deferred... ). Should I try to increase > Mailscanner log verbosity ? Or is better look for postfix queue ? > Mailscanner fetches mails from hold and leave them incoming, it's a default > installation. > Anyone with similar problems ? > Regards. > Saying that the innstall is a "normal MS+postfix on Ubuntu" really doesn't tell us enough... What versions do you have (of pretty much everything)? What did the unaltered log look like (including some "context")? Do you do log spluitting? What does it look like in the syslog? For some cut'n'paste examples of telnet tests (as suggested by Igor), please look at: http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion ----------------- Mailscanner is Version: 4.58.9-2ubuntu1 and postfix Version: 2.5.1-2ubuntu1 . My server works good, and is the first time I have lost a mail... The log are the same both mail.log and syslog. I alredy try to send mails with telnet but in all test I do the mails are success correctly . I found a timeout of client, maybe the client disconect before sends all data to smptd ? I've notice that comunication between smtp and cleanup is done by straming so is possible that smtpd doen't finished to send all data to cleanup and then die. That's my guess. Thanks all for reply! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4620 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100112/e6ccdac2/attachment.bin From dcurtis at sbschools.net Tue Jan 12 15:07:01 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 15:06:31 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545472EA6@exchange2.sbschools.net> Ok, I think I am stuck in the past and have not kept up with changes. At some point spamassassin used /etc/mail/spamassassin and I used rules_du_jour to update, and at some point spamassassin came out with sa-update. Thank you. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Tuesday, January 12, 2010 9:30 AM To: mailscanner@lists.mailscanner.info Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating a > link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From dcurtis at sbschools.net Tue Jan 12 15:07:54 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 15:11:32 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net>< 73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> <1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry> Message-ID: <73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net> I never assumed I was doing it right for five years but I now know how much more wrong I was ;-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Tuesday, January 12, 2010 9:38 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 He may need some time. Remember, he assumes he's been doing it right for five years. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Kai Schaetzl Date: Tue, 12 Jan 2010 15:29:33 To: Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating > a link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From ms-list at alexb.ch Tue Jan 12 15:20:09 2010 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jan 12 15:20:22 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472EA6@exchange2.sbschools.net> References: <4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545472EA6@exchange2.sbschools.net> Message-ID: <4B4C9329.5040900@alexb.ch> On 1/12/2010 4:07 PM, dcurtis@sbschools.net wrote: > Ok, I think I am stuck in the past and have not kept up with changes. At > some point spamassassin used /etc/mail/spamassassin and I used > rules_du_jour to update, and at some point spamassassin came out with > sa-update. spamassassin STILL uses /etc/mail/spamassassin for local rules / .pre files / plugins, etc. /var/spool/postfix/.spamassassin/ *shouldn't* contain any rules, except a .pyzor file to point to the right server > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai > Schaetzl > Sent: Tuesday, January 12, 2010 9:30 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > wrote on Tue, 12 Jan 2010 08:48:10 -0500: > >> I still have no idea why (with the same file ownership) that creating > a >> link to the spam.assassin.prefs.conf file as user_prefs in >> /var/spool/postfix/.spamassassin/ folder works when the same link in >> /etc/mail/spamassassin folder does not. > > Ok, a last hint. I didn't look at your pastebin log before. Now I did. > Two > seconds. This shows that (as I already told you!) your SA is *seriously* > > misconfigured. > > 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules > dir > 81.[14922] dbg: config: read file > /etc/mail/spamassassin/10_default_prefs.cf > 82.[14922] dbg: config: read file > /etc/mail/spamassassin/20_advance_fee.cf > ... > 168.[14922] dbg: config: read file > /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf > > None (almost none) of these files belong there. And one of the files is > overscoring your custom score. I could tell you which, but I'm sure > you'll > find it by yourself. Or you just remove all of them (except for local.cf > > and mailscanner.cf and any files you wrote yourself) as they don't > belong > there! > > You need to read up on how to use SA and how it works. Please. > > Kai > From alex at rtpty.com Tue Jan 12 15:25:59 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Tue Jan 12 15:26:29 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net><1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net> Message-ID: <1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry> I mean no disrespect, just in case. I didn't want to sound pedantic - in fact, I myself work on the assumption that my systems work *in spite of* my tinkering rather than *because of it* ;-) I like assuming I'm not doing things the most efficient way all the time. Keeps me looking for new ways to do it better... And the occasional pleasant surprise when I find out it *is* the most efficient way for a particular situation is gratifying, I must admit. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Date: Tue, 12 Jan 2010 10:07:54 To: Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 I never assumed I was doing it right for five years but I now know how much more wrong I was ;-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Tuesday, January 12, 2010 9:38 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 He may need some time. Remember, he assumes he's been doing it right for five years. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Kai Schaetzl Date: Tue, 12 Jan 2010 15:29:33 To: Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating > a link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 12 15:28:02 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 15:28:14 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: <55196.130.59.6.127.1263308257.squirrel@webmail.buschor.ch> References: <55196.130.59.6.127.1263308257.squirrel@webmail.buschor.ch> <4B4C9502.2000709@ecs.soton.ac.uk> Message-ID: On 12/01/2010 14:57, ThB wrote: > On Tue, 12 Jan 2010 09:59:24, Julian Field wrote: > >> I have just done a quick test of the spam-virus code. >> When I send it a message containing a spam-virus, I get this in the >> headers of the message: >> >> X-JKF-MailScanner: Found to be clean >> X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL >> X-JKF-MailScanner-SpamScore: ss >> X-JKF-MailScanner-From: toucanv@rondalynresort.com >> X-Spam-Status: No >> > Yes, this is what I expect. This result I get when only using ClamAV& SA > is used, but no additional virus scanner. > > I use ClamAV _and_ Sophos at the same Time and I suspect the problem only > occurs when ClamAV says that it's a spam-virus but Sophos says it's a real > virus. In this special case SA is not run (and therefore the SpamScore is > missing) but the Message is also not quarantined. > Please can you send me a test message demonstrating this problem? Your best bet is to put it on a website (not linked from anywhere) and email me the URL to mailscanner@ecs.soton.ac.uk. Then I can try your test case and produce a fix for you. > If ClamAV and/or Sophos say it's a real virus then the message is > quarantined. If only ClamAV says it's a spam-virus then SA correctly sets > the SpamScore. > > >> which is exactly what I want. It is not virus-infected, it has a >> spamvirus, and its spam-status is no because the score added by the rule >> in spam.assassin.prefs.conf wasn't enough to get it over the spam >> threshold. >> > I agree as long as there is not any other virus scanner telling me that's > a virus. In my opinion must the message be treated as infected, if one of > several virus scanner tell me it contains a real virus. Even if ClamAV > tells it's only a spam virus. > > >> If I set the score in spam.assassin.prefs.conf file to something above >> the high-score threshold, I get this: >> >> X-JKF-MailScanner: Found to be clean >> X-MailScanner-SpamVirus-Report: Sanesecurity.Jurlbl.8564.UNOFFICIAL >> X-JKF-MailScanner-SpamCheck: spam, SpamAssassin (score=17.878, required 6, >> BAYES_50 0.00, HTML_IMAGE_ONLY_20 1.55, HTML_MESSAGE 0.00, >> MS_FOUND_SPAMVIRUS 15.00, RCVD_IN_SORBS_WEB 0.62, >> SARE_RECV_IP_FROMIP3 0.71) >> X-JKF-MailScanner-SpamScore: sssssssssssssssss >> X-JKF-MailScanner-From: toucanv@rondalynresort.com >> X-Spam-Status: High >> >> Again, it has taken the correct spam action and not marked it as a virus. >> > Yes, it exactly works this way if Sophos (or any other virus scanner?) > does not detect a virus in the very same message. > > >> Note that setting up the SpamVirus stuff involves taking a quick peek >> into /etc/MailScanner/spam.assassin.prefs.conf as well as >> /etc/MailScanner/MailScanner.conf as SpamAssassin needs to know what >> header name it is looking for to assign the spam score. >> >> Hope that helps resolve your difficulties. >> >> It does all appear to work as I intended. >> >> Jules. >> >> > regards > Thomas > > PS: Sorry for breaking the thread, but it's not possible to reply when > using text digest of this list. > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sunny.forro at compcoind.com Tue Jan 12 15:45:11 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 15:45:20 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) Message-ID: Hello, I've just upgraded to 4.78.17 and now mailscanner doesn't report viruses detected by clamav in production or lint. I've scanned the /tmp directory with clamav-wrapper and get sensible clam output. /tmp is not symlinked. I've reinstalled clamav, and manually reinstalled all the per-tars from the install directory. I've even tried downgrading MIME-tools to 5.420 (as found on another post), but to no effect (and since reinstalled from perl-tar to 5.427). I've removed and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere 4.0. I've switched back to 4.77.10 as this properly identifies virii. I'm out of ideas - Any suggestions? Is there something else I need to check, or something else I missed? Any help would be greatly appreciated. Sunny Forro P.S. Thanks a million to Julian Field for a fantastic solution to the deluge of spam we had grown accustomed to. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100112/5830485b/attachment-0001.html From MailScanner at ecs.soton.ac.uk Tue Jan 12 16:01:59 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 16:02:09 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> Message-ID: Check your virus.scanners.conf file to ensure it is pointing at the correct place for clamav. If "which clamscan" reports /usr/local/bin/clamscan then the clamav line in virus.scanners.conf should end in "/usr/local" and if it reports /usr/bin/clamscan then the line should end in "/usr". That would be the first place to look. Then "MailScanner --lint" should detect the EICAR test pattern successfully. Once "MailScanner --lint" works, you're there. Jules. On 12/01/2010 15:45, Sunny Forro wrote: > > Hello, > > I?ve just upgraded to 4.78.17 and now mailscanner doesn?t report > viruses detected by clamav in production or lint. I?ve scanned the > /tmp directory with clamav-wrapper and get sensible clam output. /tmp > is not symlinked. I?ve reinstalled clamav, and manually reinstalled > all the per-tars from the install directory. I?ve even tried > downgrading MIME-tools to 5.420 (as found on another post), but to no > effect (and since reinstalled from perl-tar to 5.427). I?ve removed > and reinstalled Perl5.8.9, also to no effect. I?m running MS4.78.17, > SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch > 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere > 4.0. I?ve switched back to 4.77.10 as this properly identifies virii. > I?m out of ideas ? Any suggestions? Is there something else I need to > check, or something else I missed? > > Any help would be greatly appreciated. > > Sunny Forro > > P.S. Thanks a million to Julian Field for a fantastic solution to the > deluge of spam we had grown accustomed to. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dcurtis at sbschools.net Tue Jan 12 15:44:05 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 16:06:32 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net><1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net> <1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry> Message-ID: <73461DFCD2207F44A16F136A46195545472EAB@exchange2.sbschools.net> No disrespect taken. I find it very difficult learning all I need to learn to run Linux server without adding all the things needed to keep mailscanner functional. It feels like I am constantly having to adjust things because of package updates and don't always remember what was done in the past for the package I am having to make changes for. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Tuesday, January 12, 2010 10:26 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 I mean no disrespect, just in case. I didn't want to sound pedantic - in fact, I myself work on the assumption that my systems work *in spite of* my tinkering rather than *because of it* ;-) I like assuming I'm not doing things the most efficient way all the time. Keeps me looking for new ways to do it better... And the occasional pleasant surprise when I find out it *is* the most efficient way for a particular situation is gratifying, I must admit. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Date: Tue, 12 Jan 2010 10:07:54 To: Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 I never assumed I was doing it right for five years but I now know how much more wrong I was ;-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Tuesday, January 12, 2010 9:38 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 He may need some time. Remember, he assumes he's been doing it right for five years. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Kai Schaetzl Date: Tue, 12 Jan 2010 15:29:33 To: Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 wrote on Tue, 12 Jan 2010 08:48:10 -0500: > I still have no idea why (with the same file ownership) that creating > a link to the spam.assassin.prefs.conf file as user_prefs in > /var/spool/postfix/.spamassassin/ folder works when the same link in > /etc/mail/spamassassin folder does not. Ok, a last hint. I didn't look at your pastebin log before. Now I did. Two seconds. This shows that (as I already told you!) your SA is *seriously* misconfigured. 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules dir 81.[14922] dbg: config: read file /etc/mail/spamassassin/10_default_prefs.cf 82.[14922] dbg: config: read file /etc/mail/spamassassin/20_advance_fee.cf .. 168.[14922] dbg: config: read file /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf None (almost none) of these files belong there. And one of the files is overscoring your custom score. I could tell you which, but I'm sure you'll find it by yourself. Or you just remove all of them (except for local.cf and mailscanner.cf and any files you wrote yourself) as they don't belong there! You need to read up on how to use SA and how it works. Please. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From mikej at rogers.com Tue Jan 12 16:06:53 2010 From: mikej at rogers.com (Mike Jakubik) Date: Tue Jan 12 16:06:49 2010 Subject: More taint mode problems (please help) In-Reply-To: <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> Message-ID: On Mon, January 11, 2010 11:28 am, Mikael Syska wrote: > Hi, > > Mostly for Mike Jakubik ... > Dont know how FreeBSD accepts package to the ports tree ... but I > guess you know :-) > > Since you are in the package maintainer, maybe you coult get the old > mailscanner-devel deleted as its very old and not used any more. Just > so new people dont think its a never version of the port. Yes it's quite old and i don't think i want to maintain it, i was planning to submit a pr to remove it, just didn't get around to it. > I will be happy to test the pakckage, when its released. I have been > holding back from upgrading the package cause of all the taint > problems there have been. Hopefully its soon over ... The current port version (4.79.4_1) works fine, as I've put in a workaround that disables taint mode. Once I'm confident that all taint mode related problems have been addressed i will take it out. From sunny.forro at compcoind.com Tue Jan 12 16:19:47 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 16:20:00 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, January 12, 2010 11:02 AM To: MailScanner discussion Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) Check your virus.scanners.conf file to ensure it is pointing at the correct place for clamav. If "which clamscan" reports /usr/local/bin/clamscan then the clamav line in virus.scanners.conf should end in "/usr/local" and if it reports /usr/bin/clamscan then the line should end in "/usr". That would be the first place to look. Then "MailScanner --lint" should detect the EICAR test pattern successfully. Once "MailScanner --lint" works, you're there. Jules. ------ Outlook sucks ----------- Jules, thanks for the reply! I checked "which clamscan" and yes it does point to /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end in /usr/local. Still no lint under 4.78.17, but works fine under pervious versions on the same box. Using clamav-wrapper to do a scan of /tmp gives me sensible output however. Sunny On 12/01/2010 15:45, Sunny Forro wrote: > > Hello, > > I've just upgraded to 4.78.17 and now mailscanner doesn't report > viruses detected by clamav in production or lint. I've scanned the > /tmp directory with clamav-wrapper and get sensible clam output. /tmp > is not symlinked. I've reinstalled clamav, and manually reinstalled > all the per-tars from the install directory. I've even tried > downgrading MIME-tools to 5.420 (as found on another post), but to no > effect (and since reinstalled from perl-tar to 5.427). I've removed > and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, > SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch > 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere > 4.0. I've switched back to 4.77.10 as this properly identifies virii. > I'm out of ideas - Any suggestions? Is there something else I need to > check, or something else I missed? > > Any help would be greatly appreciated. > > Sunny Forro > > P.S. Thanks a million to Julian Field for a fantastic solution to the > deluge of spam we had grown accustomed to. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Tue Jan 12 16:27:37 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 12 16:28:08 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <73461DFCD2207F44A16F136A46195545472EAB@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net><1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net> <1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry> <73461DFCD2207F44A16F136A46195545472EAB@exchange2.sbschools.net> Message-ID: <27C9FC36-7839-4161-8D62-5B0A09C0813C@rtpty.com> It's the added things which makes *your* servers stand out from everyone else's! Be proud! :-D ... also document everything you do. Keep a journal or a log. You can always go back to it later and help out people on the list when similar problems arise. There's that... and there's also the fact that I've found that for some people (hopefully you as well), writing things down makes them more memorable. On Jan 12, 2010, at 10:44 AM, wrote: > No disrespect taken. I find it very difficult learning all I need to > learn to run Linux server without adding all the things needed to keep > mailscanner functional. It feels like I am constantly having to adjust > things because of package updates and don't always remember what was > done in the past for the package I am having to make changes for. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 10:26 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I mean no disrespect, just in case. I didn't want to sound pedantic - in > fact, I myself work on the assumption that my systems work *in spite of* > my tinkering rather than *because of it* ;-) > > I like assuming I'm not doing things the most efficient way all the > time. Keeps me looking for new ways to do it better... And the > occasional pleasant surprise when I find out it *is* the most efficient > way for a particular situation is gratifying, I must admit. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: > Date: Tue, 12 Jan 2010 10:07:54 > To: > Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I never assumed I was doing it right for five years but I now know how > much more wrong I was ;-) > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 9:38 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > He may need some time. Remember, he assumes he's been doing it right > for five years. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Kai Schaetzl > Date: Tue, 12 Jan 2010 15:29:33 > To: > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > wrote on Tue, 12 Jan 2010 08:48:10 -0500: > >> I still have no idea why (with the same file ownership) that creating >> a link to the spam.assassin.prefs.conf file as user_prefs in >> /var/spool/postfix/.spamassassin/ folder works when the same link in >> /etc/mail/spamassassin folder does not. > > Ok, a last hint. I didn't look at your pastebin log before. Now I did. > Two seconds. This shows that (as I already told you!) your SA is > *seriously* misconfigured. > > 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules > dir 81.[14922] dbg: config: read file > /etc/mail/spamassassin/10_default_prefs.cf > 82.[14922] dbg: config: read file > /etc/mail/spamassassin/20_advance_fee.cf > .. > 168.[14922] dbg: config: read file > /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf > > None (almost none) of these files belong there. And one of the files is > overscoring your custom score. I could tell you which, but I'm sure > you'll find it by yourself. Or you just remove all of them (except for > local.cf and mailscanner.cf and any files you wrote yourself) as they > don't belong there! > > You need to read up on how to use SA and how it works. Please. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you are > not entitled to access such information under FERPA or HIPAA, federal > regulations require that you destroy this email without reviewing it and > you may not forward it to anyone. > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, ClamAV and Bitdefender and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 12 16:30:33 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 12 16:30:45 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA3A9.9010501@ecs.soton.ac.uk> Message-ID: In which case I would suspect permissions. Are you using clamav or clamd? If clamav, make sure the "Run As User" can read the files in the /var/spool/MailScanner/incoming directory. If clamd, ensure the group and perms are set as described in the MailScanner.conf file (look for clamd and you'll find the settings it tells you about). Jules. On 12/01/2010 16:19, Sunny Forro wrote: > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, January 12, 2010 11:02 AM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > Check your virus.scanners.conf file to ensure it is pointing at the > correct place for clamav. > If "which clamscan" reports /usr/local/bin/clamscan then the clamav line > > in virus.scanners.conf should end in "/usr/local" and if it reports > /usr/bin/clamscan then the line should end in "/usr". > > That would be the first place to look. Then "MailScanner --lint" should > detect the EICAR test pattern successfully. Once "MailScanner --lint" > works, you're there. > > Jules. > > > ------ Outlook sucks ----------- > > Jules, thanks for the reply! > I checked "which clamscan" and yes it does point to > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end > in /usr/local. Still no lint under 4.78.17, but works fine under > pervious versions on the same box. Using clamav-wrapper to do a scan of > /tmp gives me sensible output however. > > Sunny > > > > On 12/01/2010 15:45, Sunny Forro wrote: > >> Hello, >> >> I've just upgraded to 4.78.17 and now mailscanner doesn't report >> viruses detected by clamav in production or lint. I've scanned the >> /tmp directory with clamav-wrapper and get sensible clam output. /tmp >> is not symlinked. I've reinstalled clamav, and manually reinstalled >> all the per-tars from the install directory. I've even tried >> downgrading MIME-tools to 5.420 (as found on another post), but to no >> effect (and since reinstalled from perl-tar to 5.427). I've removed >> and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, >> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch >> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere >> 4.0. I've switched back to 4.77.10 as this properly identifies virii. >> I'm out of ideas - Any suggestions? Is there something else I need to >> check, or something else I missed? >> >> Any help would be greatly appreciated. >> >> Sunny Forro >> >> P.S. Thanks a million to Julian Field for a fantastic solution to the >> deluge of spam we had grown accustomed to. >> >> > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rich at mail.wvnet.edu Tue Jan 12 16:34:50 2010 From: rich at mail.wvnet.edu (Richard Lynch) Date: Tue Jan 12 16:35:00 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> Message-ID: <4B4CA4AA.9050403@mail.wvnet.edu> Sunny Forro wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, January 12, 2010 11:02 AM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > Check your virus.scanners.conf file to ensure it is pointing at the > correct place for clamav. > If "which clamscan" reports /usr/local/bin/clamscan then the clamav line > > in virus.scanners.conf should end in "/usr/local" and if it reports > /usr/bin/clamscan then the line should end in "/usr". > > That would be the first place to look. Then "MailScanner --lint" should > detect the EICAR test pattern successfully. Once "MailScanner --lint" > works, you're there. > > Jules. > > > ------ Outlook sucks ----------- > > Jules, thanks for the reply! > I checked "which clamscan" and yes it does point to > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end > in /usr/local. Still no lint under 4.78.17, but works fine under > pervious versions on the same box. Using clamav-wrapper to do a scan of > /tmp gives me sensible output however. > > Sunny > > > > On 12/01/2010 15:45, Sunny Forro wrote: > >> Hello, >> >> I've just upgraded to 4.78.17 and now mailscanner doesn't report >> viruses detected by clamav in production or lint. I've scanned the >> /tmp directory with clamav-wrapper and get sensible clam output. /tmp >> is not symlinked. I've reinstalled clamav, and manually reinstalled >> all the per-tars from the install directory. I've even tried >> downgrading MIME-tools to 5.420 (as found on another post), but to no >> effect (and since reinstalled from perl-tar to 5.427). I've removed >> and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, >> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch >> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere >> 4.0. I've switched back to 4.77.10 as this properly identifies virii. >> I'm out of ideas - Any suggestions? Is there something else I need to >> check, or something else I missed? >> >> Any help would be greatly appreciated. >> >> Sunny Forro >> >> P.S. Thanks a million to Julian Field for a fantastic solution to the >> deluge of spam we had grown accustomed to. >> >> > > Jules > > This may be totally unrelated but I had a similar problem like this at one point. It turned out that the perl I was running had version 0.16 of perl-File-Temp builtin and the version that came packaged with MailScanner was 0.19. When perl was updated v0.19 was removed. I ended up having to do a rpm --force on the version that came packaged with MailScanner. This is all from vague memories and I may not have the scenario exactly right. It took me a while to find it though. Check the version of File::Temp that you are using. I know that once I got the correct version installed MailScanner --lint started producing expected results with my virus scanners. Rich -- "Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C.S. Lewis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100112/26114346/attachment.html From Hostmaster at computerservicecentre.com Tue Jan 12 16:42:15 2010 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Tue Jan 12 16:42:33 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <27C9FC36-7839-4161-8D62-5B0A09C0813C@rtpty.com> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net><1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net><1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EAB@exchange2.sbschools.net> <27C9FC36-7839-4161-8D62-5B0A09C0813C@rtpty.com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2ACFA3DD@commssrv01.computerservicecentre.com> You might also find it handy running a duplicate copy of everything in a Virtual Machine so that you can test the effects of changes in a development environment before putting them live. VirtualBox is free, and works well! Regards, Richard >It's the added things which makes *your* servers stand out from everyone else's! Be proud! :-D >... also document everything you do. Keep a journal or a log. You can always go back to it later and help out people >on the list when similar problems arise. There's that... and there's also the fact that I've found that for some >people (hopefully you as well), writing things down makes them more memorable. On Jan 12, 2010, at 10:44 AM, wrote: > No disrespect taken. I find it very difficult learning all I need to > learn to run Linux server without adding all the things needed to keep > mailscanner functional. It feels like I am constantly having to adjust > things because of package updates and don't always remember what was > done in the past for the package I am having to make changes for. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 10:26 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I mean no disrespect, just in case. I didn't want to sound pedantic - in > fact, I myself work on the assumption that my systems work *in spite of* > my tinkering rather than *because of it* ;-) > > I like assuming I'm not doing things the most efficient way all the > time. Keeps me looking for new ways to do it better... And the > occasional pleasant surprise when I find out it *is* the most efficient > way for a particular situation is gratifying, I must admit. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: > Date: Tue, 12 Jan 2010 10:07:54 > To: > Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I never assumed I was doing it right for five years but I now know how > much more wrong I was ;-) > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 9:38 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > He may need some time. Remember, he assumes he's been doing it right > for five years. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Kai Schaetzl > Date: Tue, 12 Jan 2010 15:29:33 > To: > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > wrote on Tue, 12 Jan 2010 08:48:10 -0500: > >> I still have no idea why (with the same file ownership) that creating >> a link to the spam.assassin.prefs.conf file as user_prefs in >> /var/spool/postfix/.spamassassin/ folder works when the same link in >> /etc/mail/spamassassin folder does not. > > Ok, a last hint. I didn't look at your pastebin log before. Now I did. > Two seconds. This shows that (as I already told you!) your SA is > *seriously* misconfigured. > > 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules > dir 81.[14922] dbg: config: read file > /etc/mail/spamassassin/10_default_prefs.cf > 82.[14922] dbg: config: read file > /etc/mail/spamassassin/20_advance_fee.cf > .. > 168.[14922] dbg: config: read file > /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf > > None (almost none) of these files belong there. And one of the files is > overscoring your custom score. I could tell you which, but I'm sure > you'll find it by yourself. Or you just remove all of them (except for > local.cf and mailscanner.cf and any files you wrote yourself) as they > don't belong there! > > You need to read up on how to use SA and how it works. Please. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you are > not entitled to access such information under FERPA or HIPAA, federal > regulations require that you destroy this email without reviewing it and > you may not forward it to anyone. > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, ClamAV and Bitdefender and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From sunny.forro at compcoind.com Tue Jan 12 16:47:13 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 16:47:26 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA3A9.9010501@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, January 12, 2010 11:31 AM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > In which case I would suspect permissions. Are you using clamav or > clamd? If clamav, make sure the "Run As User" can read the files in the > /var/spool/MailScanner/incoming directory. If clamd, ensure the group > and perms are set as described in the MailScanner.conf file (look for > clamd and you'll find the settings it tells you about). > > Jules. > I am running clamav 0.95.3 and have not set a "Run As User" (running sendmail). When I do a clamav-wrapper scan of /var/spool/MailScanner/incoming I get sensible output (clamav returns "OK" or other sensible output for each message). When I set the MailScanner symlink to my older install (4.77.10-1) virus scanning works as expected and ./MailScanner --lint returns a hit for eicar. I'm still perplexed. Sunny Forro > On 12/01/2010 16:19, Sunny Forro wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > > Field > > Sent: Tuesday, January 12, 2010 11:02 AM > > To: MailScanner discussion > > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > > tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > > > > Check your virus.scanners.conf file to ensure it is pointing at the > > correct place for clamav. > > If "which clamscan" reports /usr/local/bin/clamscan then the clamav > line > > > > in virus.scanners.conf should end in "/usr/local" and if it reports > > /usr/bin/clamscan then the line should end in "/usr". > > > > That would be the first place to look. Then "MailScanner --lint" > should > > detect the EICAR test pattern successfully. Once "MailScanner --lint" > > works, you're there. > > > > Jules. > > > > > > ------ Outlook sucks ----------- > > > > Jules, thanks for the reply! > > I checked "which clamscan" and yes it does point to > > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does > end > > in /usr/local. Still no lint under 4.78.17, but works fine under > > pervious versions on the same box. Using clamav-wrapper to do a scan > of > > /tmp gives me sensible output however. > > > > Sunny > > > > > > > > On 12/01/2010 15:45, Sunny Forro wrote: > > > >> Hello, > >> > >> I've just upgraded to 4.78.17 and now mailscanner doesn't report > >> viruses detected by clamav in production or lint. I've scanned the > >> /tmp directory with clamav-wrapper and get sensible clam output. > /tmp > >> is not symlinked. I've reinstalled clamav, and manually reinstalled > >> all the per-tars from the install directory. I've even tried > >> downgrading MIME-tools to 5.420 (as found on another post), but to > no > >> effect (and since reinstalled from perl-tar to 5.427). I've removed > >> and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, > >> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch > >> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere > >> 4.0. I've switched back to 4.77.10 as this properly identifies > virii. > >> I'm out of ideas - Any suggestions? Is there something else I need > to > >> check, or something else I missed? > >> > >> Any help would be greatly appreciated. > >> > >> Sunny Forro > >> > >> P.S. Thanks a million to Julian Field for a fantastic solution to > the > >> deluge of spam we had grown accustomed to. > >> > >> > > Jules > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikael at syska.dk Tue Jan 12 16:47:56 2010 From: mikael at syska.dk (Mikael Syska) Date: Tue Jan 12 16:48:11 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <4B4C3467.60400@ecs.soton.ac.uk> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> Message-ID: <6beca9db1001120847v35656fd9tce362bfaf3fcfc89@mail.gmail.com> Hey Jules, This was meant to Mike Jakubik as he said he commited an updated version of the package :-) ... and maybe he knows the rutine to get outdated packages deleted. mvh On Tue, Jan 12, 2010 at 9:35 AM, Jules Field wrote: > > > On 11/01/2010 16:28, Mikael Syska wrote: >> >> Hi, >> >> Mostly for Mike Jakubik ... >> Dont know how FreeBSD accepts package to the ports tree ... but I >> guess you know :-) >> > > Not the faintest idea, sorry. >> >> Since you are in the package maintainer, maybe you coult get the old >> mailscanner-devel deleted as its very old and not used any more. Just >> so new people dont think its a never version of the port. >> > > Any ideas where I should start? >> >> I will be happy to test the pakckage, when its released. I have been >> holding back from upgrading the package cause of all the taint >> problems there have been. Hopefully its soon over ... >> > > I've released 4.79.5, which I would gratefully appreciate you testing. > > Thanks, > Jules. >> >> mvh >> Mikael Syska >> >> On Mon, Jan 11, 2010 at 4:50 PM, Mike Jakubik ?wrote: >> >>> >>> On Mon, January 11, 2010 8:06 am, Jules Field wrote: >>> >>>> >>>> I have fixed this one. I'll do another beta release this afternoon so >>>> you all have the latest code. >>>> >>>> Jules. >>>> >>> >>> Thanks Jules. I have updated the FreeBSD port to run the master perl >>> process as the "run as" user, to disable taint mode. I will test the new >>> version and let you know/update the port. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From sunny.forro at compcoind.com Tue Jan 12 16:49:27 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 16:49:37 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu> Message-ID: Rich, thanks for the reply. I've gone through and checked the versions of all the perl-tars against what's installed (and reinstalled some of them to make sure the versions match). Everything that I've checked matches the expected versions for this release of MailScanner. Sunny From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Richard Lynch Sent: Tuesday, January 12, 2010 11:35 AM To: MailScanner discussion Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) Sunny Forro wrote: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, January 12, 2010 11:02 AM To: MailScanner discussion Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) Check your virus.scanners.conf file to ensure it is pointing at the correct place for clamav. If "which clamscan" reports /usr/local/bin/clamscan then the clamav line in virus.scanners.conf should end in "/usr/local" and if it reports /usr/bin/clamscan then the line should end in "/usr". That would be the first place to look. Then "MailScanner --lint" should detect the EICAR test pattern successfully. Once "MailScanner --lint" works, you're there. Jules. ------ Outlook sucks ----------- Jules, thanks for the reply! I checked "which clamscan" and yes it does point to /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end in /usr/local. Still no lint under 4.78.17, but works fine under pervious versions on the same box. Using clamav-wrapper to do a scan of /tmp gives me sensible output however. Sunny On 12/01/2010 15:45, Sunny Forro wrote: Hello, I've just upgraded to 4.78.17 and now mailscanner doesn't report viruses detected by clamav in production or lint. I've scanned the /tmp directory with clamav-wrapper and get sensible clam output. /tmp is not symlinked. I've reinstalled clamav, and manually reinstalled all the per-tars from the install directory. I've even tried downgrading MIME-tools to 5.420 (as found on another post), but to no effect (and since reinstalled from perl-tar to 5.427). I've removed and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere 4.0. I've switched back to 4.77.10 as this properly identifies virii. I'm out of ideas - Any suggestions? Is there something else I need to check, or something else I missed? Any help would be greatly appreciated. Sunny Forro P.S. Thanks a million to Julian Field for a fantastic solution to the deluge of spam we had grown accustomed to. Jules This may be totally unrelated but I had a similar problem like this at one point. It turned out that the perl I was running had version 0.16 of perl-File-Temp builtin and the version that came packaged with MailScanner was 0.19. When perl was updated v0.19 was removed. I ended up having to do a rpm --force on the version that came packaged with MailScanner. This is all from vague memories and I may not have the scenario exactly right. It took me a while to find it though. Check the version of File::Temp that you are using. I know that once I got the correct version installed MailScanner --lint started producing expected results with my virus scanners. Rich -- "Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." -- C.S. Lewis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100112/2e4b1870/attachment.html From dcurtis at sbschools.net Tue Jan 12 16:53:55 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Tue Jan 12 16:56:32 2010 Subject: [({Spam?})] FH_DATE_PAST_20XX 3.38 In-Reply-To: <27C9FC36-7839-4161-8D62-5B0A09C0813C@rtpty.com> References: <73461DFCD2207F44A16F136A46195545472DFE@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472DFF@exchange2.sbschools.net><4B460B73.60806@USherbrooke.ca><73461DFCD2207F44A16F136A46195545472E06@exchange2.sbschools.net><4B461A7F.5090302@alexb.ch><73461DFCD2207F44A16F136A46195545472E0C@exchange2.sbschools.net><4B463C16.3080709@alexb.ch><73461DFCD2207F44A16F136A46195545472E11@exchange2.sbschools.net><4B4641CF.9070809@alexb.ch><223f97701001080144s11658ec0s99b0a4df8dab63f5@mail.gmail.com><73461DFCD2207F44A16F136A46195545472E2D@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E76@exchange2.sbschools.net><40E5B635-1CB8-4154-88CC-8D94F0191979@mlrw.com><73461DFCD2207F44A16F136A46195545472E85@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E91@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545472E96@exchange2.sbschools.net><1753904690-1263307103-cardhu_decombobulator_blackberry.rim.net-948429653-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EA7@exchange2.sbschools.net><1352665242-1263309977-cardhu_decombobulator_blackberry.rim.net-373699070-@bda461.bisx.prod.on.blackberry><73461DFCD2207F44A16F136A46195545472EAB@exchange2.sbschools.net> <27C9FC36-7839-4161-8D62-5B0A09C0813C@rtpty.com> Message-ID: <73461DFCD2207F44A16F136A46195545472EAD@exchange2.sbschools.net> Thanks that is really good advice. I tend to make several dozen changes to find a "fix" then by the time I get back at it I forgot what was done. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Tuesday, January 12, 2010 11:28 AM To: MailScanner discussion Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 It's the added things which makes *your* servers stand out from everyone else's! Be proud! :-D ... also document everything you do. Keep a journal or a log. You can always go back to it later and help out people on the list when similar problems arise. There's that... and there's also the fact that I've found that for some people (hopefully you as well), writing things down makes them more memorable. On Jan 12, 2010, at 10:44 AM, wrote: > No disrespect taken. I find it very difficult learning all I need to > learn to run Linux server without adding all the things needed to keep > mailscanner functional. It feels like I am constantly having to adjust > things because of package updates and don't always remember what was > done in the past for the package I am having to make changes for. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 10:26 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I mean no disrespect, just in case. I didn't want to sound pedantic - in > fact, I myself work on the assumption that my systems work *in spite of* > my tinkering rather than *because of it* ;-) > > I like assuming I'm not doing things the most efficient way all the > time. Keeps me looking for new ways to do it better... And the > occasional pleasant surprise when I find out it *is* the most efficient > way for a particular situation is gratifying, I must admit. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: > Date: Tue, 12 Jan 2010 10:07:54 > To: > Subject: RE: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > I never assumed I was doing it right for five years but I now know how > much more wrong I was ;-) > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex > Neuman van der Hans > Sent: Tuesday, January 12, 2010 9:38 AM > To: MailScanner discussion > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > He may need some time. Remember, he assumes he's been doing it right > for five years. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Kai Schaetzl > Date: Tue, 12 Jan 2010 15:29:33 > To: > Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38 > > wrote on Tue, 12 Jan 2010 08:48:10 -0500: > >> I still have no idea why (with the same file ownership) that creating >> a link to the spam.assassin.prefs.conf file as user_prefs in >> /var/spool/postfix/.spamassassin/ folder works when the same link in >> /etc/mail/spamassassin folder does not. > > Ok, a last hint. I didn't look at your pastebin log before. Now I did. > Two seconds. This shows that (as I already told you!) your SA is > *seriously* misconfigured. > > 80.[14922] dbg: config: using "/etc/mail/spamassassin" for site rules > dir 81.[14922] dbg: config: read file > /etc/mail/spamassassin/10_default_prefs.cf > 82.[14922] dbg: config: read file > /etc/mail/spamassassin/20_advance_fee.cf > .. > 168.[14922] dbg: config: read file > /etc/mail/spamassassin/weeds_2_cf_sare_sa-update_dostech_net.cf > > None (almost none) of these files belong there. And one of the files is > overscoring your custom score. I could tell you which, but I'm sure > you'll find it by yourself. Or you just remove all of them (except for > local.cf and mailscanner.cf and any files you wrote yourself) as they > don't belong there! > > You need to read up on how to use SA and how it works. Please. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you are > not entitled to access such information under FERPA or HIPAA, federal > regulations require that you destroy this email without reviewing it and > you may not forward it to anyone. > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, ClamAV and Bitdefender and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, ClamAV and Bitdefender and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 12 17:26:44 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Jan 12 17:26:59 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu> <4B4CB0D4.5000406@ecs.soton.ac.uk> Message-ID: And if you re-run the ./install.sh from MailScanner, just to be doubly-sure? On 12/01/2010 16:49, Sunny Forro wrote: > > Rich, thanks for the reply. > > I?ve gone through and checked the versions of all the perl-tars > against what?s installed (and reinstalled some of them to make sure > the versions match). Everything that I?ve checked matches the expected > versions for this release of MailScanner. > > Sunny > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Richard Lynch > *Sent:* Tuesday, January 12, 2010 11:35 AM > *To:* MailScanner discussion > *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > checked tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > > Sunny Forro wrote: > > > -----Original Message----- > From:mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, January 12, 2010 11:02 AM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > Check your virus.scanners.conf file to ensure it is pointing at the > correct place for clamav. > If "which clamscan" reports /usr/local/bin/clamscan then the clamav line > > in virus.scanners.conf should end in "/usr/local" and if it reports > /usr/bin/clamscan then the line should end in "/usr". > > That would be the first place to look. Then "MailScanner --lint" should > detect the EICAR test pattern successfully. Once "MailScanner --lint" > works, you're there. > > Jules. > > > ------ Outlook sucks ----------- > > Jules, thanks for the reply! > I checked "which clamscan" and yes it does point to > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end > in /usr/local. Still no lint under 4.78.17, but works fine under > pervious versions on the same box. Using clamav-wrapper to do a scan of > /tmp gives me sensible output however. > > Sunny > > > > On 12/01/2010 15:45, Sunny Forro wrote: > > > Hello, > > > > I've just upgraded to 4.78.17 and now mailscanner doesn't report > > viruses detected by clamav in production or lint. I've scanned the > > /tmp directory with clamav-wrapper and get sensible clam output. /tmp > > is not symlinked. I've reinstalled clamav, and manually reinstalled > > all the per-tars from the install directory. I've even tried > > downgrading MIME-tools to 5.420 (as found on another post), but to no > > effect (and since reinstalled from perl-tar to 5.427). I've removed > > and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17, > > SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch > > 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere > > 4.0. I've switched back to 4.77.10 as this properly identifies virii. > > I'm out of ideas - Any suggestions? Is there something else I need to > > check, or something else I missed? > > > > Any help would be greatly appreciated. > > > > Sunny Forro > > > > P.S. Thanks a million to Julian Field for a fantastic solution to the > > deluge of spam we had grown accustomed to. > > > > > > > Jules > > > > This may be totally unrelated but I had a similar problem like this at > one point. It turned out that the perl I was running had version 0.16 > of perl-File-Temp builtin and the version that came packaged with > MailScanner was 0.19. When perl was updated v0.19 was removed. I ended > up having to do a rpm --force on the version that came packaged with > MailScanner. > > This is all from vague memories and I may not have the scenario > exactly right. It took me a while to find it though. Check the version > of File::Temp that you are using. I know that once I got the correct > version installed MailScanner --lint started producing expected > results with my virus scanners. > > Rich > > > -- > > "Of all tyrannies, a tyranny exercised for the good of its victims may > be the most oppressive. It may be better to live under robber barons > than omnipotent moral busybodies. The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those > who torment us for our own good will torment us without end, for they do > so with the approval of their own conscience." > > -- C.S. Lewis > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sunny.forro at compcoind.com Tue Jan 12 18:05:03 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 18:05:17 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> Message-ID: I've rerun the ./install.sh script - again to no effect. However, I discovered that MailScanner is properly parsing mcafee's output but not clamavs. When I lint with my virus scanners set to "clamav mcafee" it picks up Eicar from mcafee, but nothing from clamav. If I set it to "clamav" it doesn't pick up Eicar at all. Side Note: I have a paid version of McAfee that I have used until recently, when I discovered that the latest release of mcafee for BSD still relies on an outdated compatibility library (compat3x) that doesn't properly install and isn't included in any release since FreeBSD5. It also spikes my CPU to 100% while scanning mail and slows the whole process to a crawl. Running clamav only with a previous release of MailScanner produces more reliable results because when my CPU hits 100% (using mcafee and clamav) mail begins to flow through completely untouched. Sunny > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Tuesday, January 12, 2010 12:27 PM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > And if you re-run the ./install.sh from MailScanner, just to be doubly- > sure? > > On 12/01/2010 16:49, Sunny Forro wrote: > > > > Rich, thanks for the reply. > > > > I've gone through and checked the versions of all the perl-tars > > against what's installed (and reinstalled some of them to make sure > > the versions match). Everything that I've checked matches the > expected > > versions for this release of MailScanner. > > > > Sunny > > > > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > > *Richard Lynch > > *Sent:* Tuesday, January 12, 2010 11:35 AM > > *To:* MailScanner discussion > > *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > > checked tmp permissions and no symlink, reinstalled clamav (worked in > > 4.77.10) > > > > Sunny Forro wrote: > > > > > > -----Original Message----- > > From:mailscanner-bounces@lists.mailscanner.info bounces@lists.mailscanner.info> > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian > > Field > > Sent: Tuesday, January 12, 2010 11:02 AM > > To: MailScanner discussion > > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > > tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > > > > Check your virus.scanners.conf file to ensure it is pointing at the > > correct place for clamav. > > If "which clamscan" reports /usr/local/bin/clamscan then the clamav > line > > > > in virus.scanners.conf should end in "/usr/local" and if it reports > > /usr/bin/clamscan then the line should end in "/usr". > > > > That would be the first place to look. Then "MailScanner --lint" > should > > detect the EICAR test pattern successfully. Once "MailScanner --lint" > > works, you're there. > > > > Jules. > > > > > > ------ Outlook sucks ----------- > > > > Jules, thanks for the reply! > > I checked "which clamscan" and yes it does point to > > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does > end > > in /usr/local. Still no lint under 4.78.17, but works fine under > > pervious versions on the same box. Using clamav-wrapper to do a scan > of > > /tmp gives me sensible output however. > > > > Sunny > > > > > > > > On 12/01/2010 15:45, Sunny Forro wrote: > > > > > > Hello, > > > > > > > > I've just upgraded to 4.78.17 and now mailscanner doesn't report > > > > viruses detected by clamav in production or lint. I've scanned > the > > > > /tmp directory with clamav-wrapper and get sensible clam output. > /tmp > > > > is not symlinked. I've reinstalled clamav, and manually > reinstalled > > > > all the per-tars from the install directory. I've even tried > > > > downgrading MIME-tools to 5.420 (as found on another post), but > to no > > > > effect (and since reinstalled from perl-tar to 5.427). I've > removed > > > > and reinstalled Perl5.8.9, also to no effect. I'm running > MS4.78.17, > > > > SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ > mailwatch > > > > 1.0.4, apache13, mysql5077, php5, virtualized through VMWare > VSphere > > > > 4.0. I've switched back to 4.77.10 as this properly identifies > virii. > > > > I'm out of ideas - Any suggestions? Is there something else I > need to > > > > check, or something else I missed? > > > > > > > > Any help would be greatly appreciated. > > > > > > > > Sunny Forro > > > > > > > > P.S. Thanks a million to Julian Field for a fantastic solution to > the > > > > deluge of spam we had grown accustomed to. > > > > > > > > > > > > > > Jules > > > > > > > > This may be totally unrelated but I had a similar problem like this > at > > one point. It turned out that the perl I was running had version 0.16 > > of perl-File-Temp builtin and the version that came packaged with > > MailScanner was 0.19. When perl was updated v0.19 was removed. I > ended > > up having to do a rpm --force on the version that came packaged with > > MailScanner. > > > > This is all from vague memories and I may not have the scenario > > exactly right. It took me a while to find it though. Check the > version > > of File::Temp that you are using. I know that once I got the correct > > version installed MailScanner --lint started producing expected > > results with my virus scanners. > > > > Rich > > > > > > -- > > > > "Of all tyrannies, a tyranny exercised for the good of its victims > may > > be the most oppressive. It may be better to live under robber barons > > than omnipotent moral busybodies. The robber baron's cruelty may > > sometimes sleep, his cupidity may at some point be satiated; but > those > > who torment us for our own good will torment us without end, for they > do > > so with the approval of their own conscience." > > > > -- C.S. Lewis > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Jan 12 19:00:15 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Jan 12 19:00:27 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: Any chance you could give me remote ssh root access to your server so I can debug it for you and see what output you're getting from clamav and why it isn't parsing it properly? I've got a reputation to protect, so I'm not going to do anything bad to you! If it takes less than a couple of hours, I'll do it for free too. :) Contact me by email if you're interested. Jules. On 12/01/2010 18:05, Sunny Forro wrote: > I've rerun the ./install.sh script - again to no effect. However, I > discovered that MailScanner is properly parsing mcafee's output but not > clamavs. When I lint with my virus scanners set to "clamav mcafee" it > picks up Eicar from mcafee, but nothing from clamav. If I set it to > "clamav" it doesn't pick up Eicar at all. > > Side Note: I have a paid version of McAfee that I have used until > recently, when I discovered that the latest release of mcafee for BSD > still relies on an outdated compatibility library (compat3x) that > doesn't properly install and isn't included in any release since > FreeBSD5. It also spikes my CPU to 100% while scanning mail and slows > the whole process to a crawl. Running clamav only with a previous > release of MailScanner produces more reliable results because when my > CPU hits 100% (using mcafee and clamav) mail begins to flow through > completely untouched. > > Sunny > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jules Field >> Sent: Tuesday, January 12, 2010 12:27 PM >> To: MailScanner discussion >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked >> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) >> >> And if you re-run the ./install.sh from MailScanner, just to be >> > doubly- > >> sure? >> >> On 12/01/2010 16:49, Sunny Forro wrote: >> >>> Rich, thanks for the reply. >>> >>> I've gone through and checked the versions of all the perl-tars >>> against what's installed (and reinstalled some of them to make sure >>> the versions match). Everything that I've checked matches the >>> >> expected >> >>> versions for this release of MailScanner. >>> >>> Sunny >>> >>> *From:* mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>> *Richard Lynch >>> *Sent:* Tuesday, January 12, 2010 11:35 AM >>> *To:* MailScanner discussion >>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have >>> checked tmp permissions and no symlink, reinstalled clamav (worked >>> > in > >>> 4.77.10) >>> >>> Sunny Forro wrote: >>> >>> >>> -----Original Message----- >>> From:mailscanner-bounces@lists.mailscanner.info >>> > >> bounces@lists.mailscanner.info> >> >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> >> Julian >> >>> Field >>> Sent: Tuesday, January 12, 2010 11:02 AM >>> To: MailScanner discussion >>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have >>> > checked > >>> tmp permissions and no symlink, reinstalled clamav (worked in >>> >> 4.77.10) >> >>> Check your virus.scanners.conf file to ensure it is pointing at the >>> correct place for clamav. >>> If "which clamscan" reports /usr/local/bin/clamscan then the clamav >>> >> line >> >>> in virus.scanners.conf should end in "/usr/local" and if it reports >>> /usr/bin/clamscan then the line should end in "/usr". >>> >>> That would be the first place to look. Then "MailScanner --lint" >>> >> should >> >>> detect the EICAR test pattern successfully. Once "MailScanner >>> > --lint" > >>> works, you're there. >>> >>> Jules. >>> >>> >>> ------ Outlook sucks ----------- >>> >>> Jules, thanks for the reply! >>> I checked "which clamscan" and yes it does point to >>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does >>> >> end >> >>> in /usr/local. Still no lint under 4.78.17, but works fine under >>> pervious versions on the same box. Using clamav-wrapper to do a scan >>> >> of >> >>> /tmp gives me sensible output however. >>> >>> Sunny >>> >>> >>> >>> On 12/01/2010 15:45, Sunny Forro wrote: >>> >>> >>> Hello, >>> >>> >>> >>> I've just upgraded to 4.78.17 and now mailscanner doesn't report >>> >>> viruses detected by clamav in production or lint. I've scanned >>> >> the >> >>> /tmp directory with clamav-wrapper and get sensible clam output. >>> >> /tmp >> >>> is not symlinked. I've reinstalled clamav, and manually >>> >> reinstalled >> >>> all the per-tars from the install directory. I've even tried >>> >>> downgrading MIME-tools to 5.420 (as found on another post), but >>> >> to no >> >>> effect (and since reinstalled from perl-tar to 5.427). I've >>> >> removed >> >>> and reinstalled Perl5.8.9, also to no effect. I'm running >>> >> MS4.78.17, >> >>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ >>> >> mailwatch >> >>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare >>> >> VSphere >> >>> 4.0. I've switched back to 4.77.10 as this properly identifies >>> >> virii. >> >>> I'm out of ideas - Any suggestions? Is there something else I >>> >> need to >> >>> check, or something else I missed? >>> >>> >>> >>> Any help would be greatly appreciated. >>> >>> >>> >>> Sunny Forro >>> >>> >>> >>> P.S. Thanks a million to Julian Field for a fantastic solution >>> > to > >> the >> >>> deluge of spam we had grown accustomed to. >>> >>> >>> >>> >>> >>> >>> Jules >>> >>> >>> >>> This may be totally unrelated but I had a similar problem like this >>> >> at >> >>> one point. It turned out that the perl I was running had version >>> > 0.16 > >>> of perl-File-Temp builtin and the version that came packaged with >>> MailScanner was 0.19. When perl was updated v0.19 was removed. I >>> >> ended >> >>> up having to do a rpm --force on the version that came packaged with >>> MailScanner. >>> >>> This is all from vague memories and I may not have the scenario >>> exactly right. It took me a while to find it though. Check the >>> >> version >> >>> of File::Temp that you are using. I know that once I got the correct >>> version installed MailScanner --lint started producing expected >>> results with my virus scanners. >>> >>> Rich >>> >>> >>> -- >>> >>> "Of all tyrannies, a tyranny exercised for the good of its victims >>> >> may >> >>> be the most oppressive. It may be better to live under robber barons >>> than omnipotent moral busybodies. The robber baron's cruelty may >>> sometimes sleep, his cupidity may at some point be satiated; but >>> >> those >> >>> who torment us for our own good will torment us without end, for >>> > they > >> do >> >>> so with the approval of their own conscience." >>> >>> -- C.S. Lewis >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sunny.forro at compcoind.com Tue Jan 12 19:29:09 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Tue Jan 12 19:29:25 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: Jules, I would be happy to give you ssh to this box. Should I send details to the mailscanner (at) ecs (dot) soton (dot) ac (dot) uk address? Thanks, Sunny Forro > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Tuesday, January 12, 2010 2:00 PM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > Any chance you could give me remote ssh root access to your server so I > can debug it for you and see what output you're getting from clamav and > why it isn't parsing it properly? > I've got a reputation to protect, so I'm not going to do anything bad > to > you! > > If it takes less than a couple of hours, I'll do it for free too. :) > > Contact me by email if you're interested. > > Jules. > > On 12/01/2010 18:05, Sunny Forro wrote: > > I've rerun the ./install.sh script - again to no effect. However, I > > discovered that MailScanner is properly parsing mcafee's output but > not > > clamavs. When I lint with my virus scanners set to "clamav mcafee" it > > picks up Eicar from mcafee, but nothing from clamav. If I set it to > > "clamav" it doesn't pick up Eicar at all. > > > > Side Note: I have a paid version of McAfee that I have used until > > recently, when I discovered that the latest release of mcafee for BSD > > still relies on an outdated compatibility library (compat3x) that > > doesn't properly install and isn't included in any release since > > FreeBSD5. It also spikes my CPU to 100% while scanning mail and slows > > the whole process to a crawl. Running clamav only with a previous > > release of MailScanner produces more reliable results because when > my > > CPU hits 100% (using mcafee and clamav) mail begins to flow through > > completely untouched. > > > > Sunny > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Jules Field > >> Sent: Tuesday, January 12, 2010 12:27 PM > >> To: MailScanner discussion > >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > checked > >> tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > >> > >> And if you re-run the ./install.sh from MailScanner, just to be > >> > > doubly- > > > >> sure? > >> > >> On 12/01/2010 16:49, Sunny Forro wrote: > >> > >>> Rich, thanks for the reply. > >>> > >>> I've gone through and checked the versions of all the perl-tars > >>> against what's installed (and reinstalled some of them to make sure > >>> the versions match). Everything that I've checked matches the > >>> > >> expected > >> > >>> versions for this release of MailScanner. > >>> > >>> Sunny > >>> > >>> *From:* mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > >>> *Richard Lynch > >>> *Sent:* Tuesday, January 12, 2010 11:35 AM > >>> *To:* MailScanner discussion > >>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > >>> checked tmp permissions and no symlink, reinstalled clamav (worked > >>> > > in > > > >>> 4.77.10) > >>> > >>> Sunny Forro wrote: > >>> > >>> > >>> -----Original Message----- > >>> From:mailscanner-bounces@lists.mailscanner.info > >>> > > > > >> bounces@lists.mailscanner.info> > >> > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>> > >> Julian > >> > >>> Field > >>> Sent: Tuesday, January 12, 2010 11:02 AM > >>> To: MailScanner discussion > >>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > >>> > > checked > > > >>> tmp permissions and no symlink, reinstalled clamav (worked in > >>> > >> 4.77.10) > >> > >>> Check your virus.scanners.conf file to ensure it is pointing at the > >>> correct place for clamav. > >>> If "which clamscan" reports /usr/local/bin/clamscan then the clamav > >>> > >> line > >> > >>> in virus.scanners.conf should end in "/usr/local" and if it reports > >>> /usr/bin/clamscan then the line should end in "/usr". > >>> > >>> That would be the first place to look. Then "MailScanner --lint" > >>> > >> should > >> > >>> detect the EICAR test pattern successfully. Once "MailScanner > >>> > > --lint" > > > >>> works, you're there. > >>> > >>> Jules. > >>> > >>> > >>> ------ Outlook sucks ----------- > >>> > >>> Jules, thanks for the reply! > >>> I checked "which clamscan" and yes it does point to > >>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf > does > >>> > >> end > >> > >>> in /usr/local. Still no lint under 4.78.17, but works fine under > >>> pervious versions on the same box. Using clamav-wrapper to do a > scan > >>> > >> of > >> > >>> /tmp gives me sensible output however. > >>> > >>> Sunny > >>> > >>> > >>> > >>> On 12/01/2010 15:45, Sunny Forro wrote: > >>> > >>> > >>> Hello, > >>> > >>> > >>> > >>> I've just upgraded to 4.78.17 and now mailscanner doesn't > report > >>> > >>> viruses detected by clamav in production or lint. I've scanned > >>> > >> the > >> > >>> /tmp directory with clamav-wrapper and get sensible clam > output. > >>> > >> /tmp > >> > >>> is not symlinked. I've reinstalled clamav, and manually > >>> > >> reinstalled > >> > >>> all the per-tars from the install directory. I've even tried > >>> > >>> downgrading MIME-tools to 5.420 (as found on another post), > but > >>> > >> to no > >> > >>> effect (and since reinstalled from perl-tar to 5.427). I've > >>> > >> removed > >> > >>> and reinstalled Perl5.8.9, also to no effect. I'm running > >>> > >> MS4.78.17, > >> > >>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ > >>> > >> mailwatch > >> > >>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare > >>> > >> VSphere > >> > >>> 4.0. I've switched back to 4.77.10 as this properly identifies > >>> > >> virii. > >> > >>> I'm out of ideas - Any suggestions? Is there something else I > >>> > >> need to > >> > >>> check, or something else I missed? > >>> > >>> > >>> > >>> Any help would be greatly appreciated. > >>> > >>> > >>> > >>> Sunny Forro > >>> > >>> > >>> > >>> P.S. Thanks a million to Julian Field for a fantastic solution > >>> > > to > > > >> the > >> > >>> deluge of spam we had grown accustomed to. > >>> > >>> > >>> > >>> > >>> > >>> > >>> Jules > >>> > >>> > >>> > >>> This may be totally unrelated but I had a similar problem like this > >>> > >> at > >> > >>> one point. It turned out that the perl I was running had version > >>> > > 0.16 > > > >>> of perl-File-Temp builtin and the version that came packaged with > >>> MailScanner was 0.19. When perl was updated v0.19 was removed. I > >>> > >> ended > >> > >>> up having to do a rpm --force on the version that came packaged > with > >>> MailScanner. > >>> > >>> This is all from vague memories and I may not have the scenario > >>> exactly right. It took me a while to find it though. Check the > >>> > >> version > >> > >>> of File::Temp that you are using. I know that once I got the > correct > >>> version installed MailScanner --lint started producing expected > >>> results with my virus scanners. > >>> > >>> Rich > >>> > >>> > >>> -- > >>> > >>> "Of all tyrannies, a tyranny exercised for the good of its victims > >>> > >> may > >> > >>> be the most oppressive. It may be better to live under robber > barons > >>> than omnipotent moral busybodies. The robber baron's cruelty may > >>> sometimes sleep, his cupidity may at some point be satiated; but > >>> > >> those > >> > >>> who torment us for our own good will torment us without end, for > >>> > > they > > > >> do > >> > >>> so with the approval of their own conscience." > >>> > >>> -- C.S. Lewis > >>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your > boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lists at elasticmind.net Tue Jan 12 19:42:17 2010 From: lists at elasticmind.net (mog) Date: Tue Jan 12 19:42:40 2010 Subject: More taint mode problems (please help) In-Reply-To: <6beca9db1001120847v35656fd9tce362bfaf3fcfc89@mail.gmail.com> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <4B4C3467.60400@ecs.soton.ac.uk> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <6beca9db1001120847v35656fd9tce362bfaf3fcfc89@mail.gmail.com> Message-ID: <4B4CD099.7030802@elasticmind.net> On 12/01/2010 16:47, Mikael Syska wrote: > Hey Jules, > > This was meant to Mike Jakubik as he said he commited an updated > version of the package :-) ... and maybe he knows the rutine to get > outdated packages deleted. > > mvh > It's done by submitting PRs (Problem Reports) to the ports PR database using the send-pr(1) command. Once the PR is submitted, a FreeBSD committer will assign responsibility of the PR to themselves and look it over. Then, after checking it's all okay they will commit the change to the tree for all the mirrors to pick up and everyone to use. However, if the committer finds a problem with it, they will usually liaise with the submitter to get it resolved. For more information, you can find the FreeBSD porter's bible (handbook) here: http://www.freebsd.org/doc/en/books/porters-handbook/ With most mission critical software, a *-devel port is maintained to contain the newly released or beta code for people to test new features and use if they feel daring. While at the same time the normal or base port (e.g. mail/mailscanner) usually holds the most recent stable release of the software that is considered to be suitable for production use. Often if a *-devel port becomes outdated, it is synchronised with the "stable" base one to allow the conventional devel/stable update process to continue. Whether or not this strategy is followed though, all depends on the release schedule used by the software developers and/or the port maintainer. One thing is for sure though, I think no one likes to see stale ports hanging around. They should either be updated or removed (if they're definitely not used any more and wont be in the future). Hope that helps. From alex at rtpty.com Tue Jan 12 19:44:09 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 12 19:44:24 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: You can even do a "screen -rx" session and learn from the experience! On Jan 12, 2010, at 2:00 PM, Jules Field wrote: > I've got a reputation to protect, so I'm not going to do anything bad to you! From alex at rtpty.com Tue Jan 12 19:45:02 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Jan 12 19:45:16 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: It would be, in a way, an honor to welcome JKF into your box... :-D It's like getting a visit from your own personal rock star! ;-) On Jan 12, 2010, at 2:29 PM, Sunny Forro wrote: > Jules, > I would be happy to give you ssh to this box. Should I send details to > the mailscanner (at) ecs (dot) soton (dot) ac (dot) uk address? > Thanks, > Sunny Forro > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jules Field >> Sent: Tuesday, January 12, 2010 2:00 PM >> To: MailScanner discussion >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked >> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) >> >> Any chance you could give me remote ssh root access to your server so > I >> can debug it for you and see what output you're getting from clamav > and >> why it isn't parsing it properly? >> I've got a reputation to protect, so I'm not going to do anything bad >> to >> you! >> >> If it takes less than a couple of hours, I'll do it for free too. :) >> >> Contact me by email if you're interested. >> >> Jules. >> >> On 12/01/2010 18:05, Sunny Forro wrote: >>> I've rerun the ./install.sh script - again to no effect. However, I >>> discovered that MailScanner is properly parsing mcafee's output but >> not >>> clamavs. When I lint with my virus scanners set to "clamav mcafee" > it >>> picks up Eicar from mcafee, but nothing from clamav. If I set it to >>> "clamav" it doesn't pick up Eicar at all. >>> >>> Side Note: I have a paid version of McAfee that I have used until >>> recently, when I discovered that the latest release of mcafee for > BSD >>> still relies on an outdated compatibility library (compat3x) that >>> doesn't properly install and isn't included in any release since >>> FreeBSD5. It also spikes my CPU to 100% while scanning mail and > slows >>> the whole process to a crawl. Running clamav only with a previous >>> release of MailScanner produces more reliable results because when >> my >>> CPU hits 100% (using mcafee and clamav) mail begins to flow through >>> completely untouched. >>> >>> Sunny >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner- >>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field >>>> Sent: Tuesday, January 12, 2010 12:27 PM >>>> To: MailScanner discussion >>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have >> checked >>>> tmp permissions and no symlink, reinstalled clamav (worked in >> 4.77.10) >>>> >>>> And if you re-run the ./install.sh from MailScanner, just to be >>>> >>> doubly- >>> >>>> sure? >>>> >>>> On 12/01/2010 16:49, Sunny Forro wrote: >>>> >>>>> Rich, thanks for the reply. >>>>> >>>>> I've gone through and checked the versions of all the perl-tars >>>>> against what's installed (and reinstalled some of them to make > sure >>>>> the versions match). Everything that I've checked matches the >>>>> >>>> expected >>>> >>>>> versions for this release of MailScanner. >>>>> >>>>> Sunny >>>>> >>>>> *From:* mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>>>> *Richard Lynch >>>>> *Sent:* Tuesday, January 12, 2010 11:35 AM >>>>> *To:* MailScanner discussion >>>>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have >>>>> checked tmp permissions and no symlink, reinstalled clamav (worked >>>>> >>> in >>> >>>>> 4.77.10) >>>>> >>>>> Sunny Forro wrote: >>>>> >>>>> >>>>> -----Original Message----- >>>>> From:mailscanner-bounces@lists.mailscanner.info >>>>> >>> >> >>>> bounces@lists.mailscanner.info> >>>> >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> >>>> Julian >>>> >>>>> Field >>>>> Sent: Tuesday, January 12, 2010 11:02 AM >>>>> To: MailScanner discussion >>>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have >>>>> >>> checked >>> >>>>> tmp permissions and no symlink, reinstalled clamav (worked in >>>>> >>>> 4.77.10) >>>> >>>>> Check your virus.scanners.conf file to ensure it is pointing at > the >>>>> correct place for clamav. >>>>> If "which clamscan" reports /usr/local/bin/clamscan then the > clamav >>>>> >>>> line >>>> >>>>> in virus.scanners.conf should end in "/usr/local" and if it > reports >>>>> /usr/bin/clamscan then the line should end in "/usr". >>>>> >>>>> That would be the first place to look. Then "MailScanner --lint" >>>>> >>>> should >>>> >>>>> detect the EICAR test pattern successfully. Once "MailScanner >>>>> >>> --lint" >>> >>>>> works, you're there. >>>>> >>>>> Jules. >>>>> >>>>> >>>>> ------ Outlook sucks ----------- >>>>> >>>>> Jules, thanks for the reply! >>>>> I checked "which clamscan" and yes it does point to >>>>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf >> does >>>>> >>>> end >>>> >>>>> in /usr/local. Still no lint under 4.78.17, but works fine under >>>>> pervious versions on the same box. Using clamav-wrapper to do a >> scan >>>>> >>>> of >>>> >>>>> /tmp gives me sensible output however. >>>>> >>>>> Sunny >>>>> >>>>> >>>>> >>>>> On 12/01/2010 15:45, Sunny Forro wrote: >>>>> >>>>> >>>>> Hello, >>>>> >>>>> >>>>> >>>>> I've just upgraded to 4.78.17 and now mailscanner doesn't >> report >>>>> >>>>> viruses detected by clamav in production or lint. I've > scanned >>>>> >>>> the >>>> >>>>> /tmp directory with clamav-wrapper and get sensible clam >> output. >>>>> >>>> /tmp >>>> >>>>> is not symlinked. I've reinstalled clamav, and manually >>>>> >>>> reinstalled >>>> >>>>> all the per-tars from the install directory. I've even tried >>>>> >>>>> downgrading MIME-tools to 5.420 (as found on another post), >> but >>>>> >>>> to no >>>> >>>>> effect (and since reinstalled from perl-tar to 5.427). I've >>>>> >>>> removed >>>> >>>>> and reinstalled Perl5.8.9, also to no effect. I'm running >>>>> >>>> MS4.78.17, >>>> >>>>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ >>>>> >>>> mailwatch >>>> >>>>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare >>>>> >>>> VSphere >>>> >>>>> 4.0. I've switched back to 4.77.10 as this properly > identifies >>>>> >>>> virii. >>>> >>>>> I'm out of ideas - Any suggestions? Is there something else I >>>>> >>>> need to >>>> >>>>> check, or something else I missed? >>>>> >>>>> >>>>> >>>>> Any help would be greatly appreciated. >>>>> >>>>> >>>>> >>>>> Sunny Forro >>>>> >>>>> >>>>> >>>>> P.S. Thanks a million to Julian Field for a fantastic > solution >>>>> >>> to >>> >>>> the >>>> >>>>> deluge of spam we had grown accustomed to. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>>> This may be totally unrelated but I had a similar problem like > this >>>>> >>>> at >>>> >>>>> one point. It turned out that the perl I was running had version >>>>> >>> 0.16 >>> >>>>> of perl-File-Temp builtin and the version that came packaged with >>>>> MailScanner was 0.19. When perl was updated v0.19 was removed. I >>>>> >>>> ended >>>> >>>>> up having to do a rpm --force on the version that came packaged >> with >>>>> MailScanner. >>>>> >>>>> This is all from vague memories and I may not have the scenario >>>>> exactly right. It took me a while to find it though. Check the >>>>> >>>> version >>>> >>>>> of File::Temp that you are using. I know that once I got the >> correct >>>>> version installed MailScanner --lint started producing expected >>>>> results with my virus scanners. >>>>> >>>>> Rich >>>>> >>>>> >>>>> -- >>>>> >>>>> "Of all tyrannies, a tyranny exercised for the good of its victims >>>>> >>>> may >>>> >>>>> be the most oppressive. It may be better to live under robber >> barons >>>>> than omnipotent moral busybodies. The robber baron's cruelty may >>>>> sometimes sleep, his cupidity may at some point be satiated; but >>>>> >>>> those >>>> >>>>> who torment us for our own good will torment us without end, for >>>>> >>> they >>> >>>> do >>>> >>>>> so with the approval of their own conscience." >>>>> >>>>> -- C.S. Lewis >>>>> >>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your >> boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Wed Jan 13 07:37:46 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 13 07:38:04 2010 Subject: Problem Messages In-Reply-To: <20018012.152.1263368177456.JavaMail.root@office.splatnix.net> Message-ID: <20961526.154.1263368266183.JavaMail.root@office.splatnix.net> Hi, I got spammed with the following message over night. Number of messages: 1 Tries Message Last Tried ===== ======= ========== 6 2AE74398847B.A6EE2 Tue Jan 12 22:17:26 2010 I have checked /var/spool/MailScanner/incoming/Processing.db and the message is listed: strings Processing.db SQLite format 3 {tablearchivearchive CREATE TABLE archive (id TEXT, count INT, nexttime INT)J gindexid_uniqprocessing CREATE UNIQUE INDEX id_uniq ON processing(id)[ tableprocessingprocessing CREATE TABLE processing (id TEXT, count INT, nexttime INT) 892FD3988413.A95E6 26E5239883ED.A900C KMwT .892FD3988413.A95E6 26E5239883ED.A900C 2AE74398847B.A6EE2 Yet the message has actually been sorted in the Quarantine ? # ls -ld quarantine/20100112/2AE74398847B.A6EE2 drwxrwx--- 2 postfix apache 4096 Jan 13 07:31 quarantine/20100112/2AE74398847B.A6EE2 If it has been moved to the quarantine then should it not have been removed from the Processing database ? Jan 12 21:53:15 gateway MailScanner[3575]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3575-13.html Jan 12 21:57:16 gateway MailScanner[3561]: Making attempt 2 at processing message 2AE74398847B.A6EE2 Jan 12 21:57:18 gateway MailScanner[3561]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3561-5.html Jan 12 22:02:25 gateway MailScanner[3557]: Making attempt 3 at processing message 2AE74398847B.A6EE2 Jan 12 22:02:26 gateway MailScanner[3557]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3557-5.html Jan 12 22:06:55 gateway MailScanner[7797]: Making attempt 4 at processing message 2AE74398847B.A6EE2 Jan 12 22:06:57 gateway MailScanner[7797]: [Found password stealer] ./2AE74398847B.A6EE2/msg-7797-3.html Jan 12 22:10:38 gateway MailScanner[3552]: Making attempt 5 at processing message 2AE74398847B.A6EE2 Jan 12 22:10:40 gateway MailScanner[3552]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3552-9.html Jan 12 22:14:30 gateway MailScanner[7757]: Making attempt 6 at processing message 2AE74398847B.A6EE2 Jan 12 22:14:31 gateway MailScanner[7757]: [Found password stealer] ./2AE74398847B.A6EE2/msg-7757-2.html Jan 12 22:14:35 gateway MailScanner[8075]: Warning: skipping message 2AE74398847B.A6EE2 as it has been attempted too many times Jan 12 22:14:35 gateway MailScanner[8075]: Quarantined message 2AE74398847B.A6EE2 as it caused MailScanner to crash several times Jan 12 22:14:35 gateway MailScanner[8075]: Saved entire message to /var/spool/MailScanner/quarantine/20100112/2AE74398847B.A6EE2 Jan 12 22:14:35 gateway MailScanner[8075]: Logging message 2AE74398847B.A6EE2 to SQL Jan 12 22:14:35 gateway MailScanner[8801]: 2AE74398847B.A6EE2: Logged to MailWatch SQL -- Thanks, Phil From MailScanner at ecs.soton.ac.uk Wed Jan 13 08:22:00 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 13 08:22:15 2010 Subject: Problem Messages In-Reply-To: <20961526.154.1263368266183.JavaMail.root@office.splatnix.net> References: <20961526.154.1263368266183.JavaMail.root@office.splatnix.net> <4B4D82A8.7000205@ecs.soton.ac.uk> Message-ID: Please can you send me the message so I can see what happens? As usual, upload to an unlinked URL on a website and email me directly the URL it resides at. Thanks! Jules. On 13/01/2010 07:37, --[ UxBoD ]-- wrote: > Hi, > > I got spammed with the following message over night. > > Number of messages: 1 > Tries Message Last Tried > ===== ======= ========== > 6 2AE74398847B.A6EE2 Tue Jan 12 22:17:26 2010 > > I have checked /var/spool/MailScanner/incoming/Processing.db and the message is listed: > > strings Processing.db > SQLite format 3 > {tablearchivearchive > CREATE TABLE archive (id TEXT, count INT, nexttime INT)J > gindexid_uniqprocessing > CREATE UNIQUE INDEX id_uniq ON processing(id)[ > tableprocessingprocessing > CREATE TABLE processing (id TEXT, count INT, nexttime INT) > 892FD3988413.A95E6 > 26E5239883ED.A900C > KMwT > .892FD3988413.A95E6 > 26E5239883ED.A900C > 2AE74398847B.A6EE2 > > Yet the message has actually been sorted in the Quarantine ? > > # ls -ld quarantine/20100112/2AE74398847B.A6EE2 > drwxrwx--- 2 postfix apache 4096 Jan 13 07:31 quarantine/20100112/2AE74398847B.A6EE2 > > If it has been moved to the quarantine then should it not have been removed from the Processing database ? > > Jan 12 21:53:15 gateway MailScanner[3575]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3575-13.html > Jan 12 21:57:16 gateway MailScanner[3561]: Making attempt 2 at processing message 2AE74398847B.A6EE2 > Jan 12 21:57:18 gateway MailScanner[3561]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3561-5.html > Jan 12 22:02:25 gateway MailScanner[3557]: Making attempt 3 at processing message 2AE74398847B.A6EE2 > Jan 12 22:02:26 gateway MailScanner[3557]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3557-5.html > Jan 12 22:06:55 gateway MailScanner[7797]: Making attempt 4 at processing message 2AE74398847B.A6EE2 > Jan 12 22:06:57 gateway MailScanner[7797]: [Found password stealer] ./2AE74398847B.A6EE2/msg-7797-3.html > Jan 12 22:10:38 gateway MailScanner[3552]: Making attempt 5 at processing message 2AE74398847B.A6EE2 > Jan 12 22:10:40 gateway MailScanner[3552]: [Found password stealer] ./2AE74398847B.A6EE2/msg-3552-9.html > Jan 12 22:14:30 gateway MailScanner[7757]: Making attempt 6 at processing message 2AE74398847B.A6EE2 > Jan 12 22:14:31 gateway MailScanner[7757]: [Found password stealer] ./2AE74398847B.A6EE2/msg-7757-2.html > Jan 12 22:14:35 gateway MailScanner[8075]: Warning: skipping message 2AE74398847B.A6EE2 as it has been attempted too many times > Jan 12 22:14:35 gateway MailScanner[8075]: Quarantined message 2AE74398847B.A6EE2 as it caused MailScanner to crash several times > Jan 12 22:14:35 gateway MailScanner[8075]: Saved entire message to /var/spool/MailScanner/quarantine/20100112/2AE74398847B.A6EE2 > Jan 12 22:14:35 gateway MailScanner[8075]: Logging message 2AE74398847B.A6EE2 to SQL > Jan 12 22:14:35 gateway MailScanner[8801]: 2AE74398847B.A6EE2: Logged to MailWatch SQL > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Jan 13 08:31:00 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 13 08:31:32 2010 Subject: Problem Messages In-Reply-To: Message-ID: <26763005.160.1263371460274.JavaMail.root@office.splatnix.net> ----- "Jules Field" wrote: > Please can you send me the message so I can see what happens? > > As usual, upload to an unlinked URL on a website and email me directly > > the URL it resides at. > > Thanks! > Jules. > > On 13/01/2010 07:37, --[ UxBoD ]-- wrote: > > Hi, > > > > I got spammed with the following message over night. > > > > Number of messages: 1 > > Tries Message Last Tried > > ===== ======= ========== > > 6 2AE74398847B.A6EE2 Tue Jan 12 22:17:26 2010 > > > > I have checked /var/spool/MailScanner/incoming/Processing.db and the > message is listed: > > > > strings Processing.db > > SQLite format 3 > > {tablearchivearchive > > CREATE TABLE archive (id TEXT, count INT, nexttime INT)J > > gindexid_uniqprocessing > > CREATE UNIQUE INDEX id_uniq ON processing(id)[ > > tableprocessingprocessing > > CREATE TABLE processing (id TEXT, count INT, nexttime INT) > > 892FD3988413.A95E6 > > 26E5239883ED.A900C > > KMwT > > .892FD3988413.A95E6 > > 26E5239883ED.A900C > > 2AE74398847B.A6EE2 > > > > Yet the message has actually been sorted in the Quarantine ? > > > > # ls -ld quarantine/20100112/2AE74398847B.A6EE2 > > drwxrwx--- 2 postfix apache 4096 Jan 13 07:31 > quarantine/20100112/2AE74398847B.A6EE2 > > > > If it has been moved to the quarantine then should it not have been > removed from the Processing database ? > > > > Jan 12 21:53:15 gateway MailScanner[3575]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-3575-13.html > > Jan 12 21:57:16 gateway MailScanner[3561]: Making attempt 2 at > processing message 2AE74398847B.A6EE2 > > Jan 12 21:57:18 gateway MailScanner[3561]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-3561-5.html > > Jan 12 22:02:25 gateway MailScanner[3557]: Making attempt 3 at > processing message 2AE74398847B.A6EE2 > > Jan 12 22:02:26 gateway MailScanner[3557]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-3557-5.html > > Jan 12 22:06:55 gateway MailScanner[7797]: Making attempt 4 at > processing message 2AE74398847B.A6EE2 > > Jan 12 22:06:57 gateway MailScanner[7797]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-7797-3.html > > Jan 12 22:10:38 gateway MailScanner[3552]: Making attempt 5 at > processing message 2AE74398847B.A6EE2 > > Jan 12 22:10:40 gateway MailScanner[3552]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-3552-9.html > > Jan 12 22:14:30 gateway MailScanner[7757]: Making attempt 6 at > processing message 2AE74398847B.A6EE2 > > Jan 12 22:14:31 gateway MailScanner[7757]: [Found password > stealer] > ./2AE74398847B.A6EE2/msg-7757-2.html > > Jan 12 22:14:35 gateway MailScanner[8075]: Warning: skipping message > 2AE74398847B.A6EE2 as it has been attempted too many times > > Jan 12 22:14:35 gateway MailScanner[8075]: Quarantined message > 2AE74398847B.A6EE2 as it caused MailScanner to crash several times > > Jan 12 22:14:35 gateway MailScanner[8075]: Saved entire message to > /var/spool/MailScanner/quarantine/20100112/2AE74398847B.A6EE2 > > Jan 12 22:14:35 gateway MailScanner[8075]: Logging message > 2AE74398847B.A6EE2 to SQL > > Jan 12 22:14:35 gateway MailScanner[8801]: 2AE74398847B.A6EE2: > Logged to MailWatch SQL > > > > > > Jules > On its way :) -- Thanks, Phil From glenn.steen at gmail.com Wed Jan 13 08:55:13 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jan 13 08:55:25 2010 Subject: mail disapears in the postfix queue In-Reply-To: <0493927970A4A3439F8A777035F5D1680F631382@FBCMST09V01.fbc.local> References: <201001121202.o0CC1pKW005088@safir.blacknight.ie> <0493927970A4A3439F8A777035F5D1680F631382@FBCMST09V01.fbc.local> Message-ID: <223f97701001130055v7b3297a6jeddd54643e5be5b7@mail.gmail.com> 2010/1/12 : > > Message: 7 > Date: Tue, 12 Jan 2010 11:55:46 +0100 > From: Glenn Steen > Subject: Re: mail disapears in the postfix queue > To: MailScanner discussion > Message-ID: > ??????? <223f97701001120255w304be548i9a2eef9ddb5790aa@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > 2010/1/11? : >> Hi, >> >> this strange thing happens on my local linux server, it's a simple >> installation of Mailscanner + postfix on ubuntu lts: >> >> Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: >> client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, >> sasl_username=smtpuser@XXX.com >> Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header >> Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it >> [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id F19BD354E2??for >> ; Sun, 10 Jan 2010 10:3 from >> -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= >> to= proto=ESMTP helo= >> Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: >> message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> >> > You really should've rejected this one out of hand, since it has > "helo="... which is in violation of the RFCs. Then again, that > would render you with a normal "NOQUEUE: reject: .... Helo command > rejected: need fully-qualified hostname;..." log line:). > >> After this I don't see any trace of this queueid? F19BD354E2 in my >> mail.log, >> that's the first time happen to me. No message was wrote on filesystem, >> and >> the postfix queues are empty ( hold,deferred... ). Should I try to >> increase >> Mailscanner log verbosity ? Or is better look for postfix queue ? >> Mailscanner fetches mails from hold and leave them incoming, it's a >> default >> installation. >> Anyone with similar problems ? >> Regards. >> > Saying that the innstall is a "normal MS+postfix on Ubuntu" really > doesn't tell us enough... What versions do you have (of pretty much > everything)? What did the unaltered log look like (including some > "context")? Do you do log spluitting? What does it look like in the > syslog? > For some cut'n'paste examples of telnet tests (as suggested by Igor), > please look at: > http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion > > > ----------------- > > Mailscanner is Version: 4.58.9-2ubuntu1 and postfix Version: 2.5.1-2ubuntu1 > . My server works good, and is the first time I have lost a mail... > The log are the same both mail.log and syslog. I alredy try to send mails > with telnet but in all test I do the mails are success correctly .? I found > a timeout of client, maybe the client disconect before sends all data to > smptd ? I've notice that comunication between smtp and cleanup is done by > straming so is possible that smtpd doen't finished to send all data to > cleanup and then die. That's my guess. Thanks all for reply! > Thats a really old MailScanner... No telling (almost:-) how many bugs it contains, nor how exceedingly badly it potentially would interract with postfix 2.5.1 ... I'd sstrongly suggest you upgrade to something less prehistoric. This might mean going for a non-ubuntu/non-debian package/installation... If so, the one you should use is the source tarball (Solaris/BSD/Other Linux ...), and the instructions for that. You'll, of course, have to deinstall the apt/deb package first. OR Follow these instructions: http://www.mailscanner.info/ubuntu.html It is meaningless to try debug this problem any further, before you can reproduce it with a current MailScanner install. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Jan 13 08:59:59 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jan 13 09:00:08 2010 Subject: mail disapears in the postfix queue In-Reply-To: <223f97701001130055v7b3297a6jeddd54643e5be5b7@mail.gmail.com> References: <201001121202.o0CC1pKW005088@safir.blacknight.ie> <0493927970A4A3439F8A777035F5D1680F631382@FBCMST09V01.fbc.local> <223f97701001130055v7b3297a6jeddd54643e5be5b7@mail.gmail.com> Message-ID: <223f97701001130059u2d250855me4056016a0cace29@mail.gmail.com> 2010/1/13 Glenn Steen : (snip) > Thats a really old MailScanner... No telling (almost:-) how many bugs > it contains, nor how exceedingly badly it potentially would interract > with postfix 2.5.1 ... I'd sstrongly suggest you upgrade to something > less prehistoric. > This might mean going for a non-ubuntu/non-debian > package/installation... If so, the one you should use is the source > tarball (Solaris/BSD/Other Linux ...), and the instructions for that. > You'll, of course, have to deinstall the apt/deb package first. > OR > Follow these instructions: http://www.mailscanner.info/ubuntu.html > > It is meaningless to try debug this problem any further, before you > can reproduce it with a current MailScanner install. > > Cheers Please note that the latter approach will only get you 4.74.16 (at the time of this writing), which is better, but still .... not ... that great:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From goetz.reinicke at filmakademie.de Wed Jan 13 10:19:29 2010 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke_-_IT-Koordinator?=) Date: Wed Jan 13 10:19:39 2010 Subject: adding/setting up a second mail domain - how / suggestions? Message-ID: <4B4D9E31.1050103@filmakademie.de> Hi, my question is not directly mailscanner related, but I thinkt that on this list I may get the best help. Currently our students and employees have the same e-mail-domain (@filmakademie.de) and everything - sending, receiving e-mails, pop/imap - is done by the same server. We run Red Hat EL 5.4, sendmail, mailscanner, dovecot etc. on one single server. Recently we where faced with the situation, that some outsider thought e-mails from students where official e-mails from employees. Now I'd like to set up a system, so that all employees e-mail came from @filmakademie.de and all student e-mail came from @student.filmakademie.de Is there some documentation on how to set this up? Is it possible to change "only some settings"? Where to start? What do I need? Thanks for any sugesstion or comment and best regards, G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt From e.mink at remote.nl Wed Jan 13 10:49:15 2010 From: e.mink at remote.nl (Eric Mink) Date: Wed Jan 13 10:49:38 2010 Subject: adding/setting up a second mail domain - how / suggestions? References: <4B4D9E31.1050103@filmakademie.de> Message-ID: You mean some sort of forward? You can add a rule to the : /opt/MailScanner/etc/rules/archive.mail.rules Add : From: blabla@blabla.de and To: blabla2@blabla.de yes forward bla@destination.de Met vriendelijk groet, ? ? Eric Mink ? Remote IT - Services Pascalweg 1, Postbus 256 8000 AG? Zwolle ? Telefoon: 038 - 428 44 44 Fax: 038 - 428 44 40 E-mail: servicedesk@remote.nl -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator Verzonden: woensdag 13 januari 2010 11:19 Aan: MailScanner discussion Onderwerp: adding/setting up a second mail domain - how / suggestions? Hi, my question is not directly mailscanner related, but I thinkt that on this list I may get the best help. Currently our students and employees have the same e-mail-domain (@filmakademie.de) and everything - sending, receiving e-mails, pop/imap - is done by the same server. We run Red Hat EL 5.4, sendmail, mailscanner, dovecot etc. on one single server. Recently we where faced with the situation, that some outsider thought e-mails from students where official e-mails from employees. Now I'd like to set up a system, so that all employees e-mail came from @filmakademie.de and all student e-mail came from @student.filmakademie.de Is there some documentation on how to set this up? Is it possible to change "only some settings"? Where to start? What do I need? Thanks for any sugesstion or comment and best regards, G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From goetz.reinicke at filmakademie.de Wed Jan 13 12:35:14 2010 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke_-_IT-Koordinator?=) Date: Wed Jan 13 12:35:26 2010 Subject: adding/setting up a second mail domain - how / suggestions? In-Reply-To: References: <4B4D9E31.1050103@filmakademie.de> Message-ID: <4B4DBE02.5040302@filmakademie.de> Hi, no, I don't think of a forward, I think of two different sending and receiving domains. I'm aware of the fact, that this is not an simple mailscanner option or configuration. May be I do need two mx recrods, two servers or some sort of config to put it all together. Right now, all email comes from and goes to ...@filmakademie.de I'd like to have this address-syntax only for employees; all student addresses (sending and receiving) should look like username@student.filmakademie.de Thanks and regards, G?tz Eric Mink schrieb: > You mean some sort of forward? > > You can add a rule to the : > /opt/MailScanner/etc/rules/archive.mail.rules > > Add : > > From: blabla@blabla.de and To: blabla2@blabla.de yes forward bla@destination.de > > > Met vriendelijk groet, > > > Eric Mink > > Remote IT - Services > Pascalweg 1, Postbus 256 > 8000 AG Zwolle > > Telefoon: 038 - 428 44 44 > Fax: 038 - 428 44 40 > E-mail: servicedesk@remote.nl > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator > Verzonden: woensdag 13 januari 2010 11:19 > Aan: MailScanner discussion > Onderwerp: adding/setting up a second mail domain - how / suggestions? > > Hi, > > my question is not directly mailscanner related, but I thinkt that on > this list I may get the best help. > > Currently our students and employees have the same e-mail-domain > (@filmakademie.de) and everything - sending, receiving e-mails, pop/imap > - is done by the same server. > > We run Red Hat EL 5.4, sendmail, mailscanner, dovecot etc. on > one single server. > > Recently we where faced with the situation, that some outsider > thought e-mails from students where official e-mails from employees. > > Now I'd like to set up a system, so that all employees e-mail came from > @filmakademie.de and all student e-mail came from @student.filmakademie.de > > Is there some documentation on how to set this up? Is it possible to > change "only some settings"? Where to start? What do I need? > > Thanks for any sugesstion or comment and best regards, > > G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt From e.mink at remote.nl Wed Jan 13 12:50:18 2010 From: e.mink at remote.nl (Eric Mink) Date: Wed Jan 13 12:50:41 2010 Subject: adding/setting up a second mail domain - how / suggestions? References: <4B4D9E31.1050103@filmakademie.de> <4B4DBE02.5040302@filmakademie.de> Message-ID: Then you just have to add the domain to your relay domains when using sendmail. And if you also have a exchange server you can add this to the recipient policies and make the aliases under each account. You relay domains is at : /etc/mail/relay-domains Restart sendmail after changing this file. Then your mailserver wil accept mail for @student.filmakademie.de You don`t need extra dns records for this. Kind Regards, ? ? Eric Mink ? Remote IT - Services remote.nl -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator Verzonden: woensdag 13 januari 2010 13:35 Aan: MailScanner discussion Onderwerp: Re: adding/setting up a second mail domain - how / suggestions? Hi, no, I don't think of a forward, I think of two different sending and receiving domains. I'm aware of the fact, that this is not an simple mailscanner option or configuration. May be I do need two mx recrods, two servers or some sort of config to put it all together. Right now, all email comes from and goes to ...@filmakademie.de I'd like to have this address-syntax only for employees; all student addresses (sending and receiving) should look like username@student.filmakademie.de Thanks and regards, G?tz Eric Mink schrieb: > You mean some sort of forward? > > You can add a rule to the : > /opt/MailScanner/etc/rules/archive.mail.rules > > Add : > > From: blabla@blabla.de and To: blabla2@blabla.de yes forward bla@destination.de > > > Met vriendelijk groet, > > > Eric Mink > > Remote IT - Services > Pascalweg 1, Postbus 256 > 8000 AG Zwolle > > Telefoon: 038 - 428 44 44 > Fax: 038 - 428 44 40 > E-mail: servicedesk@remote.nl > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator > Verzonden: woensdag 13 januari 2010 11:19 > Aan: MailScanner discussion > Onderwerp: adding/setting up a second mail domain - how / suggestions? > > Hi, > > my question is not directly mailscanner related, but I thinkt that on > this list I may get the best help. > > Currently our students and employees have the same e-mail-domain > (@filmakademie.de) and everything - sending, receiving e-mails, pop/imap > - is done by the same server. > > We run Red Hat EL 5.4, sendmail, mailscanner, dovecot etc. on > one single server. > > Recently we where faced with the situation, that some outsider > thought e-mails from students where official e-mails from employees. > > Now I'd like to set up a system, so that all employees e-mail came from > @filmakademie.de and all student e-mail came from @student.filmakademie.de > > Is there some documentation on how to set this up? Is it possible to > change "only some settings"? Where to start? What do I need? > > Thanks for any sugesstion or comment and best regards, > > G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Wed Jan 13 13:07:33 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Wed Jan 13 13:08:03 2010 Subject: adding/setting up a second mail domain - how / suggestions? In-Reply-To: References: <4B4D9E31.1050103@filmakademie.de><4B4DBE02.5040302@filmakademie.de> Message-ID: <127759682-1263388069-cardhu_decombobulator_blackberry.rim.net-689839362-@bda942.bisx.prod.on.blackberry> Need, no. But it would be a bit more kosher if it had mx records for the subdomain, right? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: "Eric Mink" Date: Wed, 13 Jan 2010 13:50:18 To: MailScanner discussion Subject: RE: adding/setting up a second mail domain - how / suggestions? Then you just have to add the domain to your relay domains when using sendmail. And if you also have a exchange server you can add this to the recipient policies and make the aliases under each account. You relay domains is at : /etc/mail/relay-domains Restart sendmail after changing this file. Then your mailserver wil accept mail for @student.filmakademie.de You don`t need extra dns records for this. Kind Regards, ? ? Eric Mink ? Remote IT - Services remote.nl -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator Verzonden: woensdag 13 januari 2010 13:35 Aan: MailScanner discussion Onderwerp: Re: adding/setting up a second mail domain - how / suggestions? Hi, no, I don't think of a forward, I think of two different sending and receiving domains. I'm aware of the fact, that this is not an simple mailscanner option or configuration. May be I do need two mx recrods, two servers or some sort of config to put it all together. Right now, all email comes from and goes to ...@filmakademie.de I'd like to have this address-syntax only for employees; all student addresses (sending and receiving) should look like username@student.filmakademie.de Thanks and regards, G?tz Eric Mink schrieb: > You mean some sort of forward? > > You can add a rule to the : > /opt/MailScanner/etc/rules/archive.mail.rules > > Add : > > From: blabla@blabla.de and To: blabla2@blabla.de yes forward bla@destination.de > > > Met vriendelijk groet, > > > Eric Mink > > Remote IT - Services > Pascalweg 1, Postbus 256 > 8000 AG Zwolle > > Telefoon: 038 - 428 44 44 > Fax: 038 - 428 44 40 > E-mail: servicedesk@remote.nl > > -----Oorspronkelijk bericht----- > Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens G?tz Reinicke - IT-Koordinator > Verzonden: woensdag 13 januari 2010 11:19 > Aan: MailScanner discussion > Onderwerp: adding/setting up a second mail domain - how / suggestions? > > Hi, > > my question is not directly mailscanner related, but I thinkt that on > this list I may get the best help. > > Currently our students and employees have the same e-mail-domain > (@filmakademie.de) and everything - sending, receiving e-mails, pop/imap > - is done by the same server. > > We run Red Hat EL 5.4, sendmail, mailscanner, dovecot etc. on > one single server. > > Recently we where faced with the situation, that some outsider > thought e-mails from students where official e-mails from employees. > > Now I'd like to set up a system, so that all employees e-mail came from > @filmakademie.de and all student e-mail came from @student.filmakademie.de > > Is there some documentation on how to set this up? Is it possible to > change "only some settings"? Where to start? What do I need? > > Thanks for any sugesstion or comment and best regards, > > G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sunny.forro at compcoind.com Wed Jan 13 15:58:17 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Wed Jan 13 15:58:32 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: I've done some more testing on this issue. I've installed 4.79.5 and tested - same result(no clamav output detected in while linting or running). I then copied over the Message.pm and MessageBatch.pm scripts from 4.77.10 to 4.79.5 - same result. (I know, no "new" info, but at least that's eliminated). My curiosity was to see if the inverted spam/virus virus/spam scanning order was possibly part of the issue, but it appears not. This is very strange. Any ideas, anyone? Sunny > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sunny Forro > Sent: Tuesday, January 12, 2010 2:29 PM > To: MailScanner discussion > Subject: RE: MailScanner 4.78.17 doesn't detect viruses,have checked > tmp permissions and no symlink,reinstalled clamav (worked in 4.77.10) > > Jules, > I would be happy to give you ssh to this box. Should I send details to > the mailscanner (at) ecs (dot) soton (dot) ac (dot) uk address? > Thanks, > Sunny Forro > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Jules Field > > Sent: Tuesday, January 12, 2010 2:00 PM > > To: MailScanner discussion > > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > > tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > > > > Any chance you could give me remote ssh root access to your server so > I > > can debug it for you and see what output you're getting from clamav > and > > why it isn't parsing it properly? > > I've got a reputation to protect, so I'm not going to do anything bad > > to > > you! > > > > If it takes less than a couple of hours, I'll do it for free too. :) > > > > Contact me by email if you're interested. > > > > Jules. > > > > On 12/01/2010 18:05, Sunny Forro wrote: > > > I've rerun the ./install.sh script - again to no effect. However, I > > > discovered that MailScanner is properly parsing mcafee's output but > > not > > > clamavs. When I lint with my virus scanners set to "clamav mcafee" > it > > > picks up Eicar from mcafee, but nothing from clamav. If I set it to > > > "clamav" it doesn't pick up Eicar at all. > > > > > > Side Note: I have a paid version of McAfee that I have used until > > > recently, when I discovered that the latest release of mcafee for > BSD > > > still relies on an outdated compatibility library (compat3x) that > > > doesn't properly install and isn't included in any release since > > > FreeBSD5. It also spikes my CPU to 100% while scanning mail and > slows > > > the whole process to a crawl. Running clamav only with a previous > > > release of MailScanner produces more reliable results because when > > my > > > CPU hits 100% (using mcafee and clamav) mail begins to flow through > > > completely untouched. > > > > > > Sunny > > > > > > > > > > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > >> bounces@lists.mailscanner.info] On Behalf Of Jules Field > > >> Sent: Tuesday, January 12, 2010 12:27 PM > > >> To: MailScanner discussion > > >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > > checked > > >> tmp permissions and no symlink, reinstalled clamav (worked in > > 4.77.10) > > >> > > >> And if you re-run the ./install.sh from MailScanner, just to be > > >> > > > doubly- > > > > > >> sure? > > >> > > >> On 12/01/2010 16:49, Sunny Forro wrote: > > >> > > >>> Rich, thanks for the reply. > > >>> > > >>> I've gone through and checked the versions of all the perl-tars > > >>> against what's installed (and reinstalled some of them to make > sure > > >>> the versions match). Everything that I've checked matches the > > >>> > > >> expected > > >> > > >>> versions for this release of MailScanner. > > >>> > > >>> Sunny > > >>> > > >>> *From:* mailscanner-bounces@lists.mailscanner.info > > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > > >>> *Richard Lynch > > >>> *Sent:* Tuesday, January 12, 2010 11:35 AM > > >>> *To:* MailScanner discussion > > >>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > > >>> checked tmp permissions and no symlink, reinstalled clamav > (worked > > >>> > > > in > > > > > >>> 4.77.10) > > >>> > > >>> Sunny Forro wrote: > > >>> > > >>> > > >>> -----Original Message----- > > >>> From:mailscanner-bounces@lists.mailscanner.info > > >>> > > > > > > > >> bounces@lists.mailscanner.info> > > >> > > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > >>> > > >> Julian > > >> > > >>> Field > > >>> Sent: Tuesday, January 12, 2010 11:02 AM > > >>> To: MailScanner discussion > > >>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > > >>> > > > checked > > > > > >>> tmp permissions and no symlink, reinstalled clamav (worked in > > >>> > > >> 4.77.10) > > >> > > >>> Check your virus.scanners.conf file to ensure it is pointing at > the > > >>> correct place for clamav. > > >>> If "which clamscan" reports /usr/local/bin/clamscan then the > clamav > > >>> > > >> line > > >> > > >>> in virus.scanners.conf should end in "/usr/local" and if it > reports > > >>> /usr/bin/clamscan then the line should end in "/usr". > > >>> > > >>> That would be the first place to look. Then "MailScanner --lint" > > >>> > > >> should > > >> > > >>> detect the EICAR test pattern successfully. Once "MailScanner > > >>> > > > --lint" > > > > > >>> works, you're there. > > >>> > > >>> Jules. > > >>> > > >>> > > >>> ------ Outlook sucks ----------- > > >>> > > >>> Jules, thanks for the reply! > > >>> I checked "which clamscan" and yes it does point to > > >>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf > > does > > >>> > > >> end > > >> > > >>> in /usr/local. Still no lint under 4.78.17, but works fine under > > >>> pervious versions on the same box. Using clamav-wrapper to do a > > scan > > >>> > > >> of > > >> > > >>> /tmp gives me sensible output however. > > >>> > > >>> Sunny > > >>> > > >>> > > >>> > > >>> On 12/01/2010 15:45, Sunny Forro wrote: > > >>> > > >>> > > >>> Hello, > > >>> > > >>> > > >>> > > >>> I've just upgraded to 4.78.17 and now mailscanner doesn't > > report > > >>> > > >>> viruses detected by clamav in production or lint. I've > scanned > > >>> > > >> the > > >> > > >>> /tmp directory with clamav-wrapper and get sensible clam > > output. > > >>> > > >> /tmp > > >> > > >>> is not symlinked. I've reinstalled clamav, and manually > > >>> > > >> reinstalled > > >> > > >>> all the per-tars from the install directory. I've even tried > > >>> > > >>> downgrading MIME-tools to 5.420 (as found on another post), > > but > > >>> > > >> to no > > >> > > >>> effect (and since reinstalled from perl-tar to 5.427). I've > > >>> > > >> removed > > >> > > >>> and reinstalled Perl5.8.9, also to no effect. I'm running > > >>> > > >> MS4.78.17, > > >> > > >>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ > > >>> > > >> mailwatch > > >> > > >>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare > > >>> > > >> VSphere > > >> > > >>> 4.0. I've switched back to 4.77.10 as this properly > identifies > > >>> > > >> virii. > > >> > > >>> I'm out of ideas - Any suggestions? Is there something else > I > > >>> > > >> need to > > >> > > >>> check, or something else I missed? > > >>> > > >>> > > >>> > > >>> Any help would be greatly appreciated. > > >>> > > >>> > > >>> > > >>> Sunny Forro > > >>> > > >>> > > >>> > > >>> P.S. Thanks a million to Julian Field for a fantastic > solution > > >>> > > > to > > > > > >> the > > >> > > >>> deluge of spam we had grown accustomed to. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> Jules > > >>> > > >>> > > >>> > > >>> This may be totally unrelated but I had a similar problem like > this > > >>> > > >> at > > >> > > >>> one point. It turned out that the perl I was running had version > > >>> > > > 0.16 > > > > > >>> of perl-File-Temp builtin and the version that came packaged with > > >>> MailScanner was 0.19. When perl was updated v0.19 was removed. I > > >>> > > >> ended > > >> > > >>> up having to do a rpm --force on the version that came packaged > > with > > >>> MailScanner. > > >>> > > >>> This is all from vague memories and I may not have the scenario > > >>> exactly right. It took me a while to find it though. Check the > > >>> > > >> version > > >> > > >>> of File::Temp that you are using. I know that once I got the > > correct > > >>> version installed MailScanner --lint started producing expected > > >>> results with my virus scanners. > > >>> > > >>> Rich > > >>> > > >>> > > >>> -- > > >>> > > >>> "Of all tyrannies, a tyranny exercised for the good of its > victims > > >>> > > >> may > > >> > > >>> be the most oppressive. It may be better to live under robber > > barons > > >>> than omnipotent moral busybodies. The robber baron's cruelty may > > >>> sometimes sleep, his cupidity may at some point be satiated; but > > >>> > > >> those > > >> > > >>> who torment us for our own good will torment us without end, for > > >>> > > > they > > > > > >> do > > >> > > >>> so with the approval of their own conscience." > > >>> > > >>> -- C.S. Lewis > > >>> > > >>> > > >> Jules > > >> > > >> -- > > >> Julian Field MEng CITP CEng > > >> www.MailScanner.info > > >> Buy the MailScanner book at www.MailScanner.info/store > > >> > > >> Need help customising MailScanner? > > >> Contact me! > > >> Need help fixing or optimising your systems? > > >> Contact me! > > >> Need help getting you started solving new requirements from your > > boss? > > >> Contact me! > > >> > > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > >> > > >> > > >> -- > > >> This message has been scanned for viruses and > > >> dangerous content by MailScanner, and is > > >> believed to be clean. > > >> > > >> -- > > >> MailScanner mailing list > > >> mailscanner@lists.mailscanner.info > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >> > > >> Before posting, read http://wiki.mailscanner.info/posting > > >> > > >> Support MailScanner development - buy the book off the website! > > >> > > > > > > > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From thomasl at mtl.mit.edu Wed Jan 13 16:19:12 2010 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Wed Jan 13 16:20:57 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> Message-ID: <4B4DF280.4080803@mtl.mit.edu> > I've released 4.79.5, which I would gratefully appreciate you testing. Hi Julian, I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have been running it against our production e-mail traffic and I noticed this morning that taint errors still are happening when processing TNEF attachments. This is the line which is output when running a single message through in debug mode: 11:17:22 Insecure dependency in rename while running with -T switch at /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. Failed. Let me know if there is any more information you need or if there is some other patch I may be missing. thanks much, --tom From MailScanner at ecs.soton.ac.uk Wed Jan 13 16:41:32 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 13 16:41:53 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B4DF280.4080803@mtl.mit.edu> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk> Message-ID: Please can you try the attached patch to TNEF.pm. Please let me know if it solves the problem or not. Thanks! Jules. On 13/01/2010 16:19, Thomas Lohman wrote: > >> I've released 4.79.5, which I would gratefully appreciate you testing. > > Hi Julian, > > I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have > been running it against our production e-mail traffic and I noticed > this morning that taint errors still are happening when processing > TNEF attachments. This is the line which is output when running a > single message through in debug mode: > > 11:17:22 Insecure dependency in rename while running with -T switch at > /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. > Failed. > > Let me know if there is any more information you need or if there is > some other patch I may be missing. > > thanks much, > > > --tom > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: TNEF.pm.patch.gz Type: application/x-gzip Size: 534 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100113/e0d194d0/TNEF.pm.patch.gz From thomasl at mtl.mit.edu Wed Jan 13 17:10:15 2010 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Wed Jan 13 17:10:36 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk> Message-ID: <4B4DFE77.4010706@mtl.mit.edu> Hi Julian, that worked splendidly. In fiddling with the settings, I was able to force another taint mode error on line 330 - the code above where you just made this change which checks to see if you have the Replace TNEF contents set to 'no' and does something different. Perhaps changing lines 330 and 331 to: chmod $perms, "$name2"; chown $owner, $group, "$name2 if $change; will do the trick. thanks so much for your lightning fast response. --tom > Please can you try the attached patch to TNEF.pm. > Please let me know if it solves the problem or not. From MailScanner at ecs.soton.ac.uk Wed Jan 13 18:27:59 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 13 18:28:10 2010 Subject: More taint mode problems (please help) In-Reply-To: <4B4DFE77.4010706@mtl.mit.edu> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk> <4B4DFE77.4010706@mtl.mit.edu> <4B4E10AF.9020107@ecs.soton.ac.uk> Message-ID: Cool. Yes, that change (you can do without any of the " characters) will do the job nicely. On 13/01/2010 17:10, Thomas Lohman wrote: > Hi Julian, > > that worked splendidly. In fiddling with the settings, I was able to > force another taint mode error on line 330 - the code above where you > just made this change which checks to see if you have the Replace TNEF > contents set to 'no' and does something different. > > Perhaps changing lines 330 and 331 to: > > chmod $perms, "$name2"; > chown $owner, $group, "$name2 if $change; > > will do the trick. > > thanks so much for your lightning fast response. > > > --tom > >> Please can you try the attached patch to TNEF.pm. >> Please let me know if it solves the problem or not. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Garrod.Alwood at lorodoes.com Wed Jan 13 18:26:00 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 13 18:31:28 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, Message-ID: <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> I don't know if this a failure on my part or not, but when certain file types come in I get the below error and this what I am running ubuntu 9.10 with perl 5.10 and MailScanner 4.79.5-1. Insecure dependency in open while running with -T switch at /usr/lib/perl/5.10/IO/File.pm line 63. 60: return open($fh, $mode, $file) if @_ == 3; 61: croak 'usage: $fh->open(FILENAME, IOLAYERS)'; 62: } else { 63: return open($fh, IO::Handle::_open_mode_string($mode), $file); Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field [MailScanner@ecs.soton.ac.uk] Sent: Wednesday, January 13, 2010 11:41 AM To: MailScanner discussion Subject: Re: More taint mode problems (please help) Please can you try the attached patch to TNEF.pm. Please let me know if it solves the problem or not. Thanks! Jules. On 13/01/2010 16:19, Thomas Lohman wrote: > >> I've released 4.79.5, which I would gratefully appreciate you testing. > > Hi Julian, > > I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have > been running it against our production e-mail traffic and I noticed > this morning that taint errors still are happening when processing > TNEF attachments. This is the line which is output when running a > single message through in debug mode: > > 11:17:22 Insecure dependency in rename while running with -T switch at > /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. > Failed. > > Let me know if there is any more information you need or if there is > some other patch I may be missing. > > thanks much, > > > --tom > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100113/cd3aa948/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jan 13 19:00:56 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 13 19:01:15 2010 Subject: More taint mode problems (please help) In-Reply-To: <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> <4B4E1868.6070600@ecs.soton.ac.uk> Message-ID: Try out the latest beta with the patch I just posted an hour or two ago. Then tell me if there's still a problem. But I need a pointer to an error in my code, not in File.pm as that doesn't help me much, sorry. Thanks! Jules. On 13/01/2010 18:26, Garrod M. Alwood wrote: > I don't know if this a failure on my part or not, but when certain > file types come in I get the below error and this what I am running > ubuntu 9.10 with perl 5.10 and MailScanner 4.79.5-1. > Insecure dependency in open while running with -T switch at > /usr/lib/perl/5.10/IO/File.pm line 63. > > 60: return open($fh, $mode, $file) if @_ == 3; > > 61: croak 'usage: $fh->open(FILENAME, IOLAYERS)'; > > 62: } else { > > 63: return open($fh, IO::Handle::_open_mode_string($mode), > $file); > > Garrod M. Alwood > Consultant > garrod.alwood@lorodoes.com > 904.738.4988 > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > [MailScanner@ecs.soton.ac.uk] > *Sent:* Wednesday, January 13, 2010 11:41 AM > *To:* MailScanner discussion > *Subject:* Re: More taint mode problems (please help) > > Please can you try the attached patch to TNEF.pm. > Please let me know if it solves the problem or not. > > Thanks! > Jules. > > On 13/01/2010 16:19, Thomas Lohman wrote: > > > >> I've released 4.79.5, which I would gratefully appreciate you testing. > > > > Hi Julian, > > > > I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have > > been running it against our production e-mail traffic and I noticed > > this morning that taint errors still are happening when processing > > TNEF attachments. This is the line which is output when running a > > single message through in debug mode: > > > > 11:17:22 Insecure dependency in rename while running with -T switch at > > /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. > > Failed. > > > > Let me know if there is any more information you need or if there is > > some other patch I may be missing. > > > > thanks much, > > > > > > --tom > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Garrod.Alwood at lorodoes.com Wed Jan 13 19:02:54 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Jan 13 19:08:24 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> <4B4E1868.6070600@ecs.soton.ac.uk>, Message-ID: <388FA516-FB27-4A79-842D-7A486F47B824@mimectl> I am using both the patch and the latest beta and I'm still getting the issue. I'll keep looking for where the problem is. Could it be when you call the for the file command? Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field [MailScanner@ecs.soton.ac.uk] Sent: Wednesday, January 13, 2010 2:00 PM To: MailScanner discussion Subject: Re: More taint mode problems (please help) Try out the latest beta with the patch I just posted an hour or two ago. Then tell me if there's still a problem. But I need a pointer to an error in my code, not in File.pm as that doesn't help me much, sorry. Thanks! Jules. On 13/01/2010 18:26, Garrod M. Alwood wrote: > I don't know if this a failure on my part or not, but when certain > file types come in I get the below error and this what I am running > ubuntu 9.10 with perl 5.10 and MailScanner 4.79.5-1. > Insecure dependency in open while running with -T switch at > /usr/lib/perl/5.10/IO/File.pm line 63. > > 60: return open($fh, $mode, $file) if @_ == 3; > > 61: croak 'usage: $fh->open(FILENAME, IOLAYERS)'; > > 62: } else { > > 63: return open($fh, IO::Handle::_open_mode_string($mode), > $file); > > Garrod M. Alwood > Consultant > garrod.alwood@lorodoes.com > 904.738.4988 > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > [MailScanner@ecs.soton.ac.uk] > *Sent:* Wednesday, January 13, 2010 11:41 AM > *To:* MailScanner discussion > *Subject:* Re: More taint mode problems (please help) > > Please can you try the attached patch to TNEF.pm. > Please let me know if it solves the problem or not. > > Thanks! > Jules. > > On 13/01/2010 16:19, Thomas Lohman wrote: > > > >> I've released 4.79.5, which I would gratefully appreciate you testing. > > > > Hi Julian, > > > > I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have > > been running it against our production e-mail traffic and I noticed > > this morning that taint errors still are happening when processing > > TNEF attachments. This is the line which is output when running a > > single message through in debug mode: > > > > 11:17:22 Insecure dependency in rename while running with -T switch at > > /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. > > Failed. > > > > Let me know if there is any more information you need or if there is > > some other patch I may be missing. > > > > thanks much, > > > > > > --tom > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100113/05da9eb9/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jan 13 19:36:51 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 13 19:37:05 2010 Subject: More taint mode problems (please help) In-Reply-To: <388FA516-FB27-4A79-842D-7A486F47B824@mimectl> References: <4B4B2240.7020109@ecs.soton.ac.uk> <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> <4B4E1868.6070600@ecs.soton.ac.uk>, <388FA516-FB27-4A79-842D-7A486F47B824@mimectl> <4B4E20D3.9000603@ecs.soton.ac.uk> Message-ID: The File.pm module is used for opening files, not the "file" command. It could be loads of places. What TNEF-related options are you using, and can you send me a message that triggers it? Put the raw message queue files up on a website somewhere and mail me the URL to the address in the headers. Thanks, Jules. On 13/01/2010 19:02, Garrod M. Alwood wrote: > I am using both the patch and the latest beta and I'm still getting > the issue. I'll keep looking for where the problem is. Could it be > when you call the for the file command? > Garrod M. Alwood > Consultant > garrod.alwood@lorodoes.com > 904.738.4988 > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > [MailScanner@ecs.soton.ac.uk] > *Sent:* Wednesday, January 13, 2010 2:00 PM > *To:* MailScanner discussion > *Subject:* Re: More taint mode problems (please help) > > Try out the latest beta with the patch I just posted an hour or two ago. > Then tell me if there's still a problem. But I need a pointer to an > error in my code, not in File.pm as that doesn't help me much, sorry. > > Thanks! > Jules. > > On 13/01/2010 18:26, Garrod M. Alwood wrote: > > I don't know if this a failure on my part or not, but when certain > > file types come in I get the below error and this what I am running > > ubuntu 9.10 with perl 5.10 and MailScanner 4.79.5-1. > > Insecure dependency in open while running with -T switch at > > /usr/lib/perl/5.10/IO/File.pm line 63. > > > > 60: return open($fh, $mode, $file) if @_ == 3; > > > > 61: croak 'usage: $fh->open(FILENAME, IOLAYERS)'; > > > > 62: } else { > > > > 63: return open($fh, IO::Handle::_open_mode_string($mode), > > $file); > > > > Garrod M. Alwood > > Consultant > > garrod.alwood@lorodoes.com > > 904.738.4988 > > ------------------------------------------------------------------------ > > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > > [MailScanner@ecs.soton.ac.uk] > > *Sent:* Wednesday, January 13, 2010 11:41 AM > > *To:* MailScanner discussion > > *Subject:* Re: More taint mode problems (please help) > > > > Please can you try the attached patch to TNEF.pm. > > Please let me know if it solves the problem or not. > > > > Thanks! > > Jules. > > > > On 13/01/2010 16:19, Thomas Lohman wrote: > > > > > >> I've released 4.79.5, which I would gratefully appreciate you > testing. > > > > > > Hi Julian, > > > > > > I've installed version 4.79.5 on a RH5 box with perl 5.10.1 and have > > > been running it against our production e-mail traffic and I noticed > > > this morning that taint errors still are happening when processing > > > TNEF attachments. This is the line which is output when running a > > > single message through in debug mode: > > > > > > 11:17:22 Insecure dependency in rename while running with -T switch at > > > /usr/local/MailScanner/lib/MailScanner/TNEF.pm line 357. > > > Failed. > > > > > > Let me know if there is any more information you need or if there is > > > some other patch I may be missing. > > > > > > thanks much, > > > > > > > > > --tom > > > > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From AHKAPLAN at PARTNERS.ORG Wed Jan 13 23:30:45 2010 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Wed Jan 13 23:30:57 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin Message-ID: Hi there -- The latest version of Clamav is 0.95.3, and I was wondering if that will be incorporated into the easy installation package with SpamAssassin in the upcoming weeks. Thanks. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100113/5e472fb1/attachment.html From ram at netcore.co.in Thu Jan 14 05:32:26 2010 From: ram at netcore.co.in (ram) Date: Thu Jan 14 05:32:41 2010 Subject: mail disapears in the postfix queue In-Reply-To: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> References: <0493927970A4A3439F8A777035F5D1680F63137E@FBCMST09V01.fbc.local> Message-ID: <1263447146.28738.11.camel@darkstar.netcore.co.in> On Mon, 2010-01-11 at 18:18 +0100, s66576@alice.it wrote: > Hi, > > this strange thing happens on my local linux server, it's a simple > installation of Mailscanner + postfix on ubuntu lts: > > Jan 10 10:39:42 pluto postfix/smtpd[21677]: F19BD354E2: > client=r.retail.telecomitalia.it[79.41.XXX.XXX], sasl_method=LOGIN, > sasl_username=smtpuser@XXX.com > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: hold: header > Received: from E4300 (XXX.41-79-r.retail.telecomitalia.it > [79.41.XXX.XXX])??by XXX.XXX.it(Postfix) with ESMTPA id > F19BD354E2??for ; Sun, 10 Jan 2010 10:3 from > -r.retail.telecomitalia.it[79.41.XXX.XXX]; from= > to= proto=ESMTP helo= > Jan 10 10:39:43 pluto postfix/cleanup[24467]: F19BD354E2: > message-id=<3DCE4D546BD8463BABBE1DC13DBD0390@E4300> > > After this I don't see any trace of this queueid F19BD354E2 in my > mail.log, that's the first time happen to me. No message was wrote on > filesystem, and the postfix queues are empty ( hold,deferred... ). > Should I try to increase Mailscanner log verbosity ? Or is better look > for postfix queue ? > Mailscanner fetches mails from hold and leave them incoming, it's a > default installation. > Anyone with similar problems ? > Regards. > Sorry for this late response If this problem is still open I would suggest you to trace the mail in the logs further. We have seen this problem a number of times There may be a unexpected disconnect from the smtp client and postfix simply drops the message Look for smtpd\[$PID.*$IPADDRESS in your maillog There must be a disconnect_after_data error From MailScanner at ecs.soton.ac.uk Thu Jan 14 09:18:37 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 14 09:18:50 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin In-Reply-To: References: <4B4EE16D.3020604@ecs.soton.ac.uk> Message-ID: Done. On 13/01/2010 23:30, Kaplan, Andrew H. wrote: > > Hi there -- > > The latest version of Clamav is 0.95.3, and I was wondering if that > will be incorporated into > the easy installation package with SpamAssassin in the upcoming weeks. > Thanks. > > The information in this e-mail is intended only for the person to whom it is > addressed. If you believe this e-mail was sent to you in error and the e-mail > contains patient information, please contact the Partners Compliance HelpLine at > http://www.partners.org/complianceline . If the e-mail was sent to you in error > but does not contain patient information, please contact the sender and properly > dispose of the e-mail. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at buschor.ch Thu Jan 14 10:28:58 2010 From: lists at buschor.ch (ThB) Date: Thu Jan 14 10:29:08 2010 Subject: Sophos & ClamAV + Sanesecurity Message-ID: <49361.83.79.128.129.1263464938.squirrel@webmail.buschor.ch> > Please can you send me a test message demonstrating this problem? > Your best bet is to put it on a website (not linked from anywhere) and > email me the URL to mailscanner@ecs.soton.ac.uk. Then I can try your > test case and produce a fix for you. Unfortunatley I'm not able to provide you a test message. As soon as I get one I will provide you the message and also the MailScanner logs. But this will take some time because I'm on vacation for some weeks. thanks & regards Thomas From lists at buschor.ch Thu Jan 14 10:51:12 2010 From: lists at buschor.ch (ThB) Date: Thu Jan 14 10:52:15 2010 Subject: Sophos & ClamAV + Sanesecurity In-Reply-To: References: <55196.130.59.6.127.1263308257.squirrel@webmail.buschor.ch> <4B4C9502.2000709@ecs.soton.ac.uk> Message-ID: <4B4EF720.30307@buschor.ch> Julian Field wrote: > > Please can you send me a test message demonstrating this problem? > Your best bet is to put it on a website (not linked from anywhere) and > email me the URL to mailscanner@ecs.soton.ac.uk. Then I can try your > test case and produce a fix for you. Unfortunatley I'm not able to provide you a test message. As soon as I get one I will provide you the message and also the MailScanner logs. But this will take some time because I'm on vacation for some weeks. thanks & regards Thomas From amoore at dekalbmemorial.com Thu Jan 14 13:30:21 2010 From: amoore at dekalbmemorial.com (Aaron K. Moore) Date: Thu Jan 14 13:30:33 2010 Subject: Next Stable Release Message-ID: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> It has been several months since the last stable release. When will there be a new stable release? And how stable is the development release? Thanks. Aaron -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, Indiana Phone: 260.920.2808 E-Mail: amoore@dekalbmemorial.com From MailScanner at ecs.soton.ac.uk Thu Jan 14 13:46:56 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 14 13:47:08 2010 Subject: Next Stable Release In-Reply-To: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2050.5050903@ecs.soton.ac.uk> Message-ID: I'm just about to produce another beta, which has an important bug fixed for users of "clamav" (but it doesn't affect "clamavmodule" or "clamd"), but otherwise it is all working as far as I am aware. How about a new stable release on 1st Feb? Sound good? Jules. On 14/01/2010 13:30, Aaron K. Moore wrote: > It has been several months since the last stable release. When will > there be a new stable release? And how stable is the development > release? > > Thanks. > > Aaron > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, Indiana > Phone: 260.920.2808 > E-Mail: amoore@dekalbmemorial.com > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 14 13:50:01 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 14 13:50:14 2010 Subject: Next Stable Release In-Reply-To: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2109.1010802@ecs.soton.ac.uk> Message-ID: New beta 4.79.6 just released. On 14/01/2010 13:30, Aaron K. Moore wrote: > It has been several months since the last stable release. When will > there be a new stable release? And how stable is the development > release? > > Thanks. > > Aaron > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, Indiana > Phone: 260.920.2808 > E-Mail: amoore@dekalbmemorial.com > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sunny.forro at compcoind.com Thu Jan 14 14:07:04 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Thu Jan 14 14:07:18 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> Message-ID: Jules, Thanks a million for your help. I'd like to contribute to the development of MailScanner but am far from well-versed in perl. I'm fairly well versed in FreeBSD (that's my preferred install). Would a virtual machine with ssh help you out any? Thanks, Sunny Forro > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Tuesday, January 12, 2010 2:00 PM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > Any chance you could give me remote ssh root access to your server so I > can debug it for you and see what output you're getting from clamav and > why it isn't parsing it properly? > I've got a reputation to protect, so I'm not going to do anything bad > to > you! > > If it takes less than a couple of hours, I'll do it for free too. :) > > Contact me by email if you're interested. > > Jules. > > On 12/01/2010 18:05, Sunny Forro wrote: > > I've rerun the ./install.sh script - again to no effect. However, I > > discovered that MailScanner is properly parsing mcafee's output but > not > > clamavs. When I lint with my virus scanners set to "clamav mcafee" it > > picks up Eicar from mcafee, but nothing from clamav. If I set it to > > "clamav" it doesn't pick up Eicar at all. > > > > Side Note: I have a paid version of McAfee that I have used until > > recently, when I discovered that the latest release of mcafee for BSD > > still relies on an outdated compatibility library (compat3x) that > > doesn't properly install and isn't included in any release since > > FreeBSD5. It also spikes my CPU to 100% while scanning mail and slows > > the whole process to a crawl. Running clamav only with a previous > > release of MailScanner produces more reliable results because when > my > > CPU hits 100% (using mcafee and clamav) mail begins to flow through > > completely untouched. > > > > Sunny > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Jules Field > >> Sent: Tuesday, January 12, 2010 12:27 PM > >> To: MailScanner discussion > >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > checked > >> tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > >> > >> And if you re-run the ./install.sh from MailScanner, just to be > >> > > doubly- > > > >> sure? > >> > >> On 12/01/2010 16:49, Sunny Forro wrote: > >> > >>> Rich, thanks for the reply. > >>> > >>> I've gone through and checked the versions of all the perl-tars > >>> against what's installed (and reinstalled some of them to make sure > >>> the versions match). Everything that I've checked matches the > >>> > >> expected > >> > >>> versions for this release of MailScanner. > >>> > >>> Sunny > >>> > >>> *From:* mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > >>> *Richard Lynch > >>> *Sent:* Tuesday, January 12, 2010 11:35 AM > >>> *To:* MailScanner discussion > >>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > >>> checked tmp permissions and no symlink, reinstalled clamav (worked > >>> > > in > > > >>> 4.77.10) > >>> > >>> Sunny Forro wrote: > >>> > >>> > >>> -----Original Message----- > >>> From:mailscanner-bounces@lists.mailscanner.info > >>> > > > > >> bounces@lists.mailscanner.info> > >> > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>> > >> Julian > >> > >>> Field > >>> Sent: Tuesday, January 12, 2010 11:02 AM > >>> To: MailScanner discussion > >>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > >>> > > checked > > > >>> tmp permissions and no symlink, reinstalled clamav (worked in > >>> > >> 4.77.10) > >> > >>> Check your virus.scanners.conf file to ensure it is pointing at the > >>> correct place for clamav. > >>> If "which clamscan" reports /usr/local/bin/clamscan then the clamav > >>> > >> line > >> > >>> in virus.scanners.conf should end in "/usr/local" and if it reports > >>> /usr/bin/clamscan then the line should end in "/usr". > >>> > >>> That would be the first place to look. Then "MailScanner --lint" > >>> > >> should > >> > >>> detect the EICAR test pattern successfully. Once "MailScanner > >>> > > --lint" > > > >>> works, you're there. > >>> > >>> Jules. > >>> > >>> > >>> ------ Outlook sucks ----------- > >>> > >>> Jules, thanks for the reply! > >>> I checked "which clamscan" and yes it does point to > >>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf > does > >>> > >> end > >> > >>> in /usr/local. Still no lint under 4.78.17, but works fine under > >>> pervious versions on the same box. Using clamav-wrapper to do a > scan > >>> > >> of > >> > >>> /tmp gives me sensible output however. > >>> > >>> Sunny > >>> > >>> > >>> > >>> On 12/01/2010 15:45, Sunny Forro wrote: > >>> > >>> > >>> Hello, > >>> > >>> > >>> > >>> I've just upgraded to 4.78.17 and now mailscanner doesn't > report > >>> > >>> viruses detected by clamav in production or lint. I've scanned > >>> > >> the > >> > >>> /tmp directory with clamav-wrapper and get sensible clam > output. > >>> > >> /tmp > >> > >>> is not symlinked. I've reinstalled clamav, and manually > >>> > >> reinstalled > >> > >>> all the per-tars from the install directory. I've even tried > >>> > >>> downgrading MIME-tools to 5.420 (as found on another post), > but > >>> > >> to no > >> > >>> effect (and since reinstalled from perl-tar to 5.427). I've > >>> > >> removed > >> > >>> and reinstalled Perl5.8.9, also to no effect. I'm running > >>> > >> MS4.78.17, > >> > >>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ > >>> > >> mailwatch > >> > >>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare > >>> > >> VSphere > >> > >>> 4.0. I've switched back to 4.77.10 as this properly identifies > >>> > >> virii. > >> > >>> I'm out of ideas - Any suggestions? Is there something else I > >>> > >> need to > >> > >>> check, or something else I missed? > >>> > >>> > >>> > >>> Any help would be greatly appreciated. > >>> > >>> > >>> > >>> Sunny Forro > >>> > >>> > >>> > >>> P.S. Thanks a million to Julian Field for a fantastic solution > >>> > > to > > > >> the > >> > >>> deluge of spam we had grown accustomed to. > >>> > >>> > >>> > >>> > >>> > >>> > >>> Jules > >>> > >>> > >>> > >>> This may be totally unrelated but I had a similar problem like this > >>> > >> at > >> > >>> one point. It turned out that the perl I was running had version > >>> > > 0.16 > > > >>> of perl-File-Temp builtin and the version that came packaged with > >>> MailScanner was 0.19. When perl was updated v0.19 was removed. I > >>> > >> ended > >> > >>> up having to do a rpm --force on the version that came packaged > with > >>> MailScanner. > >>> > >>> This is all from vague memories and I may not have the scenario > >>> exactly right. It took me a while to find it though. Check the > >>> > >> version > >> > >>> of File::Temp that you are using. I know that once I got the > correct > >>> version installed MailScanner --lint started producing expected > >>> results with my virus scanners. > >>> > >>> Rich > >>> > >>> > >>> -- > >>> > >>> "Of all tyrannies, a tyranny exercised for the good of its victims > >>> > >> may > >> > >>> be the most oppressive. It may be better to live under robber > barons > >>> than omnipotent moral busybodies. The robber baron's cruelty may > >>> sometimes sleep, his cupidity may at some point be satiated; but > >>> > >> those > >> > >>> who torment us for our own good will torment us without end, for > >>> > > they > > > >> do > >> > >>> so with the approval of their own conscience." > >>> > >>> -- C.S. Lewis > >>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your > boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From adelgado at laubat.com Thu Jan 14 14:27:51 2010 From: adelgado at laubat.com (Delgado Moreno, Alex) Date: Thu Jan 14 14:28:07 2010 Subject: Next Stable Release In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local><4B4F2050.5050903@ecs.soton.ac.uk> Message-ID: Hi, Better sooner than later. ;) Alex Delgado Resp. Informatica Industrias Laubat, S.A. -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Julian Field Enviado el: jueves, 14 de enero de 2010 14:47 Para: MailScanner discussion Asunto: Re: Next Stable Release I'm just about to produce another beta, which has an important bug fixed for users of "clamav" (but it doesn't affect "clamavmodule" or "clamd"), but otherwise it is all working as far as I am aware. How about a new stable release on 1st Feb? Sound good? Jules. On 14/01/2010 13:30, Aaron K. Moore wrote: > It has been several months since the last stable release. When will > there be a new stable release? And how stable is the development > release? > > Thanks. > > Aaron > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, Indiana > Phone: 260.920.2808 > E-Mail: amoore@dekalbmemorial.com > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. "En cumplimiento de la Ley Organica de Proteccion de Datos de Caracter Personal (LOPD), le informamos de que sus datos de contacto han sido incorporados en ficheros de titularidad de INDUSTRIAS LAUBAT, S.A., que corresponden a la finalidad de servir de directorio o agenda de contactos asi como para facilitar la gestion administrativa y comercial desarrollada por la empresa. Ud. tiene la posibilidad de ejercer los derechos de acceso, rectificacion, cancelacion y oposicion previstos en la ley mediante correo electronico a lopd@laubat.com" From MailScanner at ecs.soton.ac.uk Thu Jan 14 14:32:18 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 14 14:32:35 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) In-Reply-To: References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> <4B4F2AF2.90300@ecs.soton.ac.uk> Message-ID: I've got a whole rack full of virtualisation hardware available here, thanks anyway. If you want to make a small donation, there are quite a few things on my amazon.co.uk wishlist, any of which would be very much appreciated! The side-cutters would be most appreciated at the moment, but anything you like the price/look of would go down well :-) Thanks, Jules. On 14/01/2010 14:07, Sunny Forro wrote: > Jules, > Thanks a million for your help. I'd like to contribute to the > development of MailScanner but am far from well-versed in perl. I'm > fairly well versed in FreeBSD (that's my preferred install). Would a > virtual machine with ssh help you out any? > Thanks, > Sunny Forro > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Jules Field >> Sent: Tuesday, January 12, 2010 2:00 PM >> To: MailScanner discussion >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked >> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) >> >> Any chance you could give me remote ssh root access to your server so >> > I > >> can debug it for you and see what output you're getting from clamav >> > and > >> why it isn't parsing it properly? >> I've got a reputation to protect, so I'm not going to do anything bad >> to >> you! >> >> If it takes less than a couple of hours, I'll do it for free too. :) >> >> Contact me by email if you're interested. >> >> Jules. >> >> On 12/01/2010 18:05, Sunny Forro wrote: >> >>> I've rerun the ./install.sh script - again to no effect. However, I >>> discovered that MailScanner is properly parsing mcafee's output but >>> >> not >> >>> clamavs. When I lint with my virus scanners set to "clamav mcafee" >>> > it > >>> picks up Eicar from mcafee, but nothing from clamav. If I set it to >>> "clamav" it doesn't pick up Eicar at all. >>> >>> Side Note: I have a paid version of McAfee that I have used until >>> recently, when I discovered that the latest release of mcafee for >>> > BSD > >>> still relies on an outdated compatibility library (compat3x) that >>> doesn't properly install and isn't included in any release since >>> FreeBSD5. It also spikes my CPU to 100% while scanning mail and >>> > slows > >>> the whole process to a crawl. Running clamav only with a previous >>> release of MailScanner produces more reliable results because when >>> >> my >> >>> CPU hits 100% (using mcafee and clamav) mail begins to flow through >>> completely untouched. >>> >>> Sunny >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> >> [mailto:mailscanner- >> >>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field >>>> Sent: Tuesday, January 12, 2010 12:27 PM >>>> To: MailScanner discussion >>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have >>>> >> checked >> >>>> tmp permissions and no symlink, reinstalled clamav (worked in >>>> >> 4.77.10) >> >>>> And if you re-run the ./install.sh from MailScanner, just to be >>>> >>>> >>> doubly- >>> >>> >>>> sure? >>>> >>>> On 12/01/2010 16:49, Sunny Forro wrote: >>>> >>>> >>>>> Rich, thanks for the reply. >>>>> >>>>> I've gone through and checked the versions of all the perl-tars >>>>> against what's installed (and reinstalled some of them to make >>>>> > sure > >>>>> the versions match). Everything that I've checked matches the >>>>> >>>>> >>>> expected >>>> >>>> >>>>> versions for this release of MailScanner. >>>>> >>>>> Sunny >>>>> >>>>> *From:* mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>>>> *Richard Lynch >>>>> *Sent:* Tuesday, January 12, 2010 11:35 AM >>>>> *To:* MailScanner discussion >>>>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have >>>>> checked tmp permissions and no symlink, reinstalled clamav (worked >>>>> >>>>> >>> in >>> >>> >>>>> 4.77.10) >>>>> >>>>> Sunny Forro wrote: >>>>> >>>>> >>>>> -----Original Message----- >>>>> From:mailscanner-bounces@lists.mailscanner.info >>>>> >>>>> >>> >> >>> >>>> bounces@lists.mailscanner.info> >>>> >>>> >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> >>>>> >>>> Julian >>>> >>>> >>>>> Field >>>>> Sent: Tuesday, January 12, 2010 11:02 AM >>>>> To: MailScanner discussion >>>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have >>>>> >>>>> >>> checked >>> >>> >>>>> tmp permissions and no symlink, reinstalled clamav (worked in >>>>> >>>>> >>>> 4.77.10) >>>> >>>> >>>>> Check your virus.scanners.conf file to ensure it is pointing at >>>>> > the > >>>>> correct place for clamav. >>>>> If "which clamscan" reports /usr/local/bin/clamscan then the >>>>> > clamav > >>>>> >>>> line >>>> >>>> >>>>> in virus.scanners.conf should end in "/usr/local" and if it >>>>> > reports > >>>>> /usr/bin/clamscan then the line should end in "/usr". >>>>> >>>>> That would be the first place to look. Then "MailScanner --lint" >>>>> >>>>> >>>> should >>>> >>>> >>>>> detect the EICAR test pattern successfully. Once "MailScanner >>>>> >>>>> >>> --lint" >>> >>> >>>>> works, you're there. >>>>> >>>>> Jules. >>>>> >>>>> >>>>> ------ Outlook sucks ----------- >>>>> >>>>> Jules, thanks for the reply! >>>>> I checked "which clamscan" and yes it does point to >>>>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf >>>>> >> does >> >>>>> >>>> end >>>> >>>> >>>>> in /usr/local. Still no lint under 4.78.17, but works fine under >>>>> pervious versions on the same box. Using clamav-wrapper to do a >>>>> >> scan >> >>>>> >>>> of >>>> >>>> >>>>> /tmp gives me sensible output however. >>>>> >>>>> Sunny >>>>> >>>>> >>>>> >>>>> On 12/01/2010 15:45, Sunny Forro wrote: >>>>> >>>>> >>>>> Hello, >>>>> >>>>> >>>>> >>>>> I've just upgraded to 4.78.17 and now mailscanner doesn't >>>>> >> report >> >>>>> viruses detected by clamav in production or lint. I've >>>>> > scanned > >>>>> >>>> the >>>> >>>> >>>>> /tmp directory with clamav-wrapper and get sensible clam >>>>> >> output. >> >>>>> >>>> /tmp >>>> >>>> >>>>> is not symlinked. I've reinstalled clamav, and manually >>>>> >>>>> >>>> reinstalled >>>> >>>> >>>>> all the per-tars from the install directory. I've even tried >>>>> >>>>> downgrading MIME-tools to 5.420 (as found on another post), >>>>> >> but >> >>>>> >>>> to no >>>> >>>> >>>>> effect (and since reinstalled from perl-tar to 5.427). I've >>>>> >>>>> >>>> removed >>>> >>>> >>>>> and reinstalled Perl5.8.9, also to no effect. I'm running >>>>> >>>>> >>>> MS4.78.17, >>>> >>>> >>>>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ >>>>> >>>>> >>>> mailwatch >>>> >>>> >>>>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare >>>>> >>>>> >>>> VSphere >>>> >>>> >>>>> 4.0. I've switched back to 4.77.10 as this properly >>>>> > identifies > >>>>> >>>> virii. >>>> >>>> >>>>> I'm out of ideas - Any suggestions? Is there something else I >>>>> >>>>> >>>> need to >>>> >>>> >>>>> check, or something else I missed? >>>>> >>>>> >>>>> >>>>> Any help would be greatly appreciated. >>>>> >>>>> >>>>> >>>>> Sunny Forro >>>>> >>>>> >>>>> >>>>> P.S. Thanks a million to Julian Field for a fantastic >>>>> > solution > >>>>> >>> to >>> >>> >>>> the >>>> >>>> >>>>> deluge of spam we had grown accustomed to. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>>> This may be totally unrelated but I had a similar problem like >>>>> > this > >>>>> >>>> at >>>> >>>> >>>>> one point. It turned out that the perl I was running had version >>>>> >>>>> >>> 0.16 >>> >>> >>>>> of perl-File-Temp builtin and the version that came packaged with >>>>> MailScanner was 0.19. When perl was updated v0.19 was removed. I >>>>> >>>>> >>>> ended >>>> >>>> >>>>> up having to do a rpm --force on the version that came packaged >>>>> >> with >> >>>>> MailScanner. >>>>> >>>>> This is all from vague memories and I may not have the scenario >>>>> exactly right. It took me a while to find it though. Check the >>>>> >>>>> >>>> version >>>> >>>> >>>>> of File::Temp that you are using. I know that once I got the >>>>> >> correct >> >>>>> version installed MailScanner --lint started producing expected >>>>> results with my virus scanners. >>>>> >>>>> Rich >>>>> >>>>> >>>>> -- >>>>> >>>>> "Of all tyrannies, a tyranny exercised for the good of its victims >>>>> >>>>> >>>> may >>>> >>>> >>>>> be the most oppressive. It may be better to live under robber >>>>> >> barons >> >>>>> than omnipotent moral busybodies. The robber baron's cruelty may >>>>> sometimes sleep, his cupidity may at some point be satiated; but >>>>> >>>>> >>>> those >>>> >>>> >>>>> who torment us for our own good will torment us without end, for >>>>> >>>>> >>> they >>> >>> >>>> do >>>> >>>> >>>>> so with the approval of their own conscience." >>>>> >>>>> -- C.S. Lewis >>>>> >>>>> >>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your >>>> >> boss? >> >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From AHKAPLAN at PARTNERS.ORG Thu Jan 14 16:37:37 2010 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Thu Jan 14 16:37:48 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin In-Reply-To: References: <4B4EE16D.3020604@ecs.soton.ac.uk> Message-ID: Thanks Julian. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, January 14, 2010 4:19 AM To: MailScanner discussion Subject: Re: Easy Install package for clamav 0.95.3 and SpamAssassin Done. On 13/01/2010 23:30, Kaplan, Andrew H. wrote: > > Hi there -- > > The latest version of Clamav is 0.95.3, and I was wondering if that > will be incorporated into > the easy installation package with SpamAssassin in the upcoming weeks. > Thanks. > > The information in this e-mail is intended only for the person to whom it is > addressed. If you believe this e-mail was sent to you in error and the e-mail > contains patient information, please contact the Partners Compliance HelpLine at > http://www.partners.org/complianceline . If the e-mail was sent to you in error > but does not contain patient information, please contact the sender and properly > dispose of the e-mail. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikej at rogers.com Thu Jan 14 17:24:37 2010 From: mikej at rogers.com (Mike Jakubik) Date: Thu Jan 14 17:24:16 2010 Subject: More taint mode problems (please help) In-Reply-To: References: <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> <4B4E1868.6070600@ecs.soton.ac.uk>, <388FA516-FB27-4A79-842D-7A486F47B824@mimectl> <4B4E20D3.9000603@ecs.soton.ac.uk> Message-ID: <436c8f1ff95e24f2ae7855219b650e61.squirrel@wettoast.dyndns.org> On Wed, January 13, 2010 2:36 pm, Jules Field wrote: > The File.pm module is used for opening files, not the "file" command. It > could be loads of places. > What TNEF-related options are you using, and can you send me a message > that triggers it? Put the raw message queue files up on a website > somewhere and mail me the URL to the address in the headers. > > Thanks, I believe the problem here is that the variable containing the filename which is passed to File.pm is tainted. From hden at kci.net.nz Thu Jan 14 21:27:07 2010 From: hden at kci.net.nz (hden@kci.net.nz) Date: Thu Jan 14 21:27:20 2010 Subject: clamd twice in lint output Message-ID: <50103.222.153.166.253.1263504427.squirrel@webmail.kc.net.nz> Hello .. Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output shows clamd *twice* ? [snippert below] Is there anything I need to change/check/fix/tweak ? [snip] MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd, clamd, sophossavi =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com Virus Scanning: SophosSAVI found 1 infections [snip ends] From alex at rtpty.com Thu Jan 14 21:45:42 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Jan 14 21:46:12 2010 Subject: clamd twice in lint output Message-ID: <175670722-1263505557-cardhu_decombobulator_blackberry.rim.net-574995457-@bda942.bisx.prod.on.blackberry> Now with twice the virus fighting power! If it is, in fact, "checking it twice" like Santa, it's a performance hit you're taking. ------Original Message------ From: hden@kci.net.nz Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: clamd twice in lint output Sent: Jan 14, 2010 4:27 PM Hello .. Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output shows clamd *twice* ? [snippert below] Is there anything I need to change/check/fix/tweak ? [snip] MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd, clamd, sophossavi =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com Virus Scanning: SophosSAVI found 1 infections [snip ends] -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From sunny.forro at compcoind.com Thu Jan 14 22:00:19 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Thu Jan 14 22:00:32 2010 Subject: MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) References: <4B4C9CF7.1090901@ecs.soton.ac.uk> <4B4CA4AA.9050403@mail.wvnet.edu><4B4CB0D4.5000406@ecs.soton.ac.uk> <4B4CC6BF.3020004@ecs.soton.ac.uk> <4B4F2AF2.90300@ecs.soton.ac.uk> Message-ID: Jules, I tried to get the sidecutters from your wishlist - unfortunately it says that particular item cannot be delivered to a wishlist address. I'm looking at alternative sources. Sunny Forro > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Thursday, January 14, 2010 9:32 AM > To: MailScanner discussion > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked > tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10) > > I've got a whole rack full of virtualisation hardware available here, > thanks anyway. > > If you want to make a small donation, there are quite a few things on > my > amazon.co.uk wishlist, any of which would be very much appreciated! The > side-cutters would be most appreciated at the moment, but anything you > like the price/look of would go down well :-) > > Thanks, > Jules. > > On 14/01/2010 14:07, Sunny Forro wrote: > > Jules, > > Thanks a million for your help. I'd like to contribute to the > > development of MailScanner but am far from well-versed in perl. I'm > > fairly well versed in FreeBSD (that's my preferred install). Would a > > virtual machine with ssh help you out any? > > Thanks, > > Sunny Forro > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Jules Field > >> Sent: Tuesday, January 12, 2010 2:00 PM > >> To: MailScanner discussion > >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > checked > >> tmp permissions and no symlink, reinstalled clamav (worked in > 4.77.10) > >> > >> Any chance you could give me remote ssh root access to your server > so > >> > > I > > > >> can debug it for you and see what output you're getting from clamav > >> > > and > > > >> why it isn't parsing it properly? > >> I've got a reputation to protect, so I'm not going to do anything > bad > >> to > >> you! > >> > >> If it takes less than a couple of hours, I'll do it for free too. :) > >> > >> Contact me by email if you're interested. > >> > >> Jules. > >> > >> On 12/01/2010 18:05, Sunny Forro wrote: > >> > >>> I've rerun the ./install.sh script - again to no effect. However, I > >>> discovered that MailScanner is properly parsing mcafee's output but > >>> > >> not > >> > >>> clamavs. When I lint with my virus scanners set to "clamav mcafee" > >>> > > it > > > >>> picks up Eicar from mcafee, but nothing from clamav. If I set it to > >>> "clamav" it doesn't pick up Eicar at all. > >>> > >>> Side Note: I have a paid version of McAfee that I have used until > >>> recently, when I discovered that the latest release of mcafee for > >>> > > BSD > > > >>> still relies on an outdated compatibility library (compat3x) that > >>> doesn't properly install and isn't included in any release since > >>> FreeBSD5. It also spikes my CPU to 100% while scanning mail and > >>> > > slows > > > >>> the whole process to a crawl. Running clamav only with a previous > >>> release of MailScanner produces more reliable results because when > >>> > >> my > >> > >>> CPU hits 100% (using mcafee and clamav) mail begins to flow through > >>> completely untouched. > >>> > >>> Sunny > >>> > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> > >> [mailto:mailscanner- > >> > >>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field > >>>> Sent: Tuesday, January 12, 2010 12:27 PM > >>>> To: MailScanner discussion > >>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > >>>> > >> checked > >> > >>>> tmp permissions and no symlink, reinstalled clamav (worked in > >>>> > >> 4.77.10) > >> > >>>> And if you re-run the ./install.sh from MailScanner, just to be > >>>> > >>>> > >>> doubly- > >>> > >>> > >>>> sure? > >>>> > >>>> On 12/01/2010 16:49, Sunny Forro wrote: > >>>> > >>>> > >>>>> Rich, thanks for the reply. > >>>>> > >>>>> I've gone through and checked the versions of all the perl-tars > >>>>> against what's installed (and reinstalled some of them to make > >>>>> > > sure > > > >>>>> the versions match). Everything that I've checked matches the > >>>>> > >>>>> > >>>> expected > >>>> > >>>> > >>>>> versions for this release of MailScanner. > >>>>> > >>>>> Sunny > >>>>> > >>>>> *From:* mailscanner-bounces@lists.mailscanner.info > >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > >>>>> *Richard Lynch > >>>>> *Sent:* Tuesday, January 12, 2010 11:35 AM > >>>>> *To:* MailScanner discussion > >>>>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have > >>>>> checked tmp permissions and no symlink, reinstalled clamav > (worked > >>>>> > >>>>> > >>> in > >>> > >>> > >>>>> 4.77.10) > >>>>> > >>>>> Sunny Forro wrote: > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From:mailscanner-bounces@lists.mailscanner.info > >>>>> > >>>>> > >>> >>> > >>> > >>>> bounces@lists.mailscanner.info> > >>>> > >>>> > >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>>>> > >>>>> > >>>> Julian > >>>> > >>>> > >>>>> Field > >>>>> Sent: Tuesday, January 12, 2010 11:02 AM > >>>>> To: MailScanner discussion > >>>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have > >>>>> > >>>>> > >>> checked > >>> > >>> > >>>>> tmp permissions and no symlink, reinstalled clamav (worked in > >>>>> > >>>>> > >>>> 4.77.10) > >>>> > >>>> > >>>>> Check your virus.scanners.conf file to ensure it is pointing at > >>>>> > > the > > > >>>>> correct place for clamav. > >>>>> If "which clamscan" reports /usr/local/bin/clamscan then the > >>>>> > > clamav > > > >>>>> > >>>> line > >>>> > >>>> > >>>>> in virus.scanners.conf should end in "/usr/local" and if it > >>>>> > > reports > > > >>>>> /usr/bin/clamscan then the line should end in "/usr". > >>>>> > >>>>> That would be the first place to look. Then "MailScanner --lint" > >>>>> > >>>>> > >>>> should > >>>> > >>>> > >>>>> detect the EICAR test pattern successfully. Once "MailScanner > >>>>> > >>>>> > >>> --lint" > >>> > >>> > >>>>> works, you're there. > >>>>> > >>>>> Jules. > >>>>> > >>>>> > >>>>> ------ Outlook sucks ----------- > >>>>> > >>>>> Jules, thanks for the reply! > >>>>> I checked "which clamscan" and yes it does point to > >>>>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf > >>>>> > >> does > >> > >>>>> > >>>> end > >>>> > >>>> > >>>>> in /usr/local. Still no lint under 4.78.17, but works fine under > >>>>> pervious versions on the same box. Using clamav-wrapper to do a > >>>>> > >> scan > >> > >>>>> > >>>> of > >>>> > >>>> > >>>>> /tmp gives me sensible output however. > >>>>> > >>>>> Sunny > >>>>> > >>>>> > >>>>> > >>>>> On 12/01/2010 15:45, Sunny Forro wrote: > >>>>> > >>>>> > >>>>> Hello, > >>>>> > >>>>> > >>>>> > >>>>> I've just upgraded to 4.78.17 and now mailscanner doesn't > >>>>> > >> report > >> > >>>>> viruses detected by clamav in production or lint. I've > >>>>> > > scanned > > > >>>>> > >>>> the > >>>> > >>>> > >>>>> /tmp directory with clamav-wrapper and get sensible clam > >>>>> > >> output. > >> > >>>>> > >>>> /tmp > >>>> > >>>> > >>>>> is not symlinked. I've reinstalled clamav, and manually > >>>>> > >>>>> > >>>> reinstalled > >>>> > >>>> > >>>>> all the per-tars from the install directory. I've even > tried > >>>>> > >>>>> downgrading MIME-tools to 5.420 (as found on another post), > >>>>> > >> but > >> > >>>>> > >>>> to no > >>>> > >>>> > >>>>> effect (and since reinstalled from perl-tar to 5.427). I've > >>>>> > >>>>> > >>>> removed > >>>> > >>>> > >>>>> and reinstalled Perl5.8.9, also to no effect. I'm running > >>>>> > >>>>> > >>>> MS4.78.17, > >>>> > >>>> > >>>>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ > >>>>> > >>>>> > >>>> mailwatch > >>>> > >>>> > >>>>> 1.0.4, apache13, mysql5077, php5, virtualized through > VMWare > >>>>> > >>>>> > >>>> VSphere > >>>> > >>>> > >>>>> 4.0. I've switched back to 4.77.10 as this properly > >>>>> > > identifies > > > >>>>> > >>>> virii. > >>>> > >>>> > >>>>> I'm out of ideas - Any suggestions? Is there something else > I > >>>>> > >>>>> > >>>> need to > >>>> > >>>> > >>>>> check, or something else I missed? > >>>>> > >>>>> > >>>>> > >>>>> Any help would be greatly appreciated. > >>>>> > >>>>> > >>>>> > >>>>> Sunny Forro > >>>>> > >>>>> > >>>>> > >>>>> P.S. Thanks a million to Julian Field for a fantastic > >>>>> > > solution > > > >>>>> > >>> to > >>> > >>> > >>>> the > >>>> > >>>> > >>>>> deluge of spam we had grown accustomed to. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Jules > >>>>> > >>>>> > >>>>> > >>>>> This may be totally unrelated but I had a similar problem like > >>>>> > > this > > > >>>>> > >>>> at > >>>> > >>>> > >>>>> one point. It turned out that the perl I was running had version > >>>>> > >>>>> > >>> 0.16 > >>> > >>> > >>>>> of perl-File-Temp builtin and the version that came packaged with > >>>>> MailScanner was 0.19. When perl was updated v0.19 was removed. I > >>>>> > >>>>> > >>>> ended > >>>> > >>>> > >>>>> up having to do a rpm --force on the version that came packaged > >>>>> > >> with > >> > >>>>> MailScanner. > >>>>> > >>>>> This is all from vague memories and I may not have the scenario > >>>>> exactly right. It took me a while to find it though. Check the > >>>>> > >>>>> > >>>> version > >>>> > >>>> > >>>>> of File::Temp that you are using. I know that once I got the > >>>>> > >> correct > >> > >>>>> version installed MailScanner --lint started producing expected > >>>>> results with my virus scanners. > >>>>> > >>>>> Rich > >>>>> > >>>>> > >>>>> -- > >>>>> > >>>>> "Of all tyrannies, a tyranny exercised for the good of its > victims > >>>>> > >>>>> > >>>> may > >>>> > >>>> > >>>>> be the most oppressive. It may be better to live under robber > >>>>> > >> barons > >> > >>>>> than omnipotent moral busybodies. The robber baron's cruelty may > >>>>> sometimes sleep, his cupidity may at some point be satiated; but > >>>>> > >>>>> > >>>> those > >>>> > >>>> > >>>>> who torment us for our own good will torment us without end, for > >>>>> > >>>>> > >>> they > >>> > >>> > >>>> do > >>>> > >>>> > >>>>> so with the approval of their own conscience." > >>>>> > >>>>> -- C.S. Lewis > >>>>> > >>>>> > >>>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP CEng > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> > >>>> Need help customising MailScanner? > >>>> Contact me! > >>>> Need help fixing or optimising your systems? > >>>> Contact me! > >>>> Need help getting you started solving new requirements from your > >>>> > >> boss? > >> > >>>> Contact me! > >>>> > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> -- > >>>> MailScanner mailing list > >>>> mailscanner@lists.mailscanner.info > >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>> > >>>> Before posting, read http://wiki.mailscanner.info/posting > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>>> > >>>> > >>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your > boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From hden at kci.net.nz Thu Jan 14 22:18:04 2010 From: hden at kci.net.nz (hden@kci.net.nz) Date: Thu Jan 14 22:18:15 2010 Subject: clamd twice in lint output In-Reply-To: <175670722-1263505557-cardhu_decombobulator_blackberry.rim.net-5749954 57-@bda942.bisx.prod.on.blackberry> References: <175670722-1263505557-cardhu_decombobulator_blackberry.rim.net-574995457-@bda942.bisx.prod.on.blackberry> Message-ID: <50289.222.153.166.253.1263507484.squirrel@webmail.kc.net.nz> LOL .. What I meant was, clamd found twice in this line .. 'Found these virus scanners installed: clamd, clamd, sophossavi' (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry for being unclear) Cheers! Dave > Now with twice the virus fighting power! > > If it is, in fact, "checking it twice" like Santa, it's a performance hit > you're taking. > ------Original Message------ > From: hden@kci.net.nz > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: clamd twice in lint output > Sent: Jan 14, 2010 4:27 PM > > Hello .. > > Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output > shows clamd *twice* ? [snippert below] > > Is there anything I need to change/check/fix/tweak ? > > [snip] > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, clamd, sophossavi > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com > Virus Scanning: SophosSAVI found 1 infections > [snip ends] > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Thu Jan 14 22:25:22 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 14 22:25:54 2010 Subject: Next Stable Release In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local><4B4F2050.5050903@ecs.soton.ac.uk> Message-ID: on 1-14-2010 6:27 AM Delgado Moreno, Alex spake the following: > Hi, > > Better sooner than later. > Actually... Better working then rushed... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100114/8f23a4fc/signature.bin From ssilva at sgvwater.com Thu Jan 14 22:28:19 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 14 22:30:14 2010 Subject: clamd twice in lint output In-Reply-To: <50103.222.153.166.253.1263504427.squirrel@webmail.kc.net.nz> References: <50103.222.153.166.253.1263504427.squirrel@webmail.kc.net.nz> Message-ID: on 1-14-2010 1:27 PM hden@kci.net.nz spake the following: > Hello .. > > Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output > shows clamd *twice* ? [snippert below] > that happens when you have ClamAV Full Message Scan = yes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100114/1b93ee7a/signature.bin From alex at rtpty.com Thu Jan 14 22:33:48 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Jan 14 22:34:18 2010 Subject: clamd twice in lint output In-Reply-To: <50289.222.153.166.253.1263507484.squirrel@webmail.kc.net.nz> References: <175670722-1263505557-cardhu_decombobulator_blackberry.rim.net-574995457-@bda942.bisx.prod.on.blackberry><50289.222.153.166.253.1263507484.squirrel@webmail.kc.net.nz> Message-ID: <729825975-1263508445-cardhu_decombobulator_blackberry.rim.net-1854968438-@bda942.bisx.prod.on.blackberry> Clamd - the antivirus that's so nice you'll want to run it twice... Have you searched your filesystem for multiple copies of clamav/clamd? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: hden@kci.net.nz Date: Fri, 15 Jan 2010 11:18:04 To: MailScanner discussion Subject: Re: clamd twice in lint output LOL .. What I meant was, clamd found twice in this line .. 'Found these virus scanners installed: clamd, clamd, sophossavi' (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry for being unclear) Cheers! Dave > Now with twice the virus fighting power! > > If it is, in fact, "checking it twice" like Santa, it's a performance hit > you're taking. > ------Original Message------ > From: hden@kci.net.nz > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: clamd twice in lint output > Sent: Jan 14, 2010 4:27 PM > > Hello .. > > Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output > shows clamd *twice* ? [snippert below] > > Is there anything I need to change/check/fix/tweak ? > > [snip] > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, clamd, sophossavi > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com > Virus Scanning: SophosSAVI found 1 infections > [snip ends] > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikael at syska.dk Thu Jan 14 23:28:01 2010 From: mikael at syska.dk (Mikael Syska) Date: Thu Jan 14 23:28:16 2010 Subject: Next Stable Release In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2050.5050903@ecs.soton.ac.uk> Message-ID: <6beca9db1001141528g42b493f2k5e435304a62151b6@mail.gmail.com> Hi On Thu, Jan 14, 2010 at 11:25 PM, Scott Silva wrote: > on 1-14-2010 6:27 AM Delgado Moreno, Alex spake the following: >> Hi, >> >> Better sooner than later. >> > Actually... Better working then rushed... > I agree .... But since there are released BETAs all the time ... which is great, keep doing it. What are the stable release build from ? mvh Mikael Syska From ssilva at sgvwater.com Thu Jan 14 23:45:43 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 14 23:46:13 2010 Subject: Next Stable Release In-Reply-To: <6beca9db1001141528g42b493f2k5e435304a62151b6@mail.gmail.com> References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2050.5050903@ecs.soton.ac.uk> <6beca9db1001141528g42b493f2k5e435304a62151b6@mail.gmail.com> Message-ID: on 1-14-2010 3:28 PM Mikael Syska spake the following: > Hi > > On Thu, Jan 14, 2010 at 11:25 PM, Scott Silva wrote: >> on 1-14-2010 6:27 AM Delgado Moreno, Alex spake the following: >>> Hi, >>> >>> Better sooner than later. >>> >> Actually... Better working then rushed... >> > > I agree .... > > But since there are released BETAs all the time ... which is great, > keep doing it. > > What are the stable release build from ? > > mvh > Mikael Syska The stable will usually be the latest beta unchanged except the tag stable added to it. If it was changed, it would still be a beta. Many of us use betas... You usually need what it fixes rightaway and can't wait, or you have a test server and can help Jules work out the bugs. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100114/53e085d2/signature.bin From alex at rtpty.com Thu Jan 14 23:48:54 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Jan 14 23:49:24 2010 Subject: clamd twice in lint output Message-ID: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> Clamd - the antivirus that's so nice you'll want to run it twice... Have you searched your filesystem for multiple copies of clamav/clamd? ------Original Message------ From: hden@kci.net.nz Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: Re: clamd twice in lint output Sent: Jan 14, 2010 5:18 PM LOL .. What I meant was, clamd found twice in this line .. 'Found these virus scanners installed: clamd, clamd, sophossavi' (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry for being unclear) Cheers! Dave > Now with twice the virus fighting power! > > If it is, in fact, "checking it twice" like Santa, it's a performance hit > you're taking. > ------Original Message------ > From: hden@kci.net.nz > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: clamd twice in lint output > Sent: Jan 14, 2010 4:27 PM > > Hello .. > > Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output > shows clamd *twice* ? [snippert below] > > Is there anything I need to change/check/fix/tweak ? > > [snip] > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, clamd, sophossavi > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com > Virus Scanning: SophosSAVI found 1 infections > [snip ends] > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From mikael at syska.dk Fri Jan 15 00:09:36 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 15 00:09:49 2010 Subject: Next Stable Release In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2050.5050903@ecs.soton.ac.uk> <6beca9db1001141528g42b493f2k5e435304a62151b6@mail.gmail.com> Message-ID: <6beca9db1001141609k52ba82bbp2cc065eec3210a79@mail.gmail.com> Hi On Fri, Jan 15, 2010 at 12:45 AM, Scott Silva wrote: > on 1-14-2010 3:28 PM Mikael Syska spake the following: >> Hi >> >> On Thu, Jan 14, 2010 at 11:25 PM, Scott Silva wrote: >>> on 1-14-2010 6:27 AM Delgado Moreno, Alex spake the following: >>>> Hi, >>>> >>>> Better sooner than later. >>>> >>> Actually... Better working then rushed... >>> >> >> I agree .... >> >> But since there are released BETAs all the time ... which is great, >> keep doing it. >> >> What are the stable release build from ? >> >> mvh >> Mikael Syska > The stable will usually be the latest beta unchanged except the tag stable > added to it. If it was changed, it would still be a beta. Many of us use > betas... You usually need what it fixes rightaway and can't wait, or you have > a test server and can help Jules work out the bugs. Thanks for the clearification ... also thought it was like this ... just wondered why Aaron K. Moore wanted a new stable release ... as most of Juels work are rock stable ... and most time only fix problems and not introduces new :-) Never the less ... MailScanner has been great ... compared to amavids-new *irkk* hate that :-p > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > mvh From hden at kci.net.nz Fri Jan 15 01:46:53 2010 From: hden at kci.net.nz (hden@kci.net.nz) Date: Fri Jan 15 01:47:05 2010 Subject: clamd twice in lint output In-Reply-To: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066 118-@bda942.bisx.prod.on.blackberry> References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> Message-ID: <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> Yes, I have searched for multiple copies, and there's only one clamd in any bin. This issue isn't urgent, Mailscanner/clamd are working fine picking up infected msgs. The double clamd mention in .. 'MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd, clamd, sophossavi' .. has me a little over curious When Mailscanner 'searches' for scanners [when set to 'auto'], any idea what/where/how it looks? Cheers! Dave > Clamd - the antivirus that's so nice you'll want to run it twice... > > Have you searched your filesystem for multiple copies of clamav/clamd? > ------Original Message------ > From: hden@kci.net.nz > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: Re: clamd twice in lint output > Sent: Jan 14, 2010 5:18 PM > > > LOL .. > > What I meant was, clamd found twice in this line .. > > 'Found these virus scanners installed: clamd, clamd, sophossavi' > > (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry for > being unclear) > > Cheers! > Dave > > >> Now with twice the virus fighting power! >> >> If it is, in fact, "checking it twice" like Santa, it's a performance >> hit >> you're taking. >> ------Original Message------ >> From: hden@kci.net.nz >> Sender: mailscanner-bounces@lists.mailscanner.info >> To: MailScanner discussion >> ReplyTo: MailScanner discussion >> Subject: clamd twice in lint output >> Sent: Jan 14, 2010 4:27 PM >> >> Hello .. >> >> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output >> shows clamd *twice* ? [snippert below] >> >> Is there anything I need to change/check/fix/tweak ? >> >> [snip] >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: clamd, clamd, sophossavi >> =========================================================================== >> Filename Checks: Windows/DOS Executable (1 eicar.com) >> Other Checks: Found 1 problems >> Virus and Content Scanning: Starting >> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >> Virus Scanning: Clamd found 2 infections >> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >> Virus Scanning: SophosSAVI found 1 infections >> [snip ends] >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From jonas at vrt.dk Fri Jan 15 08:45:50 2010 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri Jan 15 08:46:06 2010 Subject: Next Stable Release In-Reply-To: References: <60D398EB2DB948409CA1F50D8AF1225706541803@exch1.dekalbmemorial.local> <4B4F2050.5050903@ecs.soton.ac.uk> <6beca9db1001141528g42b493f2k5e435304a62151b6@mail.gmail.com> Message-ID: <001e01ca95bf$26c29920$7447cb60$@vrt.dk> > > But since there are released BETAs all the time ... which is great, > > keep doing it. > > > > What are the stable release build from ? > > > > mvh > > Mikael Syska > The stable will usually be the latest beta unchanged except the tag stable > added to it. If it was changed, it would still be a beta. Many of us use betas... > You usually need what it fixes rightaway and can't wait, or you have a test > server and can help Jules work out the bugs. Hear hear. I've often end up using a beta version in production. I know of very very other products which runs as stable as MailScanner. And when there is the occasional rare bug, its often corrected extremely fast after being reported (if considered urgent obviously, not just random stuff people complain about) So kudos to Julian to running an admirable release system with superior release speed. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From MailScanner at ecs.soton.ac.uk Fri Jan 15 09:24:32 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 15 09:24:47 2010 Subject: More taint mode problems (please help) In-Reply-To: <436c8f1ff95e24f2ae7855219b650e61.squirrel@wettoast.dyndns.org> References: <53328e336a5e08ab11da0c883fe9e3ab.squirrel@wettoast.dyndns.org> <6beca9db1001110828l75ea7b8dje2dd6443f7edd209@mail.gmail.com> <4B4C3467.60400@ecs.soton.ac.uk> <4B4DF280.4080803@mtl.mit.edu> <4B4DF7BC.4010803@ecs.soton.ac.uk>, <7C09DB4D-D236-4D66-893A-9B0EB04CFBEA@mimectl> <4B4E1868.6070600@ecs.soton.ac.uk>, <388FA516-FB27-4A79-842D-7A486F47B824@mimectl> <4B4E20D3.9000603@ecs.soton.ac.uk> <436c8f1ff95e24f2ae7855219b650e61.squirrel@wettoast.dyndns.org> <4B503450.6000105@ecs.soton.ac.uk> Message-ID: On 14/01/2010 17:24, Mike Jakubik wrote: > On Wed, January 13, 2010 2:36 pm, Jules Field wrote: > >> The File.pm module is used for opening files, not the "file" command. It >> could be loads of places. >> What TNEF-related options are you using, and can you send me a message >> that triggers it? Put the raw message queue files up on a website >> somewhere and mail me the URL to the address in the headers. >> >> Thanks, >> > I believe the problem here is that the variable containing the filename > which is passed to File.pm is tainted. > Well yes, but which call to File.pm? I use it all over the place! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 15 09:25:21 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 15 09:25:52 2010 Subject: clamd twice in lint output In-Reply-To: <50103.222.153.166.253.1263504427.squirrel@webmail.kc.net.nz> References: <50103.222.153.166.253.1263504427.squirrel@webmail.kc.net.nz> <4B503481.2040003@ecs.soton.ac.uk> Message-ID: Don't worry, that's normal due to "ClamAV Full Message Scan = yes" in your MailScanner.conf. On 14/01/2010 21:27, hden@kci.net.nz wrote: > Hello .. > > Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output > shows clamd *twice* ? [snippert below] > > Is there anything I need to change/check/fix/tweak ? > > [snip] > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, clamd, sophossavi > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com > Virus Scanning: SophosSAVI found 1 infections > [snip ends] > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 15 09:36:45 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 15 09:36:59 2010 Subject: clamd twice in lint output In-Reply-To: <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> Message-ID: What does ps ax | grep clamd produce? You haven't got 2 copies of clamd running have you? I can't see how this could happen in the code, something very strange is happening. It shouldn't actually cause any damage, clamd will only be checked once. Jules. On 15/01/2010 01:46, hden@kci.net.nz wrote: > Yes, I have searched for multiple copies, and there's only one clamd in > any bin. > > This issue isn't urgent, Mailscanner/clamd are working fine picking up > infected msgs. > > The double clamd mention in .. > > 'MailScanner.conf says "Virus Scanners = auto" Found these virus scanners > installed: clamd, clamd, sophossavi' > > .. has me a little over curious > > When Mailscanner 'searches' for scanners [when set to 'auto'], any idea > what/where/how it looks? > > Cheers! > Dave > > > >> Clamd - the antivirus that's so nice you'll want to run it twice... >> >> Have you searched your filesystem for multiple copies of clamav/clamd? >> ------Original Message------ >> From: hden@kci.net.nz >> Sender: mailscanner-bounces@lists.mailscanner.info >> To: MailScanner discussion >> ReplyTo: MailScanner discussion >> Subject: Re: clamd twice in lint output >> Sent: Jan 14, 2010 5:18 PM >> >> >> LOL .. >> >> What I meant was, clamd found twice in this line .. >> >> 'Found these virus scanners installed: clamd, clamd, sophossavi' >> >> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry for >> being unclear) >> >> Cheers! >> Dave >> >> >> >>> Now with twice the virus fighting power! >>> >>> If it is, in fact, "checking it twice" like Santa, it's a performance >>> hit >>> you're taking. >>> ------Original Message------ >>> From: hden@kci.net.nz >>> Sender: mailscanner-bounces@lists.mailscanner.info >>> To: MailScanner discussion >>> ReplyTo: MailScanner discussion >>> Subject: clamd twice in lint output >>> Sent: Jan 14, 2010 4:27 PM >>> >>> Hello .. >>> >>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the output >>> shows clamd *twice* ? [snippert below] >>> >>> Is there anything I need to change/check/fix/tweak ? >>> >>> [snip] >>> MailScanner.conf says "Virus Scanners = auto" >>> Found these virus scanners installed: clamd, clamd, sophossavi >>> =========================================================================== >>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>> Other Checks: Found 1 problems >>> Virus and Content Scanning: Starting >>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>> Virus Scanning: Clamd found 2 infections >>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>> Virus Scanning: SophosSAVI found 1 infections >>> [snip ends] >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> >>> Alex Neuman van der Hans >>> Reliant Technologies >>> >>> +507 6781-9505 >>> +507 832-6725 >>> BB PIN: 20EA17C5 >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> -- >> >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marc at marcsnet.com Fri Jan 15 11:47:13 2010 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jan 15 11:47:22 2010 Subject: smf-sav & CentOS5 In-Reply-To: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> Message-ID: <4B5055C1.3090904@marcsnet.com> Hi list, re: recipient address verification where MailScanner is sitting in FRONT of another mailserver (such as exchange) milter-ahead is like 90 quid - probably because they know they can get away with it. I'd rather not use anything than pay them that. smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. Has anyone actually got it, or something similar, working on a CentOS5 machine? Cheers Marc From ms-list at alexb.ch Fri Jan 15 11:59:54 2010 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jan 15 12:00:01 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B5055C1.3090904@marcsnet.com> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> Message-ID: <4B5058BA.4040302@alexb.ch> On 1/15/2010 12:47 PM, Marc Lucke wrote: > Hi list, > > re: recipient address verification where MailScanner is sitting in FRONT > of another mailserver (such as exchange) > > milter-ahead is like 90 quid - probably because they know they can get > away with it. I'd rather not use anything than pay them that. you are VERY mistaken - but its your choice. A dev has to have to make a living - its not a community project nor open source - Snertsoft produces hi quality milters and the support/dev track is very good. > smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. so you got what you paid for :-) I'd bet you've spent ?90 on more stupid things in your life :-) Alex From MailScanner at ecs.soton.ac.uk Fri Jan 15 12:25:29 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 15 12:25:46 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B5058BA.4040302@alexb.ch> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> Message-ID: On 15/01/2010 11:59, Alex Broens wrote: > On 1/15/2010 12:47 PM, Marc Lucke wrote: >> Hi list, >> >> re: recipient address verification where MailScanner is sitting in >> FRONT of another mailserver (such as exchange) >> >> milter-ahead is like 90 quid - probably because they know they can >> get away with it. I'd rather not use anything than pay them that. > > you are VERY mistaken - but its your choice. > > A dev has to have to make a living - its not a community project nor > open source - Snertsoft produces hi quality milters and the > support/dev track is very good. > > >> smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. > so you got what you paid for :-) > > I'd bet you've spent ?90 on more stupid things in your life :-) Such as all the time you've wasted trying and failing to make smf-sav work for you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Fri Jan 15 12:43:20 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Jan 15 12:43:35 2010 Subject: smf-sav & CentOS5 In-Reply-To: References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> Message-ID: smf-sav *is* brilliant, and has worked well where I've had to use free alternatives because of budget constraints. That being said Snertsoft deserves, IMHO, even more money than they charge for their milters. From the description of the problem ("it won't"), I suspect it's probably because your "CentOS5 boxes" lack one or more necessary libraries to compile and run it properly, or permissions are set wrong somewhere in your /etc/mail folder. Before you continue this thread, I beg you to please consider the following: 1. This is not an smf-sav related list. 2. This is not a sendmail/postfix/qmail/yourMTA list - even though most list members here have extensive experience with all the major (and some obscure) MTA's, you should label your conversation as Off Topic (OT). That and "ask nicely" also works. 3. You should read documents like: http://catb.org/~esr/faqs/smart-questions.html ... in order for us to be able to help you. A complete lack of details on your part only makes it so that people will, at best, ignore you - or worse yet, mock you. 4. If you can't get your problem fixed on your own, consider hiring any of the list members to do it for you. Please don't consider this a flame - just an observation. On Jan 15, 2010, at 7:25 AM, Julian Field wrote: >>> smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. > From bpirie at rma.edu Fri Jan 15 13:56:56 2010 From: bpirie at rma.edu (Brendan Pirie) Date: Fri Jan 15 13:57:16 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B5055C1.3090904@marcsnet.com> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> Message-ID: <4B507428.6020405@rma.edu> On 1/15/2010 6:47 AM, Marc Lucke wrote: > Hi list, > > re: recipient address verification where MailScanner is sitting in > FRONT of another mailserver (such as exchange) > > milter-ahead is like 90 quid - probably because they know they can get > away with it. I'd rather not use anything than pay them that. > > smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. > > Has anyone actually got it, or something similar, working on a CentOS5 > machine? > > > Cheers > Marc > I'm not going to comment on milter-ahead, as others have already made several good points regarding that. I will say, however, that smf-sav has been working fine for me on centos 5 for years now. Brendan From marc at marcsnet.com Fri Jan 15 14:01:10 2010 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jan 15 14:01:18 2010 Subject: smf-sav & CentOS5 In-Reply-To: References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> Message-ID: <4B507526.7090203@marcsnet.com> Hi Alex, It's OK - I don't view it as a flame. I am a seasoned sysadmin and if you notice my one & only question was if anyone had smfsav or anything similar running on their box :) And since this list is for MailScanner, my question is relevant because I'm running MailScanner as an external filter and as such doing recipient address verification is to be expected? That's rhetorical, btw. Hope you don't view it as a flame ;) Have a nice day. Marc Alex Neuman wrote: > smf-sav *is* brilliant, and has worked well where I've had to use free alternatives because of budget constraints. That being said Snertsoft deserves, IMHO, even more money than they charge for their milters. > > From the description of the problem ("it won't"), I suspect it's probably because your "CentOS5 boxes" lack one or more necessary libraries to compile and run it properly, or permissions are set wrong somewhere in your /etc/mail folder. > > Before you continue this thread, I beg you to please consider the following: > > 1. This is not an smf-sav related list. > 2. This is not a sendmail/postfix/qmail/yourMTA list - even though most list members here have extensive experience with all the major (and some obscure) MTA's, you should label your conversation as Off Topic (OT). That and "ask nicely" also works. > 3. You should read documents like: > http://catb.org/~esr/faqs/smart-questions.html > ... in order for us to be able to help you. A complete lack of details on your part only makes it so that people will, at best, ignore you - or worse yet, mock you. > 4. If you can't get your problem fixed on your own, consider hiring any of the list members to do it for you. > > Please don't consider this a flame - just an observation. > > On Jan 15, 2010, at 7:25 AM, Julian Field wrote: > > >>>> smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. >>>> > > From marc at marcsnet.com Fri Jan 15 14:09:25 2010 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jan 15 14:09:30 2010 Subject: smf-sav & CentOS5 In-Reply-To: References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> Message-ID: <4B507715.7090505@marcsnet.com> OK. Look - one of my favourite quotes was out of Dirty Harry "Yeah, well - opinions are like assholes - everybody's got one". You don't have to agree with mine, but I don't have to agree with yours either. Working through problems as opposed to paying somebody else is not wasting time. ?90? Ah - for a business this isn't a big deal I suppose. If it were US$50 it'd be a no-brainer. I agree with devs needing to get paid. I sometimes wonder if competition to drive pricing down is good or not too. But I'm a sysadmin, not an economist. All I can say is that it is too rich for me and in my case instead of getting half of something, the devs will get all of nothing. If I'm one man that doesn't mater, does it? I think I'll have to take the plunge and switch to Postfix. I haven't gotten enthusiastic about it yet. Might be time to teach an old dog new tricks. Anyway - my actual question - * has anyone gotten smf-sav or another alternative solution running on a CentOS5 system? If so, I'd love to hear from you. You never know, I might even pay you for it :) Cheers all. Marc Julian Field wrote: > > > On 15/01/2010 11:59, Alex Broens wrote: >> On 1/15/2010 12:47 PM, Marc Lucke wrote: >>> Hi list, >>> >>> re: recipient address verification where MailScanner is sitting in >>> FRONT of another mailserver (such as exchange) >>> >>> milter-ahead is like 90 quid - probably because they know they can >>> get away with it. I'd rather not use anything than pay them that. >> >> you are VERY mistaken - but its your choice. >> >> A dev has to have to make a living - its not a community project nor >> open source - Snertsoft produces hi quality milters and the >> support/dev track is very good. >> >> >>> smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. >> so you got what you paid for :-) >> >> I'd bet you've spent ?90 on more stupid things in your life :-) > Such as all the time you've wasted trying and failing to make smf-sav > work for you. > > Jules > From marc at marcsnet.com Fri Jan 15 14:11:55 2010 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jan 15 14:12:00 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B507428.6020405@rma.edu> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B507428.6020405@rma.edu> Message-ID: <4B5077AB.20005@marcsnet.com> Hey Brendan, Cool - thanks. I wonder why my 2 boxes won't work :( I assume you're 5.2 or above - no need to answer if so. At least I know it's possible now! Cheers Marc Brendan Pirie wrote: > On 1/15/2010 6:47 AM, Marc Lucke wrote: >> Hi list, >> >> re: recipient address verification where MailScanner is sitting in >> FRONT of another mailserver (such as exchange) >> >> milter-ahead is like 90 quid - probably because they know they can >> get away with it. I'd rather not use anything than pay them that. >> >> smf-sav is brilliant - if it works. It won't on 2 of my CentOS5 boxes. >> >> Has anyone actually got it, or something similar, working on a >> CentOS5 machine? >> >> >> Cheers >> Marc >> > I'm not going to comment on milter-ahead, as others have already made > several good points regarding that. I will say, however, that smf-sav > has been working fine for me on centos 5 for years now. > > Brendan From submit at zuka.net Fri Jan 15 16:22:44 2010 From: submit at zuka.net (Dave Filchak) Date: Fri Jan 15 16:24:55 2010 Subject: Problem Messages Message-ID: <4B509654.2050404@zuka.net> I am sorry to ask this question again. I lost the email responses after the last time I asked this. I have updated to the latest stable release and I am now receiving the following message, over and over again: Currently being processed: Number of messages: 3 Tries Message Next Try At ===== ======= =========== 2 C9971538001.AC06C Mon Jan 11 01:56:09 2010 2 3AF5D538002.A3A93 Mon Jan 11 01:56:03 2010 2 5C03F538003.AEBBD Mon Jan 11 01:55:26 2010 -- MailScanner This message has not changed at all over the last number of days so it seems these are stuck messages? I believe the response was turn this off in the conf file and/or delete a database file .. somewhere. If the person(s) who originally responded to me would not mind doing so again, I would appreciate it. Cheers Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100115/4a0507f8/attachment.html From jethro.binks at strath.ac.uk Fri Jan 15 16:33:38 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri Jan 15 16:33:47 2010 Subject: Problem Messages In-Reply-To: <4B509654.2050404@zuka.net> References: <4B509654.2050404@zuka.net> Message-ID: On Fri, 15 Jan 2010, Dave Filchak wrote: > I am sorry to ask this question again. I lost the email responses after the > last time I asked this. List-Archive: . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From maillists at conactive.com Fri Jan 15 16:45:34 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 15 16:45:47 2010 Subject: Problem Messages In-Reply-To: <4B509654.2050404@zuka.net> References: <4B509654.2050404@zuka.net> Message-ID: Believe it or not, but there is an archive ;-) http://lists.mailscanner.info/pipermail/mailscanner/ Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From submit at zuka.net Fri Jan 15 16:48:30 2010 From: submit at zuka.net (Dave Filchak) Date: Fri Jan 15 16:50:42 2010 Subject: Problem Messages In-Reply-To: References: <4B509654.2050404@zuka.net> Message-ID: <4B509C5E.6030402@zuka.net> Yes .. you are right. Thanks for reminding me :-) Found my answer. Dave On 15/01/2010 11:33 AM, Jethro R Binks wrote: > On Fri, 15 Jan 2010, Dave Filchak wrote: > > >> I am sorry to ask this question again. I lost the email responses after the >> last time I asked this. >> > List-Archive: > > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK > From hden at kci.net.nz Fri Jan 15 17:47:02 2010 From: hden at kci.net.nz (hden@kci.net.nz) Date: Fri Jan 15 17:47:18 2010 Subject: clamd twice in lint output In-Reply-To: References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> Message-ID: <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> # ps ax | grep clamd 14000 ? Ssl 0:25 clamd 18435 pts/0 S+ 0:00 grep clamd > What does > ps ax | grep clamd > produce? You haven't got 2 copies of clamd running have you? > I can't see how this could happen in the code, something very strange is > happening. > It shouldn't actually cause any damage, clamd will only be checked once. > > Jules. > > On 15/01/2010 01:46, hden@kci.net.nz wrote: >> Yes, I have searched for multiple copies, and there's only one clamd in >> any bin. >> >> This issue isn't urgent, Mailscanner/clamd are working fine picking up >> infected msgs. >> >> The double clamd mention in .. >> >> 'MailScanner.conf says "Virus Scanners = auto" Found these virus >> scanners >> installed: clamd, clamd, sophossavi' >> >> .. has me a little over curious >> >> When Mailscanner 'searches' for scanners [when set to 'auto'], any idea >> what/where/how it looks? >> >> Cheers! >> Dave >> >> >> >>> Clamd - the antivirus that's so nice you'll want to run it twice... >>> >>> Have you searched your filesystem for multiple copies of clamav/clamd? >>> ------Original Message------ >>> From: hden@kci.net.nz >>> Sender: mailscanner-bounces@lists.mailscanner.info >>> To: MailScanner discussion >>> ReplyTo: MailScanner discussion >>> Subject: Re: clamd twice in lint output >>> Sent: Jan 14, 2010 5:18 PM >>> >>> >>> LOL .. >>> >>> What I meant was, clamd found twice in this line .. >>> >>> 'Found these virus scanners installed: clamd, clamd, sophossavi' >>> >>> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry >>> for >>> being unclear) >>> >>> Cheers! >>> Dave >>> >>> >>> >>>> Now with twice the virus fighting power! >>>> >>>> If it is, in fact, "checking it twice" like Santa, it's a performance >>>> hit >>>> you're taking. >>>> ------Original Message------ >>>> From: hden@kci.net.nz >>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>> To: MailScanner discussion >>>> ReplyTo: MailScanner discussion >>>> Subject: clamd twice in lint output >>>> Sent: Jan 14, 2010 4:27 PM >>>> >>>> Hello .. >>>> >>>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the >>>> output >>>> shows clamd *twice* ? [snippert below] >>>> >>>> Is there anything I need to change/check/fix/tweak ? >>>> >>>> [snip] >>>> MailScanner.conf says "Virus Scanners = auto" >>>> Found these virus scanners installed: clamd, clamd, sophossavi >>>> =========================================================================== >>>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>>> Other Checks: Found 1 problems >>>> Virus and Content Scanning: Starting >>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>>> Virus Scanning: Clamd found 2 infections >>>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>>> Virus Scanning: SophosSAVI found 1 infections >>>> [snip ends] >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> -- >>>> >>>> Alex Neuman van der Hans >>>> Reliant Technologies >>>> >>>> +507 6781-9505 >>>> +507 832-6725 >>>> BB PIN: 20EA17C5 >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> -- >>> >>> Alex Neuman van der Hans >>> Reliant Technologies >>> >>> +507 6781-9505 >>> +507 832-6725 >>> BB PIN: 20EA17C5 >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Kevin_Miller at ci.juneau.ak.us Fri Jan 15 18:54:07 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Jan 15 18:54:23 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B507715.7090505@marcsnet.com> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> <4B507715.7090505@marcsnet.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149ED594F6@city-exchange07> Marc Lucke wrote: > ?90? Ah - for a business this isn't a big deal I suppose. If it > were US$50 it'd be a no-brainer. I agree with devs needing to get > paid. I sometimes wonder if competition to drive pricing down is > good or not too. But I'm a sysadmin, not an economist. All I can > say is that it is too rich for me and in my case instead of getting > half of something, the devs will get all of nothing. If I'm one man > that doesn't mater, does it? You don't say how many users you have, but I presume it's not that many since you're not a business. On the wiki is a script to query Exchange for known users and feed this to a file your MTA can validate recipients against. I think it's geared towoards Postfix, but it wouldn't be hard to modify it to create an acceptable sendmail (or other MTA) compatible format. Depending on your needs, you could script this to run nightly, hourly, weekly, whatever. If you rarely add or delete users you could just make it part of your user maintanence routine. Lots of options. SMF does have a mail list. If you're having trouble configuring it I'd try there. I've been running smf-sav and smf-spf for several years, albeit on SUSE. Both work a treat. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From alex at rtpty.com Fri Jan 15 19:01:34 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Jan 15 19:01:48 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4A09477D575C2C4B86497161427DD94C149ED594F6@city-exchange07> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B5058BA.4040302@alexb.ch> <4B505EB9.2060107@ecs.soton.ac.uk> <4B507715.7090505@marcsnet.com> <4A09477D575C2C4B86497161427DD94C149ED594F6@city-exchange07> Message-ID: <1EEBF2E2-5FAA-4C1A-91B4-5D8F94E15AD0@rtpty.com> I've had smf-sav and smf-spf running on CentOS for years, too - without any problems... Except a couple of times where either a library was required for correct compilation, or when permissions on /etc/mail/access weren't right. On Jan 15, 2010, at 1:54 PM, Kevin Miller wrote: > SMF does have a mail list. If you're having trouble configuring it I'd try there. I've been running smf-sav and smf-spf for several years, albeit on SUSE. Both work a treat. From marc at marcsnet.com Fri Jan 15 20:42:06 2010 From: marc at marcsnet.com (Marc Lucke) Date: Fri Jan 15 20:42:15 2010 Subject: [Fwd: Re: smf-sav & CentOS5] Message-ID: <4B50D31E.5070203@marcsnet.com> I'll either try to work out what is wrong with smf-save on my 2x CentOS 5.4 boxes or I'll looking into Postfix :) The smf-sav list is looking a little sad but my question wasn't only about if people here had it running or not, but also if anyone was running another solution other than milter-ahead which I don't want to pay for or smf-sav which I'm having some sort of problem with. I did see the exchange script stuff but I won't implement that. Postfix looks like the best solution to me! Thanks list, for your input and advice! :) -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman Subject: Re: smf-sav & CentOS5 Date: Fri, 15 Jan 2010 14:01:34 -0500 Size: 4267 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/fd64d1f2/smf-savCentOS5.eml -------------- next part -------------- An embedded message was scrubbed... From: Kevin Miller Subject: RE: smf-sav & CentOS5 Date: Fri, 15 Jan 2010 09:54:07 -0900 Size: 5024 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/fd64d1f2/smf-savCentOS5-0001.eml From dudi at kolcore.com Fri Jan 15 21:53:44 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Fri Jan 15 21:57:09 2010 Subject: MailScanner & SA results Message-ID: Hello list, I have MS v4.78.17 installed on a BlueQuartz server. Also installed are ClamAV 0.95.3 and SA 3.2.5. I have MailScanner set to "Virus Scanners = none" and I have SA setup with the ClamAV scoring plugin. What happens is that the SA milter detects fine: Jan 15 21:52:44 puppy spamd[32447]: spamd: identified spam (12.4/5.0) for dudi:502 in 4.6 seconds, 336 bytes. Jan 15 21:52:44 puppy spamd[32447]: spamd: result: Y 12 - CLAMAV,CLAMAV_VIRUS,MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUB JE CT,RCVD_IN_SORBS_WEB,SPF_PASS,TVD_SPACE_RATIO scantime=4.6,size=336,user=dudi,uid=502,required_score=5.0,rhost=localho st,raddr=127.0 .0.1,rport=36275,mid=(unknown),autolearn=failed But MailScanner fails to see all the test results, from MailWatch: -0.79 AWL From: address is in the auto white-list 1.58 MISSING_HEADERS Missing To: header 1.28 MISSING_SUBJECT Missing Subject: header 1.12 RCVD_IN_SORBS_WEBSORBS: sender is a abuseable web server 2.90 TVD_SPACE_RATIO I'd expect the results to be close, if not identical, which is not the case. Another issue I see is that although I have "Virus Scanners = none" in MS conf, log shows that MS is still running its ClamAV update which IMHO it should not. Pointers appreciated. Dudi Goldenberg CTO Kolcore Ltd. Registered Linux user #79506 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100115/fcd314a1/attachment.html From AHKAPLAN at PARTNERS.ORG Fri Jan 15 22:26:59 2010 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Fri Jan 15 22:27:10 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin In-Reply-To: References: <4B4EE16D.3020604@ecs.soton.ac.uk> Message-ID: Hi Julian -- I tried running the install script with the clamav-0.95.3 release, and while the SpamAssassin portion installed, the clamav part did not install. A series of Error 2 and Error 1 messages occurred. The errors in question are shown below: In file included from matcher.h:28, from others.h:21, from matcher-bm.c:29: others.h: In function ?cli_getpagesize?: others.h:363: error: ?_SC_PAGESIZE? undeclared (first use in this function) others.h:363: error: (Each undeclared identifier is reported only once others.h:363: error: for each function it appears in.) make[4]: *** [libclamav_la-matcher-bm.lo] Error 1 make[4]: Leaving directory `/tmp/clamav-0.95.3/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/tmp/clamav-0.95.3/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/tmp/clamav-0.95.3/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/tmp/clamav-0.95.3' make: *** [all] Error 2 Any idea what is causing this, and how it can be corrected? Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, January 14, 2010 4:19 AM To: MailScanner discussion Subject: Re: Easy Install package for clamav 0.95.3 and SpamAssassin Done. On 13/01/2010 23:30, Kaplan, Andrew H. wrote: > > Hi there -- > > The latest version of Clamav is 0.95.3, and I was wondering if that > will be incorporated into > the easy installation package with SpamAssassin in the upcoming weeks. > Thanks. > > The information in this e-mail is intended only for the person to whom it is > addressed. If you believe this e-mail was sent to you in error and the e-mail > contains patient information, please contact the Partners Compliance HelpLine at > http://www.partners.org/complianceline . If the e-mail was sent to you in error > but does not contain patient information, please contact the sender and properly > dispose of the e-mail. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lstewart at superb.net Fri Jan 15 22:43:14 2010 From: lstewart at superb.net (Landon Stewart) Date: Fri Jan 15 22:43:24 2010 Subject: Storing the *body* of emails marked as spam Message-ID: Is there a way to store the body of emails marked as spam in the database aside from seeing them in /var/spool/MailScanner/quarantine? Even if its just the first 2048 bytes or something would be sweet. I'd like to be able to see the bodies of emails in MailWatch when clicking on one marked as spam. Naturally I don't need to store the bodies of emails that aren't marked as spam. -- Landon Stewart SuperbHosting.Net by Superb Internet Corp. Toll Free (US/Canada): 888-354-6128 x 4199 Local and International: 206-438-5879 x 4199 Web hosting and more "Ahead of the Rest": http://www.superbhosting.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100115/2c06045d/attachment.html From mike at mlrw.com Sat Jan 16 02:02:15 2010 From: mike at mlrw.com (Mike Wallace) Date: Sat Jan 16 02:02:26 2010 Subject: clamd twice in lint output In-Reply-To: <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> Message-ID: What version of MailScanner? I used to see this until I upgraded to 4.78.17 and it went away. Mike Wallace mike@mlrw.com On Jan 15, 2010, at 12:47 PM, hden@kci.net.nz wrote: > > # ps ax | grep clamd > 14000 ? Ssl 0:25 clamd > 18435 pts/0 S+ 0:00 grep clamd > > >> What does >> ps ax | grep clamd >> produce? You haven't got 2 copies of clamd running have you? >> I can't see how this could happen in the code, something very strange is >> happening. >> It shouldn't actually cause any damage, clamd will only be checked once. >> >> Jules. >> >> On 15/01/2010 01:46, hden@kci.net.nz wrote: >>> Yes, I have searched for multiple copies, and there's only one clamd in >>> any bin. >>> >>> This issue isn't urgent, Mailscanner/clamd are working fine picking up >>> infected msgs. >>> >>> The double clamd mention in .. >>> >>> 'MailScanner.conf says "Virus Scanners = auto" Found these virus >>> scanners >>> installed: clamd, clamd, sophossavi' >>> >>> .. has me a little over curious >>> >>> When Mailscanner 'searches' for scanners [when set to 'auto'], any idea >>> what/where/how it looks? >>> >>> Cheers! >>> Dave >>> >>> >>> >>>> Clamd - the antivirus that's so nice you'll want to run it twice... >>>> >>>> Have you searched your filesystem for multiple copies of clamav/clamd? >>>> ------Original Message------ >>>> From: hden@kci.net.nz >>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>> To: MailScanner discussion >>>> ReplyTo: MailScanner discussion >>>> Subject: Re: clamd twice in lint output >>>> Sent: Jan 14, 2010 5:18 PM >>>> >>>> >>>> LOL .. >>>> >>>> What I meant was, clamd found twice in this line .. >>>> >>>> 'Found these virus scanners installed: clamd, clamd, sophossavi' >>>> >>>> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry >>>> for >>>> being unclear) >>>> >>>> Cheers! >>>> Dave >>>> >>>> >>>> >>>>> Now with twice the virus fighting power! >>>>> >>>>> If it is, in fact, "checking it twice" like Santa, it's a performance >>>>> hit >>>>> you're taking. >>>>> ------Original Message------ >>>>> From: hden@kci.net.nz >>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>> To: MailScanner discussion >>>>> ReplyTo: MailScanner discussion >>>>> Subject: clamd twice in lint output >>>>> Sent: Jan 14, 2010 4:27 PM >>>>> >>>>> Hello .. >>>>> >>>>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the >>>>> output >>>>> shows clamd *twice* ? [snippert below] >>>>> >>>>> Is there anything I need to change/check/fix/tweak ? >>>>> >>>>> [snip] >>>>> MailScanner.conf says "Virus Scanners = auto" >>>>> Found these virus scanners installed: clamd, clamd, sophossavi >>>>> =========================================================================== >>>>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>>>> Other Checks: Found 1 problems >>>>> Virus and Content Scanning: Starting >>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>>>> Virus Scanning: Clamd found 2 infections >>>>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>>>> Virus Scanning: SophosSAVI found 1 infections >>>>> [snip ends] >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> -- >>>>> >>>>> Alex Neuman van der Hans >>>>> Reliant Technologies >>>>> >>>>> +507 6781-9505 >>>>> +507 832-6725 >>>>> BB PIN: 20EA17C5 >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> -- >>>> >>>> Alex Neuman van der Hans >>>> Reliant Technologies >>>> >>>> +507 6781-9505 >>>> +507 832-6725 >>>> BB PIN: 20EA17C5 >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > From glenn.steen at gmail.com Sat Jan 16 11:37:54 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 16 11:38:03 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B50D31E.5070203@marcsnet.com> References: <4B50D31E.5070203@marcsnet.com> Message-ID: <223f97701001160337v32a931b1s646108a5ab1c26e2@mail.gmail.com> Silly question... You are sure Exchange is rejecting unknown recipients? Else... Postfix is grand... Then again, I would be saying that, wouldn't i;-) 2010/1/15, Marc Lucke : > I'll either try to work out what is wrong with smf-save on my 2x CentOS > 5.4 boxes or I'll looking into Postfix :) The smf-sav list is looking a > little sad but my question wasn't only about if people here had it > running or not, but also if anyone was running another solution other > than milter-ahead which I don't want to pay for or smf-sav which I'm > having some sort of problem with. > > I did see the exchange script stuff but I won't implement that. > > Postfix looks like the best solution to me! > > Thanks list, for your input and advice! :) > > > > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jan 16 11:51:54 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 16 11:52:02 2010 Subject: Storing the *body* of emails marked as spam In-Reply-To: References: Message-ID: <223f97701001160351v4ce4c7c8t8e679c282cb0c7b2@mail.gmail.com> What is wrong with scrolling down and clicking the link in the quarantine section on the details page? 2010/1/15, Landon Stewart : > Is there a way to store the body of emails marked as spam in the database > aside from seeing them in /var/spool/MailScanner/quarantine? Even if its > just the first 2048 bytes or something would be sweet. I'd like to be able > to see the bodies of emails in MailWatch when clicking on one marked as > spam. Naturally I don't need to store the bodies of emails that aren't > marked as spam. > > -- > Landon Stewart > SuperbHosting.Net by Superb Internet Corp. > Toll Free (US/Canada): 888-354-6128 x 4199 > Local and International: 206-438-5879 x 4199 > Web hosting and more "Ahead of the Rest": http://www.superbhosting.net > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From marc at marcsnet.com Sat Jan 16 11:54:09 2010 From: marc at marcsnet.com (Marc Lucke) Date: Sat Jan 16 11:54:13 2010 Subject: smf-sav & CentOS5 In-Reply-To: <223f97701001160337v32a931b1s646108a5ab1c26e2@mail.gmail.com> References: <4B50D31E.5070203@marcsnet.com> <223f97701001160337v32a931b1s646108a5ab1c26e2@mail.gmail.com> Message-ID: <4B51A8E1.1040907@marcsnet.com> Only stupid question is one that isn't asked! Actually the remote system is EIMS! :) Yeah - I checked all that out. Glenn Steen wrote: > Silly question... You are sure Exchange is rejecting unknown recipients? > Else... Postfix is grand... Then again, I would be saying that, wouldn't i;-) > > 2010/1/15, Marc Lucke : > >> I'll either try to work out what is wrong with smf-save on my 2x CentOS >> 5.4 boxes or I'll looking into Postfix :) The smf-sav list is looking a >> little sad but my question wasn't only about if people here had it >> running or not, but also if anyone was running another solution other >> than milter-ahead which I don't want to pay for or smf-sav which I'm >> having some sort of problem with. >> >> I did see the exchange script stuff but I won't implement that. >> >> Postfix looks like the best solution to me! >> >> Thanks list, for your input and advice! :) >> >> >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/70d3c32d/attachment.html From maillists at conactive.com Sat Jan 16 12:31:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 12:31:35 2010 Subject: Storing the *body* of emails marked as spam In-Reply-To: References: Message-ID: Landon Stewart wrote on Fri, 15 Jan 2010 14:43:14 -0800: > Is there a way to store the body of emails marked as spam in the database > aside from seeing them in /var/spool/MailScanner/quarantine? Even if its > just the first 2048 bytes or something would be sweet. I'd like to be able > to see the bodies of emails in MailWatch when clicking on one marked as > spam. I'm quite convinced that this is explained in the mailwatch installation instructions. There is no need to "store in the database", the files in quarantine get used for that. If you can't make it work, post details of the problem/error message to the mailwatch mailing list. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sat Jan 16 14:10:57 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 14:11:13 2010 Subject: clamd twice in lint output In-Reply-To: References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> <4B51C8F1.8060407@ecs.soton.ac.uk> Message-ID: In which case please try this and then get back to us. On 16/01/2010 02:02, Mike Wallace wrote: > What version of MailScanner? > > I used to see this until I upgraded to 4.78.17 and it went away. > > > Mike Wallace > mike@mlrw.com > > > > On Jan 15, 2010, at 12:47 PM, hden@kci.net.nz wrote: > > >> # ps ax | grep clamd >> 14000 ? Ssl 0:25 clamd >> 18435 pts/0 S+ 0:00 grep clamd >> >> >> >>> What does >>> ps ax | grep clamd >>> produce? You haven't got 2 copies of clamd running have you? >>> I can't see how this could happen in the code, something very strange is >>> happening. >>> It shouldn't actually cause any damage, clamd will only be checked once. >>> >>> Jules. >>> >>> On 15/01/2010 01:46, hden@kci.net.nz wrote: >>> >>>> Yes, I have searched for multiple copies, and there's only one clamd in >>>> any bin. >>>> >>>> This issue isn't urgent, Mailscanner/clamd are working fine picking up >>>> infected msgs. >>>> >>>> The double clamd mention in .. >>>> >>>> 'MailScanner.conf says "Virus Scanners = auto" Found these virus >>>> scanners >>>> installed: clamd, clamd, sophossavi' >>>> >>>> .. has me a little over curious >>>> >>>> When Mailscanner 'searches' for scanners [when set to 'auto'], any idea >>>> what/where/how it looks? >>>> >>>> Cheers! >>>> Dave >>>> >>>> >>>> >>>> >>>>> Clamd - the antivirus that's so nice you'll want to run it twice... >>>>> >>>>> Have you searched your filesystem for multiple copies of clamav/clamd? >>>>> ------Original Message------ >>>>> From: hden@kci.net.nz >>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>> To: MailScanner discussion >>>>> ReplyTo: MailScanner discussion >>>>> Subject: Re: clamd twice in lint output >>>>> Sent: Jan 14, 2010 5:18 PM >>>>> >>>>> >>>>> LOL .. >>>>> >>>>> What I meant was, clamd found twice in this line .. >>>>> >>>>> 'Found these virus scanners installed: clamd, clamd, sophossavi' >>>>> >>>>> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry >>>>> for >>>>> being unclear) >>>>> >>>>> Cheers! >>>>> Dave >>>>> >>>>> >>>>> >>>>> >>>>>> Now with twice the virus fighting power! >>>>>> >>>>>> If it is, in fact, "checking it twice" like Santa, it's a performance >>>>>> hit >>>>>> you're taking. >>>>>> ------Original Message------ >>>>>> From: hden@kci.net.nz >>>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>>> To: MailScanner discussion >>>>>> ReplyTo: MailScanner discussion >>>>>> Subject: clamd twice in lint output >>>>>> Sent: Jan 14, 2010 4:27 PM >>>>>> >>>>>> Hello .. >>>>>> >>>>>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the >>>>>> output >>>>>> shows clamd *twice* ? [snippert below] >>>>>> >>>>>> Is there anything I need to change/check/fix/tweak ? >>>>>> >>>>>> [snip] >>>>>> MailScanner.conf says "Virus Scanners = auto" >>>>>> Found these virus scanners installed: clamd, clamd, sophossavi >>>>>> =========================================================================== >>>>>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>>>>> Other Checks: Found 1 problems >>>>>> Virus and Content Scanning: Starting >>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>>>>> Virus Scanning: Clamd found 2 infections >>>>>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>>>>> Virus Scanning: SophosSAVI found 1 infections >>>>>> [snip ends] >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Alex Neuman van der Hans >>>>>> Reliant Technologies >>>>>> >>>>>> +507 6781-9505 >>>>>> +507 832-6725 >>>>>> BB PIN: 20EA17C5 >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> -- >>>>> >>>>> Alex Neuman van der Hans >>>>> Reliant Technologies >>>>> >>>>> +507 6781-9505 >>>>> +507 832-6725 >>>>> BB PIN: 20EA17C5 >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> >>>> >>>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 16 14:20:13 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 14:20:25 2010 Subject: MailScanner & SA results In-Reply-To: References: <4B51CB1D.4080907@ecs.soton.ac.uk> Message-ID: On 15/01/2010 21:53, Dudi Goldenberg wrote: > > Hello list, > > I have MS v4.78.17 installed on a BlueQuartz server. > > Also installed are ClamAV 0.95.3 and SA 3.2.5. > > I have MailScanner set to "Virus Scanners = none" and I have SA setup > with the ClamAV scoring plugin. > > What happens is that the SA milter detects fine: > > Jan 15 21:52:44 puppy spamd[32447]: spamd: identified spam (12.4/5.0) > for dudi:502 in 4.6 seconds, 336 bytes. > > Jan 15 21:52:44 puppy spamd[32447]: spamd: result: Y 12 - > CLAMAV,CLAMAV_VIRUS,MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUBJE > > CT,RCVD_IN_SORBS_WEB,SPF_PASS,TVD_SPACE_RATIO > scantime=4.6,size=336,user=dudi,uid=502,required_score=5.0,rhost=localhost,raddr=127.0 > > .0.1,rport=36275,mid=(unknown),autolearn=failed > > But MailScanner fails to see all the test results, from MailWatch: > > -0.79 AWL From: address is in > the auto white-list > > 1.58 MISSING_HEADERS Missing To: header > > 1.28 MISSING_SUBJECT Missing Subject: header > > 1.12 RCVD_IN_SORBS_WEBSORBS: sender is a abuseable web > server > > 2.90 TVD_SPACE_RATIO > > I'd expect the results to be close, if not identical, which is not the > case. > > Another issue I see is that although I have "Virus Scanners = none" in > MS conf, log shows that MS is still running its ClamAV update which > IMHO it should not. > MailScanner will update *all* the virus scanners it finds installed, regardless of whether they are currently in use or not. Otherwise if you changed your configured virus scanners, for the first entire hour they would be utterly useless as they would be out of date, and that would be a disaster! So it's "behaviour by design" as M$ put it. :-) Jules. > > Pointers appreciated. > > Dudi Goldenberg > CTO > Kolcore Ltd. > Registered Linux user #79506 > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 16 14:29:16 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 14:29:32 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin In-Reply-To: References: <4B4EE16D.3020604@ecs.soton.ac.uk> <4B51CD3C.2070703@ecs.soton.ac.uk> Message-ID: On my system, this builds just fine. Has anyone else seen this problem? Otherwise, I would these days recommend you do *not* install ClamAV from my ClamAV+SA package, but instead remove all files and directories under /usr/local and /etc that mention "clam" or "Clam" in their name. Then download the RPMs of clamav and clamd from packages.sw.be and install them instead, then use "clamd" as the virus scanner and not "clamav" or "clamavmodule". You can list all the files and directories you need to delete with this command: find /usr/local -name '*[Cc]lam*' -print "clamd" as the virus scanner will take a lot less memory than "clamavmodule" and will work a lot faster than "clamav". Jules. On 15/01/2010 22:26, Kaplan, Andrew H. wrote: > Hi Julian -- > > I tried running the install script with the clamav-0.95.3 release, and while the > > SpamAssassin portion installed, the clamav part did not install. A series of > Error 2 > and Error 1 messages occurred. The errors in question are shown below: > > In file included from matcher.h:28, > from others.h:21, > from matcher-bm.c:29: > others.h: In function ?cli_getpagesize?: > others.h:363: error: ?_SC_PAGESIZE? undeclared (first use in this function) > others.h:363: error: (Each undeclared identifier is reported only once > others.h:363: error: for each function it appears in.) > make[4]: *** [libclamav_la-matcher-bm.lo] Error 1 > make[4]: Leaving directory `/tmp/clamav-0.95.3/libclamav' > make[3]: *** [all-recursive] Error 1 > make[3]: Leaving directory `/tmp/clamav-0.95.3/libclamav' > make[2]: *** [all] Error 2 > make[2]: Leaving directory `/tmp/clamav-0.95.3/libclamav' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/tmp/clamav-0.95.3' > make: *** [all] Error 2 > > Any idea what is causing this, and how it can be corrected? Thanks. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Thursday, January 14, 2010 4:19 AM > To: MailScanner discussion > Subject: Re: Easy Install package for clamav 0.95.3 and SpamAssassin > > Done. > > On 13/01/2010 23:30, Kaplan, Andrew H. wrote: > >> Hi there -- >> >> The latest version of Clamav is 0.95.3, and I was wondering if that >> will be incorporated into >> the easy installation package with SpamAssassin in the upcoming weeks. >> Thanks. >> >> The information in this e-mail is intended only for the person to whom it is >> addressed. If you believe this e-mail was sent to you in error and the e-mail >> contains patient information, please contact the Partners Compliance HelpLine >> > at > >> http://www.partners.org/complianceline . If the e-mail was sent to you in >> > error > >> but does not contain patient information, please contact the sender and >> > properly > >> dispose of the e-mail. >> >> > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 16 14:30:08 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 14:30:21 2010 Subject: Storing the *body* of emails marked as spam In-Reply-To: References: <4B51CD70.8020307@ecs.soton.ac.uk> Message-ID: Not currently, no. You would have to write a Custom Function of some sort to do it for you. This would also require quite a bit of modification to MailWatch. On 15/01/2010 22:43, Landon Stewart wrote: > Is there a way to store the body of emails marked as spam in the > database aside from seeing them in /var/spool/MailScanner/quarantine? > Even if its just the first 2048 bytes or something would be sweet. > I'd like to be able to see the bodies of emails in MailWatch when > clicking on one marked as spam. Naturally I don't need to store the > bodies of emails that aren't marked as spam. > > -- > Landon Stewart > > SuperbHosting.Net by Superb Internet Corp. > Toll Free (US/Canada): 888-354-6128 x 4199 > Local and International: 206-438-5879 x 4199 > Web hosting and more "Ahead of the Rest": http://www.superbhosting.net Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgt at stellarcore.net Sat Jan 16 15:13:02 2010 From: mgt at stellarcore.net (Mike Tremaine) Date: Sat Jan 16 15:13:17 2010 Subject: Subject: Re: smf-sav & CentOS5 Message-ID: <4B51D77E.8030306@stellarcore.net> > > Anyway - my actual question - * has anyone gotten smf-sav or another > alternative solution running on a CentOS5 system? If so, I'd love to > hear from you. You never know, I might even pay you for it :) > > Cheers all. > > Marc For clients who have exchange behind the MailScanner+Sendmail box I use a custom ldap lookup script that builds [rebuilds] the access map the script is based on an older script floating around [getadsmtp.pl by Chris Covington for Postfix] it requires Net::LDAP and has various filters for multiple domains mailboxes to ignore warnings if the change bigger then X lines and minimum return results to avoid bad things. Runs fine on Centos 4 and 5, and for 90 quid :) just kidding I could be convinced to post it up if there is need. I'm sure that this has been been brought up before perhaps a few years ago. -Mike From maillists at conactive.com Sat Jan 16 15:31:49 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 15:32:00 2010 Subject: MailScanner & SA results In-Reply-To: References: Message-ID: Dudi Goldenberg wrote on Fri, 15 Jan 2010 23:53:44 +0200: > But MailScanner fails to see all the test results, from MailWatch: The mail server adds required headers, thus the rules firing on the missing required headers cannot fire in MS anymore. The milter runs before MTA acceptance, MS runs after MTA acceptance and processing. The only thing that isn't explained by that are the missing clamav results. That's obviously because you are using it with different configurations. You should also be aware that MS can probably make much better use of clamav directly. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dudi at kolcore.com Sat Jan 16 16:53:37 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jan 16 16:57:03 2010 Subject: MailScanner & SA results In-Reply-To: References: <4B51CB1D.4080907@ecs.soton.ac.uk> Message-ID: Hi Julian, >MailScanner will update *all* the virus scanners it finds installed, regardless of whether they are currently in use or not. Otherwise if you changed your configured virus scanners, for the first entire hour they would be utterly useless as they would be out of date, and that would be a disaster! > >So it's "behaviour by design" as M$ put it. :-) I'll live with that for now, this is a test machine.... Regards, Dudi From dudi at kolcore.com Sat Jan 16 17:05:57 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jan 16 17:09:21 2010 Subject: MailScanner & SA results In-Reply-To: References: Message-ID: Hello Kai, >The mail server adds required headers, thus the rules firing on the >missing required headers cannot fire in MS anymore. The milter runs before >MTA acceptance, MS runs after MTA acceptance and processing. >The only thing that isn't explained by that are the missing clamav >results. That's obviously because you are using it with different >configurations. You should also be aware that MS can probably make much >better use of clamav directly. Well, My goal is to reject as much as possible at the gate, so far, SA + ClamAV plugin is proving very effective. Without digging into MS code, I assume it calls spamd and collects the results. If this is true, I don't see how different configs are being used. On top of that, I have another identical server, running the same config, just with a very old MS version. The above system does see all SA test & scores, I've tried everything but rape and still could not find why this system behaves differently. Regards, Dudi From maillists at conactive.com Sat Jan 16 17:19:09 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 17:19:22 2010 Subject: Easy Install package for clamav 0.95.3 and SpamAssassin In-Reply-To: References: <4B4EE16D.3020604@ecs.soton.ac.uk> <4B51CD3C.2070703@ecs.soton.ac.uk> Message-ID: Jules Field wrote on Sat, 16 Jan 2010 14:29:16 +0000: > Otherwise, I would these days recommend you do *not* install ClamAV from > my ClamAV+SA package, but instead remove all files and directories under > /usr/local and /etc that mention "clam" or "Clam" in their name. Then > download the RPMs of clamav and clamd from packages.sw.be and install > them instead, then use "clamd" as the virus scanner and not "clamav" or > "clamavmodule". At least if that is a CentOS/RHEL distribution - which we don't know (or do we?). I'm amazed that you are advocating what I've been advocating all the time for this platform :-) Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Jan 16 17:19:09 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 17:19:22 2010 Subject: Subject: smf-sav & CentOS5 In-Reply-To: <4B51D77E.8030306@stellarcore.net> References: <4B51D77E.8030306@stellarcore.net> Message-ID: Mike Tremaine wrote on Sat, 16 Jan 2010 07:13:02 -0800: > I'm sure that this has been > been brought up before perhaps a few years ago. I think so. If this hasn't been added to the MS wiki since long it should be added now. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sat Jan 16 17:34:20 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 17:34:29 2010 Subject: MailScanner & SA results In-Reply-To: References: <4B51F89C.5060203@ecs.soton.ac.uk> Message-ID: On 16/01/2010 17:05, Dudi Goldenberg wrote: > Hello Kai, > > >> The mail server adds required headers, thus the rules firing on the >> missing required headers cannot fire in MS anymore. The milter runs >> > before > >> MTA acceptance, MS runs after MTA acceptance and processing. >> The only thing that isn't explained by that are the missing clamav >> results. That's obviously because you are using it with different >> configurations. You should also be aware that MS can probably make much >> > >> better use of clamav directly. >> > Well, > > My goal is to reject as much as possible at the gate, so far, SA + > ClamAV plugin is proving very effective. > > Without digging into MS code, I assume it calls spamd and collects the > results. > It doesn't use spamd, it talks directly to the SpamAssassin function library. It does not use the "spamassassin" script or anything inefficient like that. > If this is true, I don't see how different configs are being used. > > On top of that, I have another identical server, running the same > config, just with a very old MS version. > > The above system does see all SA test& scores, I've tried everything > but rape and still could not find why this system behaves differently. > > Regards, > > Dudi > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sat Jan 16 17:35:30 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Jan 16 17:35:58 2010 Subject: MailScanner & SA results Message-ID: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> Then perhaps it's time to try it. I don't condone it, but if rape has worked for you in the past... ------Original Message------ From: Dudi Goldenberg Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: RE: MailScanner & SA results Sent: Jan 16, 2010 12:05 PM Hello Kai, >The mail server adds required headers, thus the rules firing on the >missing required headers cannot fire in MS anymore. The milter runs before >MTA acceptance, MS runs after MTA acceptance and processing. >The only thing that isn't explained by that are the missing clamav >results. That's obviously because you are using it with different >configurations. You should also be aware that MS can probably make much >better use of clamav directly. Well, My goal is to reject as much as possible at the gate, so far, SA + ClamAV plugin is proving very effective. Without digging into MS code, I assume it calls spamd and collects the results. If this is true, I don't see how different configs are being used. On top of that, I have another identical server, running the same config, just with a very old MS version. The above system does see all SA test & scores, I've tried everything but rape and still could not find why this system behaves differently. Regards, Dudi -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From maxsec at gmail.com Sat Jan 16 18:07:22 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Sat Jan 16 18:07:30 2010 Subject: Birthday Message-ID: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> Happy Birthday Jules. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/9da47264/attachment.html From maxsec at gmail.com Sat Jan 16 18:10:51 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Sat Jan 16 18:11:01 2010 Subject: MailScanner & SA results In-Reply-To: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> References: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> Message-ID: <72cf361e1001161010o51645e2cs5d40debe3db12192@mail.gmail.com> Question then becomes 'how' have you setup SA to use the clamav plugin.... Martin 2010/1/16 Alex Neuman van der Hans > Then perhaps it's time to try it. I don't condone it, but if rape has > worked for you in the past... > ------Original Message------ > From: Dudi Goldenberg > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: RE: MailScanner & SA results > Sent: Jan 16, 2010 12:05 PM > > Hello Kai, > > >The mail server adds required headers, thus the rules firing on the > >missing required headers cannot fire in MS anymore. The milter runs > before > >MTA acceptance, MS runs after MTA acceptance and processing. > >The only thing that isn't explained by that are the missing clamav > >results. That's obviously because you are using it with different > >configurations. You should also be aware that MS can probably make much > > >better use of clamav directly. > > Well, > > My goal is to reject as much as possible at the gate, so far, SA + > ClamAV plugin is proving very effective. > > Without digging into MS code, I assume it calls spamd and collects the > results. > > If this is true, I don't see how different configs are being used. > > On top of that, I have another identical server, running the same > config, just with a very old MS version. > > The above system does see all SA test & scores, I've tried everything > but rape and still could not find why this system behaves differently. > > Regards, > > Dudi > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/56087a8b/attachment.html From maillists at conactive.com Sat Jan 16 18:17:37 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 18:17:51 2010 Subject: MailScanner & SA results In-Reply-To: References: Message-ID: Dudi Goldenberg wrote on Sat, 16 Jan 2010 19:05:57 +0200: > My goal is to reject as much as possible at the gate, so far, SA + > ClamAV plugin is proving very effective. Fine. But why do you want to use MS in addition? It does not reject anything, it works after the MTA phase. It doesn't make much sense to use that milter *and* MS at the same time. If you are happy with that milter, keep on using it and forget about MS. > If this is true, it isn't. Please read up on MS before you cry wolf. > > The above system does see all SA test & scores, You do not read or understand. Tests that are based on headers that are not present in the incoming mail and that are added by the MTA because of this *cannot* be detected as missing by MS. > running the same > config, it doesn't. Your new one isn't able to pick up the pre file that contains the extra plugin info. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Jan 16 18:20:12 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 16 18:20:21 2010 Subject: Birthday In-Reply-To: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> Message-ID: Is that correct? Then best wishes from me, too! Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From Garrod.Alwood at lorodoes.com Sat Jan 16 18:21:45 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sat Jan 16 18:27:29 2010 Subject: Birthday In-Reply-To: References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> Message-ID: <885A204C-020B-476A-94EA-42507D89A3F6@lorodoes.com> Happy birthday Jules Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 16, 2010, at 1:17 PM, "Kai Schaetzl" wrote: > Is that correct? > Then best wishes from me, too! > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Jan 16 18:37:12 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 18:37:29 2010 Subject: Birthday In-Reply-To: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> <4B520758.8020006@ecs.soton.ac.uk> Message-ID: Thank you. On 16/01/2010 18:07, Martin Hepworth wrote: > Happy Birthday Jules. > > > > -- > Martin Hepworth > Oxford, UK Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 16 18:37:29 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 18:37:48 2010 Subject: Birthday In-Reply-To: References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> <4B520769.8030404@ecs.soton.ac.uk> Message-ID: Cheers, Jules. On 16/01/2010 18:20, Kai Schaetzl wrote: > Is that correct? > Then best wishes from me, too! > > Kai > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dudi at kolcore.com Sat Jan 16 18:34:29 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jan 16 18:37:54 2010 Subject: MailScanner & SA results In-Reply-To: <72cf361e1001161010o51645e2cs5d40debe3db12192@mail.gmail.com> References: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> <72cf361e1001161010o51645e2cs5d40debe3db12192@mail.gmail.com> Message-ID: Hi Martin, Setup was as easy as placing clamav.cf and clamav.pm in /etc/mail/spamassassin and the milter was happy: Jan 15 21:52:44 puppy spamd[32447]: spamd: identified spam (12.4/5.0) for dudi:502 in 4.6 seconds, 336 bytes. Jan 15 21:52:44 puppy spamd[32447]: spamd: result: Y 12 - CLAMAV,CLAMAV_VIRUS,MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUB JE CT,RCVD_IN_SORBS_WEB,SPF_PASS,TVD_SPACE_RATIO scantime=4.6,size=336,user=dudi,uid=502,required_score=5.0,rhost=localho st,raddr=127.0 .0.1,rport=36275,mid=(unknown),autolearn=failed Regards, Dudi ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Saturday, January 16, 2010 20:11 To: MailScanner discussion Subject: Re: MailScanner & SA results Question then becomes 'how' have you setup SA to use the clamav plugin.... Martin 2010/1/16 Alex Neuman van der Hans Then perhaps it's time to try it. I don't condone it, but if rape has worked for you in the past... ------Original Message------ From: Dudi Goldenberg Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: RE: MailScanner & SA results Sent: Jan 16, 2010 12:05 PM Hello Kai, >The mail server adds required headers, thus the rules firing on the >missing required headers cannot fire in MS anymore. The milter runs before >MTA acceptance, MS runs after MTA acceptance and processing. >The only thing that isn't explained by that are the missing clamav >results. That's obviously because you are using it with different >configurations. You should also be aware that MS can probably make much >better use of clamav directly. Well, My goal is to reject as much as possible at the gate, so far, SA + ClamAV plugin is proving very effective. Without digging into MS code, I assume it calls spamd and collects the results. If this is true, I don't see how different configs are being used. On top of that, I have another identical server, running the same config, just with a very old MS version. The above system does see all SA test & scores, I've tried everything but rape and still could not find why this system behaves differently. Regards, Dudi -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/53f274ab/attachment.html From MailScanner at ecs.soton.ac.uk Sat Jan 16 18:37:41 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 16 18:38:00 2010 Subject: Birthday In-Reply-To: <885A204C-020B-476A-94EA-42507D89A3F6@lorodoes.com> References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> <885A204C-020B-476A-94EA-42507D89A3F6@lorodoes.com> <4B520775.7050108@ecs.soton.ac.uk> Message-ID: Thank you. Jules. On 16/01/2010 18:21, Garrod M. Alwood wrote: > Happy birthday Jules > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 16, 2010, at 1:17 PM, "Kai Schaetzl" > wrote: > > >> Is that correct? >> Then best wishes from me, too! >> >> Kai >> >> -- >> Get your web at Conactive Internet Services: http://www.conactive.com >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dudi at kolcore.com Sat Jan 16 18:35:41 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jan 16 18:39:05 2010 Subject: MailScanner & SA results In-Reply-To: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> References: <1934477875-1263663345-cardhu_decombobulator_blackberry.rim.net-487401894-@bda942.bisx.prod.on.blackberry> Message-ID: Saving it as a last resort, I'm not there yet... Dudi -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman van der Hans Sent: Saturday, January 16, 2010 19:36 To: MailScanner discussion Subject: Re: MailScanner & SA results Then perhaps it's time to try it. I don't condone it, but if rape has worked for you in the past... ------Original Message------ From: Dudi Goldenberg Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: RE: MailScanner & SA results Sent: Jan 16, 2010 12:05 PM Hello Kai, >The mail server adds required headers, thus the rules firing on the >missing required headers cannot fire in MS anymore. The milter runs before >MTA acceptance, MS runs after MTA acceptance and processing. >The only thing that isn't explained by that are the missing clamav >results. That's obviously because you are using it with different >configurations. You should also be aware that MS can probably make much >better use of clamav directly. Well, My goal is to reject as much as possible at the gate, so far, SA + ClamAV plugin is proving very effective. Without digging into MS code, I assume it calls spamd and collects the results. If this is true, I don't see how different configs are being used. On top of that, I have another identical server, running the same config, just with a very old MS version. The above system does see all SA test & scores, I've tried everything but rape and still could not find why this system behaves differently. Regards, Dudi -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From glenn.steen at gmail.com Sat Jan 16 18:42:06 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 16 18:42:15 2010 Subject: Birthday In-Reply-To: <885A204C-020B-476A-94EA-42507D89A3F6@lorodoes.com> References: <72cf361e1001161007q3e835120u706b9cdeadb489c1@mail.gmail.com> <885A204C-020B-476A-94EA-42507D89A3F6@lorodoes.com> Message-ID: <223f97701001161042s77c7d470i2f6663cbeccf4908@mail.gmail.com> CC. And a healthy one! Cheers 2010/1/16, Garrod M. Alwood : > Happy birthday Jules > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 16, 2010, at 1:17 PM, "Kai Schaetzl" > wrote: > >> Is that correct? >> Then best wishes from me, too! >> >> Kai >> >> -- >> Get your web at Conactive Internet Services: http://www.conactive.com >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dudi at kolcore.com Sat Jan 16 18:48:59 2010 From: dudi at kolcore.com (Dudi Goldenberg) Date: Sat Jan 16 18:52:24 2010 Subject: MailScanner & SA results In-Reply-To: References: Message-ID: Hi Kai, >Fine. But why do you want to use MS in addition? It does not reject >anything, it works after the MTA phase. It doesn't make much sense to use >that milter *and* MS at the same time. If you are happy with that milter, >keep on using it and forget about MS. Simple reason. Mail that does get in (score low enough not to be rejected), will appear in mailwatch for the domain admins to view/learn/release or what ever they want to do with it. >it doesn't. Your new one isn't able to pick up the pre file that contains >the extra plugin info. I have one machine that does see all the test, including ClamAV tests results. I have yet to find what makes it work on one machine and fail on the other. Regards, Dudi Kai From lists at openenterprise.ca Sat Jan 16 20:57:03 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Jan 16 20:57:13 2010 Subject: "Problem Messages" Message-ID: <4B52281F.6070303@openenterprise.ca> Ever since one of the last upgrades, I have been getting these "Problem Messages" emails. Are these messages that I should/could delete somewhere? Or how can I find out exactly what the "problem" is with these? Thanks :) Archive: Number of messages: 9 Tries Message Last Tried ===== ======= ========== 6 n96BpwUm020190 Tue Oct 6 05:15:04 2009 6 n8MF8URm009682 Tue Sep 22 08:32:58 2009 6 n8MF0cF5009244 Tue Sep 22 08:24:39 2009 6 n8MEpc2L008762 Tue Sep 22 08:16:02 2009 6 n8LCan8m013668 Mon Sep 21 05:56:59 2009 6 n81F8Vnb032496 Tue Sep 1 08:30:34 2009 6 n7VEF6dJ016460 Mon Aug 31 07:40:17 2009 6 n7NLWIis032081 Sun Aug 23 14:55:14 2009 6 n7NHVwFX022003 Sun Aug 23 10:56:27 2009 From steve at fsl.com Sat Jan 16 21:16:39 2010 From: steve at fsl.com (Stephen Swaney) Date: Sat Jan 16 21:16:50 2010 Subject: "Problem Messages" In-Reply-To: <4B52281F.6070303@openenterprise.ca> References: <4B52281F.6070303@openenterprise.ca> Message-ID: <3B096987-A270-4059-854D-4D1FFCE55B21@fsl.com> Johnny, Which system? Thanks, Best regards, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available On Jan 16, 2010, at 3:57 PM, Johnny Stork wrote: > Ever since one of the last upgrades, I have been getting these "Problem Messages" emails. > > Are these messages that I should/could delete somewhere? Or how can I find out exactly what the "problem" > is with these? > > Thanks :) > > > Archive: > > Number of messages: 9 > Tries Message Last Tried > ===== ======= ========== > 6 n96BpwUm020190 Tue Oct 6 05:15:04 2009 > 6 n8MF8URm009682 Tue Sep 22 08:32:58 2009 > 6 n8MF0cF5009244 Tue Sep 22 08:24:39 2009 > 6 n8MEpc2L008762 Tue Sep 22 08:16:02 2009 > 6 n8LCan8m013668 Mon Sep 21 05:56:59 2009 > 6 n81F8Vnb032496 Tue Sep 1 08:30:34 2009 > 6 n7VEF6dJ016460 Mon Aug 31 07:40:17 2009 > 6 n7NLWIis032081 Sun Aug 23 14:55:14 2009 > 6 n7NHVwFX022003 Sun Aug 23 10:56:27 2009 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Thanks, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available From mailscanner at the-admin.net Sat Jan 16 23:59:02 2010 From: mailscanner at the-admin.net (MS Help) Date: Sun Jan 17 00:00:15 2010 Subject: Not Scanning incoming Mails Message-ID: Hi all out there, i got a problem using MailScanner on a Debian 5 machine with postfix. I installed everything following this howto: http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 Everything is working so far, but i think, that incoming mails are not scanned from mailscanner. Outgoing Mails are scanned, here ist the header of one: X-MailTown-MailScanner-ID: 135378A3D9.8C9D7 X-MailTown-MailScanner: Found to be clean X-MailTown-MailScanner-SpamCheck: spam,SpamAssassin (nicht zwischen gespeichert, Wertung=10.482,benoetigt 6, AWL -0.91, BAYES_50 0.00, DCC_CHECK 2.17,DIGEST_MULTIPLE 0.00, EMPTY_MESSAGE 1.44, HTML_MESSAGE 0.00,MIME_HTML_MOSTLY 0.00, MISSING_SUBJECT 1.76, PYZOR_CHECK 3.70,RDNS_NONE 0.10, TVD_SPACE_RATIO 2.22) X-MailTown-MailScanner-SpamScore: ssssssssss Incoming Mails looks like this: X-MailTown-MailScanner-ID: 042748A3DA.11BFE X-MailTown-MailScanner: Found to be clean X-MailTown-MailScanner-From: deralleswisser@gmx.net Here i cannot see a SpamCheck in the Header. When i send some testmessages with the well known bad words, i got a minus SpamScore ?! My postconf looks like this: append_dot_mydomain = no biff = no config_directory = /etc/postfix header_checks = regexp:/etc/postfix/header_checks inet_interfaces = all local_recipient_maps = local_transport = error:No local mail delivery message_size_limit = 104857600 mydestination = myhostname = mx02.domain.net mynetworks = 172.19.xx.xx myorigin = domain.net readme_directory = no relay_domains = hash:/etc/postfix/relay_domains relay_recipient_maps = hash:/etc/postfix/relay_recipients relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client zen.spamhaus.org smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport virtual_alias_maps = hash:/etc/postfix/virtual this is a sample log snap: Jan 16 18:41:25 mx01 postfix/smtpd[4026]: connect from unknown[172.19.xx.xx] Jan 16 18:41:25 mx01 postfix/smtpd[4026]: F27B38A3D9: client=unknown[172.19.xx.xx] Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: hold: header Received: from excas01.domainnet (unknown [172.19.xx.xx])??by mx02.domain.net (Postfix) with ESMTPS id F27B38A3D9??for ; Sat, 16 Jan 2010 18:41:25 +0100 (CET) from unknown[172.19.xx.xx]; from= to= proto=ESMTP helo= Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: message-id= Jan 16 18:41:26 mx01 postfix/smtpd[4026]: disconnect from unknown[172.19.xx.xx] Jan 16 18:41:28 mx01 MailScanner[3529]: New Batch: Scanning 1 messages, 3485 bytes Jan 16 18:41:30 mx01 MailScanner[3529]: Spam Checks: Found 1 spam messages Jan 16 18:41:30 mx01 MailScanner[3529]: Virus and Content Scanning: Starting Jan 16 18:41:32 mx01 MailScanner[3529]: Requeue: F27B38A3D9.9123E to 0B9DE8A3DA Jan 16 18:41:32 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: from=, size=2926, nrcpt=1 (queue active) Jan 16 18:41:32 mx01 MailScanner[3529]: Uninfected: Delivered 1 messages Jan 16 18:41:32 mx01 MailScanner[3529]: Logging message F27B38A3D9.9123E to SQL Jan 16 18:41:33 mx01 postfix/smtp[4292]: 0B9DE8A3DA: to=, relay=mail.example.com[x.x.x.x]:25, delay=7.3, delays=6.8/0.01/0.22/0.32, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery) Jan 16 18:41:33 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: removed any ideas, why this is not running as it should? From mikael at syska.dk Sun Jan 17 00:21:48 2010 From: mikael at syska.dk (Mikael Syska) Date: Sun Jan 17 00:22:03 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: Message-ID: <6beca9db1001161621l7ebd868ai4c7d987fd039d453@mail.gmail.com> Hi, So you "think" its not working ... You say outgoing ... which is also incoming to the mail server ... Its like ... [client] -> [server] -> [recipient] So how do you define "incoming" and "outgoing" ... ? :-) I pretty sure its working as it is now ... but look at my comments below On Sun, Jan 17, 2010 at 12:59 AM, MS Help wrote: > Hi all out there, > > i got a problem using MailScanner on a Debian 5 machine with postfix. > > I installed everything following this howto: > http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 > > Everything is working so far, but i think, that incoming mails are not scanned from mailscanner. > {snip] > > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: connect from unknown[172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: F27B38A3D9: client=unknown[172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: hold: header Received: from excas01.domainnet (unknown [172.19.xx.xx])??by mx02.domain.net (Postfix) with ESMTPS id F27B38A3D9??for ; Sat, 16 Jan 2010 18:41:25 +0100 (CET) from unknown[172.19.xx.xx]; from= to= proto=ESMTP helo= > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: message-id= > Jan 16 18:41:26 mx01 postfix/smtpd[4026]: disconnect from unknown[172.19.xx.xx] > Jan 16 18:41:28 mx01 MailScanner[3529]: New Batch: Scanning 1 messages, 3485 bytes > Jan 16 18:41:30 mx01 MailScanner[3529]: Spam Checks: Found 1 spam messages > Jan 16 18:41:30 mx01 MailScanner[3529]: Virus and Content Scanning: Starting > Jan 16 18:41:32 mx01 MailScanner[3529]: Requeue: F27B38A3D9.9123E to 0B9DE8A3DA > Jan 16 18:41:32 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: from=, size=2926, nrcpt=1 (queue active) > Jan 16 18:41:32 mx01 MailScanner[3529]: Uninfected: Delivered 1 messages > Jan 16 18:41:32 mx01 MailScanner[3529]: Logging message F27B38A3D9.9123E to SQL > Jan 16 18:41:33 mx01 postfix/smtp[4292]: 0B9DE8A3DA: to=, relay=mail.example.com[x.x.x.x]:25, delay=7.3, delays=6.8/0.01/0.22/0.32, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery) > Jan 16 18:41:33 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: removed Incoming scanning should look like this also ... look for this in the maillog. > any ideas, why this is not running as it should?-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > mvh Mikael Syska From Garrod.Alwood at lorodoes.com Sun Jan 17 00:28:11 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sun Jan 17 00:33:57 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: Message-ID: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 3645 bytes Desc: image.png Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/f6aa2a7e/image.png -------------- next part -------------- Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 16, 2010, at 6:57 PM, "MS Help" wrote: > Hi all out there, > > i got a problem using MailScanner on a Debian 5 machine with postfix. > > I installed everything following this howto: > http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 > > Everything is working so far, but i think, that incoming mails are > not scanned from mailscanner. > > Outgoing Mails are scanned, here ist the header of one: > > X-MailTown-MailScanner-ID: 135378A3D9.8C9D7 > X-MailTown-MailScanner: Found to be clean > X-MailTown-MailScanner-SpamCheck: spam,SpamAssassin (nicht zwischen > gespeichert, Wertung=10.482,benoetigt 6, AWL -0.91, > BAYES_50 0.00, DCC_CHECK 2.17,DIGEST_MULTIPLE 0.00, EMPTY_MESSAGE > 1.44, HTML_MESSAGE > 0.00,MIME_HTML_MOSTLY 0.00, MISSING_SUBJECT 1.76, PYZOR_CHECK > 3.70,RDNS_NONE 0.10, TVD_SPACE_RATIO 2.22) > X-MailTown-MailScanner-SpamScore: ssssssssss > > > Incoming Mails looks like this: > X-MailTown-MailScanner-ID: 042748A3DA.11BFE > X-MailTown-MailScanner: Found to be clean > X-MailTown-MailScanner-From: deralleswisser@gmx.net > > > Here i cannot see a SpamCheck in the Header. > > When i send some testmessages with the well known bad words, i got a > minus SpamScore ?! > > My postconf looks like this: > > append_dot_mydomain = no > biff = no > config_directory = /etc/postfix > header_checks = regexp:/etc/postfix/header_checks > inet_interfaces = all > local_recipient_maps = > local_transport = error:No local mail delivery > message_size_limit = 104857600 > mydestination = > myhostname = mx02.domain.net > mynetworks = 172.19.xx.xx > myorigin = domain.net > readme_directory = no > relay_domains = hash:/etc/postfix/relay_domains > relay_recipient_maps = hash:/etc/postfix/relay_recipients > relayhost = > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > smtpd_data_restrictions = reject_unauth_pipelining > smtpd_helo_required = yes > smtpd_recipient_restrictions = reject_non_fqdn_sender, > reject_unknown_sender_domain, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, permit_mynetworks, > reject_unauth_destination, reject_unauth_pipelining, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > reject_rbl_client zen.spamhaus.org > smtpd_sender_restrictions = permit_mynetworks, > reject_non_fqdn_sender, reject_unknown_sender_domain > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key > smtpd_tls_session_cache_database = btree:${data_directory}/ > smtpd_scache > smtpd_use_tls = yes > transport_maps = hash:/etc/postfix/transport > virtual_alias_maps = hash:/etc/postfix/virtual > > > > this is a sample log snap: > > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: connect from unknown > [172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: F27B38A3D9: client=unknown > [172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: hold: header > Received: from excas01.domainnet (unknown [172.19.xx.xx])??by mx02.domain.net > (Postfix) with ESMTPS id F27B38A3D9??for ; Sat, > 16 Jan 2010 18:41:25 +0100 (CET) from unknown[172.19.xx.xx]; from= > to= proto=ESMTP helo= > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: message- > id= > Jan 16 18:41:26 mx01 postfix/smtpd[4026]: disconnect from unknown > [172.19.xx.xx] > Jan 16 18:41:28 mx01 MailScanner[3529]: New Batch: Scanning 1 > messages, 3485 bytes > Jan 16 18:41:30 mx01 MailScanner[3529]: Spam Checks: Found 1 spam > messages > Jan 16 18:41:30 mx01 MailScanner[3529]: Virus and Content Scanning: > Starting > Jan 16 18:41:32 mx01 MailScanner[3529]: Requeue: F27B38A3D9.9123E to > 0B9DE8A3DA > Jan 16 18:41:32 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: from= >, size=2926, nrcpt=1 (queue active) > Jan 16 18:41:32 mx01 MailScanner[3529]: Uninfected: Delivered 1 > messages > Jan 16 18:41:32 mx01 MailScanner[3529]: Logging message > F27B38A3D9.9123E to SQL > Jan 16 18:41:33 mx01 postfix/smtp[4292]: 0B9DE8A3DA: to= >, relay=mail.example.com[x.x.x.x]:25, delay=7.3, > delays=6.8/0.01/0.22/0.32, dsn=2.6.0, status=sent (250 2.6.0 > > Queued mail for delivery) > Jan 16 18:41:33 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: removed > > > any ideas, why this is not running as it should?-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikael at syska.dk Sun Jan 17 00:44:53 2010 From: mikael at syska.dk (Mikael Syska) Date: Sun Jan 17 00:45:06 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: Message-ID: <6beca9db1001161644m66eebb7bm5ff1002323eefb42@mail.gmail.com> Hi Garrod ... I see no input here ... is it my agent ( gmail webclient ) ... or did u just push send and forgot to write anything :-) ? mvh Mikael Syska On Sun, Jan 17, 2010 at 1:28 AM, Garrod M. Alwood wrote: > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From Garrod.Alwood at lorodoes.com Sun Jan 17 01:55:01 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sun Jan 17 02:00:47 2010 Subject: Not Scanning incoming Mails In-Reply-To: <6beca9db1001161644m66eebb7bm5ff1002323eefb42@mail.gmail.com> References: <6beca9db1001161644m66eebb7bm5ff1002323eefb42@mail.gmail.com> Message-ID: A non-text attachment was scrubbed... Name: smime.p7m Type: application/x-pkcs7-mime Size: 6597 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100116/210c76af/smime.bin From oliver at linux-kernel.at Sun Jan 17 02:20:55 2010 From: oliver at linux-kernel.at (Oliver Falk) Date: Sun Jan 17 02:20:16 2010 Subject: AW: Re: Birthday Message-ID: <201001170219.o0H2JkuP015596@mail.linux-kernel.at> Happy b-day! Best wishes from Austria! ----- Urspr?ngliche Nachricht ----- Von: Jules Field Gesendet: Samstag, 16. Januar 2010 19:37 An: MailScanner discussion Betreff: Re: Birthday Thank you. Jules. On 16/01/2010 18:21, Garrod M. Alwood wrote: > Happy birthday Jules > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 16, 2010, at 1:17 PM, "Kai Schaetzl" > wrote: > > >> Is that correct? >> Then best wishes from me, too! >> >> Kai >> >> -- >> Get your web at Conactive Internet Services: http://www.conactive.com >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at the-admin.net Sun Jan 17 08:57:14 2010 From: mailscanner at the-admin.net (MS Help) Date: Sun Jan 17 09:00:45 2010 Subject: AW: Not Scanning incoming Mails In-Reply-To: <6beca9db1001161621l7ebd868ai4c7d987fd039d453@mail.gmail.com> References: , <6beca9db1001161621l7ebd868ai4c7d987fd039d453@mail.gmail.com> Message-ID: i thinks that because an outgoing mail, that means, sent from the exchange server to the gateway into the net, is tagged as spam, if it has only one line of content (by pryzor) an incoming mail with only one line of content is not tagged as spam ?? i made sent a mail to a mailbox that is scanned by mailscanner with all bad words and it go's a score auf -1.3 ?! and in the header of the incoming mail, i cannot see that x-company-spamcheck and which check made what score, in the outoing i can see that ?! ________________________________________ Von: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] im Auftrag von Mikael Syska [mikael@syska.dk] Gesendet: Sonntag, 17. Januar 2010 01:21 An: MailScanner discussion Betreff: Re: Not Scanning incoming Mails Hi, So you "think" its not working ... You say outgoing ... which is also incoming to the mail server ... Its like ... [client] -> [server] -> [recipient] So how do you define "incoming" and "outgoing" ... ? :-) I pretty sure its working as it is now ... but look at my comments below On Sun, Jan 17, 2010 at 12:59 AM, MS Help wrote: > Hi all out there, > > i got a problem using MailScanner on a Debian 5 machine with postfix. > > I installed everything following this howto: > http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 > > Everything is working so far, but i think, that incoming mails are not scanned from mailscanner. > {snip] > > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: connect from unknown[172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/smtpd[4026]: F27B38A3D9: client=unknown[172.19.xx.xx] > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: hold: header Received: from excas01.domainnet (unknown [172.19.xx.xx])??by mx02.domain.net (Postfix) with ESMTPS id F27B38A3D9??for ; Sat, 16 Jan 2010 18:41:25 +0100 (CET) from unknown[172.19.xx.xx]; from= to= proto=ESMTP helo= > Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: message-id= > Jan 16 18:41:26 mx01 postfix/smtpd[4026]: disconnect from unknown[172.19.xx.xx] > Jan 16 18:41:28 mx01 MailScanner[3529]: New Batch: Scanning 1 messages, 3485 bytes > Jan 16 18:41:30 mx01 MailScanner[3529]: Spam Checks: Found 1 spam messages > Jan 16 18:41:30 mx01 MailScanner[3529]: Virus and Content Scanning: Starting > Jan 16 18:41:32 mx01 MailScanner[3529]: Requeue: F27B38A3D9.9123E to 0B9DE8A3DA > Jan 16 18:41:32 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: from=, size=2926, nrcpt=1 (queue active) > Jan 16 18:41:32 mx01 MailScanner[3529]: Uninfected: Delivered 1 messages > Jan 16 18:41:32 mx01 MailScanner[3529]: Logging message F27B38A3D9.9123E to SQL > Jan 16 18:41:33 mx01 postfix/smtp[4292]: 0B9DE8A3DA: to=, relay=mail.example.com[x.x.x.x]:25, delay=7.3, delays=6.8/0.01/0.22/0.32, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery) > Jan 16 18:41:33 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: removed Incoming scanning should look like this also ... look for this in the maillog. > any ideas, why this is not running as it should?-- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > mvh Mikael Syska -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Jan 17 09:25:23 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Jan 17 09:25:34 2010 Subject: smf-sav & CentOS5 In-Reply-To: <4B5055C1.3090904@marcsnet.com> References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B52D783.5060206@ecs.soton.ac.uk> Message-ID: On 15/01/2010 11:47, Marc Lucke wrote: > milter-ahead is like 90 quid - probably because they know they can get > away with it. I'd rather not use anything than pay them that. I would like to point out, on behalf of the author of milter-ahead, that a) The cost is 90 euros, not 90 pounds. b) It is commercial source code, not binaries, so can be installed on a very wide range of operating systems. c) It is a *site* licence, not a machine licence, so you can install it on all your boxes for 90 euros. d) Free updates for the life of version 1.x. e) Free support. Personally I think milter-ahead is extremely good value for money. Even those of us in the software world have to pay the bills! I don't think asking 90 euros is much. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Sun Jan 17 09:34:18 2010 From: ms-list at alexb.ch (Alex Broens) Date: Sun Jan 17 09:34:18 2010 Subject: smf-sav & CentOS5 In-Reply-To: References: <1F820456-BA2D-463F-8711-CBF09BCD2D3E@rtpty.com> <4B5055C1.3090904@marcsnet.com> <4B52D783.5060206@ecs.soton.ac.uk> Message-ID: <4B52D99A.7010104@alexb.ch> On 1/17/2010 10:25 AM, Jules Field wrote: > > > On 15/01/2010 11:47, Marc Lucke wrote: >> milter-ahead is like 90 quid - probably because they know they can get >> away with it. I'd rather not use anything than pay them that. > I would like to point out, on behalf of the author of milter-ahead, that > a) The cost is 90 euros, not 90 pounds. > b) It is commercial source code, not binaries, so can be installed on a > very wide range of operating systems. > c) It is a *site* licence, not a machine licence, so you can install it > on all your boxes for 90 euros. > d) Free updates for the life of version 1.x. > e) Free support. > > Personally I think milter-ahead is extremely good value for money. Even > those of us in the software world have to pay the bills! I don't think > asking 90 euros is much. FTR: AFAIK its the only app of its type which will support Postfix transport maps (not only Sendmail) to tell it which server to query for a user. This is VERY important if you have a multi-target setup. Alex From lists at openenterprise.ca Sun Jan 17 09:52:03 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Sun Jan 17 09:52:14 2010 Subject: "Problem Messages" In-Reply-To: <3B096987-A270-4059-854D-4D1FFCE55B21@fsl.com> References: <4B52281F.6070303@openenterprise.ca> <3B096987-A270-4059-854D-4D1FFCE55B21@fsl.com> Message-ID: <4B52DDC3.8020609@openenterprise.ca> Oops, a local MailScanner 4.79.6 running on CentOS 5.4 x86 Thanks Steve :) On 10-01-16 01:16 PM, Stephen Swaney wrote: > Johnny, > > Which system? > > Thanks, > > Best regards, > > Steve > > From maillists at conactive.com Sun Jan 17 14:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 17 14:31:28 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: Message-ID: MS Help wrote on Sun, 17 Jan 2010 00:59:02 +0100: > I installed everything following this howto: > http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 Well, for postfix, read the Wiki at http://mailscanner.info/postfix.html Follow it almost literally. Especially where it's different from that Ubuntu article. On first glance your output looks normal. If it's not spam it won't have all the spamcheck-Headers. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sun Jan 17 14:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 17 14:31:29 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: <6beca9db1001161644m66eebb7bm5ff1002323eefb42@mail.gmail.com> Message-ID: There's something wrong with your messages, please switch off the signature and Word or whatever it is that you use for editing. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mailscanner at the-admin.net Sun Jan 17 14:44:33 2010 From: mailscanner at the-admin.net (MS Help) Date: Sun Jan 17 14:46:43 2010 Subject: AW: Not Scanning incoming Mails In-Reply-To: References: , Message-ID: me settings are exactly like written in the article.. i'm using exchange 2007 webmail, why are my mails not ok? i don't understand, why does a mail that contains viagra and all that shit is not marked as spam by spamassassin and gets a score of -3.5 !?! ________________________________________ Von: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] im Auftrag von Kai Schaetzl [maillists@conactive.com] Gesendet: Sonntag, 17. Januar 2010 15:31 An: mailscanner@lists.mailscanner.info Betreff: Re: Not Scanning incoming Mails MS Help wrote on Sun, 17 Jan 2010 00:59:02 +0100: > I installed everything following this howto: > http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04-p2 Well, for postfix, read the Wiki at http://mailscanner.info/postfix.html Follow it almost literally. Especially where it's different from that Ubuntu article. On first glance your output looks normal. If it's not spam it won't have all the spamcheck-Headers. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maillists at conactive.com Sun Jan 17 17:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 17 17:31:33 2010 Subject: Not Scanning incoming Mails In-Reply-To: References: , Message-ID: Run MailScanner --lint and if it's ok (no error output), run it with the --debug-sa and --debug switches respectively. For the latter to work you have to stop the MS daemon, so that the debugging instance can grab a message. Or you can put a message in another queue dir and process it from there. Rin MailScanner --help for the options. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From hden at kci.net.nz Sun Jan 17 17:58:48 2010 From: hden at kci.net.nz (hden@kci.net.nz) Date: Sun Jan 17 17:59:06 2010 Subject: clamd twice in lint output In-Reply-To: References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> <4B51C8F1.8060407@ecs.soton.ac.uk> Message-ID: <49205.222.153.166.253.1263751128.squirrel@webmail.kc.net.nz> Thanks for the feedback, and ..... Happy Birthday Julian! OK, we're currently Version 4.77.10. As this is only a 'cosmetic' issue and all is working 100%, we'll wait until the next stable release, upgrade, then report back. Cheers! > In which case please try this and then get back to us. > > On 16/01/2010 02:02, Mike Wallace wrote: >> What version of MailScanner? >> >> I used to see this until I upgraded to 4.78.17 and it went away. >> >> >> Mike Wallace >> mike@mlrw.com >> >> >> >> On Jan 15, 2010, at 12:47 PM, hden@kci.net.nz wrote: >> >> >>> # ps ax | grep clamd >>> 14000 ? Ssl 0:25 clamd >>> 18435 pts/0 S+ 0:00 grep clamd >>> >>> >>> >>>> What does >>>> ps ax | grep clamd >>>> produce? You haven't got 2 copies of clamd running have you? >>>> I can't see how this could happen in the code, something very strange >>>> is >>>> happening. >>>> It shouldn't actually cause any damage, clamd will only be checked >>>> once. >>>> >>>> Jules. >>>> >>>> On 15/01/2010 01:46, hden@kci.net.nz wrote: >>>> >>>>> Yes, I have searched for multiple copies, and there's only one clamd >>>>> in >>>>> any bin. >>>>> >>>>> This issue isn't urgent, Mailscanner/clamd are working fine picking >>>>> up >>>>> infected msgs. >>>>> >>>>> The double clamd mention in .. >>>>> >>>>> 'MailScanner.conf says "Virus Scanners = auto" Found these virus >>>>> scanners >>>>> installed: clamd, clamd, sophossavi' >>>>> >>>>> .. has me a little over curious >>>>> >>>>> When Mailscanner 'searches' for scanners [when set to 'auto'], any >>>>> idea >>>>> what/where/how it looks? >>>>> >>>>> Cheers! >>>>> Dave >>>>> >>>>> >>>>> >>>>> >>>>>> Clamd - the antivirus that's so nice you'll want to run it twice... >>>>>> >>>>>> Have you searched your filesystem for multiple copies of >>>>>> clamav/clamd? >>>>>> ------Original Message------ >>>>>> From: hden@kci.net.nz >>>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>>> To: MailScanner discussion >>>>>> ReplyTo: MailScanner discussion >>>>>> Subject: Re: clamd twice in lint output >>>>>> Sent: Jan 14, 2010 5:18 PM >>>>>> >>>>>> >>>>>> LOL .. >>>>>> >>>>>> What I meant was, clamd found twice in this line .. >>>>>> >>>>>> 'Found these virus scanners installed: clamd, clamd, sophossavi' >>>>>> >>>>>> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - Sorry >>>>>> for >>>>>> being unclear) >>>>>> >>>>>> Cheers! >>>>>> Dave >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Now with twice the virus fighting power! >>>>>>> >>>>>>> If it is, in fact, "checking it twice" like Santa, it's a >>>>>>> performance >>>>>>> hit >>>>>>> you're taking. >>>>>>> ------Original Message------ >>>>>>> From: hden@kci.net.nz >>>>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>>>> To: MailScanner discussion >>>>>>> ReplyTo: MailScanner discussion >>>>>>> Subject: clamd twice in lint output >>>>>>> Sent: Jan 14, 2010 4:27 PM >>>>>>> >>>>>>> Hello .. >>>>>>> >>>>>>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, the >>>>>>> output >>>>>>> shows clamd *twice* ? [snippert below] >>>>>>> >>>>>>> Is there anything I need to change/check/fix/tweak ? >>>>>>> >>>>>>> [snip] >>>>>>> MailScanner.conf says "Virus Scanners = auto" >>>>>>> Found these virus scanners installed: clamd, clamd, sophossavi >>>>>>> =========================================================================== >>>>>>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>>>>>> Other Checks: Found 1 problems >>>>>>> Virus and Content Scanning: Starting >>>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>>>>>> Virus Scanning: Clamd found 2 infections >>>>>>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>>>>>> Virus Scanning: SophosSAVI found 1 infections >>>>>>> [snip ends] >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Alex Neuman van der Hans >>>>>>> Reliant Technologies >>>>>>> >>>>>>> +507 6781-9505 >>>>>>> +507 832-6725 >>>>>>> BB PIN: 20EA17C5 >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Alex Neuman van der Hans >>>>>> Reliant Technologies >>>>>> >>>>>> +507 6781-9505 >>>>>> +507 832-6725 >>>>>> BB PIN: 20EA17C5 >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mark at msapiro.net Sun Jan 17 18:21:05 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sun Jan 17 18:21:20 2010 Subject: "Problem Messages" In-Reply-To: <4B52281F.6070303@openenterprise.ca> References: <4B52281F.6070303@openenterprise.ca> Message-ID: <4B535511.3080904@msapiro.net> On 11:59 AM, Johnny Stork wrote: > Ever since one of the last upgrades, I have been getting these "Problem > Messages" emails. > > Are these messages that I should/could delete somewhere? Or how can I > find out exactly what the "problem" > is with these? > > Thanks :) > > > Archive: > > Number of messages: 9 > Tries Message Last Tried > ===== ======= ========== > 6 n96BpwUm020190 Tue Oct 6 05:15:04 2009 > 6 n8MF8URm009682 Tue Sep 22 08:32:58 2009 > 6 n8MF0cF5009244 Tue Sep 22 08:24:39 2009 > 6 n8MEpc2L008762 Tue Sep 22 08:16:02 2009 > 6 n8LCan8m013668 Mon Sep 21 05:56:59 2009 > 6 n81F8Vnb032496 Tue Sep 1 08:30:34 2009 > 6 n7VEF6dJ016460 Mon Aug 31 07:40:17 2009 > 6 n7NLWIis032081 Sun Aug 23 14:55:14 2009 > 6 n7NHVwFX022003 Sun Aug 23 10:56:27 2009 The above are entries in MailScanner's Processing.db. They represent messages that encountered some fatal exception during processing. They were retried 6 times and then the message was quarantined and the Processing.db entry moved from the processing table to the archive table. There was log information (probably MailScanner entries in /var/log/maillog) at the time that would indicate what the error was. You will see these if you still have logs back to October. You can also find the quarantined messages if your quarantine goes back that far. You can just remove /var/spool/MailScanner/incoming/Processing.db and MailScanner will recreate it. See and other messages in that thread. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Garrod.Alwood at lorodoes.com Sun Jan 17 19:23:29 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sun Jan 17 19:29:20 2010 Subject: "Problem Messages" In-Reply-To: <4B535511.3080904@msapiro.net> References: <4B52281F.6070303@openenterprise.ca> <4B535511.3080904@msapiro.net> Message-ID: <1AFDCCE4-B347-40A5-8C22-B8F3092C16FF@lorodoes.com> Those problem messages might be related to the problem Jules just fixed for me. There is a tainted issue with 4.79.6 and he will be releasing shortly 4.79.7 that fixes the issue Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 17, 2010, at 1:16 PM, "Mark Sapiro" wrote: > On 11:59 AM, Johnny Stork wrote: >> Ever since one of the last upgrades, I have been getting these >> "Problem >> Messages" emails. >> >> Are these messages that I should/could delete somewhere? Or how can I >> find out exactly what the "problem" >> is with these? >> >> Thanks :) >> >> >> Archive: >> >> Number of messages: 9 >> Tries Message Last Tried >> ===== ======= ========== >> 6 n96BpwUm020190 Tue Oct 6 05:15:04 2009 >> 6 n8MF8URm009682 Tue Sep 22 08:32:58 2009 >> 6 n8MF0cF5009244 Tue Sep 22 08:24:39 2009 >> 6 n8MEpc2L008762 Tue Sep 22 08:16:02 2009 >> 6 n8LCan8m013668 Mon Sep 21 05:56:59 2009 >> 6 n81F8Vnb032496 Tue Sep 1 08:30:34 2009 >> 6 n7VEF6dJ016460 Mon Aug 31 07:40:17 2009 >> 6 n7NLWIis032081 Sun Aug 23 14:55:14 2009 >> 6 n7NHVwFX022003 Sun Aug 23 10:56:27 2009 > > > The above are entries in MailScanner's Processing.db. They represent > messages that encountered some fatal exception during processing. They > were retried 6 times and then the message was quarantined and the > Processing.db entry moved from the processing table to the archive > table. There was log information (probably MailScanner entries in > /var/log/maillog) at the time that would indicate what the error was. > You will see these if you still have logs back to October. You can > also > find the quarantined messages if your quarantine goes back that far. > > You can just remove /var/spool/MailScanner/incoming/Processing.db and > MailScanner will recreate it. See > > > and other messages in that thread. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Garrod.Alwood at lorodoes.com Sun Jan 17 19:51:54 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sun Jan 17 19:57:43 2010 Subject: clamd twice in lint output In-Reply-To: <49205.222.153.166.253.1263751128.squirrel@webmail.kc.net.nz> References: <729825975-1263512950-cardhu_decombobulator_blackberry.rim.net-1318066118-@bda942.bisx.prod.on.blackberry> <50803.222.153.166.253.1263520013.squirrel@webmail.kc.net.nz> <4B50372D.2080403@ecs.soton.ac.uk> <49211.222.153.166.253.1263577622.squirrel@webmail.kc.net.nz> <4B51C8F1.8060407@ecs.soton.ac.uk> <49205.222.153.166.253.1263751128.squirrel@webmail.kc.net.nz> Message-ID: <3F8AEB93-B50D-41FD-A2C4-97D8BF85041F@lorodoes.com> 4.78.11 is out and it works great Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 17, 2010, at 12:54 PM, "hden@kci.net.nz" wrote: > Thanks for the feedback, and ..... Happy Birthday Julian! > > OK, we're currently Version 4.77.10. As this is only a 'cosmetic' > issue > and all is working 100%, we'll wait until the next stable release, > upgrade, then report back. > > Cheers! > >> In which case please try this and then get back to us. >> >> On 16/01/2010 02:02, Mike Wallace wrote: >>> What version of MailScanner? >>> >>> I used to see this until I upgraded to 4.78.17 and it went away. >>> >>> >>> Mike Wallace >>> mike@mlrw.com >>> >>> >>> >>> On Jan 15, 2010, at 12:47 PM, hden@kci.net.nz wrote: >>> >>> >>>> # ps ax | grep clamd >>>> 14000 ? Ssl 0:25 clamd >>>> 18435 pts/0 S+ 0:00 grep clamd >>>> >>>> >>>> >>>>> What does >>>>> ps ax | grep clamd >>>>> produce? You haven't got 2 copies of clamd running have you? >>>>> I can't see how this could happen in the code, something very >>>>> strange >>>>> is >>>>> happening. >>>>> It shouldn't actually cause any damage, clamd will only be checked >>>>> once. >>>>> >>>>> Jules. >>>>> >>>>> On 15/01/2010 01:46, hden@kci.net.nz wrote: >>>>> >>>>>> Yes, I have searched for multiple copies, and there's only one >>>>>> clamd >>>>>> in >>>>>> any bin. >>>>>> >>>>>> This issue isn't urgent, Mailscanner/clamd are working fine >>>>>> picking >>>>>> up >>>>>> infected msgs. >>>>>> >>>>>> The double clamd mention in .. >>>>>> >>>>>> 'MailScanner.conf says "Virus Scanners = auto" Found these virus >>>>>> scanners >>>>>> installed: clamd, clamd, sophossavi' >>>>>> >>>>>> .. has me a little over curious >>>>>> >>>>>> When Mailscanner 'searches' for scanners [when set to 'auto'], >>>>>> any >>>>>> idea >>>>>> what/where/how it looks? >>>>>> >>>>>> Cheers! >>>>>> Dave >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Clamd - the antivirus that's so nice you'll want to run it >>>>>>> twice... >>>>>>> >>>>>>> Have you searched your filesystem for multiple copies of >>>>>>> clamav/clamd? >>>>>>> ------Original Message------ >>>>>>> From: hden@kci.net.nz >>>>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>>>> To: MailScanner discussion >>>>>>> ReplyTo: MailScanner discussion >>>>>>> Subject: Re: clamd twice in lint output >>>>>>> Sent: Jan 14, 2010 5:18 PM >>>>>>> >>>>>>> >>>>>>> LOL .. >>>>>>> >>>>>>> What I meant was, clamd found twice in this line .. >>>>>>> >>>>>>> 'Found these virus scanners installed: clamd, clamd, >>>>>>> sophossavi' >>>>>>> >>>>>>> (I know the 'Clamd::INFECTED .... ' being listed twice is OK - >>>>>>> Sorry >>>>>>> for >>>>>>> being unclear) >>>>>>> >>>>>>> Cheers! >>>>>>> Dave >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Now with twice the virus fighting power! >>>>>>>> >>>>>>>> If it is, in fact, "checking it twice" like Santa, it's a >>>>>>>> performance >>>>>>>> hit >>>>>>>> you're taking. >>>>>>>> ------Original Message------ >>>>>>>> From: hden@kci.net.nz >>>>>>>> Sender: mailscanner-bounces@lists.mailscanner.info >>>>>>>> To: MailScanner discussion >>>>>>>> ReplyTo: MailScanner discussion >>>>>>>> Subject: clamd twice in lint output >>>>>>>> Sent: Jan 14, 2010 4:27 PM >>>>>>>> >>>>>>>> Hello .. >>>>>>>> >>>>>>>> Probably (hopefully) a 'cosmetic' issue? ... When I run lint, >>>>>>>> the >>>>>>>> output >>>>>>>> shows clamd *twice* ? [snippert below] >>>>>>>> >>>>>>>> Is there anything I need to change/check/fix/tweak ? >>>>>>>> >>>>>>>> [snip] >>>>>>>> MailScanner.conf says "Virus Scanners = auto" >>>>>>>> Found these virus scanners installed: clamd, clamd, sophossavi >>>>>>>> === >>>>>>>> === >>>>>>>> === >>>>>>>> === >>>>>>>> =============================================================== >>>>>>>> Filename Checks: Windows/DOS Executable (1 eicar.com) >>>>>>>> Other Checks: Found 1 problems >>>>>>>> Virus and Content Scanning: Starting >>>>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/ >>>>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com >>>>>>>> Virus Scanning: Clamd found 2 infections >>>>>>>> SophosSAVI::INFECTED:: EICAR-AV-Test:: ./1/neicar.com >>>>>>>> Virus Scanning: SophosSAVI found 1 infections >>>>>>>> [snip ends] >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Alex Neuman van der Hans >>>>>>>> Reliant Technologies >>>>>>>> >>>>>>>> +507 6781-9505 >>>>>>>> +507 832-6725 >>>>>>>> BB PIN: 20EA17C5 >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Alex Neuman van der Hans >>>>>>> Reliant Technologies >>>>>>> >>>>>>> +507 6781-9505 >>>>>>> +507 832-6725 >>>>>>> BB PIN: 20EA17C5 >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From piper at hrz.uni-marburg.de Mon Jan 18 09:29:06 2010 From: piper at hrz.uni-marburg.de (Andreas Piper) Date: Mon Jan 18 09:29:36 2010 Subject: PGP Signatures for stable MS-tarballs not available Message-ID: <201001181029.07230.piper@hrz.uni-marburg.de> Hello, all three "PGP Signature"-links on the MS-download page (http://mailscanner.info/downloads.html) in section 'Stable' are not available and return an error message: Not Found The requested URL /files/4/rpm/MailScanner-4.78.17-1.rpm.tar.gz.sig was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Best regards, Andreas -- ________________________________________________________________________ Dr. Andreas Piper, Hochschulrechenzentrum der Philipps-Univ. Marburg Hans-Meerwein-Strasse, 35032 Marburg, Germany Phone: +49 6421 28-23521 Fax: -26994 E-Mail: piper@HRZ.Uni-Marburg.DE From MailScanner at ecs.soton.ac.uk Mon Jan 18 09:49:47 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 18 09:50:18 2010 Subject: PGP Signatures for stable MS-tarballs not available In-Reply-To: <201001181029.07230.piper@hrz.uni-marburg.de> References: <201001181029.07230.piper@hrz.uni-marburg.de> <4B542EBB.2010300@ecs.soton.ac.uk> Message-ID: Try again now. On 18/01/2010 09:29, Andreas Piper wrote: > Hello, > > all three "PGP Signature"-links on the MS-download page > (http://mailscanner.info/downloads.html) in section 'Stable' are not > available and return an error message: > > Not Found > The requested URL /files/4/rpm/MailScanner-4.78.17-1.rpm.tar.gz.sig was not > found on this server. > Additionally, a 404 Not Found error was encountered while trying to use an > ErrorDocument to handle the request. > > Best regards, > Andreas > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thomasl at mtl.mit.edu Mon Jan 18 13:51:12 2010 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Mon Jan 18 13:51:46 2010 Subject: problem with latest beta Message-ID: <4B546750.8050008@mtl.mit.edu> Julian, happy belated b-day. I just downloaded the latest beta that you've posted and I'm getting the following error when attempting to run MailScanner: Scalar found where operator expected at /usr/local/MailScanner/lib/MailScanner/Message.pm line 3370, near "$size = -s "$explodeinto/$inname" (Might be a runaway multi-line // string starting on line 3342) Perhaps a small typo? Here is the line of code: # Each embedded object in an OLE tree is packages in a special format. # This converts a list of named filenames into their original data. sub OleUnpackPackages { my($this, $explodeinto, $parentname, @NativeFilenames) = @_; my($infh, $byte, $number, $buffer, $outname); my($finished, $length, $size); OLEFILE: foreach my $inname (@NativeFilenames) { 3370 --> $size = -s "$explodeinto/$inname"; cheers, --tom From thomasl at mtl.mit.edu Mon Jan 18 14:15:30 2010 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Mon Jan 18 14:16:46 2010 Subject: problem with latest beta In-Reply-To: <4B546750.8050008@mtl.mit.edu> References: <4B546750.8050008@mtl.mit.edu> Message-ID: <4B546D02.2030608@mtl.mit.edu> Actually, sorry, I didn't actually include the real offending line - which is 3342. #print STDERR "Unpacking $explodeinto/$olename\n"; eval { #return 1 unless $ole = OLE::Storage_Lite::PPS->new(1,2,3,4,5,6,7,8, # 9,10,11,12,13); my $tmpnam = "$explodeinto/$olename"; --> $tmpnam =~ s/^(.*)$/; It looks like it's missing a '/' right before the ';' - adding that and the compilation errors go away. cheers, --tom > Scalar found where operator expected at > /usr/local/MailScanner/lib/MailScanner/Message.pm line 3370, near "$size > = -s "$explodeinto/$inname" > (Might be a runaway multi-line // string starting on line 3342) From MailScanner at ecs.soton.ac.uk Mon Jan 18 14:49:39 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 18 14:49:59 2010 Subject: problem with latest beta In-Reply-To: <4B546D02.2030608@mtl.mit.edu> References: <4B546750.8050008@mtl.mit.edu> <4B546D02.2030608@mtl.mit.edu> <4B547503.4080900@ecs.soton.ac.uk> Message-ID: On 18/01/2010 14:15, Thomas Lohman wrote: > Actually, sorry, I didn't actually include the real offending line - > which is 3342. > > #print STDERR "Unpacking $explodeinto/$olename\n"; > eval { > #return 1 unless $ole = OLE::Storage_Lite::PPS->new(1,2,3,4,5,6,7,8, > # 9,10,11,12,13); > my $tmpnam = "$explodeinto/$olename"; > --> $tmpnam =~ s/^(.*)$/; Remove the "s" just before the first "/". Sorry about that, I'll fix it and republish. > > It looks like it's missing a '/' right before the ';' - adding that > and the compilation errors go away. > > cheers, > > > --tom > >> Scalar found where operator expected at >> /usr/local/MailScanner/lib/MailScanner/Message.pm line 3370, near >> "$size = -s "$explodeinto/$inname" >> (Might be a runaway multi-line // string starting on line 3342) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thomasl at mtl.mit.edu Mon Jan 18 15:29:07 2010 From: thomasl at mtl.mit.edu (Thomas Lohman) Date: Mon Jan 18 15:29:49 2010 Subject: problem with latest beta In-Reply-To: References: <4B546750.8050008@mtl.mit.edu> <4B546D02.2030608@mtl.mit.edu> <4B547503.4080900@ecs.soton.ac.uk> Message-ID: <4B547E43.8060900@mtl.mit.edu> Thanks Julian - that did the trick. --tom > Remove the "s" just before the first "/". Sorry about that, I'll fix it > and republish. From submit at zuka.net Tue Jan 19 03:21:40 2010 From: submit at zuka.net (Dave Filchak) Date: Tue Jan 19 03:23:57 2010 Subject: Birthday Message-ID: <4B552544.8030404@zuka.net> Happy belated birthday Jules. Thanks for all your efforts and contributions. Dave From jethro.binks at strath.ac.uk Tue Jan 19 10:04:46 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue Jan 19 10:04:57 2010 Subject: Hi-scoring spam delivered Message-ID: I have just had my attention drawn to a case where a spam was identified: 2010-01-18T19:32:50+00:00 MailScanner[7837]: Message 1NWxLB-0008IA-8E from 87.248.114.81 (badspammer@example.com) to strath.ac.uk is spam, SpamAssassin (cached, score=10.098, required 6.5, autolearn=disabled, ADVANCE_FEE_2 2.05, ADVANCE_FEE_3 1.44, ADVANCE_FEE_4 1.50, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, HTML_MESSAGE 0.00, MILLION_USD 1.78, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67) The score was 10.098. My "high scoring" threshold is 11, so I would normally expect this message to have been delivered with the inline warning added, and "{spam?}" added to the Subject. This is how it has operated successfully for years. In this case, the message was delivered to the end user with the inline warning, but "{spam?}" was not added to the Subject. I have examples of the same spam at about the same time being delivered to the end user with "{spam?}" successfully added. The only thing that may be different here is that the one without "{spam?}" was scored as a result of the SA cache. But I've never seen this lack of "{spam?}" happen before. (Not to say that it hasn't done, of course!). It seems unlikely to me that whether it is cached has any bearing on the actions taken. Spam Modify Subject = yes Spam Subject Text = {spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {SPAM?} spam.actions.rules: ... To: default deliver striphtml attachment Anyone have any ideas? I am running FreeBSD dev port from a while ago, 4.78.15_1. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From ssilva at sgvwater.com Tue Jan 19 23:55:04 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 19 23:55:35 2010 Subject: [Fwd: Re: smf-sav & CentOS5] In-Reply-To: <4B50D31E.5070203@marcsnet.com> References: <4B50D31E.5070203@marcsnet.com> Message-ID: on 1-15-2010 12:42 PM Marc Lucke spake the following: > I'll either try to work out what is wrong with smf-save on my 2x CentOS > 5.4 boxes or I'll looking into Postfix :) The smf-sav list is looking a > little sad but my question wasn't only about if people here had it > running or not, but also if anyone was running another solution other > than milter-ahead which I don't want to pay for or smf-sav which I'm > having some sort of problem with. > > I did see the exchange script stuff but I won't implement that. > > Postfix looks like the best solution to me! > > Thanks list, for your input and advice! :) > I'm currently using mimedefang for this, but it is a large tool for a small job. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100119/2937f6b9/signature.bin From correo at miguelangelnieto.net Wed Jan 20 10:07:32 2010 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Wed Jan 20 10:08:03 2010 Subject: mailscanner batch problems Message-ID: Hi, Im using postfix. I have this option, with 10 children. Queue Scan Interval = 5 This is a normal behavior: Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages waiting Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages waiting Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages waiting Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages waiting Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages waiting Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages waiting But yerterday I have this problem (with 800+ mails in hold queue) Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages waiting Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages waiting Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages waiting Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages waiting Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages waiting Five minutes from one batch to another one! To solve the problem I had to restart MailScanner. Can you help me? :) P.D. My first problem with Mailscanner in... "11:04:13 up 154 days" :) -- Lo que har?a ser?a hacerme pasar por sordomudo y as? no tendr?a que hablar. Si quer?an decirme algo, tendr?an que escribirlo en un papelito y ense??rmelo. Al final se hartar?an y ya no tendr?a que hablar el resto de mi vida. From MailScanner at ecs.soton.ac.uk Wed Jan 20 10:32:59 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 20 10:33:29 2010 Subject: mailscanner batch problems In-Reply-To: References: <4B56DBDB.9020605@ecs.soton.ac.uk> Message-ID: Do a "MailScanner --debug" and see if it shows any problems. It should pick up 1 batch, process it and then quit. If it produces any error messages, let me know the *full* text of the exact error message. Jules. On 20/01/2010 10:07, Miguel Angel Nieto wrote: > Hi, > > Im using postfix. > > I have this option, with 10 children. > > Queue Scan Interval = 5 > > This is a normal behavior: > > Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages waiting > Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages waiting > Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages waiting > Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages waiting > Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages waiting > Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages waiting > > But yerterday I have this problem (with 800+ mails in hold queue) > > Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages waiting > Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages waiting > Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages waiting > Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages waiting > Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages waiting > > Five minutes from one batch to another one! > > To solve the problem I had to restart MailScanner. > > Can you help me? :) > > P.D. > > My first problem with Mailscanner in... "11:04:13 up 154 days" :) > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rlopezcnm at gmail.com Wed Jan 20 18:03:24 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed Jan 20 18:03:36 2010 Subject: Force a sender's email to quarantine? Message-ID: [In gmane I see this subject question has been asked, but I saw no answer.] We have an application that helps us shut down SPAM email being sent out from a compromised account. (Invariably compromised after the account owner replied to some phishing email.) The application tails the maillog and keeps data to detect when any individual account starts to send a lot of email. Right now the action is to send a page to our team. We then access the gateway that sent the page and make a guess if it could be legitimate or really a spammer. We would like to change the application to put all of the email from the identified account into a quarantine file. Using postfix and MailScanner, we might have opportunities to use either tool. Due to MailScanner using the postfix hold que to pass email to MailScanner, I do not think we have the possibility of having postfix put the selected email on hold. I am looking for a way to use MailScanner to quarantine all the user's email (whole message) as queue files. Any suggestions as to which MailScanner features could be used to do this? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From jakelly at chapman.edu Wed Jan 20 18:31:04 2010 From: jakelly at chapman.edu (Kelly, James) Date: Wed Jan 20 18:32:30 2010 Subject: Force a sender's email to quarantine? References: Message-ID: <1D24CD9EFE6C9C409D1F6196F0BC68A8012A4F@ADAM.chapman.edu> We have a very similar script watching our outbound mail logs. To "quarantine" the suspect outbound mail we use the script itself (perl, in our case) to add the suspect messages' from address with a redirect action into the postfix sender_restrictions table on the gateway(s) and then regenerate the .db. from@large.chinese.isp REDIRECT quarantine-acct@ourdomain.tld If the spammer changes the from, the script notices and adds the new from(s) also. We use scripts to resend the messages in the quarantine account with the original from/to if they turn out to be false positives. Thanks, James __ James Kelly Network Administrator IS&T Network Operations Chapman University Phone: 714-744-7833 Email: jakelly@chapman.edu --- CHAPMAN UNIVERSITY WILL NEVER ASK FOR YOUR PASSWORD! DO NOT SHARE YOUR PASSWORD WITH OTHERS! If you wish to modify your Chapman email address account information: Use the account management web page at https://web.chapman.edu/accountmanagement/, Call the Chapman University helpdesk at (714) 997-6600, or Contact helpdesk@chapman.edu. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Robert Lopez Sent: Wednesday, January 20, 2010 10:03 AM To: MailScanner discussion Subject: Force a sender's email to quarantine? [In gmane I see this subject question has been asked, but I saw no answer.] We have an application that helps us shut down SPAM email being sent out from a compromised account. (Invariably compromised after the account owner replied to some phishing email.) The application tails the maillog and keeps data to detect when any individual account starts to send a lot of email. Right now the action is to send a page to our team. We then access the gateway that sent the page and make a guess if it could be legitimate or really a spammer. We would like to change the application to put all of the email from the identified account into a quarantine file. Using postfix and MailScanner, we might have opportunities to use either tool. Due to MailScanner using the postfix hold que to pass email to MailScanner, I do not think we have the possibility of having postfix put the selected email on hold. I am looking for a way to use MailScanner to quarantine all the user's email (whole message) as queue files. Any suggestions as to which MailScanner features could be used to do this? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rlopezcnm at gmail.com Wed Jan 20 19:38:01 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed Jan 20 19:38:15 2010 Subject: Force a sender's email to quarantine? In-Reply-To: <1D24CD9EFE6C9C409D1F6196F0BC68A8012A4F@ADAM.chapman.edu> References: <1D24CD9EFE6C9C409D1F6196F0BC68A8012A4F@ADAM.chapman.edu> Message-ID: On Wed, Jan 20, 2010 at 11:31 AM, Kelly, James wrote: > We have a very similar script watching our outbound mail logs. To > "quarantine" the suspect outbound mail we use the script itself (perl, > in our case) to add the suspect messages' from address with a redirect > action into the postfix sender_restrictions table on the gateway(s) and > then regenerate the .db. > > from@large.chinese.isp ? ? REDIRECT quarantine-acct@ourdomain.tld > > If the spammer changes the from, the script notices and adds the new > from(s) also. > > We use scripts to resend the messages in the quarantine account with the > original from/to if they turn out to be false positives. James, That seems a simple idea. Thanks for pointing out is is possible to this with postfix. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From glenn.steen at gmail.com Thu Jan 21 07:26:19 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 21 07:26:32 2010 Subject: Force a sender's email to quarantine? In-Reply-To: References: <1D24CD9EFE6C9C409D1F6196F0BC68A8012A4F@ADAM.chapman.edu> Message-ID: <223f97701001202326m19555781p5318a75dc540baa8@mail.gmail.com> Of course you can do it with MailScanner as well... Use the blacklist...;-) And perhaps force blacklisted items to be highscoring, depending on your spam actions, of course:-) Cheers (from the ski-slopes...:-D) 2010/1/20, Robert Lopez : > On Wed, Jan 20, 2010 at 11:31 AM, Kelly, James wrote: >> We have a very similar script watching our outbound mail logs. To >> "quarantine" the suspect outbound mail we use the script itself (perl, >> in our case) to add the suspect messages' from address with a redirect >> action into the postfix sender_restrictions table on the gateway(s) and >> then regenerate the .db. >> >> from@large.chinese.isp ? ? REDIRECT quarantine-acct@ourdomain.tld >> >> If the spammer changes the from, the script notices and adds the new >> from(s) also. >> >> We use scripts to resend the messages in the quarantine account with the >> original from/to if they turn out to be false positives. > > > James, > > That seems a simple idea. Thanks for pointing out is is possible to > this with postfix. > > -- > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From correo at miguelangelnieto.net Thu Jan 21 11:39:28 2010 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Thu Jan 21 11:40:02 2010 Subject: mailscanner batch problems In-Reply-To: References: <4B56DBDB.9020605@ecs.soton.ac.uk> Message-ID: Hi Jules, This is the debug output: MailScanner --debug /etc/MailScanner/MailScanner.conf In Debugging mode, not forking... Ignore errors about failing to find EOCD signature format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 format error: can't find EOCD signature at /usr/sbin/MailScanner line 820 WARNING: Ignoring unsupported option --tempdir WARNING: Ignoring unsupported option --recursive (-r) WARNING: Ignoring deprecated option --disable-summary WARNING: Ignoring unsupported option --unrar Stopping now as you are debugging me. Thanks 2010/1/20 Julian Field : > Do a "MailScanner --debug" and see if it shows any problems. > It should pick up 1 batch, process it and then quit. If it produces any > error messages, let me know the *full* text of the exact error message. > > Jules. > > On 20/01/2010 10:07, Miguel Angel Nieto wrote: >> >> Hi, >> >> Im using postfix. >> >> I have this option, with 10 children. >> >> Queue Scan Interval = 5 >> >> This is a normal behavior: >> >> Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages >> waiting >> Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages >> waiting >> Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages >> waiting >> Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages >> waiting >> Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages >> waiting >> Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages >> waiting >> >> But yerterday I have this problem (with 800+ mails in hold queue) >> >> Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages >> waiting >> Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages >> waiting >> Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages >> waiting >> Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages >> waiting >> Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages >> waiting >> >> Five minutes from one batch to another one! >> >> To solve the problem I had to restart MailScanner. >> >> Can you help me? :) >> >> P.D. >> >> My first problem with Mailscanner in... "11:04:13 up 154 days" :) >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Lo que har?a ser?a hacerme pasar por sordomudo y as? no tendr?a que hablar. Si quer?an decirme algo, tendr?an que escribirlo en un papelito y ense??rmelo. Al final se hartar?an y ya no tendr?a que hablar el resto de mi vida. From MailScanner at ecs.soton.ac.uk Thu Jan 21 11:57:07 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 21 11:57:27 2010 Subject: mailscanner batch problems In-Reply-To: References: <4B56DBDB.9020605@ecs.soton.ac.uk> <4B584113.9020101@ecs.soton.ac.uk> Message-ID: On 21/01/2010 11:39, Miguel Angel Nieto wrote: > Hi Jules, > > This is the debug output: > > MailScanner --debug /etc/MailScanner/MailScanner.conf > In Debugging mode, not forking... > > Ignore errors about failing to find EOCD signature > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > format error: can't find EOCD signature > at /usr/sbin/MailScanner line 820 > WARNING: Ignoring unsupported option --tempdir > WARNING: Ignoring unsupported option --recursive (-r) > WARNING: Ignoring deprecated option --disable-summary > WARNING: Ignoring unsupported option --unrar > What virus scanner are you using, and what version? What version of MailScanner are you using? All of those error messages should be harmless, it's not crashing or anything. Does your /var/log/maillog indicate MailScanner continually restarting itself? > Stopping now as you are debugging me. > > Thanks > > 2010/1/20 Julian Field: > >> Do a "MailScanner --debug" and see if it shows any problems. >> It should pick up 1 batch, process it and then quit. If it produces any >> error messages, let me know the *full* text of the exact error message. >> >> Jules. >> >> On 20/01/2010 10:07, Miguel Angel Nieto wrote: >> >>> Hi, >>> >>> Im using postfix. >>> >>> I have this option, with 10 children. >>> >>> Queue Scan Interval = 5 >>> >>> This is a normal behavior: >>> >>> Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages >>> waiting >>> Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages >>> waiting >>> Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages >>> waiting >>> Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages >>> waiting >>> Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages >>> waiting >>> Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages >>> waiting >>> >>> But yerterday I have this problem (with 800+ mails in hold queue) >>> >>> Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages >>> waiting >>> Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages >>> waiting >>> Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages >>> waiting >>> Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages >>> waiting >>> Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages >>> waiting >>> >>> Five minutes from one batch to another one! >>> >>> To solve the problem I had to restart MailScanner. >>> >>> Can you help me? :) >>> >>> P.D. >>> >>> My first problem with Mailscanner in... "11:04:13 up 154 days" :) >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 21 12:00:29 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 21 12:00:43 2010 Subject: sophos-autoupdate script requires update In-Reply-To: <558387.31815.qm@web110801.mail.gq1.yahoo.com> References: <558387.31815.qm@web110801.mail.gq1.yahoo.com> <4B5841DD.1040108@ecs.soton.ac.uk> Message-ID: I have added the change into the code, it should indeed work just fine. It will be in the next release, and is in the ChangeLog that people should read when they upgrade. I hope you don't mind, but I have posted this reply to the MailScanner mailing list so that other users find out about the change as well. Jules. On 20/01/2010 14:32, Christopher Wells wrote: > Afternoon Julian, > > I trust you are well? I have a request please, I have been experiencing problems with the "sophos-wrapper" script for the month of December 2009 / January 2010. I seem to have found that the problem exists due to the "sophos-autoupdate" script. It appears for Sophos V4 users, the script requires a modification to line 127 - the default scipt reads for line 127 - > > foreach $vdlsus ("vdl", "sus") { > > This line now needs to include the new "xvdl" files thank to Sophos not informing their customers - the line appears to work if I use - > > foreach 4vdlsus ("vdl", "sus", "xvdl") { > > Even if you could please advise the other Sophos users of this change - would assist us in this regard. > > Thanks for a wonderful product, > Regards > Christopher > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From correo at miguelangelnieto.net Thu Jan 21 12:33:25 2010 From: correo at miguelangelnieto.net (Miguel Angel Nieto) Date: Thu Jan 21 12:33:58 2010 Subject: mailscanner batch problems In-Reply-To: References: <4B56DBDB.9020605@ecs.soton.ac.uk> <4B584113.9020101@ecs.soton.ac.uk> Message-ID: Hi, I think i have found the error :) Jan 21 10:39:03 xxxx MailScanner[2877]: Message F416C23820E.1FCFD is too big for available disk space in /var/spool/MailScanner/incoming, skipping it Jan 21 10:39:03 xxxx MailScanner[2877]: Message 03AC82381D4.57E49 is too big for available disk space in /var/spool/MailScanner/incoming, skipping it Jan 21 10:39:03 xxxx MailScanner[8931]: Message BADC52381B3.19DE9 is too big for available disk space in /var/spool/MailScanner/incoming, skipping it /var/spool/MailScanner/incoming is in a tmpfs with 64 M only. I change it to 128 M. Thank you for your time Julian. 2010/1/21 Julian Field : > > > On 21/01/2010 11:39, Miguel Angel Nieto wrote: >> >> Hi Jules, >> >> This is the debug output: >> >> MailScanner --debug /etc/MailScanner/MailScanner.conf >> In Debugging mode, not forking... >> >> Ignore errors about failing to find EOCD signature >> format error: can't find EOCD signature >> ?at /usr/sbin/MailScanner line 820 >> format error: can't find EOCD signature >> ?at /usr/sbin/MailScanner line 820 >> WARNING: Ignoring unsupported option --tempdir >> WARNING: Ignoring unsupported option --recursive (-r) >> WARNING: Ignoring deprecated option --disable-summary >> WARNING: Ignoring unsupported option --unrar >> > > What virus scanner are you using, and what version? > What version of MailScanner are you using? > > All of those error messages should be harmless, it's not crashing or > anything. > Does your /var/log/maillog indicate MailScanner continually restarting > itself? >> >> Stopping now as you are debugging me. >> >> Thanks >> >> 2010/1/20 Julian Field: >> >>> >>> Do a "MailScanner --debug" and see if it shows any problems. >>> It should pick up 1 batch, process it and then quit. If it produces any >>> error messages, let me know the *full* text of the exact error message. >>> >>> Jules. >>> >>> On 20/01/2010 10:07, Miguel Angel Nieto wrote: >>> >>>> >>>> Hi, >>>> >>>> Im using postfix. >>>> >>>> I have this option, with 10 children. >>>> >>>> Queue Scan Interval = 5 >>>> >>>> This is a normal behavior: >>>> >>>> Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages >>>> waiting >>>> Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages >>>> waiting >>>> Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages >>>> waiting >>>> Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages >>>> waiting >>>> Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages >>>> waiting >>>> Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages >>>> waiting >>>> >>>> But yerterday I have this problem (with 800+ mails in hold queue) >>>> >>>> Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages >>>> waiting >>>> Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages >>>> waiting >>>> Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages >>>> waiting >>>> Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages >>>> waiting >>>> Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages >>>> waiting >>>> >>>> Five minutes from one batch to another one! >>>> >>>> To solve the problem I had to restart MailScanner. >>>> >>>> Can you help me? :) >>>> >>>> P.D. >>>> >>>> My first problem with Mailscanner in... "11:04:13 up 154 days" :) >>>> >>>> >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Lo que har?a ser?a hacerme pasar por sordomudo y as? no tendr?a que hablar. Si quer?an decirme algo, tendr?an que escribirlo en un papelito y ense??rmelo. Al final se hartar?an y ya no tendr?a que hablar el resto de mi vida. From MailScanner at ecs.soton.ac.uk Thu Jan 21 12:56:13 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 21 12:56:26 2010 Subject: mailscanner batch problems In-Reply-To: References: <4B56DBDB.9020605@ecs.soton.ac.uk> <4B584113.9020101@ecs.soton.ac.uk> <4B584EED.1030808@ecs.soton.ac.uk> Message-ID: As the default batch size is Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m you will need enough space to store 2 copies of each message, giving a total of 200MBytes. I would advise you set it to be at least 256 MBytes. But if you are using tmpfs, you don't need to specify the size anyway, it will just make use of as much space as it needs, as it takes it from your virtual memory pool. So your best solution is to use tmpfs and stop telling it how much space to use at all. It will work it all out for itself, just leave it to get on with it. Jules. On 21/01/2010 12:33, Miguel Angel Nieto wrote: > Hi, > > I think i have found the error :) > > Jan 21 10:39:03 xxxx MailScanner[2877]: Message F416C23820E.1FCFD is > too big for available disk space in /var/spool/MailScanner/incoming, > skipping it > Jan 21 10:39:03 xxxx MailScanner[2877]: Message 03AC82381D4.57E49 is > too big for available disk space in /var/spool/MailScanner/incoming, > skipping it > Jan 21 10:39:03 xxxx MailScanner[8931]: Message BADC52381B3.19DE9 is > too big for available disk space in /var/spool/MailScanner/incoming, > skipping it > > /var/spool/MailScanner/incoming is in a tmpfs with 64 M only. I > change it to 128 M. > > Thank you for your time Julian. > > 2010/1/21 Julian Field: > >> >> On 21/01/2010 11:39, Miguel Angel Nieto wrote: >> >>> Hi Jules, >>> >>> This is the debug output: >>> >>> MailScanner --debug /etc/MailScanner/MailScanner.conf >>> In Debugging mode, not forking... >>> >>> Ignore errors about failing to find EOCD signature >>> format error: can't find EOCD signature >>> at /usr/sbin/MailScanner line 820 >>> format error: can't find EOCD signature >>> at /usr/sbin/MailScanner line 820 >>> WARNING: Ignoring unsupported option --tempdir >>> WARNING: Ignoring unsupported option --recursive (-r) >>> WARNING: Ignoring deprecated option --disable-summary >>> WARNING: Ignoring unsupported option --unrar >>> >>> >> What virus scanner are you using, and what version? >> What version of MailScanner are you using? >> >> All of those error messages should be harmless, it's not crashing or >> anything. >> Does your /var/log/maillog indicate MailScanner continually restarting >> itself? >> >>> Stopping now as you are debugging me. >>> >>> Thanks >>> >>> 2010/1/20 Julian Field: >>> >>> >>>> Do a "MailScanner --debug" and see if it shows any problems. >>>> It should pick up 1 batch, process it and then quit. If it produces any >>>> error messages, let me know the *full* text of the exact error message. >>>> >>>> Jules. >>>> >>>> On 20/01/2010 10:07, Miguel Angel Nieto wrote: >>>> >>>> >>>>> Hi, >>>>> >>>>> Im using postfix. >>>>> >>>>> I have this option, with 10 children. >>>>> >>>>> Queue Scan Interval = 5 >>>>> >>>>> This is a normal behavior: >>>>> >>>>> Jan 19 13:06:06 xxx MailScanner[32244]: New Batch: Found 3 messages >>>>> waiting >>>>> Jan 19 13:06:07 xxx MailScanner[32457]: New Batch: Found 4 messages >>>>> waiting >>>>> Jan 19 13:06:08 xxx MailScanner[32001]: New Batch: Found 4 messages >>>>> waiting >>>>> Jan 19 13:06:09 xxx MailScanner[31253]: New Batch: Found 4 messages >>>>> waiting >>>>> Jan 19 13:06:10 xxx MailScanner[32457]: New Batch: Found 6 messages >>>>> waiting >>>>> Jan 19 13:06:12 xxx MailScanner[31253]: New Batch: Found 7 messages >>>>> waiting >>>>> >>>>> But yerterday I have this problem (with 800+ mails in hold queue) >>>>> >>>>> Jan 19 12:49:08 xxx MailScanner[5079]: New Batch: Found 368 messages >>>>> waiting >>>>> Jan 19 12:50:39 xxx MailScanner[1920]: New Batch: Found 412 messages >>>>> waiting >>>>> Jan 19 12:51:22 xxx MailScanner[2377]: New Batch: Found 431 messages >>>>> waiting >>>>> Jan 19 12:52:03 xxx MailScanner[7883]: New Batch: Found 450 messages >>>>> waiting >>>>> Jan 19 12:57:07 xxx MailScanner[2377]: New Batch: Found 752 messages >>>>> waiting >>>>> >>>>> Five minutes from one batch to another one! >>>>> >>>>> To solve the problem I had to restart MailScanner. >>>>> >>>>> Can you help me? :) >>>>> >>>>> P.D. >>>>> >>>>> My first problem with Mailscanner in... "11:04:13 up 154 days" :) >>>>> >>>>> >>>>> >>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Jan 21 13:06:33 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jan 21 13:06:52 2010 Subject: FW: PROPOSED 3.3.0 Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08ACE60E@HC-MBX02.herefordshire.gov.uk> Hi folks, spamassassin 3.3.0 is about to be released. Jules, the release announcement adds a few new requirements for perl modules (and removes some). Is there any chance that in the next beta of MailScanner a chack can be made for these modules in MailScanner -V? Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: jmason@gmail.com [mailto:jmason@gmail.com] On Behalf Of Justin Mason Sent: 21 January 2010 12:31 To: SpamAssassin Dev Subject: PROPOSED 3.3.0 here's the new recut. http://people.apache.org/~jm/devel/ : md5sum of archive files: 58a439f930b49b0a3747c6caa738acc6 Mail-SpamAssassin-3.3.0.tar.bz2 a24302ff6a3c410b5c6b84041877c914 Mail-SpamAssassin-3.3.0.tar.gz ed99edd70819579bcc722411e1da49a1 Mail-SpamAssassin-3.3.0.zip d60aece3341b48befc549110eb271b8e Mail-SpamAssassin-rules-3.3.0.r900610.tgz sha1sum of archive files: 5e639ccf5773e3a1781285ea104f05394b5ea1b0 Mail-SpamAssassin-3.3.0.tar.bz2 598eebc4791dc7c7b958d87f9a33ecaef12edd09 Mail-SpamAssassin-3.3.0.tar.gz 8e425d21593140ee3a6ae0cb7a30d515b6227c95 Mail-SpamAssassin-3.3.0.zip 6f642382d7870c2cb542f50b22a0adb250165c6f Mail-SpamAssassin-rules-3.3.0.r900610.tgz announcement mail: http://people.apache.org/~jm/devel/PROPOSED-3.3.0.txt please vote! -- --j. Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From ms-list at alexb.ch Thu Jan 21 13:21:12 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Jan 21 13:21:25 2010 Subject: FW: PROPOSED 3.3.0 In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA08ACE60E@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA08ACE60E@HC-MBX02.herefordshire.gov.uk> Message-ID: <4B5854C8.6050801@alexb.ch> On 1/21/2010 2:06 PM, Randal, Phil wrote: > Hi folks, > > spamassassin 3.3.0 is about to be released. to avoid surprises (and/or panic) , before you blindly update, make sure you check the readmes in the source archives. There's been lots of changes in the rules dept, as well as plugins which definietly require attention, especially if you have metas or changed default SA 3.2.5 rule scores. > > Jules, the release announcement adds a few new requirements for perl > modules (and removes some). > > Is there any chance that in the next beta of MailScanner a chack can be > made for these modules in MailScanner -V? > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: jmason@gmail.com [mailto:jmason@gmail.com] On Behalf Of Justin > Mason > Sent: 21 January 2010 12:31 > To: SpamAssassin Dev > Subject: PROPOSED 3.3.0 > > here's the new recut. > > http://people.apache.org/~jm/devel/ : > > md5sum of archive files: > > 58a439f930b49b0a3747c6caa738acc6 Mail-SpamAssassin-3.3.0.tar.bz2 > a24302ff6a3c410b5c6b84041877c914 Mail-SpamAssassin-3.3.0.tar.gz > ed99edd70819579bcc722411e1da49a1 Mail-SpamAssassin-3.3.0.zip > d60aece3341b48befc549110eb271b8e > Mail-SpamAssassin-rules-3.3.0.r900610.tgz > > sha1sum of archive files: > > 5e639ccf5773e3a1781285ea104f05394b5ea1b0 > Mail-SpamAssassin-3.3.0.tar.bz2 > 598eebc4791dc7c7b958d87f9a33ecaef12edd09 > Mail-SpamAssassin-3.3.0.tar.gz > 8e425d21593140ee3a6ae0cb7a30d515b6227c95 Mail-SpamAssassin-3.3.0.zip > 6f642382d7870c2cb542f50b22a0adb250165c6f > Mail-SpamAssassin-rules-3.3.0.r900610.tgz > > announcement mail: http://people.apache.org/~jm/devel/PROPOSED-3.3.0.txt > > please vote! > > -- > --j. > Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. > You should be aware that Herefordshire Council monitors its email service. > This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From MailScanner at ecs.soton.ac.uk Thu Jan 21 14:52:41 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 21 14:52:56 2010 Subject: Grand Theft Auto: Chinatown Wars References: <4B586A39.7030504@ecs.soton.ac.uk> Message-ID: I'm famous! I just saw one of my colleagues playing GTA Chinatown Wars on his iPhone, which has recently been released. In the game, you have an in-game PDA, which has its own Inbox of messages written by the game's authors. Top of the list of the email messages: a spam message with MailScanner's (now)famous "(SPAM?)" subject line tag. I have finally conquered the world. You will be assimilated. Bwaahaahaa..... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Hostmaster at computerservicecentre.com Thu Jan 21 15:06:52 2010 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Thu Jan 21 15:07:02 2010 Subject: Grand Theft Auto: Chinatown Wars In-Reply-To: References: <4B586A39.7030504@ecs.soton.ac.uk> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A5E65BC@commssrv01.computerservicecentre.com> Congrats! Surely you should now contact Rockstar/EA to claim royalties (or at least a donation to the MailScanner project) ;-) Richard -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Posted At: 21 January 2010 14:53 Posted To: Hostmaster Conversation: Grand Theft Auto: Chinatown Wars Subject: Grand Theft Auto: Chinatown Wars I'm famous! I just saw one of my colleagues playing GTA Chinatown Wars on his iPhone, which has recently been released. In the game, you have an in-game PDA, which has its own Inbox of messages written by the game's authors. Top of the list of the email messages: a spam message with MailScanner's (now)famous "(SPAM?)" subject line tag. I have finally conquered the world. You will be assimilated. Bwaahaahaa..... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From oliver at linux-kernel.at Thu Jan 21 15:08:09 2010 From: oliver at linux-kernel.at (Oliver Falk) Date: Thu Jan 21 15:08:33 2010 Subject: Grand Theft Auto: Chinatown Wars In-Reply-To: References: <4B586A39.7030504@ecs.soton.ac.uk> Message-ID: <4B586DD9.2000101@linux-kernel.at> On 01/21/2010 03:52 PM, Julian Field wrote: > I'm famous! > > I just saw one of my colleagues playing GTA Chinatown Wars on his > iPhone, which has recently been released. > > In the game, you have an in-game PDA, which has its own Inbox of > messages written by the game's authors. > > Top of the list of the email messages: a spam message with MailScanner's > (now)famous "(SPAM?)" subject line tag. > > I have finally conquered the world. You will be assimilated. > > Bwaahaahaa..... -> http://twitter.com/#search?q=%23MailScanner 8-) -of From MailScanner at ecs.soton.ac.uk Fri Jan 22 09:45:29 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 22 09:45:42 2010 Subject: GTA Chinatown Wars References: <4B5973B9.8010403@ecs.soton.ac.uk> Message-ID: I know it isn't polite netiquette to send an image to a mailing list, but for those of you who haven't rushed out and bought a copy of GTA Chinatown Wars to see the MailScanner mention, attached is a screenshot of the game showing the contents of the initial Inbox you get in the game. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: GTA Chinatown Wars.png Type: image/png Size: 41554 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/ad58e41f/GTAChinatownWars-0001.png From eliott100 at gmail.com Fri Jan 22 12:50:31 2010 From: eliott100 at gmail.com (Eliott) Date: Fri Jan 22 12:50:43 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: Message-ID: Hi! we are about to migrate an old imlementation while upgrading all the components and came across a strange problem. With MailScanner 4.78.17 and avg 8.5.288 we see the following log entries: -------------- Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: Scanning 1 messages, 1338 bytes Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content Scanning: Starting Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus identified EICAR_Test in eicar.txt Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Avg found 1 infections Jan 18 15:47:23 localhost MailScanner[4725]: Infected message ESC[2Ko0IElNL7004734 came from Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Found 1 viruses Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: Delivered 1 messages Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages from processing-database smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], dsn=2.0.0, stat=Sent (Message accepted for delivery) --------------- I have checked SweepVisuses.pm, but there the output seems to be parsed well. Is this a configuration issue or a bug? Thanks and regards Eliott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/1f6d1ab4/attachment.html From alex at rtpty.com Fri Jan 22 14:21:30 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Jan 22 14:22:25 2010 Subject: GTA Chinatown Wars In-Reply-To: References: <4B5973B9.8010403@ecs.soton.ac.uk> Message-ID: <23C30500-08F6-4D47-9EB2-0F765F51A3E4@rtpty.com> Couldn't they use curly brackets? :-D {SPAM?} On Jan 22, 2010, at 4:45 AM, Julian Field wrote: > I know it isn't polite netiquette to send an image to a mailing list, but for those of you who haven't rushed out and bought a copy of GTA Chinatown Wars to see the MailScanner mention, attached is a screenshot of the game showing the contents of the initial Inbox you get in the game. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 22 14:33:11 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 22 14:33:33 2010 Subject: Potential incompatibility between MailScanner and avg8 In-Reply-To: References: <4B59B727.70000@ecs.soton.ac.uk> Message-ID: That looks like a terminal type problem. What happens if you do env - /usr/sbin/check_mailscanner instead of just /usr/sbin/check_mailscanner ? On 22/01/2010 12:50, Eliott wrote: > Hi! > > we are about to migrate an old imlementation while upgrading all the > components and came across a strange problem. > With MailScanner 4.78.17 and avg 8.5.288 we see the following log > entries: > -------------- > Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: Scanning 1 > messages, 1338 bytes > Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content > Scanning: Starting > Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus identified > EICAR_Test in eicar.txt > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Avg found > 1 infections > Jan 18 15:47:23 localhost MailScanner[4725]: Infected message > ESC[2Ko0IElNL7004734 came from > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Found 1 > viruses > Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: Delivered 1 > messages > Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages from > processing-database > smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], dsn=2.0.0, > stat=Sent (Message accepted for delivery) > --------------- > I have checked SweepVisuses.pm, but there the output seems to be > parsed well. Is this a configuration issue or a bug? > > Thanks and regards > Eliott > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lyndonl at mexcom.co.za Fri Jan 22 16:17:14 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Jan 22 16:17:36 2010 Subject: MailScanner: Message attempted to kill MailScanner Message-ID: Hello All I hope you can shed some light on the below issue This is a new install of MailScanner 4.79.5 FreeBSD 8.0 amd64 postfix-2.6.5,1 p5-Mail-SpamAssassin-3.2.5_4 clamav-0.95.3 All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb most seem to be word docs both .doc and .docx I have turned off OLE scans to see if that was a part of the problem ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) Max Spam Check Size = 40k Max SpamAssassin Size = 40k Max Custom Spam Scanner Size = 40k the Server is a Xeon 2Ghz quad core 4 GB RAM it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem the below message was 333.6kb From MailWatch interface: Subject: removed to protect the innocent MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CA9B73.4F7F8242" Date: Fri, 22 Jan 2010 16:58:08 +0200 Message-ID: Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: removed to protect the innocent Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= X-Priority: 1 Priority: Urgent Importance: high From maillog Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id= Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL Regards, Lyndon -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/d892d3e8/attachment.html From Garrod.Alwood at lorodoes.com Fri Jan 22 16:17:56 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Fri Jan 22 16:24:11 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: Message-ID: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> You need to get an update, I had the same problem Garrod Alwood Open Source Consultant 9047384988 Garrod.alwood@lorodoes.com Sent from my iPod On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" > wrote: Hello All I hope you can shed some light on the below issue This is a new install of MailScanner 4.79.5 FreeBSD 8.0 amd64 postfix-2.6.5,1 p5-Mail-SpamAssassin-3.2.5_4 clamav-0.95.3 All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb most seem to be word docs both .doc and .docx I have turned off OLE scans to see if that was a part of the problem ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) Max Spam Check Size = 40k Max SpamAssassin Size = 40k Max Custom Spam Scanner Size = 40k the Server is a Xeon 2Ghz quad core 4 GB RAM it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem the below message was 333.6kb From MailWatch interface: Subject: removed to protect the innocent MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CA9B73.4F7F8242" Date: Fri, 22 Jan 2010 16:58:08 +0200 Message-ID: <B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local> Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: removed to protect the innocent Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= X-Priority: 1 Priority: Urgent Importance: high From maillog Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id=<B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL Regards, Lyndon -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/b9ad1cb4/attachment.html From support-lists at petdoctors.co.uk Fri Jan 22 16:50:13 2010 From: support-lists at petdoctors.co.uk (PD Support) Date: Fri Jan 22 16:50:37 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: Message-ID: <016201ca9b82$f834bce0$e89e36a0$@co.uk> Also check folder permissions and that required folders exist - one recent install didn't make them all for me (I suspect this was a glitch in the SpamAssassin install rather than MailScanner). I also had this a while back on a server where the disk was full, although I expect this isn't your problem. NK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/aa54812a/attachment.html From MailScanner at ecs.soton.ac.uk Fri Jan 22 16:51:03 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 22 16:51:20 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> References: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> <4B59D777.5040600@ecs.soton.ac.uk> Message-ID: Yes, just install the latest version available on the website. On 22/01/2010 16:17, Garrod M. Alwood wrote: > You need to get an update, I had the same problem > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" > > wrote: > >> Hello All >> >> I hope you can shed some light on the below issue >> >> This is a new install of MailScanner 4.79.5 >> FreeBSD 8.0 amd64 >> postfix-2.6.5,1 >> p5-Mail-SpamAssassin-3.2.5_4 >> clamav-0.95.3 >> >> All the effected mails seem to have attachments, mail sizes vary most >> are over 200kb but some are only 80kb >> most seem to be word docs both .doc and .docx >> I have turned off OLE scans to see if that was a part of the problem >> >> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) >> >> Max Spam Check Size = 40k >> Max SpamAssassin Size = 40k >> Max Custom Spam Scanner Size = 40k >> >> >> >> the Server is a Xeon 2Ghz quad core 4 GB RAM >> it averages about 95% idle with about 2.5GB free RAM although when >> clamscan is running it might drop down to about 80% idle >> >> I can turn on the debug option but its not every mail that has this >> issue its probably 1 out of every 100 to 150 messages. so it might >> take some time to trigger the problem >> >> the below message was 333.6kb >> >> From MailWatch interface: >> >> Subject: /removed to protect the innocent/ >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; >> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" >> Date: Fri, 22 Jan 2010 16:58:08 +0200 >> Message-ID: >> > > >> Content-class: urn:content-classes:message >> X-MimeOLE: Produced By Microsoft Exchange V6.5 >> X-MS-Has-Attach: >> X-MS-TNEF-Correlator: >> Thread-Topic: removed to protect the innocent >> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= >> X-Priority: 1 >> Priority: Urgent >> Importance: high >> >> From maillog >> >> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: >> message-id=> > >> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at >> processing message EC4A71761FFF.00000 >> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at >> processing message EC4A71761FFF.00000 >> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at >> processing message EC4A71761FFF.00000 >> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at >> processing message EC4A71761FFF.00000 >> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at >> processing message EC4A71761FFF.00000 >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping >> message EC4A71761FFF.00000 as it has been attempted too many times >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message >> EC4A71761FFF.00000 as it caused MailScanner to crash several times >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to >> /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message >> EC4A71761FFF.00000 to SQL >> >> Regards, >> >> Lyndon >> >> >> >> -- >> This message has been scanned for viruses and dangerous content by the >> *Mexcom MailScanner*, and appears to be clean. >> Should you wish to secure your mail, call sales @ 011-801-4000, >> alternatively visit >> http://www.mexcom.co.za or mail sales@mexcom.co.za >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lyndonl at mexcom.co.za Fri Jan 22 17:41:38 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Jan 22 17:42:26 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> <4B59D777.5040600@ecs.soton.ac.uk> Message-ID: <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> Ok cool thanks all I will try that on monday, if the gods smile on my there might be an updated BSD port :) not that im holding my breath On 22 Jan 2010, at 6:51 PM, Julian Field wrote: > Yes, just install the latest version available on the website. > > On 22/01/2010 16:17, Garrod M. Alwood wrote: >> You need to get an update, I had the same problem >> >> Garrod Alwood >> Open Source Consultant >> 9047384988 >> Garrod.alwood@lorodoes.com >> Sent from my iPod >> >> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" > wrote: >> >>> Hello All >>> >>> I hope you can shed some light on the below issue >>> >>> This is a new install of MailScanner 4.79.5 >>> FreeBSD 8.0 amd64 >>> postfix-2.6.5,1 >>> p5-Mail-SpamAssassin-3.2.5_4 >>> clamav-0.95.3 >>> >>> All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb >>> most seem to be word docs both .doc and .docx >>> I have turned off OLE scans to see if that was a part of the problem >>> >>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) >>> >>> Max Spam Check Size = 40k >>> Max SpamAssassin Size = 40k >>> Max Custom Spam Scanner Size = 40k >>> >>> >>> >>> the Server is a Xeon 2Ghz quad core 4 GB RAM >>> it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle >>> >>> I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem >>> >>> the below message was 333.6kb >>> >>> From MailWatch interface: >>> >>> Subject: /removed to protect the innocent/ >>> MIME-Version: 1.0 >>> Content-Type: multipart/mixed; >>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" >>> Date: Fri, 22 Jan 2010 16:58:08 +0200 >>> Message-ID: > >>> Content-class: urn:content-classes:message >>> X-MimeOLE: Produced By Microsoft Exchange V6.5 >>> X-MS-Has-Attach: >>> X-MS-TNEF-Correlator: >>> Thread-Topic: removed to protect the innocent >>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= >>> X-Priority: 1 >>> Priority: Urgent >>> Importance: high >>> >>> From maillog >>> >>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id=> >>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 >>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 >>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 >>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 >>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL >>> >>> Regards, >>> >>> Lyndon >>> >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by the >>> *Mexcom MailScanner*, and appears to be clean. >>> Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit >>> http://www.mexcom.co.za or mail sales@mexcom.co.za >>> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mike at mlrw.com Fri Jan 22 17:58:27 2010 From: mike at mlrw.com (Mike Wallace) Date: Fri Jan 22 17:58:39 2010 Subject: Infected Messages Not Being Spam Checked In-Reply-To: References: <20091223094812.f74e1c30.lists@buschor.ch> Message-ID: <2C4D53D7-096E-4BC1-A863-DD80E5A8E91A@mlrw.com> I am having a problem with Virus infected messages not being spam checked and getting delivered to users. My configuration is MS 4.78.17-1 running on CentOS 5.4 with spamassassin 3.2.5-1 from the CentOS distribution, clamav 0.95.3-1and razor-agents 2.84-1 from rpmforge, pyzor 0.5.0 and dcc 1.3.115. I am using the following additional spamassassin rules; Sought, OpenProtect and a couple of custom ones. All messages with a spam score of > 5.0 and <10.0 are redirected to a special mailbox. Anything >10.0 are deleted. This works great as I have a false positive rate of 0.16% and a false negative rate of 0.87% (if I exclude the viruses that passed). None of the false positives are high scoring spam >10.0. Here is an example of a message that was not spam checked: Return-Path: improvesx66@wires.tv Received: from mailserver.mlrw.com (LHLO mailserver.mlrw.com) by mailserver.mlrw.com with LMTP; Thu, 21 Jan 2010 16:51:09 -0500 (EST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailserver.mlrw.com (Postfix) with ESMTP id 455AC1448859 for ; Thu, 21 Jan 2010 16:51:09 -0500 (EST) X-Virus-Scanned: amavisd-new at mlrw.com Received: from gateway.mlrw.com by mailserver.mlrw.com (Postfix) with ESMTP id ECE031448858 for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) Received: from mx1.mailhop.org (mxout-144-iad.mailhop.org [216.146.32.144]) by mlrw.com (Postfix) with ESMTP id 3E1FA2A00C4 for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) Received: from noblet1.lnk.telstra.net (noblet1.lnk.telstra.net [165.228.74.75]) by mx1.mailhop.org (Postfix) with ESMTP id CA691833D0B for ; Thu, 21 Jan 2010 21:51:02 +0000 (UTC) Received: from 165.228.74.75 by mailstore1.secureserver.net; Fri, 22 Jan 2010 08:50:57 +1000 Date: Fri, 22 Jan 2010 08:50:57 +1000 From: "DHL Manager Keven Allen" X-Mailer: The Bat! (v3.51.10) Professional Reply-To: improvesx66@wires.tv X-Priority: 3 (Normal) Message-ID: <256744380.35200801834064@wires.tv> To: user@mlrw.com Subject: {VIRUS?} DHL Delivery Problem Number 81419. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------4B369E401538E9" X-MLRW-MailScanner-ID: 3E1FA2A00C4.AAF25 X-MLRW-MailScanner-VirusCheck: Message was found to be infected X-MLRW-MailScanner-SpamCheck: X-MLRW-MailScanner-From: improvesx66@wires.tv ------------4B369E401538E9 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Dear customer! The courier company was not able to deliver your parcel by your address. Cause: Error in shipping address. You may pickup the parcel at our post office personaly! Attention! The shipping label is attached to this e-mail. Please print this label to get this package at our post office. Please do not reply to this e-mail, it is an unmonitored mailbox! Thank you. DHL Delivery Services. ------------4B369E401538E9 Content-Type: application/zip; name="DHL_Label_NR06283.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="DHL_Label_NR06283.zip" In the logs for clamd I see the following for that attachment: DHL_Label_NR06283.zip: Suspect.Bredozip-zippwd-2 FOUND If I run spamassassin against a quarantined copy of the message here is it's score: Content analysis details: (23.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.7 SARE_RECV_IP_FROMIP3 Received line is IP address from IP address 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [165.228.74.75 listed in zen.spamhaus.org] 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6792] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.0 DIGEST_MULTIPLE Message hits more than one network digest check 4.0 JM_SOUGHT_1 Body contains frequently-spammed text patterns 4.0 JM_SOUGHT_2 Body contains frequently-spammed text patterns As you can see it's greater than 10.0 which means it would have been deleted. Can anyone help me? I need to get these type of messages spam checked. Thanks. Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/a5ad4289/attachment.html From maillists at conactive.com Fri Jan 22 20:12:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 22 20:12:37 2010 Subject: Infected Messages Not Being Spam Checked In-Reply-To: <2C4D53D7-096E-4BC1-A863-DD80E5A8E91A@mlrw.com> References: <20091223094812.f74e1c30.lists@buschor.ch> <2C4D53D7-096E-4BC1-A863-DD80E5A8E91A@mlrw.com> Message-ID: Mike Wallace wrote on Fri, 22 Jan 2010 12:58:27 -0500: > I am having a problem with pressing the correct button in your email program. Please hit "new message" when you send a new question and not "reply"! Thanks. > with Virus infected messages not being spam > checked and getting delivered to users. Virusscan is done before spamcheck. If you get viruses delivered that means you have either disabled virusscanning or have changed the default value so that messages with viruses get delivered. Both doesn't make sense. > I need to get these type of messages spam checked. No, you have to stop delivering viruses. That, I told you already 10 days ago. In case that is not what you do, maybe you should have answered Julian's questions. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From lists at elasticmind.net Fri Jan 22 21:37:54 2010 From: lists at elasticmind.net (mog) Date: Fri Jan 22 21:38:30 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> References: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> <4B59D777.5040600@ecs.soton.ac.uk> <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> Message-ID: <4B5A1AB2.2090204@elasticmind.net> Mike (the guy who's been looking after the port) has been working on the problem. I'm sure he will update the port as soon as he has time. On 22/01/2010 17:41, Lyndon Labuschagne wrote: > Ok cool thanks all > > I will try that on monday, if the gods smile on my there might be an updated BSD port :) not that im holding my breath > > > On 22 Jan 2010, at 6:51 PM, Julian Field wrote: > > >> Yes, just install the latest version available on the website. >> >> On 22/01/2010 16:17, Garrod M. Alwood wrote: >> >>> You need to get an update, I had the same problem >>> >>> Garrod Alwood >>> Open Source Consultant >>> 9047384988 >>> Garrod.alwood@lorodoes.com >>> Sent from my iPod >>> >>> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne"> wrote: >>> >>> >>>> Hello All >>>> >>>> I hope you can shed some light on the below issue >>>> >>>> This is a new install of MailScanner 4.79.5 >>>> FreeBSD 8.0 amd64 >>>> postfix-2.6.5,1 >>>> p5-Mail-SpamAssassin-3.2.5_4 >>>> clamav-0.95.3 >>>> >>>> All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb >>>> most seem to be word docs both .doc and .docx >>>> I have turned off OLE scans to see if that was a part of the problem >>>> >>>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) >>>> >>>> Max Spam Check Size = 40k >>>> Max SpamAssassin Size = 40k >>>> Max Custom Spam Scanner Size = 40k >>>> >>>> >>>> >>>> the Server is a Xeon 2Ghz quad core 4 GB RAM >>>> it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle >>>> >>>> I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem >>>> >>>> the below message was 333.6kb >>>> >>>> From MailWatch interface: >>>> >>>> Subject: /removed to protect the innocent/ >>>> MIME-Version: 1.0 >>>> Content-Type: multipart/mixed; >>>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" >>>> Date: Fri, 22 Jan 2010 16:58:08 +0200 >>>> Message-ID:> >>>> Content-class: urn:content-classes:message >>>> X-MimeOLE: Produced By Microsoft Exchange V6.5 >>>> X-MS-Has-Attach: >>>> X-MS-TNEF-Correlator: >>>> Thread-Topic: removed to protect the innocent >>>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= >>>> X-Priority: 1 >>>> Priority: Urgent >>>> Importance: high >>>> >>>> From maillog >>>> >>>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id=> >>>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 >>>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 >>>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 >>>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 >>>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL >>>> >>>> Regards, >>>> >>>> Lyndon >>>> >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by the >>>> *Mexcom MailScanner*, and appears to be clean. >>>> Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit >>>> http://www.mexcom.co.za or mail sales@mexcom.co.za >>>> >>>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > From mike at mlrw.com Fri Jan 22 21:40:25 2010 From: mike at mlrw.com (Mike Wallace) Date: Fri Jan 22 21:40:39 2010 Subject: Infected Messages Not Being Spam Checked Message-ID: <64AB5CB5-8BFD-4987-8CF3-A3AC9C89E9C9@mlrw.com> I am having a problem with Virus infected messages not being spam checked and getting delivered to users. My configuration is MS 4.78.17-1 running on CentOS 5.4 with spamassassin 3.2.5-1 from the CentOS distribution, clamav 0.95.3-1and razor-agents 2.84-1 from rpmforge, pyzor 0.5.0 and dcc 1.3.115. I am using the following additional spamassassin rules; Sought, OpenProtect and a couple of custom ones. All messages with a spam score of > 5.0 and <10.0 are redirected to a special mailbox. Anything >10.0 are deleted. This works great as I have a false positive rate of 0.16% and a false negative rate of 0.87% (if I exclude the viruses that passed). None of the false positives are high scoring spam >10.0. Here is an example of a message that was not spam checked: Return-Path: improvesx66@wires.tv Received: from mailserver.mlrw.com (LHLO mailserver.mlrw.com) by mailserver.mlrw.com with LMTP; Thu, 21 Jan 2010 16:51:09 -0500 (EST) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailserver.mlrw.com (Postfix) with ESMTP id 455AC1448859 for ; Thu, 21 Jan 2010 16:51:09 -0500 (EST) X-Virus-Scanned: amavisd-new at mlrw.com Received: from gateway.mlrw.com by mailserver.mlrw.com (Postfix) with ESMTP id ECE031448858 for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) Received: from mx1.mailhop.org (mxout-144-iad.mailhop.org [216.146.32.144]) by mlrw.com (Postfix) with ESMTP id 3E1FA2A00C4 for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) Received: from noblet1.lnk.telstra.net (noblet1.lnk.telstra.net [165.228.74.75]) by mx1.mailhop.org (Postfix) with ESMTP id CA691833D0B for ; Thu, 21 Jan 2010 21:51:02 +0000 (UTC) Received: from 165.228.74.75 by mailstore1.secureserver.net; Fri, 22 Jan 2010 08:50:57 +1000 Date: Fri, 22 Jan 2010 08:50:57 +1000 From: "DHL Manager Keven Allen" X-Mailer: The Bat! (v3.51.10) Professional Reply-To: improvesx66@wires.tv X-Priority: 3 (Normal) Message-ID: <256744380.35200801834064@wires.tv> To: user@mlrw.com Subject: {VIRUS?} DHL Delivery Problem Number 81419. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------4B369E401538E9" X-MLRW-MailScanner-ID: 3E1FA2A00C4.AAF25 X-MLRW-MailScanner-VirusCheck: Message was found to be infected X-MLRW-MailScanner-SpamCheck: X-MLRW-MailScanner-From: improvesx66@wires.tv ------------4B369E401538E9 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Dear customer! The courier company was not able to deliver your parcel by your address. Cause: Error in shipping address. You may pickup the parcel at our post office personaly! Attention! The shipping label is attached to this e-mail. Please print this label to get this package at our post office. Please do not reply to this e-mail, it is an unmonitored mailbox! Thank you. DHL Delivery Services. ------------4B369E401538E9 Content-Type: application/zip; name="DHL_Label_NR06283.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="DHL_Label_NR06283.zip" In the logs for clamd I see the following for that attachment: DHL_Label_NR06283.zip: Suspect.Bredozip-zippwd-2 FOUND If I run spamassassin against a quarantined copy of the message here is it's score: Content analysis details: (23.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.7 SARE_RECV_IP_FROMIP3 Received line is IP address from IP address 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [165.228.74.75 listed in zen.spamhaus.org] 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6792] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.0 DIGEST_MULTIPLE Message hits more than one network digest check 4.0 JM_SOUGHT_1 Body contains frequently-spammed text patterns 4.0 JM_SOUGHT_2 Body contains frequently-spammed text patterns As you can see it's greater than 10.0 which means it would have been deleted. Can anyone help me? I need to get these type of messages spam checked. Thanks. Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/73cbd03d/attachment-0001.html From lyndonl at mexcom.co.za Sat Jan 23 08:12:16 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Sat Jan 23 08:12:58 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: <4B5A1AB2.2090204@elasticmind.net> References: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> <4B59D777.5040600@ecs.soton.ac.uk> <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> <4B5A1AB2.2090204@elasticmind.net> Message-ID: Im sure he will get to it as son as he can, the ports are usually pretty up to date for MailScanner but the last one was released less than a week ago, So im not sure he will have the chance to update before monday hell we all need a few beers and some relax time every once in a while :) On 22 Jan 2010, at 11:37 PM, mog wrote: > Mike (the guy who's been looking after the port) has been working on the problem. I'm sure he will update the port as soon as he has time. > > > On 22/01/2010 17:41, Lyndon Labuschagne wrote: >> Ok cool thanks all >> >> I will try that on monday, if the gods smile on my there might be an updated BSD port :) not that im holding my breath >> >> >> On 22 Jan 2010, at 6:51 PM, Julian Field wrote: >> >> >>> Yes, just install the latest version available on the website. >>> >>> On 22/01/2010 16:17, Garrod M. Alwood wrote: >>> >>>> You need to get an update, I had the same problem >>>> >>>> Garrod Alwood >>>> Open Source Consultant >>>> 9047384988 >>>> Garrod.alwood@lorodoes.com >>>> Sent from my iPod >>>> >>>> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne"> wrote: >>>> >>>> >>>>> Hello All >>>>> >>>>> I hope you can shed some light on the below issue >>>>> >>>>> This is a new install of MailScanner 4.79.5 >>>>> FreeBSD 8.0 amd64 >>>>> postfix-2.6.5,1 >>>>> p5-Mail-SpamAssassin-3.2.5_4 >>>>> clamav-0.95.3 >>>>> >>>>> All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb >>>>> most seem to be word docs both .doc and .docx >>>>> I have turned off OLE scans to see if that was a part of the problem >>>>> >>>>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) >>>>> >>>>> Max Spam Check Size = 40k >>>>> Max SpamAssassin Size = 40k >>>>> Max Custom Spam Scanner Size = 40k >>>>> >>>>> >>>>> >>>>> the Server is a Xeon 2Ghz quad core 4 GB RAM >>>>> it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle >>>>> >>>>> I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem >>>>> >>>>> the below message was 333.6kb >>>>> >>>>> From MailWatch interface: >>>>> >>>>> Subject: /removed to protect the innocent/ >>>>> MIME-Version: 1.0 >>>>> Content-Type: multipart/mixed; >>>>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" >>>>> Date: Fri, 22 Jan 2010 16:58:08 +0200 >>>>> Message-ID:> >>>>> Content-class: urn:content-classes:message >>>>> X-MimeOLE: Produced By Microsoft Exchange V6.5 >>>>> X-MS-Has-Attach: >>>>> X-MS-TNEF-Correlator: >>>>> Thread-Topic: removed to protect the innocent >>>>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= >>>>> X-Priority: 1 >>>>> Priority: Urgent >>>>> Importance: high >>>>> >>>>> From maillog >>>>> >>>>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id=> >>>>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 >>>>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 >>>>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 >>>>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 >>>>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 >>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times >>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times >>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 >>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL >>>>> >>>>> Regards, >>>>> >>>>> Lyndon >>>>> >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and dangerous content by the >>>>> *Mexcom MailScanner*, and appears to be clean. >>>>> Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit >>>>> http://www.mexcom.co.za or mail sales@mexcom.co.za >>>>> >>>>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za > > From MailScanner at ecs.soton.ac.uk Sat Jan 23 18:03:33 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Jan 23 18:03:47 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> <4B59D777.5040600@ecs.soton.ac.uk> <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> <4B5A1AB2.2090204@elasticmind.net> <4B5B39F5.8070403@ecs.soton.ac.uk> Message-ID: I've just released 4.79.9 which fixes a typo which broke f-protd-6 scanning. I aim to do a stable release on 1st Feb as nothing much has changed in a while. On 23/01/2010 08:12, Lyndon Labuschagne wrote: > Im sure he will get to it as son as he can, > the ports are usually pretty up to date for MailScanner but the last one was released less than a week ago, So im not sure he will have the chance to update before monday > > hell we all need a few beers and some relax time every once in a while :) > > On 22 Jan 2010, at 11:37 PM, mog wrote: > > >> Mike (the guy who's been looking after the port) has been working on the problem. I'm sure he will update the port as soon as he has time. >> >> >> On 22/01/2010 17:41, Lyndon Labuschagne wrote: >> >>> Ok cool thanks all >>> >>> I will try that on monday, if the gods smile on my there might be an updated BSD port :) not that im holding my breath >>> >>> >>> On 22 Jan 2010, at 6:51 PM, Julian Field wrote: >>> >>> >>> >>>> Yes, just install the latest version available on the website. >>>> >>>> On 22/01/2010 16:17, Garrod M. Alwood wrote: >>>> >>>> >>>>> You need to get an update, I had the same problem >>>>> >>>>> Garrod Alwood >>>>> Open Source Consultant >>>>> 9047384988 >>>>> Garrod.alwood@lorodoes.com >>>>> Sent from my iPod >>>>> >>>>> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne"> wrote: >>>>> >>>>> >>>>> >>>>>> Hello All >>>>>> >>>>>> I hope you can shed some light on the below issue >>>>>> >>>>>> This is a new install of MailScanner 4.79.5 >>>>>> FreeBSD 8.0 amd64 >>>>>> postfix-2.6.5,1 >>>>>> p5-Mail-SpamAssassin-3.2.5_4 >>>>>> clamav-0.95.3 >>>>>> >>>>>> All the effected mails seem to have attachments, mail sizes vary most are over 200kb but some are only 80kb >>>>>> most seem to be word docs both .doc and .docx >>>>>> I have turned off OLE scans to see if that was a part of the problem >>>>>> >>>>>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) >>>>>> >>>>>> Max Spam Check Size = 40k >>>>>> Max SpamAssassin Size = 40k >>>>>> Max Custom Spam Scanner Size = 40k >>>>>> >>>>>> >>>>>> >>>>>> the Server is a Xeon 2Ghz quad core 4 GB RAM >>>>>> it averages about 95% idle with about 2.5GB free RAM although when clamscan is running it might drop down to about 80% idle >>>>>> >>>>>> I can turn on the debug option but its not every mail that has this issue its probably 1 out of every 100 to 150 messages. so it might take some time to trigger the problem >>>>>> >>>>>> the below message was 333.6kb >>>>>> >>>>>> From MailWatch interface: >>>>>> >>>>>> Subject: /removed to protect the innocent/ >>>>>> MIME-Version: 1.0 >>>>>> Content-Type: multipart/mixed; >>>>>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" >>>>>> Date: Fri, 22 Jan 2010 16:58:08 +0200 >>>>>> Message-ID:> >>>>>> Content-class: urn:content-classes:message >>>>>> X-MimeOLE: Produced By Microsoft Exchange V6.5 >>>>>> X-MS-Has-Attach: >>>>>> X-MS-TNEF-Correlator: >>>>>> Thread-Topic: removed to protect the innocent >>>>>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= >>>>>> X-Priority: 1 >>>>>> Priority: Urgent >>>>>> Importance: high >>>>>> >>>>>> From maillog >>>>>> >>>>>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: message-id=> >>>>>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing message EC4A71761FFF.00000 >>>>>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing message EC4A71761FFF.00000 >>>>>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing message EC4A71761FFF.00000 >>>>>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing message EC4A71761FFF.00000 >>>>>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing message EC4A71761FFF.00000 >>>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message EC4A71761FFF.00000 as it has been attempted too many times >>>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message EC4A71761FFF.00000 as it caused MailScanner to crash several times >>>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 >>>>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message EC4A71761FFF.00000 to SQL >>>>>> >>>>>> Regards, >>>>>> >>>>>> Lyndon >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and dangerous content by the >>>>>> *Mexcom MailScanner*, and appears to be clean. >>>>>> Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit >>>>>> http://www.mexcom.co.za or mail sales@mexcom.co.za >>>>>> >>>>>> >>>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> This message has been scanned for viruses and dangerous content by the >> Mexcom MailScanner, and appears to be clean. >> Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit >> http://www.mexcom.co.za or mail sales@mexcom.co.za >> >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikej at rogers.com Mon Jan 25 17:56:19 2010 From: mikej at rogers.com (Mike Jakubik) Date: Mon Jan 25 17:56:25 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: Message-ID: On Fri, January 22, 2010 11:17 am, Lyndon Labuschagne wrote: > Hello All > > I hope you can shed some light on the below issue > > This is a new install of MailScanner 4.79.5 > FreeBSD 8.0 amd64 You didn't read the install notes. --- ***************************************************************** A new rc variable called mailscanner_user has been added to the startup script. This is a temporary workaround to address the numerous taint mode problems that are still present in the code. If you changed the "Run As User" variable in MailScanner.conf you MUST also set the same value in /etc/rc.conf. i.e. mailscanner_user="postfix" The new variable uses su to start the master perl script as the specified user, this effectively disables perl's taint mode. ***************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jan 25 18:38:33 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 25 18:38:51 2010 Subject: MailScanner: Message attempted to kill MailScanner In-Reply-To: References: <4B5DE529.9040502@ecs.soton.ac.uk> Message-ID: On 25/01/2010 17:56, Mike Jakubik wrote: > On Fri, January 22, 2010 11:17 am, Lyndon Labuschagne wrote: > >> Hello All >> >> I hope you can shed some light on the below issue >> >> This is a new install of MailScanner 4.79.5 >> FreeBSD 8.0 amd64 >> > You didn't read the install notes. > > --- > > ***************************************************************** > A new rc variable called mailscanner_user has been added to the > startup script. This is a temporary workaround to address the > numerous taint mode problems that are still present in the code. > > If you changed the "Run As User" variable in MailScanner.conf > you MUST also set the same value in /etc/rc.conf. > > i.e. mailscanner_user="postfix" > > The new variable uses su to start the master perl script as the > specified user, this effectively disables perl's taint mode. > ***************************************************************** > > I believe all the taint mode problems are now fixed. More importantly, I would like to know of any remaining ones so I can fix them, so please don't use this with the very latest beta. But if you aren't running 4.79.9 then *do* use that mailscanner_user fix. Thanks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 25 18:44:18 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 25 18:44:34 2010 Subject: 4.79.10 References: <4B5DE682.7030100@ecs.soton.ac.uk> Message-ID: I'm getting very close to a stable release. I've just released 4.79.10 beta, with a couple of little fixes in. One fixes a problem when using clamd with "Full ClamAV Message Scan = yes" where it had insufficiently generous file permissions, and the other was a little logging fix in "sophossavi". Please can you try this version and report any outstanding problems at all. Otherwise I'm heading for a stable version to be released on 1st February. Thanks folks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Mon Jan 25 19:49:46 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Jan 25 19:50:16 2010 Subject: Content filtering Message-ID: <7d9b3cf21001251149s27ddd070v1877f56300c89df3@mail.gmail.com> I've one of those twisted requirements from my boss, he wants to do content filtering based on categories. I've been searching the list and the answer would be, spamassassin + MailScanner: SpamAssassin Rule Action. Does anyone successfully make this work? not the part in MS, the SA part taking some word list and automating the rule creation. I found that dansguardian phrase list has categories and weigh for each phrase/word, mixing that with SA may work to do this. Any comment would be appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100125/468c02b1/attachment.html From GSilver at rampuptech.com Mon Jan 25 20:08:07 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Mon Jan 25 20:08:18 2010 Subject: moving from ubuntu Message-ID: In an attempt to stay up to date with the latest mailscanner releases I will be migrating to a brand new install on centos. My current setup and experience is with ubuntu lts 8.04 and postfix as a gateway. I have little experience with centos and sendmail so I was wondering if someone could point me in the right direction to find some resources concerning a centos/sendmail/gateway setup. The subject seemed to overpower my google-fu. Thanks in advance. -Gavin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100125/8a234283/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jan 25 20:35:05 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Jan 25 20:35:20 2010 Subject: Content filtering In-Reply-To: <7d9b3cf21001251149s27ddd070v1877f56300c89df3@mail.gmail.com> References: <7d9b3cf21001251149s27ddd070v1877f56300c89df3@mail.gmail.com> <4B5E0079.70509@ecs.soton.ac.uk> Message-ID: On 25/01/2010 19:49, Eduardo Casarero wrote: > I've one of those twisted requirements from my boss, he wants to do > content filtering based on categories. I've been searching the list > and the answer would be, spamassassin + MailScanner: SpamAssassin Rule > Action. > > Does anyone successfully make this work? not the part in MS, the SA > part taking some word list and automating the rule creation. Surely that's just a little script that generates SA rules. If you show me what you want as input and results, and are prepared to pay me, I'll write one for you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael at syska.dk Mon Jan 25 20:57:52 2010 From: mikael at syska.dk (Mikael Syska) Date: Mon Jan 25 20:58:17 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: <6beca9db1001251257m5ca8bba3lf2905ff50a3b4d23@mail.gmail.com> Hi, On Mon, Jan 25, 2010 at 9:08 PM, Gavin Silver wrote: > In an attempt to stay up to date with the latest mailscanner releases I will > be migrating to a brand new install on centos. My current setup and > experience is with ubuntu lts 8.04 and postfix as a gateway. I have little > experience with centos and sendmail so I was wondering if someone could > point me in the right direction to find some resources concerning a > centos/sendmail/gateway setup. The subject seemed to overpower my google-fu. http://mailscanner.info/install_guides.html I not sure if you need more ... but theres lots of info on the above site. Probably also search the list archives would be a good idea. > Thanks in advance. > -Gavin > mvh Mikael Syska From campbell at cnpapers.com Mon Jan 25 21:00:41 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Jan 25 21:01:06 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: <4B5E0679.1050403@cnpapers.com> Gavin Silver wrote: > > In an attempt to stay up to date with the latest mailscanner releases > I will be migrating to a brand new install on centos. My current setup > and experience is with ubuntu lts 8.04 and postfix as a gateway. I > have little experience with centos and sendmail so I was wondering if > someone could point me in the right direction to find some resources > concerning a centos/sendmail/gateway setup. The subject seemed to > overpower my google-fu. > > > > Thanks in advance. > > > > -Gavin > > > Centos out of the box will get you a working sendmail system for a self-contained server. You'll need to set up the different files under /etc/mail to expand the system to hand either your personal or corporate demands. One of the easy ways to help yourself do this is to install webmin and just browse all the differenct categories under the Sendmail server section. A lot of it's documented in the different webmin sections as you progress. Webmin is a pretty good learning tool. MS can be a nice rpm install, as is webmin. Use rpmforge to get ClamAV rpms. I'm not sure Ubuntu is rpm-based, so I may be really oversimplifying. This is a very simplified view of whats needed, but it'll get you quite far along the way on your own. Hopefully, if this isn't a production box install, you can play a little with it and tune it to be a pretty efficient server. Sendmail is a big dark mystery until you use it a while, and then it's not so bad after you get it to do what you wanted. Pay attention to the contents of the sendmail.mc file as it's loaded with helpful comments also. I'm sure a lot of folks here are far more experienced than I with Centos and Sendmail, but if I can do it, most anyone can. You'll get plenty of help if you show you're trying a little on your own. steve campbell From ssilva at sgvwater.com Mon Jan 25 22:39:18 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 25 22:39:49 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: on 1-25-2010 12:08 PM Gavin Silver spake the following: > In an attempt to stay up to date with the latest mailscanner releases I > will be migrating to a brand new install on centos. My current setup and > experience is with ubuntu lts 8.04 and postfix as a gateway. I have > little experience with centos and sendmail so I was wondering if someone > could point me in the right direction to find some resources concerning > a centos/sendmail/gateway setup. The subject seemed to overpower my > google-fu. > And just because you move to CentOS, you are not required to stick with sendmail. Postfix runs on CentOS too! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100125/5c1d131a/signature.bin From bbecken at aafp.org Mon Jan 25 23:08:10 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Mon Jan 25 23:08:46 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: Scott Silva wrote: > on 1-25-2010 12:08 PM Gavin Silver spake the following: >> In an attempt to stay up to date with the latest mailscanner releases I >> will be migrating to a brand new install on centos. My current setup and >> experience is with ubuntu lts 8.04 and postfix as a gateway. I have >> little experience with centos and sendmail so I was wondering if someone >> could point me in the right direction to find some resources concerning >> a centos/sendmail/gateway setup. The subject seemed to overpower my >> google-fu. >> > And just because you move to CentOS, you are not required to stick with > sendmail. Postfix runs on CentOS too! > > Postfix has a long support history here, We've been running Postfix on Centos since June 2006. I pulled this from my notes. # 20060524 using: # Server OS: Centos 4.2 ServerCD # MailScanner-4.55.10-1.rpm.tar.gz # postfix v2.1.5 # install-Clam-0.88.6-SA-3.1.7.tar.gz # Using DAGs repo's Now running: CentOS release 5.4 (Final) MailScanner-4.78.17-1.rpm.tar.gz postfix-2.3.3-2.1.el5_2 Julians install-Clam-SA-latest.tar.gz ( ver: SA 3.25 + ClamAV .95.3 ) # yum install postfix # service postfix stop # service sendmail stop Let the MailScanner script start/stop the MTA. Plenty of support on the MailScanner Forums. Either way, enjoy. From maillists at conactive.com Tue Jan 26 10:31:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 26 10:31:34 2010 Subject: 4.79.10 In-Reply-To: References: <4B5DE682.7030100@ecs.soton.ac.uk> Message-ID: installed. So far nothing to comment. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jan 26 10:31:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 26 10:31:34 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: Scott Silva wrote on Mon, 25 Jan 2010 14:39:18 -0800: > And just because you move to CentOS, you are not required to stick with > sendmail. Postfix runs on CentOS too! I was just about to ask "why sendmail, are you switching from qmail"? ;-) postfix is default on CentOS and I would leave it this way. Install all the necessary perl libraries and clamav from rpmforge, then build your own SA rpm (just follow the instructions on the SA download page), then install only the mailscanner*.rpm from the MailScanner tarball. There's also a repo, but I don't know if it's up-to-date. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From eliott100 at gmail.com Tue Jan 26 13:39:23 2010 From: eliott100 at gmail.com (Eliott) Date: Tue Jan 26 13:39:32 2010 Subject: Potential incompatibility between MailScanner and avg8 Message-ID: sorry, it took a while, I wan't in. Same output bothways [root@localhost ~]# env - /usr/sbin/check_mailscanner MailScanner running with pid 4720 19671 19673 How can it be terminal related? regards Eliott Date: Fri, 22 Jan 2010 14:33:11 +0000 > From: Julian Field > That looks like a terminal type problem. What happens if you do > env - /usr/sbin/check_mailscanner > instead of just > /usr/sbin/check_mailscanner > ? > > > On 22/01/2010 12:50, Eliott wrote: > > Hi! > > > > we are about to migrate an old imlementation while upgrading all the > > components and came across a strange problem. > > With MailScanner 4.78.17 and avg 8.5.288 we see the following log > > entries: > > -------------- > > Jan 18 15:47:23 localhost MailScanner[4725]: New Batch: Scanning 1 > > messages, 1338 bytes > > Jan 18 15:47:23 localhost MailScanner[4725]: Virus and Content > > Scanning: Starting > > Jan 18 15:47:23 localhost MailScanner[4725]: Avg: Virus identified > > EICAR_Test in eicar.txt > > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Avg found > > 1 infections > > Jan 18 15:47:23 localhost MailScanner[4725]: Infected message > > ESC[2Ko0IElNL7004734 came from > > Jan 18 15:47:23 localhost MailScanner[4725]: Virus Scanning: Found 1 > > viruses > > Jan 18 15:47:24 localhost MailScanner[4725]: Uninfected: Delivered 1 > > messages > > Jan 18 15:47:24 localhost MailScanner[4725]: Deleted 1 messages from > > processing-database > > smtp2225, pri=120812, relay=[10.0.20.10] [10.0.20.10], dsn=2.0.0, > > stat=Sent (Message accepted for delivery) > > --------------- > > I have checked SweepVisuses.pm, but there the output seems to be > > parsed well. Is this a configuration issue or a bug? > > > > Thanks and regards > > Eliott > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------------ > > Message: 4 > Date: Fri, 22 Jan 2010 18:17:14 +0200 > From: Lyndon Labuschagne > Subject: MailScanner: Message attempted to kill MailScanner > To: MailScanner discussion > Message-ID: > Content-Type: text/plain; charset="us-ascii" > > Hello All > > I hope you can shed some light on the below issue > > This is a new install of MailScanner 4.79.5 > FreeBSD 8.0 amd64 > postfix-2.6.5,1 > p5-Mail-SpamAssassin-3.2.5_4 > clamav-0.95.3 > > All the effected mails seem to have attachments, mail sizes vary most are > over 200kb but some are only 80kb > most seem to be word docs both .doc and .docx > I have turned off OLE scans to see if that was a part of the problem > > ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) > > Max Spam Check Size = 40k > Max SpamAssassin Size = 40k > Max Custom Spam Scanner Size = 40k > > > > the Server is a Xeon 2Ghz quad core 4 GB RAM > it averages about 95% idle with about 2.5GB free RAM although when clamscan > is running it might drop down to about 80% idle > > I can turn on the debug option but its not every mail that has this issue > its probably 1 out of every 100 to 150 messages. so it might take some time > to trigger the problem > > the below message was 333.6kb > > >From MailWatch interface: > > Subject: removed to protect the innocent > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01CA9B73.4F7F8242" > Date: Fri, 22 Jan 2010 16:58:08 +0200 > Message-ID: > Content-class: urn:content-classes:message > X-MimeOLE: Produced By Microsoft Exchange V6.5 > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: removed to protect the innocent > Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= > X-Priority: 1 > Priority: Urgent > Importance: high > > >From maillog > > Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: > message-id= > Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing > message EC4A71761FFF.00000 > Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing > message EC4A71761FFF.00000 > Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing > message EC4A71761FFF.00000 > Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing > message EC4A71761FFF.00000 > Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing > message EC4A71761FFF.00000 > Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message > EC4A71761FFF.00000 as it has been attempted too many times > Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message > EC4A71761FFF.00000 as it caused MailScanner to crash several times > Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to > /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 > Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message > EC4A71761FFF.00000 to SQL > > Regards, > > Lyndon > > > > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, > alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/d892d3e8/attachment-0001.html > > ------------------------------ > > Message: 5 > Date: Fri, 22 Jan 2010 11:17:56 -0500 > From: "Garrod M. Alwood" > Subject: Re: MailScanner: Message attempted to kill MailScanner > To: MailScanner discussion > Message-ID: <7053E9FE-18A9-47D9-B2E5-F3402AE74F99@lorodoes.com> > Content-Type: text/plain; charset="utf-8" > > You need to get an update, I had the same problem > > Garrod Alwood > Open Source Consultant > 9047384988 > Garrod.alwood@lorodoes.com > Sent from my iPod > > On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" > wrote: > > Hello All > > I hope you can shed some light on the below issue > > This is a new install of MailScanner 4.79.5 > FreeBSD 8.0 amd64 > postfix-2.6.5,1 > p5-Mail-SpamAssassin-3.2.5_4 > clamav-0.95.3 > > All the effected mails seem to have attachments, mail sizes vary most are > over 200kb but some are only 80kb > most seem to be word docs both .doc and .docx > I have turned off OLE scans to see if that was a part of the problem > > ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) > > Max Spam Check Size = 40k > Max SpamAssassin Size = 40k > Max Custom Spam Scanner Size = 40k > > > > the Server is a Xeon 2Ghz quad core 4 GB RAM > it averages about 95% idle with about 2.5GB free RAM although when clamscan > is running it might drop down to about 80% idle > > I can turn on the debug option but its not every mail that has this issue > its probably 1 out of every 100 to 150 messages. so it might take some time > to trigger the problem > > the below message was 333.6kb > > >From MailWatch interface: > > Subject: removed to protect the innocent > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----_=_NextPart_001_01CA9B73.4F7F8242" > Date: Fri, 22 Jan 2010 16:58:08 +0200 > Message-ID: < B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local > >B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local>> > Content-class: urn:content-classes:message > X-MimeOLE: Produced By Microsoft Exchange V6.5 > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Thread-Topic: removed to protect the innocent > Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= > X-Priority: 1 > Priority: Urgent > Importance: high > > >From maillog > > Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: > message-id=< B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local > >B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local>> > Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at processing > message EC4A71761FFF.00000 > Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at processing > message EC4A71761FFF.00000 > Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at processing > message EC4A71761FFF.00000 > Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at processing > message EC4A71761FFF.00000 > Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at processing > message EC4A71761FFF.00000 > Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message > EC4A71761FFF.00000 as it has been attempted too many times > Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message > EC4A71761FFF.00000 as it caused MailScanner to crash several times > Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to > /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 > Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message > EC4A71761FFF.00000 to SQL > > Regards, > > Lyndon > > > > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, > alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za sales@mexcom.co.za> > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/b9ad1cb4/attachment-0001.html > > ------------------------------ > > Message: 6 > Date: Fri, 22 Jan 2010 16:50:13 -0000 > From: "PD Support" > Subject: RE: MailScanner: Message attempted to kill MailScanner > To: "'MailScanner discussion'" > Message-ID: <016201ca9b82$f834bce0$e89e36a0$@co.uk> > Content-Type: text/plain; charset="us-ascii" > > Also check folder permissions and that required folders exist - one recent > install didn't make them all for me (I suspect this was a glitch in the > SpamAssassin install rather than MailScanner). > > > > I also had this a while back on a server where the disk was full, although > I > expect this isn't your problem. > > > > NK > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/aa54812a/attachment-0001.html > > ------------------------------ > > Message: 7 > Date: Fri, 22 Jan 2010 16:51:03 +0000 > From: Julian Field > Subject: Re: MailScanner: Message attempted to kill MailScanner > To: MailScanner discussion > Message-ID: > ecs.soton.ac.uk|4B59D777.5040600@ecs.soton.ac.uk> > > Content-Type: text/plain; charset=UTF-8; format=flowed > > Yes, just install the latest version available on the website. > > On 22/01/2010 16:17, Garrod M. Alwood wrote: > > You need to get an update, I had the same problem > > > > Garrod Alwood > > Open Source Consultant > > 9047384988 > > Garrod.alwood@lorodoes.com > > Sent from my iPod > > > > On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" > > > wrote: > > > >> Hello All > >> > >> I hope you can shed some light on the below issue > >> > >> This is a new install of MailScanner 4.79.5 > >> FreeBSD 8.0 amd64 > >> postfix-2.6.5,1 > >> p5-Mail-SpamAssassin-3.2.5_4 > >> clamav-0.95.3 > >> > >> All the effected mails seem to have attachments, mail sizes vary most > >> are over 200kb but some are only 80kb > >> most seem to be word docs both .doc and .docx > >> I have turned off OLE scans to see if that was a part of the problem > >> > >> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) > >> > >> Max Spam Check Size = 40k > >> Max SpamAssassin Size = 40k > >> Max Custom Spam Scanner Size = 40k > >> > >> > >> > >> the Server is a Xeon 2Ghz quad core 4 GB RAM > >> it averages about 95% idle with about 2.5GB free RAM although when > >> clamscan is running it might drop down to about 80% idle > >> > >> I can turn on the debug option but its not every mail that has this > >> issue its probably 1 out of every 100 to 150 messages. so it might > >> take some time to trigger the problem > >> > >> the below message was 333.6kb > >> > >> From MailWatch interface: > >> > >> Subject: /removed to protect the innocent/ > >> MIME-Version: 1.0 > >> Content-Type: multipart/mixed; > >> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" > >> Date: Fri, 22 Jan 2010 16:58:08 +0200 > >> Message-ID: > >> >> > > >> Content-class: urn:content-classes:message > >> X-MimeOLE: Produced By Microsoft Exchange V6.5 > >> X-MS-Has-Attach: > >> X-MS-TNEF-Correlator: > >> Thread-Topic: removed to protect the innocent > >> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= > >> X-Priority: 1 > >> Priority: Urgent > >> Importance: high > >> > >> From maillog > >> > >> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: > >> message-id= >> > > >> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at > >> processing message EC4A71761FFF.00000 > >> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at > >> processing message EC4A71761FFF.00000 > >> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at > >> processing message EC4A71761FFF.00000 > >> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at > >> processing message EC4A71761FFF.00000 > >> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at > >> processing message EC4A71761FFF.00000 > >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping > >> message EC4A71761FFF.00000 as it has been attempted too many times > >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message > >> EC4A71761FFF.00000 as it caused MailScanner to crash several times > >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to > >> /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 > >> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message > >> EC4A71761FFF.00000 to SQL > >> > >> Regards, > >> > >> Lyndon > >> > >> > >> > >> -- > >> This message has been scanned for viruses and dangerous content by the > >> *Mexcom MailScanner*, and appears to be clean. > >> Should you wish to secure your mail, call sales @ 011-801-4000, > >> alternatively visit > >> http://www.mexcom.co.za or mail sales@mexcom.co.za > >> > >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------------ > > Message: 8 > Date: Fri, 22 Jan 2010 19:41:38 +0200 > From: Lyndon Labuschagne > Subject: Re: MailScanner: Message attempted to kill MailScanner > To: MailScanner discussion > Message-ID: <614069FF-2788-4FDA-9E4D-870A5282B297@mexcom.co.za> > Content-Type: text/plain; charset=us-ascii > > Ok cool thanks all > > I will try that on monday, if the gods smile on my there might be an > updated BSD port :) not that im holding my breath > > > On 22 Jan 2010, at 6:51 PM, Julian Field wrote: > > > Yes, just install the latest version available on the website. > > > > On 22/01/2010 16:17, Garrod M. Alwood wrote: > >> You need to get an update, I had the same problem > >> > >> Garrod Alwood > >> Open Source Consultant > >> 9047384988 > >> Garrod.alwood@lorodoes.com > >> Sent from my iPod > >> > >> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne" < > lyndonl@mexcom.co.za > wrote: > >> > >>> Hello All > >>> > >>> I hope you can shed some light on the below issue > >>> > >>> This is a new install of MailScanner 4.79.5 > >>> FreeBSD 8.0 amd64 > >>> postfix-2.6.5,1 > >>> p5-Mail-SpamAssassin-3.2.5_4 > >>> clamav-0.95.3 > >>> > >>> All the effected mails seem to have attachments, mail sizes vary most > are over 200kb but some are only 80kb > >>> most seem to be word docs both .doc and .docx > >>> I have turned off OLE scans to see if that was a part of the problem > >>> > >>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) > >>> > >>> Max Spam Check Size = 40k > >>> Max SpamAssassin Size = 40k > >>> Max Custom Spam Scanner Size = 40k > >>> > >>> > >>> > >>> the Server is a Xeon 2Ghz quad core 4 GB RAM > >>> it averages about 95% idle with about 2.5GB free RAM although when > clamscan is running it might drop down to about 80% idle > >>> > >>> I can turn on the debug option but its not every mail that has this > issue its probably 1 out of every 100 to 150 messages. so it might take some > time to trigger the problem > >>> > >>> the below message was 333.6kb > >>> > >>> From MailWatch interface: > >>> > >>> Subject: /removed to protect the innocent/ > >>> MIME-Version: 1.0 > >>> Content-Type: multipart/mixed; > >>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" > >>> Date: Fri, 22 Jan 2010 16:58:08 +0200 > >>> Message-ID: > B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local>> > >>> Content-class: urn:content-classes:message > >>> X-MimeOLE: Produced By Microsoft Exchange V6.5 > >>> X-MS-Has-Attach: > >>> X-MS-TNEF-Correlator: > >>> Thread-Topic: removed to protect the innocent > >>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= > >>> X-Priority: 1 > >>> Priority: Urgent > >>> Importance: high > >>> > >>> From maillog > >>> > >>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: > message-id= B8ADB5A39790EF41901A5F105DB2CB8DB43CCD@server.Hi-tech.local>> > >>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at > processing message EC4A71761FFF.00000 > >>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at > processing message EC4A71761FFF.00000 > >>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at > processing message EC4A71761FFF.00000 > >>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at > processing message EC4A71761FFF.00000 > >>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at > processing message EC4A71761FFF.00000 > >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message > EC4A71761FFF.00000 as it has been attempted too many times > >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message > EC4A71761FFF.00000 as it caused MailScanner to crash several times > >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to > /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 > >>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message > EC4A71761FFF.00000 to SQL > >>> > >>> Regards, > >>> > >>> Lyndon > >>> > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and dangerous content by the > >>> *Mexcom MailScanner*, and appears to be clean. > >>> Should you wish to secure your mail, call sales @ 011-801-4000, > alternatively visit > >>> http://www.mexcom.co.za or mail sales@mexcom.co.za sales@mexcom.co.za> > >>> > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------------ > > Message: 9 > Date: Fri, 22 Jan 2010 12:58:27 -0500 > From: Mike Wallace > Subject: Infected Messages Not Being Spam Checked > To: mailscanner@lists.mailscanner.info > Message-ID: <2C4D53D7-096E-4BC1-A863-DD80E5A8E91A@mlrw.com> > Content-Type: text/plain; charset="us-ascii" > > I am having a problem with Virus infected messages not being spam checked > and getting delivered to users. > > My configuration is MS 4.78.17-1 running on CentOS 5.4 with spamassassin > 3.2.5-1 from the CentOS distribution, clamav 0.95.3-1and razor-agents 2.84-1 > from rpmforge, pyzor 0.5.0 and dcc 1.3.115. I am using the following > additional spamassassin rules; Sought, OpenProtect and a couple of custom > ones. All messages with a spam score of > 5.0 and <10.0 are redirected to a > special mailbox. Anything >10.0 are deleted. This works great as I have a > false positive rate of 0.16% and a false negative rate of 0.87% (if I > exclude the viruses that passed). None of the false positives are high > scoring spam >10.0. > > Here is an example of a message that was not spam checked: > > Return-Path: improvesx66@wires.tv > Received: from mailserver.mlrw.com (LHLO mailserver.mlrw.com) by > mailserver.mlrw.com with LMTP; Thu, 21 Jan 2010 16:51:09 -0500 (EST) > Received: from localhost (localhost.localdomain [127.0.0.1]) > by mailserver.mlrw.com (Postfix) with ESMTP id 455AC1448859 > for ; Thu, 21 Jan 2010 16:51:09 -0500 (EST) > X-Virus-Scanned: amavisd-new at mlrw.com > Received: from gateway.mlrw.com > by mailserver.mlrw.com (Postfix) with ESMTP id ECE031448858 > for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) > Received: from mx1.mailhop.org (mxout-144-iad.mailhop.org[216.146.32.144]) > by mlrw.com (Postfix) with ESMTP id 3E1FA2A00C4 > for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) > Received: from noblet1.lnk.telstra.net (noblet1.lnk.telstra.net[165.228.74.75]) > by mx1.mailhop.org (Postfix) with ESMTP id CA691833D0B > for ; Thu, 21 Jan 2010 21:51:02 +0000 (UTC) > Received: from 165.228.74.75 by mailstore1.secureserver.net; Fri, 22 Jan > 2010 08:50:57 +1000 > Date: Fri, 22 Jan 2010 08:50:57 +1000 > From: "DHL Manager Keven Allen" > X-Mailer: The Bat! (v3.51.10) Professional > Reply-To: improvesx66@wires.tv > X-Priority: 3 (Normal) > Message-ID: <256744380.35200801834064@wires.tv> > To: user@mlrw.com > Subject: {VIRUS?} DHL Delivery Problem Number 81419. > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----------4B369E401538E9" > X-MLRW-MailScanner-ID: 3E1FA2A00C4.AAF25 > X-MLRW-MailScanner-VirusCheck: Message was found to be infected > X-MLRW-MailScanner-SpamCheck: > X-MLRW-MailScanner-From: improvesx66@wires.tv > > > ------------4B369E401538E9 > Content-Type: text/plain; charset=Windows-1252 > Content-Transfer-Encoding: 7bit > > Dear customer! > > The courier company was not able to deliver your parcel by your address. > Cause: Error in shipping address. > > You may pickup the parcel at our post office personaly! > > Attention! > The shipping label is attached to this e-mail. > Please print this label to get this package at our post office. > > > Please do not reply to this e-mail, it is an unmonitored mailbox! > > > > Thank you. > DHL Delivery Services. > > > > > ------------4B369E401538E9 > Content-Type: application/zip; name="DHL_Label_NR06283.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="DHL_Label_NR06283.zip" > > In the logs for clamd I see the following for that attachment: > DHL_Label_NR06283.zip: Suspect.Bredozip-zippwd-2 FOUND > > If I run spamassassin against a quarantined copy of the message here is > it's score: > > Content analysis details: (23.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.7 SARE_RECV_IP_FROMIP3 Received line is IP address > from IP address > 3.0 RCVD_IN_XBL RBL: > Received via a relay in Spamhaus XBL > > [165.228.74.75 listed in zen.spamhaus.org] > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > > [Blocked - see ] > 1.0 BAYES_60 BODY: > Bayesian spam probability is 60 to 80% > > [score: 0.6792] > 0.5 RAZOR2_CHECK Listed in Razor2 ( > http://razor.sf.net/) > 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level > > above 50% > > [cf: 100] > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above > 50% > > [cf: 100] > 3.7 PYZOR_CHECK Listed in Pyzor ( > http://pyzor.sf.net/) > 2.2 DCC_CHECK Listed in > DCC (http://rhyolite.com/anti-spam/dcc/) > 0.0 DIGEST_MULTIPLE Message hits more > than one network digest check > 4.0 JM_SOUGHT_1 Body contains > frequently-spammed text patterns > 4.0 JM_SOUGHT_2 Body contains > frequently-spammed text patterns > > As you can see it's greater than 10.0 which means it would have been > deleted. > > Can anyone help me? I need to get these type of messages spam checked. > > Thanks. > > Mike > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/a5ad4289/attachment-0001.html > > ------------------------------ > > Message: 10 > Date: Fri, 22 Jan 2010 21:12:21 +0100 > From: Kai Schaetzl > Subject: Re: Infected Messages Not Being Spam Checked > To: mailscanner@lists.mailscanner.info > Message-ID: > Content-Type: text/plain; charset=iso-8859-1 > > Mike Wallace wrote on Fri, 22 Jan 2010 12:58:27 -0500: > > > I am having a problem > > with pressing the correct button in your email program. Please hit "new > message" when you send a new question and not "reply"! Thanks. > > > with Virus infected messages not being spam > > checked and getting delivered to users. > > Virusscan is done before spamcheck. If you get viruses delivered that > means you have either disabled virusscanning or have changed the default > value so that messages with viruses get delivered. Both doesn't make > sense. > > > I need to get these type of messages spam checked. > > No, you have to stop delivering viruses. That, I told you already 10 days > ago. In case that is not what you do, maybe you should have answered > Julian's questions. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > > > ------------------------------ > > Message: 11 > Date: Fri, 22 Jan 2010 21:37:54 +0000 > From: mog > Subject: Re: MailScanner: Message attempted to kill MailScanner > To: mailscanner@lists.mailscanner.info > Message-ID: <4B5A1AB2.2090204@elasticmind.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Mike (the guy who's been looking after the port) has been working on the > problem. I'm sure he will update the port as soon as he has time. > > > On 22/01/2010 17:41, Lyndon Labuschagne wrote: > > Ok cool thanks all > > > > I will try that on monday, if the gods smile on my there might be an > updated BSD port :) not that im holding my breath > > > > > > On 22 Jan 2010, at 6:51 PM, Julian Field wrote: > > > > > >> Yes, just install the latest version available on the website. > >> > >> On 22/01/2010 16:17, Garrod M. Alwood wrote: > >> > >>> You need to get an update, I had the same problem > >>> > >>> Garrod Alwood > >>> Open Source Consultant > >>> 9047384988 > >>> Garrod.alwood@lorodoes.com > >>> Sent from my iPod > >>> > >>> On Jan 22, 2010, at 11:14 AM, "Lyndon Labuschagne"< > lyndonl@mexcom.co.za> wrote: > >>> > >>> > >>>> Hello All > >>>> > >>>> I hope you can shed some light on the below issue > >>>> > >>>> This is a new install of MailScanner 4.79.5 > >>>> FreeBSD 8.0 amd64 > >>>> postfix-2.6.5,1 > >>>> p5-Mail-SpamAssassin-3.2.5_4 > >>>> clamav-0.95.3 > >>>> > >>>> All the effected mails seem to have attachments, mail sizes vary most > are over 200kb but some are only 80kb > >>>> most seem to be word docs both .doc and .docx > >>>> I have turned off OLE scans to see if that was a part of the problem > >>>> > >>>> ClamAVmodule Maximum File Size = 5000000 # (5 Mbytes) > >>>> > >>>> Max Spam Check Size = 40k > >>>> Max SpamAssassin Size = 40k > >>>> Max Custom Spam Scanner Size = 40k > >>>> > >>>> > >>>> > >>>> the Server is a Xeon 2Ghz quad core 4 GB RAM > >>>> it averages about 95% idle with about 2.5GB free RAM although when > clamscan is running it might drop down to about 80% idle > >>>> > >>>> I can turn on the debug option but its not every mail that has this > issue its probably 1 out of every 100 to 150 messages. so it might take some > time to trigger the problem > >>>> > >>>> the below message was 333.6kb > >>>> > >>>> From MailWatch interface: > >>>> > >>>> Subject: /removed to protect the innocent/ > >>>> MIME-Version: 1.0 > >>>> Content-Type: multipart/mixed; > >>>> boundary="----_=_NextPart_001_01CA9B73.4F7F8242" > >>>> Date: Fri, 22 Jan 2010 16:58:08 +0200 > >>>> > Message-ID: > > >>>> Content-class: urn:content-classes:message > >>>> X-MimeOLE: Produced By Microsoft Exchange V6.5 > >>>> X-MS-Has-Attach: > >>>> X-MS-TNEF-Correlator: > >>>> Thread-Topic: removed to protect the innocent > >>>> Thread-Index: AcgMB3G2oM864RICTwyR1vhZ6+t5JwAAI2GAPhemM7A= > >>>> X-Priority: 1 > >>>> Priority: Urgent > >>>> Importance: high > >>>> > >>>> From maillog > >>>> > >>>> Jan 22 16:54:42 mailav02 postfix/cleanup[12659]: EC4A71761FFF: > message-id= > > >>>> Jan 22 17:00:26 mailav02 MailScanner[14816]: Making attempt 2 at > processing message EC4A71761FFF.00000 > >>>> Jan 22 17:05:25 mailav02 MailScanner[14819]: Making attempt 3 at > processing message EC4A71761FFF.00000 > >>>> Jan 22 17:10:25 mailav02 MailScanner[14900]: Making attempt 4 at > processing message EC4A71761FFF.00000 > >>>> Jan 22 17:12:47 mailav02 MailScanner[15034]: Making attempt 5 at > processing message EC4A71761FFF.00000 > >>>> Jan 22 17:18:32 mailav02 MailScanner[14985]: Making attempt 6 at > processing message EC4A71761FFF.00000 > >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Warning: skipping message > EC4A71761FFF.00000 as it has been attempted too many times > >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Quarantined message > EC4A71761FFF.00000 as it caused MailScanner to crash several times > >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Saved entire message to > /var/spool/MailScanner/quarantine/20100122/EC4A71761FFF.00000 > >>>> Jan 22 17:18:33 mailav02 MailScanner[15120]: Logging message > EC4A71761FFF.00000 to SQL > >>>> > >>>> Regards, > >>>> > >>>> Lyndon > >>>> > >>>> > >>>> > >>>> -- > >>>> This message has been scanned for viruses and dangerous content by the > >>>> *Mexcom MailScanner*, and appears to be clean. > >>>> Should you wish to secure your mail, call sales @ 011-801-4000, > alternatively visit > >>>> http://www.mexcom.co.za or mail sales@mexcom.co.za sales@mexcom.co.za> > >>>> > >>>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > ------------------------------ > > Message: 12 > Date: Fri, 22 Jan 2010 16:40:25 -0500 > From: Mike Wallace > Subject: Infected Messages Not Being Spam Checked > To: mailscanner@lists.mailscanner.info > Message-ID: <64AB5CB5-8BFD-4987-8CF3-A3AC9C89E9C9@mlrw.com> > Content-Type: text/plain; charset="us-ascii" > > I am having a problem with Virus infected messages not being spam checked > and getting delivered to users. > > My configuration is MS 4.78.17-1 running on CentOS 5.4 with spamassassin > 3.2.5-1 from the CentOS distribution, clamav 0.95.3-1and razor-agents 2.84-1 > from rpmforge, pyzor 0.5.0 and dcc 1.3.115. I am using the following > additional spamassassin rules; Sought, OpenProtect and a couple of custom > ones. All messages with a spam score of > 5.0 and <10.0 are redirected to a > special mailbox. Anything >10.0 are deleted. This works great as I have a > false positive rate of 0.16% and a false negative rate of 0.87% (if I > exclude the viruses that passed). None of the false positives are high > scoring spam >10.0. > > Here is an example of a message that was not spam checked: > > Return-Path: improvesx66@wires.tv > Received: from mailserver.mlrw.com (LHLO mailserver.mlrw.com) by > mailserver.mlrw.com with LMTP; Thu, 21 Jan 2010 16:51:09 -0500 (EST) > Received: from localhost (localhost.localdomain [127.0.0.1]) > by mailserver.mlrw.com (Postfix) with ESMTP id 455AC1448859 > for ; Thu, 21 Jan 2010 16:51:09 -0500 (EST) > X-Virus-Scanned: amavisd-new at mlrw.com > Received: from gateway.mlrw.com > by mailserver.mlrw.com (Postfix) with ESMTP id ECE031448858 > for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) > Received: from mx1.mailhop.org (mxout-144-iad.mailhop.org[216.146.32.144]) > by mlrw.com (Postfix) with ESMTP id 3E1FA2A00C4 > for ; Thu, 21 Jan 2010 16:51:08 -0500 (EST) > Received: from noblet1.lnk.telstra.net (noblet1.lnk.telstra.net[165.228.74.75]) > by mx1.mailhop.org (Postfix) with ESMTP id CA691833D0B > for ; Thu, 21 Jan 2010 21:51:02 +0000 (UTC) > Received: from 165.228.74.75 by mailstore1.secureserver.net; Fri, 22 Jan > 2010 08:50:57 +1000 > Date: Fri, 22 Jan 2010 08:50:57 +1000 > From: "DHL Manager Keven Allen" > X-Mailer: The Bat! (v3.51.10) Professional > Reply-To: improvesx66@wires.tv > X-Priority: 3 (Normal) > Message-ID: <256744380.35200801834064@wires.tv> > To: user@mlrw.com > Subject: {VIRUS?} DHL Delivery Problem Number 81419. > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----------4B369E401538E9" > X-MLRW-MailScanner-ID: 3E1FA2A00C4.AAF25 > X-MLRW-MailScanner-VirusCheck: Message was found to be infected > X-MLRW-MailScanner-SpamCheck: > X-MLRW-MailScanner-From: improvesx66@wires.tv > > > ------------4B369E401538E9 > Content-Type: text/plain; charset=Windows-1252 > Content-Transfer-Encoding: 7bit > > Dear customer! > > The courier company was not able to deliver your parcel by your address. > Cause: Error in shipping address. > > You may pickup the parcel at our post office personaly! > > Attention! > The shipping label is attached to this e-mail. > Please print this label to get this package at our post office. > > > Please do not reply to this e-mail, it is an unmonitored mailbox! > > > > Thank you. > DHL Delivery Services. > > > > > ------------4B369E401538E9 > Content-Type: application/zip; name="DHL_Label_NR06283.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename="DHL_Label_NR06283.zip" > > In the logs for clamd I see the following for that attachment: > DHL_Label_NR06283.zip: Suspect.Bredozip-zippwd-2 FOUND > > If I run spamassassin against a quarantined copy of the message here is > it's score: > > Content analysis details: (23.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.7 SARE_RECV_IP_FROMIP3 Received line is IP address > from IP address > 3.0 RCVD_IN_XBL RBL: > Received via a relay in Spamhaus XBL > > [165.228.74.75 listed in zen.spamhaus.org] > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > > [Blocked - see ] > 1.0 BAYES_60 BODY: > Bayesian spam probability is 60 to 80% > > [score: 0.6792] > 0.5 RAZOR2_CHECK Listed in Razor2 ( > http://razor.sf.net/) > 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level > > above 50% > > [cf: 100] > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above > 50% > > [cf: 100] > 3.7 PYZOR_CHECK Listed in Pyzor ( > http://pyzor.sf.net/) > 2.2 DCC_CHECK Listed in > DCC (http://rhyolite.com/anti-spam/dcc/) > 0.0 DIGEST_MULTIPLE Message hits more > than one network digest check > 4.0 JM_SOUGHT_1 Body contains > frequently-spammed text patterns > 4.0 JM_SOUGHT_2 Body contains > frequently-spammed text patterns > > As you can see it's greater than 10.0 which means it would have been > deleted. > > Can anyone help me? I need to get these type of messages spam checked. > > Thanks. > > Mike > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100122/73cbd03d/attachment.html > > ------------------------------ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read the Wiki (http://wiki.mailscanner.info/). > > Support MailScanner development - buy the book off the website! > > > End of MailScanner Digest, Vol 49, Issue 31 > ******************************************* > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100126/bc8372e5/attachment-0001.html From ssilva at sgvwater.com Tue Jan 26 16:21:36 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 26 16:22:09 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: on 1-26-2010 2:31 AM Kai Schaetzl spake the following: > Scott Silva wrote on Mon, 25 Jan 2010 14:39:18 -0800: > >> And just because you move to CentOS, you are not required to stick with >> sendmail. Postfix runs on CentOS too! > > I was just about to ask "why sendmail, are you switching from qmail"? ;-) > postfix is default on CentOS and I would leave it this way. > > Install all the necessary perl libraries and clamav from rpmforge, then > build your own SA rpm (just follow the instructions on the SA download > page), then install only the mailscanner*.rpm from the MailScanner > tarball. There's also a repo, but I don't know if it's up-to-date. > > Kai > Postfix is not the default on CentOS, but it is available from the install. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100126/f2e802ee/signature.bin From prandal at herefordshire.gov.uk Tue Jan 26 16:35:30 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 26 16:36:07 2010 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk> FYI. Please note the changed perl module dependencies. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: Warren Togami [mailto:wtogami@redhat.com] Sent: 26 January 2010 16:33 To: SpamAssassin Users List Subject: ANNOUNCE: Apache SpamAssassin 3.3.0 available Release Notes -- Apache SpamAssassin -- Version 3.3.0 Introduction ------------ This is a major release, incorporating enhancements and bug fixes that have accumulated in a year and a half of development since the 3.2.5 release. Apart from some new or changed dependencies on perl modules, this version is compatible to large extent with existing installations, so the upgrade is not expected to be problematic (neither is downgrading, if need arises). Please consult the list of known incompatibilities below before upgrading. Downloading and availability ---------------------------- Downloads are available from: http://spamassassin.apache.org/downloads.cgi md5sum of archive files: 15af629a95108bf245ab600d78ae754b Mail-SpamAssassin-3.3.0.tar.bz2 38078b07396c0ab92b46386bc70ef086 Mail-SpamAssassin-3.3.0.tar.gz e66856085ca14947146d57a40a51beaa Mail-SpamAssassin-3.3.0.zip 5be313a60c27ae522700e20b557ade33 Mail-SpamAssassin-rules-3.3.0.r901671.tgz sha1sum of archive files: 209a97102e2c0568f6ae8151e5a55cd949317b69 Mail-SpamAssassin-3.3.0.tar.bz2 35ff5ab33dd83bf8e3a63bd1540d819ab35117d5 Mail-SpamAssassin-3.3.0.tar.gz d1c61c67c806054c4404a854fc113a1a3c3e71c7 Mail-SpamAssassin-3.3.0.zip 04ac1d5d02a69f382909b01a4426a048a1e69278 Mail-SpamAssassin-rules-3.3.0.r901671.tgz Note that the *-rules-*.tgz files are only necessary if you cannot, or do not wish to, run "sa-update" after install to download the latest fresh rules. The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://www.apache.org/dist/spamassassin/KEYS The key information is: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) sub 4096R/7B3265A5 2009-12-02 See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.2.5 ------------------------------------ COMPATIBILITY WITH 3.2.5 - rules are no longer distributed with the package, but installed by sa-update - either automatically fetched from the network (preferably) or from a tar archive, which is available for downloading separately (see below, section INSTALLING RULES); - CPAN module requirements: - minimum required version of ExtUtils::MakeMaker is 6.17; - modules now required: Time::HiRes, NetAddr::IP (4.000 or later), Archive::Tar (1.23 or later), IO::Zlib; - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later); expect some tests in t/dkim2.t to fail with versions older than 0.36_5; - no longer used: Mail::DomainKeys, Mail::SPF::Query; - either Digest::SHA or the older Digest::SHA1 is required, though note that the DKIM plugin requires Digest::SHA for sha256 hashes and Razor agents still need Digest::SHA1; - some IPv6 functionality requires IO::Socket::INET6; - if keeping the AWL database in SQL, the field awl.ip must be extended to 40 characters. The change is necessary to allow AWL to keep track of IPv6 addresses which may appear in a mail header even on non-IPv6 -enabled host. While at it, consider also adding a field 'signedby' to the SQL table 'awl' (and adding 'auto_whitelist_distinguish_signed 1' to local.cf); see sql/README.awl for details. The change need not be undone even if downgrading back to 3.2.* for some reason; - fixing a protocol implementation error regarding a PING command required bumping up the SPAMC protocol version to 1.5. Spamd retains compatibility with older spamc clients. Combining new spamc clients with pre-3.3 versions of a spamd daemon is not supported (but happens to work, except for the PING and SKIP commands); - if using one of the plugins (FreeMail, PhishTag, Reuse) which were previously not part of the official package, please retire your local copy to avoid it conflicting with a new native plugin; - as the plugin AWL is no longer loaded by default, to continue using it the following line is needed in one of the .pre files (e.g. local.pre): loadplugin Mail::SpamAssassin::Plugin::AWL - it may be worth mentioning that a rule DKIM_VERIFIED has been renamed to DKIM_VALID to match its semantics; - the DKIM plugin is now enabled by default for new installs, if the perl module Mail::DKIM is installed. However, installation of SpamAssassin will not overwrite existing .pre configuration files, so to use DKIM when upgrading from a previous release that did not use DKIM, a directive: loadplugin Mail::SpamAssassin::Plugin::DKIM will need to be uncommented in file "v312.pre", or added to some other .pre file, such as local.pre; - due to changes in some internal data structures (like Bug 6185, 6254), some third-party plugins may need to be updated. One such example is the ClamAVPlugin plugin - please find a fresh version, which can be used with both SpamAssassin versions 3.2.5 and 3.3.0, on its wiki page at http://wiki.apache.org/spamassassin/ClamAVPlugin - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are incompatible with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or apply a workaround https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257 - support for versions of perl 5.6.* is being gradually revoked (may still work, but no promises and no support); - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later; - on FreeBSD, please avoid using multithreaded versions of perl older than 5.10.0 due to small default main thread's stack size, which may not suffice for some regular expression evaluations; INSTALLING RULES Rules are normally installed by running a sa-update command. The version of sa-update program should match the version of SpamAssassin modules, so invoking sa-update should be performed only after installing or upgrading SpamAssassin code, not before. Installing rules from network is done with a single command, normally run as root: sa-update Installing rules from files: obtain all the following files: Mail-SpamAssassin-rules-xxx.tgz Mail-SpamAssassin-rules-xxx.tgz.asc Mail-SpamAssassin-rules-xxx.tgz.md5 Mail-SpamAssassin-rules-xxx.tgz.sha1 (where xxx may look something like '3.3.0.r893295') install rules from a compressed tar archive: sa-update --install Mail-SpamAssassin-rules-xxx.tgz (sa-update will need corresponding .asc and .sha1 files with the same base name in the same directory as the .tgz file) MAIN NEW FEATURES - IPv6 support was substantially improved (see below); - many improvements to the DKIM plugin (understands author domain signatures, supports multiple signatures, ADSP support with overrides) - (see below); - added 'if can(Class::method)' conditional statement, allowing configuration settings to be conditional on plugin capabilities without requiring new version releases to do so; - added a --verbose option to the sa-update utility to show updated channels; - added a configuration option 'time_limit', defaulting to 300 seconds or whatever the caller (like spamd) provides; attempting to gracefully terminate the checking when a time limit is reached, reporting the score and test hits that were collected so far, along with an added hit on a rule TIME_LIMIT_EXCEEDED; - more expensive code sections are now instrumented with timing measurements; timing report is logged as a debug message by the end of processing, and made available to a caller and to 'add_header' directives through a TIMING tag; - added a configuration option skip_uribl_checks to the URIDNSBL plugin, cross-documented it with skip_rbl_checks; - preserve order of declared 'add_header' header fields; - configurable network mask length for the AWL plugin (see below); - added support for DCC reputations (see below); - improved error handling and robustness (see below); - added timestamps when logging on stderr; - allowed debug areas to be excluded from debugging, e.g.: -D all,norules,noconfig,nodcc BUILDING AND PACKAGING - rules are no longer distributed with the package, but installed by sa-update - Makefile.PL has been simplified and a bug fixed in a DESTDIR support by increasing the minimum required version of ExtUtils::MakeMaker to 6.17 - tools check_whitelist and check_spamd are now included in the distribution, now called 'sa-awl' and 'sa-check_spamd' WORKAROUNDS TO PERL BUGS AND LIMITATIONS - modified the Check.pm plugin to produce smaller chunks of source code from rules (60 kB) to avoid Perl compiler crashing on exceeding stack size; - localized global variables $1, $2, etc at several places, avoiding taint issue from propagating; - avoided Perl I/O bug by replacing line-by-line reading with read() where suitable, or played down the EBADF status in other places and only report it as a dbg instead of a die - while also providing a little speedup (10 .. 25 %) on reading a message; - provided a new sub Message::split_into_array_of_short_lines to split a text into array of paragraph chunks of sizes between 1 kB and 2 kB, giving less opportunity to runaway regular expressions in rules; fixes bugs: 5717, 5644, 5795, 5486, 5801, 5041; MEMORY FOOTPRINT - as a side-effect of compiling rules in smaller chunks (to avoid compiler crashes), virtual memory footprint of SpamAssassin is reduced; - saved some memory by not importing the Pod::Usage unless it is needed; - saved 350k+ of memory in sa-compile by replacing DynaLoader with XSLoader; - removed unneeded index from MySQL bayes_token table; IPv6 SUPPORT - added IPv6 support for trusted_networks, internal_networks, msa_networks, whitelist_from_rcvd, and other stuff that uses NetSet and the Received header field parser, using NetAddr::IP; - allowed usage of a remote dccifd host through an INET or INET6 socket; - added IPv6 support to AWL plugin and its utility modules; a network mask length is now configurable and defaults to /48, which controls what data is stored in an AWL database; - sql/README.awl and sql/awl_*.sql: increased suggested awl.ip field width to 40 characters to be able to hold IPv6 addresses; - IP_PRIVATE now includes ipv6 variants of private address space, as well as the ipv6-mapped ipv4 addresses. - NetSet now understands that ::ffff:192.168.1.2 and 192.168.1.2 are the same address; - IPv6 addresses are now properly read from Received header fields; - when reading Received header fields, the "IPv6:" prefix is stripped from IPv6 addresses, and "::ffff:" is removed from IPv6-mapped IPv4 addresses (so strings can match them as simply IPv4 addresses); - ::1/128 is always included in the trusted_networks/internal_networks set similar to 127.0.0.0/8; - some of the IPv6 functionality in SpamAssassin requires that a perl module IO::Socket::INET6 is available (like accessing a DNS resolver over inet6, talking to a dccifd host over inet6 socket, SPAMC protocol); SPAMC - Mail::SpamAssasin::Client ping may erroneously result in broken pipe; bump spamc protocol version to 1.5, updated spamd, spamc and Client.pm; - added -n / --connect-timeout switch to spamc, allowing to separate a connection timeout from communication timeout; - added --filter-retries and --filter-retry-sleep; - increased allowed line length in spamc.conf files to 8 KiB and report an error when the limit is exceeded; - fixed issue where spamc would not time out connections to a hung spamd; - spamc client library leaked the zlib compression buffer if compression is used; - spamc long option '--dest' was broken; SPAMD - when spamd is started with the daemonize option do not exit the parent until a child signals that it has logged the pid, to allow a wrapper script to simply continue immediately after starting spamd; - additional tempfile cleanup in kill_handler; - added SPAMD_LOCALHOST option to "make test" to allow specifying non-127.0.0.1 IP address for use in FreeBSD jail; API - adding one optional argument to Mail::SpamAssassin::parse allows caller to pass additional out-of-band information to SpamAssassin (such as a deadline time, DKIM verification results, information about a SMTP session, or dynamic rule hits); this information is made available to plugins and the rest of the code through a 'suppl_attrib' hash; - added option 'master_deadline' to the suppl_attrib argument of a Mail::SpamAssassin::parse method, allowing the caller to override a time_limit configuration setting; - Plugin::Check - pick up 'rule_hits' from caller via the new mechanism and call got_hit() on them; - simplified adding dynamic score hits and dynamic rules by plugins (such as AWL, CRM114, FuzzyOcr, Check) by letting got_hit() accept options tflags and description, and letting it store a supplied dynamic score for proper reporting; - let the timing breakdown information be accessible to a caller through the existing get_tag mechanism (tag TIMING); - let the generated header fields ('add_header' configuration options) be accessible to a caller through the existing get_tag mechanism (tags ADDEDHEADER, ADDEDHEADERHAM, ADDEDHEADERSPAM); RULES - rules are no longer distributed with the package; - new scores were generated by a genetic algorithm (GA) and then manually tweaked based on cleaned datasets supplied by a dozen volunteers; - dropped redundant rules or rules causing too many false positives; - added or updated many rules; incomplete list in no particular order: vbounce, lotsa_money, muchmoney, image spam, fill_this_form, FreeMail, European Parliament, HTML attachments, uri_obfu*, urinsrhsbl, urinsrhssub, urifullnsrhsbl, URI_OBFU_X9_WS, rDNS=localhost, INVALID_DATE_TZ_ABSURD, RCVD_IN_PSBL, FRT_VALIUM*, BOUNCE_MESSAGE, VBOUNCE_MESSAGE, __BOUNCE_UNDELIVERABLE, HELO_STATIC_HOST, FILL_THIS_FORM_FRAUD_PHISH, CHALLENGE_RESPONSE, DKIM_VALID, DKIM_VALID_AU, DKIM_ADSP_*, NML_ADSP_CUSTOM_{LOW,MED,HIGH}, __VIA_ML, MIME_BASE64_TEXT, LOTTO_URI, FORGED_MUA_THEBAT_BOUN, FORGED_MUA_THEBAT_CS, UNRESOLVED_TEMPLATE, __THEBAT_MUA, __ANY_OUTLOOK_MUA, RP_MATCHES_RCVD, one-word X-Mailer, SPAN rules, skype and misquoted-HTML rules, HTML obfuscation and Google feedproxy URI rules, advance_fee updates including further evolved advance fee second-order metarules, test rule for postmaster+abuse missing, FROM_MISSPACED, fixed FROM_CONTAINS_TAB, a Facebook redirector pattern, fixed FPs with TVD_SPACE_RATIO regarding one-word emails and ISO-2022-JP, added exclusion for __ISO_2022_JP_DELIM to OBFUSCATING_COMMENT, GAPPY_SUBJECT, PLING_QUERY and FM_FRM_RN_L_BRACK rules, RATWARE_BOUNDARY plus variant, superseded all previous RATWARE_OUTLOOK stuff, resolved FP in obfuscated URI rule, fixed breakage in tbird image rule, fixed SUBJECT_FUZZY_MEDS FP on unobfuscated "meds", added misspaced From header field rule, numeric+cctld URI rule, updated FH_DATE_PAST_20XX, ... - added PSBL blacklist - http://psbl.surriel.com/ - added support for http://www.spamhaus.org/css/ - replaces HABEAS, BSP and SSC with RP CERTIFIED; - use ReturnPath's RNBL, replacing SSBL; - added rule for plain text attachments with octet-stream MIME type; - avoided false positives on ISO-2022-JP messages in several rules; - removed massmailers from uridnsbl_skip_domain in 25_uribl.cf; - updated various default whitelists, uridnsbl_skip_domain, adsp_override, ... PLUGINS - new plugins: FreeMail, PhishTag, Reuse; - now enabled by default: DKIM; - now disabled by default: AWL; - retired plugin: DomainKeys; AWL PLUGIN - plugin AWL is now disabled by default; - added new configuration options auto_whitelist_ipv4_mask_len and auto_whitelist_ipv6_mask_len to allow more control on what part of an IP address is stored into an AWL database; - README.awl: increased a suggested awl.ip field width to 40 characters to support IPv6 addresses; - AutoWhitelist.pm: allowed storing a canonicalized IPv6 address, cropped to a configurable network mask (previously causing SQL server errors: 'value too long'); - let AWL with SQL keep separate records for DKIM-signed and unsigned mail (when auto_whitelist_distinguish_signed configuration option is true, and a field awl.signedby exists); - avoided a race condition in SQLBasedAddrList.pm when multiple processes try to insert-or-update an awl SQL record: trying INSERT first, and if that fails go for UPDATE; - gracefully handle NaN from corrupted database or a broken emulator or virtualizer; DCC PLUGIN - added support for DCC reputations, added setting dcc_rep_percent, new test check_dcc_reputation_range(), new tag DCCREP (DCC servers supply reputation data only to licensed clients); - allowed usage of a remote dccifd host through an INET or INET6 socket; DKIM PLUGIN - the DKIM plugin is now enabled by default for new installs if the perl module Mail::DKIM is installed. However, installing SpamAssassin will not overwrite existing .pre configuration files, so to use DKIM when upgrading from a previous release that did not use DKIM, the directive: loadplugin Mail::SpamAssassin::Plugin::DKIM will need to be uncommented in file "v312.pre", or added to some other .pre file, such as local.pre; - absolute minimal version of Mail::DKIM is 0.31; support for ADSP requires Mail::DKIM 0.34; a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM 0.36_5, so effectively the recommended version is Mail::DKIM 0.37 or later; - a perl module Digest::SHA is required if the DKIM plugin is enabled. If a perl module Digest::SHA is available, the module Digest::SHA1 becomes optional as far as SpamAssassin is concerned, but is still needed by Razor agents; - added support for multiple signatures (useful for whitelisting); - plugin now distinguishes author domain signatures from third party signatures (useful for whitelisting); - provides a tag DKIMIDENTITY (in addition to DKIMDOMAIN); - DKIM now supports Author Domain Signing Practices - ADSP (RFC 5617); - use the Mail::DKIM::AuthorDomainPolicy instead of Mail::DKIM::DkimPolicy, when available (since Mail::DKIM 0.34); - implements an 'adsp_override' configuration directive and adds an eval:check_dkim_adsp check, which is used by new DKIM_ADSP_* rules; - rules contain an initial set of 'adsp_override' directives, listing some of the more popular target domains for phishing (applicable only to domains which sign all their direct mail with a DKIM or DK signature); - this plugin can now re-use Mail::DKIM verification results if made available by a caller, which saves resources and makes it possible for SpamAssassin to work on a truncated large mail without breaking DKIM signatures; - check_dkim_signed and check_dkim_adsp eval rules can now take an optional list of domain names, which limits their action to listed domains only. It facilitates building DKIM-based rules for specific domains, without having to resort to meta rules; - draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature based on 'd': updated ADSP code accordingly; changed whitelisting code to be based on SDID ('d') instead of AUID ('i'); - Plugin/DKIM.pm: terminology changes in comments and logging according to RFC 5617 and draft-ietf-dkim-rfc4871-errata-07; BUG FIXES - fixed Rule2XSBody segfaults; - no longer treat user data as perl booleans (a string "0" is a false); - avoid data from the wild be interpreted as perl regular expressions; - ArchiveIterator: prevent _scan_directory from passing directories to _scan_file (on NFS it would fail with EISDIR on read(2); - fixed inserting the SpamAssassin -generated header fields after a multiline Return-Path header field; - fixed vpopmail support; - fixed incorrect mode bits when creating lock files for AWL; - fixed some cases where :addr headers were parsed incorrectly; - fixed leakage of 'whitelist_from_rcvd' entries between spamd users; - fixing run_and_catch, which failed to catch a non-timed run; - 127/8 isn't an illegal IP; - reworked the M::S::Timeout module to deal with nested timers as one would expect: an inner timer shouldn't be able to extend an outer timer's limit; account for time elapsed in the submitted subroutine when restarting an outer timer; reset() should have accounted for time already spent; deal with nested timed runs where alarm(0) does not provide remaining time; - the 'exists:' evaluator in HEADER rules now works as documented and tests for existence of a header field, instead of testing for a header field body being nonempty; internally, the pms->get can also now distinguish between empty and nonexistent header fields; - applied fixes to header fields parsing in several places: header field names are case-insensitive, whitespace is not required after a colon, obsolete rfc822 syntax allowed whitespace before a colon; VBounce: match "Received:" only at the beginning of a line; - fixed bugs 6237 and 6295: 1.0.0.0/8 and 2.0.0.0/8 are now valid allocated address ranges, fixed a corresponding rule RCVD_ILLEGAL_IP; - fixed bug 6205 comment 5 in URIDetail.pm; - 'pyzor_options' in Plugin/Pyzor.pm was not untainted; - made the URIDetail plugin taint safe; - fixed parsing of multi-line Received header fields for BOUNCE_MESSAGE/VBOUNCE_MESSAGE et al; - Bug 6206, Bug 2536: spamd: untaint directory as obtained from a password file or from vpopmail utilities, avoid implicit untainting; report error if user preferences file exists but cannot be accessed; - avoided using raw data from DNS as a regexp in Plugin/ASN.pm; - ensured the dbg() and info() calls always return the same value (true) regardless of log level; - suppressed logging of $& when its value is not available (i.e. when no regexp has been evaluated during rule evaluation); - Exporter never really worked in SA, was not enclosed in BEGIN {}; - masses/runGA and masses/mk-baseline-results: prevent a shell 'source' command from loading an unrelated file named 'config' which happens to be in the current PATH - must use a ./ in an arg to a 'source' command; ERROR HANDLING, ROBUSTNESS - improved error detection and reporting: test status of all system calls and I/O operations (or explicitly document where not), and report unexpected failures; - eval calls now check for eval result instead of testing the $@, which is not always reliable; - localized $@ and $! in DESTROY methods to prevent potential calls to eval and calls to system routines in code executed from a DESTROY method from clobbering global variables $@ and $!; - Util::helper_app_pipe_open_unix: contain a failing exec with an eval to prevent additional cases of process cloning. The exec could fail this way when given tainted arguments; - Util::helper_app_pipe_open_unix: flush stdout and stderr before forking, otherwise an error reported by exec (such as 'insecure dependency') was lost in a buffer; - eval-protected an open($fh,'-|') to capture implied fork failures due to lack of system resource; - explicit untainting: combine "use re 'taint'" with untaint_var(), avoiding implicit perl untainting, along with workarounds to prevent it; - added 'use strict' where missing; - avoided a bunch of warnings on "Use of uninitialized value"; - clearly report reasons for helper application process failures; - t/SATest.pm: provide information about the process failure reason if a system() call fails; improved its reporting of failures; - improved error reporting in Plugin/DCC.pm on finding a DCC home directory to facilitate troubleshooting; OTHER CHANGES - pseudoheader "ALL:raw" returns a pristine header section, and pseudoheader "ALL" returns a cleaned header section - total rewrite of URI detection in plain text body; - many updates to the list of top level domains; - added 'util_rb_3tld', allowing 3-level TLDs to be listed in URIBLs and allowing new 3TLDs to be added from rule updates; - avoided trusted_networks bog down due to O(n^2) loop with millions of entries; - applied fixes to Plugin/VBounce.pm, updated VBounce ruleset; - added support for a 'Communigate Pro' Received header field; - parse Communigate Pro "with HTTPU" auth token; - let DependencyInfo.pm understand a concept of recommended module version, besides a required version; - provided a workaround for Net::DNS::Packet::new inconsistency; - let SpamAssassin use either Digest::SHA or Digest::SHA1, whichever is available (the Digest::SHA is now a base module since perl 5.10.0); - improved parsing of eval-type rules: allow unquoted domain names as arguments, disallow unmatched quotes; - provided a new module Mail::SpamAssassin::BayesStore::BDB. It should be treated as alpha-quality (needs more testing) and is not yet ready for production use; - exposed existing function 'received_within_months' as an eval function in Plugin/HeaderEval.pm; - moved rc script to /var/lock/subsys/spamd instead of /var/lock/subsys/spamassassin so 'service spamd status' will work; - added feature to re-download MIRRRORED.BY files at least once a week, or if 'sa-update --refreshmirrors' switch is used; - input delimiter $/ can be corrupted by a plugin, localize $/ and $\ before calling a plugin; - bumped the retry counter to 180 seconds for starting spamd on slow machines; - resolved Bug 5325: syslog severity level in spamc/libspamc.c for max message size (changed LOG_ERR into LOG_NOTICE for the message: "skipped message, greater than max message size"); - added checker to avoid taint warnings if hostname is returned as '(none)'; - altered sa-update to produce an error message if a channel doesn't exist; - Bug 6150, Bug 6127, Bug 5981, Bug 5950, Bug 6191: let spamd log/report a child process exit status or aborting condition in an informative way; - added checker to detect accidental match-everything regexps in rules; - updated garescorer for 3.3.0: use more epochs in GA runs for better scores; clarify some mass-check warning output, ensure rule name always appears at start of line; if a rule had no default/existing score in 50_scores.cf, don't tell the GA that 1.0 is an appropriate default value, instead pick the midway point of its score range. this produces better results; remove some dead code from masses/score-ranges-from-freqs; - set garescorer.c to report performance as iterations per second; - added test to ensure that all config settings are correctly handled when switching between users; added more config setting type metadata to enable those tests to work; and fix URIDetail to store config on the {conf} object, not on the plugin; - moved 'release tests' to xt/ directory; mirror long-running, net-tests and stress tests with xt/50_testname.t scripts to enforce their run before a release; - made numerous additional and updated self-tests; - added a Test::Perl::Critic release-test; - cleaned up some code based on suggestions by perl module Test::Perl::Critic, among others: . enable TestingAndDebugging::ProhibitNoStrict test but allow the use of 'no strict "refs"'; . deal with BuiltinFunctions::RequireGlobFunction; . deal with ControlStructures::ProhibitMutatingListFunctions removing this exception from xt/60_perlcritic.t; . deal with BayesStore/BDB.pm, Variables::ProhibitConditionalDeclarations . now that the module Time::HiRes is a required module, we can afford to replace a select() with Time::HiRes::sleep, and remove exception BuiltinFunctions::ProhibitSleepViaSelect from xt/60_perlcritic.t; - updated documentation, fixing numerous typos and mistakes in documentation text and in log messages; - extensively improved development process: . automated testing through Hudson, a continuous integration tool; . improved mass-check system and rules oversight; About Apache SpamAssassin ------------------------- Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods. Apache SpamAssassin typically runs on a server, classifies and labels spam before it reaches your mailbox, while allowing other components of a mail system to act on its results. Most of the Apache SpamAssassin is written in Perl, with heavily traversed code paths carefully optimized. Benefits are portability, robustness and facilitated maintenance. It can run on a wide variety of POSIX platforms. The server and the Perl library feels at home on Unix and Linux platforms, and reportedly also works on MS Windows systems under ActivePerl. For more information, visit http://spamassassin.apache.org/ About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit http://www.apache.org/ Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From J.Ede at birchenallhowden.co.uk Tue Jan 26 17:34:24 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jan 26 17:34:59 2010 Subject: moving from ubuntu In-Reply-To: References: Message-ID: <1213490F1F316842A544A850422BFA96129737E35D@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 26 January 2010 10:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: moving from ubuntu > > Scott Silva wrote on Mon, 25 Jan 2010 14:39:18 -0800: > > > And just because you move to CentOS, you are not required to stick > with > > sendmail. Postfix runs on CentOS too! > > I was just about to ask "why sendmail, are you switching from qmail"? > ;-) > postfix is default on CentOS and I would leave it this way. > > Install all the necessary perl libraries and clamav from rpmforge, then > build your own SA rpm (just follow the instructions on the SA download > page), then install only the mailscanner*.rpm from the MailScanner > tarball. There's also a repo, but I don't know if it's up-to-date. > > Kai > There is also the MailScanner Gold yum repository, which I believe caters for CentOS. Although it is a paid service it will help you get up and running quickly. There is also the MailScanner beta repository that is free I think? Jason From GSilver at rampuptech.com Tue Jan 26 18:41:09 2010 From: GSilver at rampuptech.com (Gavin Silver) Date: Tue Jan 26 18:41:22 2010 Subject: moving from ubuntu In-Reply-To: <1213490F1F316842A544A850422BFA96129737E35D@BHLSBS.bhl.local> References: <1213490F1F316842A544A850422BFA96129737E35D@BHLSBS.bhl.local> Message-ID: Thanks everyone After reading all the replies ive decided to go with centos 5.4 and postfix as I am already comfortable with using postfix as a gateway and I can pretty much copy over all my trans/relay and config files. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: Tuesday, January 26, 2010 12:34 PM To: MailScanner discussion Subject: RE: moving from ubuntu > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl > Sent: 26 January 2010 10:31 > To: mailscanner@lists.mailscanner.info > Subject: Re: moving from ubuntu > > Scott Silva wrote on Mon, 25 Jan 2010 14:39:18 -0800: > > > And just because you move to CentOS, you are not required to stick > with > > sendmail. Postfix runs on CentOS too! > > I was just about to ask "why sendmail, are you switching from qmail"? > ;-) > postfix is default on CentOS and I would leave it this way. > > Install all the necessary perl libraries and clamav from rpmforge, then > build your own SA rpm (just follow the instructions on the SA download > page), then install only the mailscanner*.rpm from the MailScanner > tarball. There's also a repo, but I don't know if it's up-to-date. > > Kai > There is also the MailScanner Gold yum repository, which I believe caters for CentOS. Although it is a paid service it will help you get up and running quickly. There is also the MailScanner beta repository that is free I think? Jason -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mrm at medicine.wisc.edu Tue Jan 26 19:32:35 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue Jan 26 19:33:00 2010 Subject: moving from ubuntu In-Reply-To: References: <1213490F1F316842A544A850422BFA96129737E35D@BHLSBS.bhl.local> Message-ID: <4B5EEEF3020000FC0000F211@gwmail.medicine.wisc.edu> Whoever wrote below that postfix is the default on Centos is wrong. I've installed plenty of CentOS/RHEL 3, 4 & 5 systems and the default has always been Sendmail. Not that it isn't trivial to switch to Postfix, but don't be surprised if copying over your current Postfix config doesn't work until you tell CentOS to actually use Postfix. -Mike >>> On 1/26/2010 at 12:41 PM, in message , Gavin Silver wrote: > Thanks everyone > > After reading all the replies ive decided to go with centos 5.4 and postfix > as I am already comfortable with using postfix as a gateway and I can pretty > much copy over all my trans/relay and config files. > >> >> I was just about to ask "why sendmail, are you switching from qmail"? >> ;-) >> postfix is default on CentOS and I would leave it this way. >> >> Install all the necessary perl libraries and clamav from rpmforge, then >> build your own SA rpm (just follow the instructions on the SA download >> page), then install only the mailscanner*.rpm from the MailScanner >> tarball. There's also a repo, but I don't know if it's up-to-date. >> >> Kai >> > > There is also the MailScanner Gold yum repository, which I believe caters > for CentOS. Although it is a paid service it will help you get up and running > quickly. There is also the MailScanner beta repository that is free I think? > > Jason From jaearick at colby.edu Tue Jan 26 20:11:15 2010 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Jan 26 20:11:28 2010 Subject: 4.79.10 In-Reply-To: References: <4B5DE682.7030100@ecs.soton.ac.uk> Message-ID: On Mon, 25 Jan 2010, Jules Field wrote: > Date: Mon, 25 Jan 2010 18:44:18 +0000 > From: Jules Field > Reply-To: MailScanner discussion > To: MailScanner mailing list > Subject: 4.79.10 > > Please can you try this version and report any outstanding problems at all. > Otherwise I'm heading for a stable version to be released on 1st February. > > Thanks folks! Rolled out this beta on my Solaris 10 system. While I'm itching to upgrade to SpamAssassin 3.3.0, I'm going to hold back for a day. Anybody running MS 4.79.10 AND the new SpamAssassin? Jeff Earickson Colby College From prandal at herefordshire.gov.uk Tue Jan 26 21:09:48 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 26 21:10:07 2010 Subject: 4.79.10 In-Reply-To: References: <4B5DE682.7030100@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFE5@HC-MBX02.herefordshire.gov.uk> Works fine for me. Just read the release notes carefully. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson Sent: 26 January 2010 20:11 To: MailScanner discussion Subject: Re: 4.79.10 On Mon, 25 Jan 2010, Jules Field wrote: > Date: Mon, 25 Jan 2010 18:44:18 +0000 > From: Jules Field > Reply-To: MailScanner discussion > To: MailScanner mailing list > Subject: 4.79.10 > > Please can you try this version and report any outstanding problems at all. > Otherwise I'm heading for a stable version to be released on 1st February. > > Thanks folks! Rolled out this beta on my Solaris 10 system. While I'm itching to upgrade to SpamAssassin 3.3.0, I'm going to hold back for a day. Anybody running MS 4.79.10 AND the new SpamAssassin? Jeff Earickson Colby College -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From maillists at conactive.com Tue Jan 26 21:31:19 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 26 21:31:28 2010 Subject: 4.79.10 In-Reply-To: References: <4B5DE682.7030100@ecs.soton.ac.uk> Message-ID: Jeff A. Earickson wrote on Tue, 26 Jan 2010 15:11:15 -0500 (EST): > Anybody running > MS 4.79.10 AND the new SpamAssassin? no problems. But read the release/update notes. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From uxbod at splatnix.net Wed Jan 27 04:39:51 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 27 04:43:52 2010 Subject: 4.79.10 In-Reply-To: Message-ID: <30019586.165.1264567191791.JavaMail.root@office.splatnix.net> ----- "Kai Schaetzl" wrote: > Jeff A. Earickson wrote on Tue, 26 Jan 2010 15:11:15 -0500 (EST): > > > Anybody running > > MS 4.79.10 AND the new SpamAssassin? > > no problems. But read the release/update notes. > > Kai > Same here all good; and as others have expressed ensure to read the release notes. Appears to be quicker as well. -- Thanks, Phil From MailScanner at ecs.soton.ac.uk Wed Jan 27 12:14:27 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 27 12:14:37 2010 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk> <4B602E23.6090005@ecs.soton.ac.uk> Message-ID: I have updated my ClamAV+SpamAssassin package to SpamAssassin 3.3.0. I have added all the new requirements to it, of which there are quite a few (requirements have their own requirements, etc...). I have also improved the installation script a bit for you too. Please do download it from here: http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz and try it out for me! Cheers folks, Jules. On 26/01/2010 16:35, Randal, Phil wrote: > FYI. > > Please note the changed perl module dependencies. > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > NHS Herefordshire& Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: Warren Togami [mailto:wtogami@redhat.com] > Sent: 26 January 2010 16:33 > To: SpamAssassin Users List > Subject: ANNOUNCE: Apache SpamAssassin 3.3.0 available > > Release Notes -- Apache SpamAssassin -- Version 3.3.0 > > > Introduction > ------------ > > This is a major release, incorporating enhancements and bug fixes that > have accumulated in a year and a half of development since the 3.2.5 > release. > Apart from some new or changed dependencies on perl modules, this > version is compatible to large extent with existing installations, so > the upgrade is not expected to be problematic (neither is downgrading, > if need arises). > Please consult the list of known incompatibilities below before > upgrading. > > > Downloading and availability > ---------------------------- > > Downloads are available from: > > http://spamassassin.apache.org/downloads.cgi > > md5sum of archive files: > > 15af629a95108bf245ab600d78ae754b Mail-SpamAssassin-3.3.0.tar.bz2 > 38078b07396c0ab92b46386bc70ef086 Mail-SpamAssassin-3.3.0.tar.gz > e66856085ca14947146d57a40a51beaa Mail-SpamAssassin-3.3.0.zip > 5be313a60c27ae522700e20b557ade33 > Mail-SpamAssassin-rules-3.3.0.r901671.tgz > > sha1sum of archive files: > > 209a97102e2c0568f6ae8151e5a55cd949317b69 > Mail-SpamAssassin-3.3.0.tar.bz2 > 35ff5ab33dd83bf8e3a63bd1540d819ab35117d5 > Mail-SpamAssassin-3.3.0.tar.gz > d1c61c67c806054c4404a854fc113a1a3c3e71c7 Mail-SpamAssassin-3.3.0.zip > 04ac1d5d02a69f382909b01a4426a048a1e69278 > Mail-SpamAssassin-rules-3.3.0.r901671.tgz > > Note that the *-rules-*.tgz files are only necessary if you cannot, or > do not wish to, run "sa-update" after install to download the latest > fresh rules. > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://www.apache.org/dist/spamassassin/KEYS > > The key information is: > > pub 4096R/F7D39814 2009-12-02 > Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 > 9814 > uid SpamAssassin Project Management Committee > > uid SpamAssassin Signing Key (Code Signing Key, > replacement for 1024D/265FA05B) > sub 4096R/7B3265A5 2009-12-02 > > See the INSTALL and UPGRADE files in the distribution for important > installation notes. > > > Summary of major changes since 3.2.5 > ------------------------------------ > > COMPATIBILITY WITH 3.2.5 > > - rules are no longer distributed with the package, but installed by > sa-update - either automatically fetched from the network (preferably) > or from a tar archive, which is available for downloading separately > (see below, section INSTALLING RULES); > > - CPAN module requirements: > - minimum required version of ExtUtils::MakeMaker is 6.17; > - modules now required: Time::HiRes, NetAddr::IP (4.000 or later), > Archive::Tar (1.23 or later), IO::Zlib; > - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later); > expect some tests in t/dkim2.t to fail with versions older than > 0.36_5; > - no longer used: Mail::DomainKeys, Mail::SPF::Query; > - either Digest::SHA or the older Digest::SHA1 is required, though > note that the DKIM plugin requires Digest::SHA for sha256 hashes > and Razor agents still need Digest::SHA1; > - some IPv6 functionality requires IO::Socket::INET6; > > - if keeping the AWL database in SQL, the field awl.ip must be extended > to > 40 characters. The change is necessary to allow AWL to keep track of > IPv6 > addresses which may appear in a mail header even on non-IPv6 -enabled > host. > While at it, consider also adding a field 'signedby' to the SQL table > 'awl' > (and adding 'auto_whitelist_distinguish_signed 1' to local.cf); > see sql/README.awl for details. The change need not be undone even if > downgrading back to 3.2.* for some reason; > > - fixing a protocol implementation error regarding a PING command > required > bumping up the SPAMC protocol version to 1.5. Spamd retains > compatibility > with older spamc clients. Combining new spamc clients with pre-3.3 > versions > of a spamd daemon is not supported (but happens to work, except for > the > PING and SKIP commands); > > - if using one of the plugins (FreeMail, PhishTag, Reuse) which were > previously not part of the official package, please retire your local > copy > to avoid it conflicting with a new native plugin; > > - as the plugin AWL is no longer loaded by default, to continue using it > the following line is needed in one of the .pre files (e.g. > local.pre): > loadplugin Mail::SpamAssassin::Plugin::AWL > > - it may be worth mentioning that a rule DKIM_VERIFIED has been renamed > to DKIM_VALID to match its semantics; > > - the DKIM plugin is now enabled by default for new installs, if the > perl > module Mail::DKIM is installed. However, installation of SpamAssassin > will not overwrite existing .pre configuration files, so to use DKIM > when > upgrading from a previous release that did not use DKIM, a directive: > > loadplugin Mail::SpamAssassin::Plugin::DKIM > > will need to be uncommented in file "v312.pre", or added to some > other .pre file, such as local.pre; > > - due to changes in some internal data structures (like Bug 6185, 6254), > some third-party plugins may need to be updated. One such example is > the ClamAVPlugin plugin - please find a fresh version, which can be > used > with both SpamAssassin versions 3.2.5 and 3.3.0, on its wiki page at > http://wiki.apache.org/spamassassin/ClamAVPlugin > > - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are > incompatible > with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or > apply > a workaround > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257 > > - support for versions of perl 5.6.* is being gradually revoked > (may still work, but no promises and no support); > > - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later; > > - on FreeBSD, please avoid using multithreaded versions of perl older > than 5.10.0 due to small default main thread's stack size, which may > not suffice for some regular expression evaluations; > > > INSTALLING RULES > > Rules are normally installed by running a sa-update command. > The version of sa-update program should match the version of > SpamAssassin modules, so invoking sa-update should be performed only > after installing or upgrading SpamAssassin code, not before. > > Installing rules from network is done with a single command, normally > run as root: > sa-update > > Installing rules from files: > obtain all the following files: > Mail-SpamAssassin-rules-xxx.tgz > Mail-SpamAssassin-rules-xxx.tgz.asc > Mail-SpamAssassin-rules-xxx.tgz.md5 > Mail-SpamAssassin-rules-xxx.tgz.sha1 > (where xxx may look something like '3.3.0.r893295') > install rules from a compressed tar archive: > sa-update --install Mail-SpamAssassin-rules-xxx.tgz > (sa-update will need corresponding .asc and .sha1 files with the > same base name in the same directory as the .tgz file) > > > MAIN NEW FEATURES > > - IPv6 support was substantially improved (see below); > > - many improvements to the DKIM plugin (understands author domain > signatures, > supports multiple signatures, ADSP support with overrides) - (see > below); > > - added 'if can(Class::method)' conditional statement, allowing > configuration > settings to be conditional on plugin capabilities without requiring > new version releases to do so; > > - added a --verbose option to the sa-update utility to show updated > channels; > > - added a configuration option 'time_limit', defaulting to 300 seconds > or whatever the caller (like spamd) provides; attempting to gracefully > terminate the checking when a time limit is reached, reporting the > score > and test hits that were collected so far, along with an added hit on > a rule TIME_LIMIT_EXCEEDED; > > - more expensive code sections are now instrumented with timing > measurements; > timing report is logged as a debug message by the end of processing, > and made available to a caller and to 'add_header' directives through > a TIMING tag; > > - added a configuration option skip_uribl_checks to the URIDNSBL plugin, > cross-documented it with skip_rbl_checks; > > - preserve order of declared 'add_header' header fields; > > - configurable network mask length for the AWL plugin (see below); > > - added support for DCC reputations (see below); > > - improved error handling and robustness (see below); > > - added timestamps when logging on stderr; > > - allowed debug areas to be excluded from debugging, > e.g.: -D all,norules,noconfig,nodcc > > > BUILDING AND PACKAGING > > - rules are no longer distributed with the package, but installed by > sa-update > > - Makefile.PL has been simplified and a bug fixed in a DESTDIR support > by increasing the minimum required version of ExtUtils::MakeMaker to > 6.17 > > - tools check_whitelist and check_spamd are now included in the > distribution, > now called 'sa-awl' and 'sa-check_spamd' > > > WORKAROUNDS TO PERL BUGS AND LIMITATIONS > > - modified the Check.pm plugin to produce smaller chunks of source code > from rules (60 kB) to avoid Perl compiler crashing on exceeding stack > size; > > - localized global variables $1, $2, etc at several places, avoiding > taint > issue from propagating; > > - avoided Perl I/O bug by replacing line-by-line reading with read() > where > suitable, or played down the EBADF status in other places and only > report > it as a dbg instead of a die - while also providing a little speedup > (10 .. 25 %) on reading a message; > > - provided a new sub Message::split_into_array_of_short_lines to split > a text into array of paragraph chunks of sizes between 1 kB and 2 kB, > giving less opportunity to runaway regular expressions in rules; > fixes bugs: 5717, 5644, 5795, 5486, 5801, 5041; > > > MEMORY FOOTPRINT > > - as a side-effect of compiling rules in smaller chunks (to avoid > compiler > crashes), virtual memory footprint of SpamAssassin is reduced; > > - saved some memory by not importing the Pod::Usage unless it is needed; > > - saved 350k+ of memory in sa-compile by replacing DynaLoader with > XSLoader; > > - removed unneeded index from MySQL bayes_token table; > > > IPv6 SUPPORT > > - added IPv6 support for trusted_networks, internal_networks, > msa_networks, > whitelist_from_rcvd, and other stuff that uses NetSet and the Received > header field parser, using NetAddr::IP; > > - allowed usage of a remote dccifd host through an INET or INET6 socket; > > - added IPv6 support to AWL plugin and its utility modules; a network > mask length is now configurable and defaults to /48, which controls > what data is stored in an AWL database; > > - sql/README.awl and sql/awl_*.sql: increased suggested awl.ip field > width > to 40 characters to be able to hold IPv6 addresses; > > - IP_PRIVATE now includes ipv6 variants of private address space, > as well as the ipv6-mapped ipv4 addresses. > > - NetSet now understands that ::ffff:192.168.1.2 and 192.168.1.2 are > the same address; > > - IPv6 addresses are now properly read from Received header fields; > > - when reading Received header fields, the "IPv6:" prefix is stripped > from > IPv6 addresses, and "::ffff:" is removed from IPv6-mapped IPv4 > addresses > (so strings can match them as simply IPv4 addresses); > > - ::1/128 is always included in the trusted_networks/internal_networks > set > similar to 127.0.0.0/8; > > - some of the IPv6 functionality in SpamAssassin requires that a perl > module > IO::Socket::INET6 is available (like accessing a DNS resolver over > inet6, > talking to a dccifd host over inet6 socket, SPAMC protocol); > > > SPAMC > > - Mail::SpamAssasin::Client ping may erroneously result in broken pipe; > bump spamc protocol version to 1.5, updated spamd, spamc and > Client.pm; > > - added -n / --connect-timeout switch to spamc, allowing to separate > a connection timeout from communication timeout; > > - added --filter-retries and --filter-retry-sleep; > > - increased allowed line length in spamc.conf files to 8 KiB and report > an error when the limit is exceeded; > > - fixed issue where spamc would not time out connections to a hung > spamd; > > - spamc client library leaked the zlib compression buffer if compression > is used; > > - spamc long option '--dest' was broken; > > > SPAMD > > - when spamd is started with the daemonize option do not exit the parent > until a child signals that it has logged the pid, to allow a wrapper > script to simply continue immediately after starting spamd; > > - additional tempfile cleanup in kill_handler; > > - added SPAMD_LOCALHOST option to "make test" to allow specifying > non-127.0.0.1 IP address for use in FreeBSD jail; > > > API > > - adding one optional argument to Mail::SpamAssassin::parse allows > caller > to pass additional out-of-band information to SpamAssassin (such as a > deadline time, DKIM verification results, information about a SMTP > session, > or dynamic rule hits); this information is made available to plugins > and > the rest of the code through a 'suppl_attrib' hash; > > - added option 'master_deadline' to the suppl_attrib argument of a > Mail::SpamAssassin::parse method, allowing the caller to override a > time_limit configuration setting; > > - Plugin::Check - pick up 'rule_hits' from caller via the new mechanism > and call got_hit() on them; > > - simplified adding dynamic score hits and dynamic rules by plugins > (such as AWL, CRM114, FuzzyOcr, Check) by letting got_hit() accept > options tflags and description, and letting it store a supplied > dynamic score for proper reporting; > > - let the timing breakdown information be accessible to a caller through > the existing get_tag mechanism (tag TIMING); > > - let the generated header fields ('add_header' configuration options) > be accessible to a caller through the existing get_tag mechanism > (tags ADDEDHEADER, ADDEDHEADERHAM, ADDEDHEADERSPAM); > > > RULES > > - rules are no longer distributed with the package; > > - new scores were generated by a genetic algorithm (GA) and then > manually > tweaked based on cleaned datasets supplied by a dozen volunteers; > > - dropped redundant rules or rules causing too many false positives; > > - added or updated many rules; incomplete list in no particular order: > vbounce, lotsa_money, muchmoney, image spam, fill_this_form, FreeMail, > European Parliament, HTML attachments, uri_obfu*, urinsrhsbl, > urinsrhssub, > urifullnsrhsbl, URI_OBFU_X9_WS, rDNS=localhost, > INVALID_DATE_TZ_ABSURD, > RCVD_IN_PSBL, FRT_VALIUM*, BOUNCE_MESSAGE, VBOUNCE_MESSAGE, > __BOUNCE_UNDELIVERABLE, HELO_STATIC_HOST, FILL_THIS_FORM_FRAUD_PHISH, > CHALLENGE_RESPONSE, DKIM_VALID, DKIM_VALID_AU, DKIM_ADSP_*, > NML_ADSP_CUSTOM_{LOW,MED,HIGH}, __VIA_ML, MIME_BASE64_TEXT, LOTTO_URI, > FORGED_MUA_THEBAT_BOUN, FORGED_MUA_THEBAT_CS, UNRESOLVED_TEMPLATE, > __THEBAT_MUA, __ANY_OUTLOOK_MUA, RP_MATCHES_RCVD, one-word X-Mailer, > SPAN rules, skype and misquoted-HTML rules, HTML obfuscation and > Google feedproxy URI rules, advance_fee updates including further > evolved advance fee second-order metarules, test rule for > postmaster+abuse missing, FROM_MISSPACED, fixed FROM_CONTAINS_TAB, a > Facebook redirector pattern, fixed FPs with TVD_SPACE_RATIO regarding > one-word emails and ISO-2022-JP, added exclusion for > __ISO_2022_JP_DELIM > to OBFUSCATING_COMMENT, GAPPY_SUBJECT, PLING_QUERY and > FM_FRM_RN_L_BRACK > rules, RATWARE_BOUNDARY plus variant, superseded all previous > RATWARE_OUTLOOK stuff, resolved FP in obfuscated URI rule, fixed > breakage > in tbird image rule, fixed SUBJECT_FUZZY_MEDS FP on unobfuscated > "meds", > added misspaced From header field rule, numeric+cctld URI rule, > updated FH_DATE_PAST_20XX, ... > > - added PSBL blacklist - http://psbl.surriel.com/ > > - added support for http://www.spamhaus.org/css/ > > - replaces HABEAS, BSP and SSC with RP CERTIFIED; > > - use ReturnPath's RNBL, replacing SSBL; > > - added rule for plain text attachments with octet-stream MIME type; > > - avoided false positives on ISO-2022-JP messages in several rules; > > - removed massmailers from uridnsbl_skip_domain in 25_uribl.cf; > > - updated various default whitelists, uridnsbl_skip_domain, > adsp_override, ... > > > PLUGINS > > - new plugins: FreeMail, PhishTag, Reuse; > > - now enabled by default: DKIM; > > - now disabled by default: AWL; > > - retired plugin: DomainKeys; > > > AWL PLUGIN > > - plugin AWL is now disabled by default; > > - added new configuration options auto_whitelist_ipv4_mask_len and > auto_whitelist_ipv6_mask_len to allow more control on what part of > an IP address is stored into an AWL database; > > - README.awl: increased a suggested awl.ip field width to 40 characters > to support IPv6 addresses; > > - AutoWhitelist.pm: allowed storing a canonicalized IPv6 address, > cropped > to a configurable network mask (previously causing SQL server errors: > 'value too long'); > > - let AWL with SQL keep separate records for DKIM-signed and unsigned > mail > (when auto_whitelist_distinguish_signed configuration option is true, > and a field awl.signedby exists); > > - avoided a race condition in SQLBasedAddrList.pm when multiple > processes > try to insert-or-update an awl SQL record: trying INSERT first, and if > that fails go for UPDATE; > > - gracefully handle NaN from corrupted database or a broken emulator or > virtualizer; > > > DCC PLUGIN > > - added support for DCC reputations, added setting dcc_rep_percent, > new test check_dcc_reputation_range(), new tag DCCREP > (DCC servers supply reputation data only to licensed clients); > > - allowed usage of a remote dccifd host through an INET or INET6 socket; > > > DKIM PLUGIN > > - the DKIM plugin is now enabled by default for new installs if the perl > module Mail::DKIM is installed. However, installing SpamAssassin will > not overwrite existing .pre configuration files, so to use DKIM when > upgrading from a previous release that did not use DKIM, the > directive: > > loadplugin Mail::SpamAssassin::Plugin::DKIM > > will need to be uncommented in file "v312.pre", or added to some > other .pre file, such as local.pre; > > - absolute minimal version of Mail::DKIM is 0.31; > support for ADSP requires Mail::DKIM 0.34; > a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM > 0.36_5, > so effectively the recommended version is Mail::DKIM 0.37 or later; > > - a perl module Digest::SHA is required if the DKIM plugin is enabled. > If a perl module Digest::SHA is available, the module Digest::SHA1 > becomes optional as far as SpamAssassin is concerned, but is still > needed by Razor agents; > > - added support for multiple signatures (useful for whitelisting); > > - plugin now distinguishes author domain signatures from third party > signatures (useful for whitelisting); > > - provides a tag DKIMIDENTITY (in addition to DKIMDOMAIN); > > - DKIM now supports Author Domain Signing Practices - ADSP (RFC 5617); > > - use the Mail::DKIM::AuthorDomainPolicy instead of > Mail::DKIM::DkimPolicy, > when available (since Mail::DKIM 0.34); > > - implements an 'adsp_override' configuration directive and adds > an eval:check_dkim_adsp check, which is used by new DKIM_ADSP_* rules; > > - rules contain an initial set of 'adsp_override' directives, listing > some of the more popular target domains for phishing (applicable only > to > domains which sign all their direct mail with a DKIM or DK signature); > > - this plugin can now re-use Mail::DKIM verification results if made > available by a caller, which saves resources and makes it possible > for SpamAssassin to work on a truncated large mail without breaking > DKIM signatures; > > - check_dkim_signed and check_dkim_adsp eval rules can now take an > optional > list of domain names, which limits their action to listed domains > only. > It facilitates building DKIM-based rules for specific domains, without > having to resort to meta rules; > > - draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature based on > 'd': > updated ADSP code accordingly; changed whitelisting code to be based > on > SDID ('d') instead of AUID ('i'); > > - Plugin/DKIM.pm: terminology changes in comments and logging according > to RFC 5617 and draft-ietf-dkim-rfc4871-errata-07; > > > BUG FIXES > > - fixed Rule2XSBody segfaults; > > - no longer treat user data as perl booleans (a string "0" is a false); > > - avoid data from the wild be interpreted as perl regular expressions; > > - ArchiveIterator: prevent _scan_directory from passing directories > to _scan_file (on NFS it would fail with EISDIR on read(2); > > - fixed inserting the SpamAssassin -generated header fields after a > multiline Return-Path header field; > > - fixed vpopmail support; > > - fixed incorrect mode bits when creating lock files for AWL; > > - fixed some cases where :addr headers were parsed incorrectly; > > - fixed leakage of 'whitelist_from_rcvd' entries between spamd users; > > - fixing run_and_catch, which failed to catch a non-timed run; > > - 127/8 isn't an illegal IP; > > - reworked the M::S::Timeout module to deal with nested timers as one > would > expect: an inner timer shouldn't be able to extend an outer timer's > limit; > account for time elapsed in the submitted subroutine when restarting > an > outer timer; reset() should have accounted for time already spent; > deal with nested timed runs where alarm(0) does not provide remaining > time; > > - the 'exists:' evaluator in HEADER rules now works as documented > and tests for existence of a header field, instead of testing for > a header field body being nonempty; internally, the pms->get can > also now distinguish between empty and nonexistent header fields; > > - applied fixes to header fields parsing in several places: header field > names are case-insensitive, whitespace is not required after a colon, > obsolete rfc822 syntax allowed whitespace before a colon; > VBounce: match "Received:" only at the beginning of a line; > > - fixed bugs 6237 and 6295: 1.0.0.0/8 and 2.0.0.0/8 are now valid > allocated > address ranges, fixed a corresponding rule RCVD_ILLEGAL_IP; > > - fixed bug 6205 comment 5 in URIDetail.pm; > > - 'pyzor_options' in Plugin/Pyzor.pm was not untainted; > > - made the URIDetail plugin taint safe; > > - fixed parsing of multi-line Received header fields for > BOUNCE_MESSAGE/VBOUNCE_MESSAGE et al; > > - Bug 6206, Bug 2536: spamd: untaint directory as obtained from a > password > file or from vpopmail utilities, avoid implicit untainting; report > error > if user preferences file exists but cannot be accessed; > > - avoided using raw data from DNS as a regexp in Plugin/ASN.pm; > > - ensured the dbg() and info() calls always return the same value (true) > regardless of log level; > > - suppressed logging of $& when its value is not available (i.e. when > no regexp has been evaluated during rule evaluation); > > - Exporter never really worked in SA, was not enclosed in BEGIN {}; > > - masses/runGA and masses/mk-baseline-results: prevent a shell 'source' > command from loading an unrelated file named 'config' which happens to > be > in the current PATH - must use a ./ in an arg to a 'source' command; > > > ERROR HANDLING, ROBUSTNESS > > - improved error detection and reporting: test status of all system > calls > and I/O operations (or explicitly document where not), and report > unexpected failures; > > - eval calls now check for eval result instead of testing the $@, which > is not always reliable; > > - localized $@ and $! in DESTROY methods to prevent potential calls to > eval > and calls to system routines in code executed from a DESTROY method > from clobbering global variables $@ and $!; > > - Util::helper_app_pipe_open_unix: contain a failing exec with an eval > to prevent additional cases of process cloning. The exec could fail > this way when given tainted arguments; > > - Util::helper_app_pipe_open_unix: flush stdout and stderr before > forking, > otherwise an error reported by exec (such as 'insecure dependency') > was lost in a buffer; > > - eval-protected an open($fh,'-|') to capture implied fork failures > due to lack of system resource; > > - explicit untainting: combine "use re 'taint'" with untaint_var(), > avoiding implicit perl untainting, along with workarounds to prevent > it; > > - added 'use strict' where missing; > > - avoided a bunch of warnings on "Use of uninitialized value"; > > - clearly report reasons for helper application process failures; > > - t/SATest.pm: provide information about the process failure reason > if a system() call fails; improved its reporting of failures; > > - improved error reporting in Plugin/DCC.pm on finding a DCC home > directory > to facilitate troubleshooting; > > > OTHER CHANGES > > - pseudoheader "ALL:raw" returns a pristine header section, > and pseudoheader "ALL" returns a cleaned header section > > - total rewrite of URI detection in plain text body; > > - many updates to the list of top level domains; > > - added 'util_rb_3tld', allowing 3-level TLDs to be listed in URIBLs and > allowing new 3TLDs to be added from rule updates; > > - avoided trusted_networks bog down due to O(n^2) loop with millions > of entries; > > - applied fixes to Plugin/VBounce.pm, updated VBounce ruleset; > > - added support for a 'Communigate Pro' Received header field; > > - parse Communigate Pro "with HTTPU" auth token; > > - let DependencyInfo.pm understand a concept of recommended module > version, > besides a required version; > > - provided a workaround for Net::DNS::Packet::new inconsistency; > > - let SpamAssassin use either Digest::SHA or Digest::SHA1, whichever is > available (the Digest::SHA is now a base module since perl 5.10.0); > > - improved parsing of eval-type rules: allow unquoted domain names as > arguments, disallow unmatched quotes; > > - provided a new module Mail::SpamAssassin::BayesStore::BDB. It should > be > treated as alpha-quality (needs more testing) and is not yet ready for > production use; > > - exposed existing function 'received_within_months' as an eval function > in Plugin/HeaderEval.pm; > > - moved rc script to /var/lock/subsys/spamd instead of > /var/lock/subsys/spamassassin so 'service spamd status' will work; > > - added feature to re-download MIRRRORED.BY files at least once a week, > or if > 'sa-update --refreshmirrors' switch is used; > > - input delimiter $/ can be corrupted by a plugin, localize $/ and $\ > before > calling a plugin; > > - bumped the retry counter to 180 seconds for starting spamd on slow > machines; > > - resolved Bug 5325: syslog severity level in spamc/libspamc.c for max > message size (changed LOG_ERR into LOG_NOTICE for the message: > "skipped message, greater than max message size"); > > - added checker to avoid taint warnings if hostname is returned as > '(none)'; > > - altered sa-update to produce an error message if a channel doesn't > exist; > > - Bug 6150, Bug 6127, Bug 5981, Bug 5950, Bug 6191: let spamd log/report > a child process exit status or aborting condition in an informative > way; > > - added checker to detect accidental match-everything regexps in rules; > > - updated garescorer for 3.3.0: use more epochs in GA runs for better > scores; > clarify some mass-check warning output, ensure rule name always > appears at > start of line; if a rule had no default/existing score in > 50_scores.cf, > don't tell the GA that 1.0 is an appropriate default value, instead > pick > the midway point of its score range. this produces better results; > remove some dead code from masses/score-ranges-from-freqs; > > - set garescorer.c to report performance as iterations per second; > > - added test to ensure that all config settings are correctly handled > when > switching between users; added more config setting type metadata to > enable > those tests to work; and fix URIDetail to store config on the {conf} > object, > not on the plugin; > > - moved 'release tests' to xt/ directory; mirror long-running, net-tests > and > stress tests with xt/50_testname.t scripts to enforce their run before > a > release; > > - made numerous additional and updated self-tests; > > - added a Test::Perl::Critic release-test; > > - cleaned up some code based on suggestions by perl module > Test::Perl::Critic, > among others: > . enable TestingAndDebugging::ProhibitNoStrict test but allow the > use of 'no strict "refs"'; > . deal with BuiltinFunctions::RequireGlobFunction; > . deal with ControlStructures::ProhibitMutatingListFunctions > removing this exception from xt/60_perlcritic.t; > . deal with BayesStore/BDB.pm, > Variables::ProhibitConditionalDeclarations > . now that the module Time::HiRes is a required module, we can afford > to replace a select() with Time::HiRes::sleep, and remove exception > BuiltinFunctions::ProhibitSleepViaSelect from xt/60_perlcritic.t; > > - updated documentation, fixing numerous typos and mistakes in > documentation > text and in log messages; > > - extensively improved development process: > . automated testing through Hudson, a continuous integration tool; > . improved mass-check system and rules oversight; > > > About Apache SpamAssassin > ------------------------- > > Apache SpamAssassin is a mature, widely-deployed open source project > that serves as a mail filter to identify spam. SpamAssassin uses a > variety of mechanisms including mail header and text analysis, Bayesian > filtering, DNS blocklists, and collaborative filtering databases. In > addition, Apache SpamAssassin has a modular architecture that allows > other technologies to be quickly incorporated as an addition or as a > replacement for existing methods. > Apache SpamAssassin typically runs on a server, classifies and labels > spam before it reaches your mailbox, while allowing other components of > a mail system to act on its results. > > Most of the Apache SpamAssassin is written in Perl, with heavily > traversed code paths carefully optimized. Benefits are portability, > robustness and facilitated maintenance. It can run on a wide variety of > POSIX platforms. > The server and the Perl library feels at home on Unix and Linux > platforms, and reportedly also works on MS Windows systems under > ActivePerl. > > For more information, visit http://spamassassin.apache.org/ > > > About The Apache Software Foundation > ------------------------------------ > > Established in 1999, The Apache Software Foundation provides > organizational, legal, and financial support for more than 100 > freely-available, collaboratively-developed Open Source projects. The > pragmatic Apache License enables individual and commercial users to > easily deploy Apache software; the Foundation's intellectual property > framework limits the legal exposure of its 2,500+ contributors. > > For more information, visit http://www.apache.org/ > Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. > You should be aware that Herefordshire Council monitors its email service. > This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmmm82 at gmail.com Wed Jan 27 12:42:29 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Wed Jan 27 12:42:39 2010 Subject: Not detecting this message Message-ID: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> Hi everyone Today I started to get hundereds of messages in the following form Hi. My name is Nicole. this is about you? http://ezonlinebible.com/kittens.html Goodbye :-) And it has the subject Please I also received similar messages with Subjects : Question, Answer me, Please answer me How can I stop such messages, all passed as clean except the ones that came from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN didnt catch any of them Help Please Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/b3a9d2b9/attachment.html From Hostmaster at computerservicecentre.com Wed Jan 27 12:53:40 2010 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Wed Jan 27 12:53:58 2010 Subject: Not detecting this message In-Reply-To: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2ACFA590@commssrv01.computerservicecentre.com> Hi, Your posting to list triggered URIBL_BLACK for the URL when we processed it, and the only reason I received your post is because I have the MailScanner list whitelisted. Do you use URIBL in your spamassassin installation? If so, you might want to increase the scoring of the associated rules. Have you inspected the headers to find out which rules these emails are hitting? It would be worth letting the list know how your install scored the message, along with your spam trigger level, and also which (if any) RBL's you are using. Regards, Richard PS - I removed the URL from my reply so it doesn't hit the URIBL rules for others From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Monis Monther Posted At: 27 January 2010 12:42 Posted To: Hostmaster Conversation: Not detecting this message Subject: Not detecting this message Hi everyone Today I started to get hundereds of messages in the following form Hi. My name is Nicole. this is about you? Goodbye :-) And it has the subject Please I also received similar messages with Subjects : Question, Answer me, Please answer me How can I stop such messages, all passed as clean except the ones that came from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN didnt catch any of them Help Please Thanks All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/55828715/attachment.html From prandal at herefordshire.gov.uk Wed Jan 27 13:09:44 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jan 27 13:10:01 2010 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk><4B602E23.6090005@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08B9D9FA@HC-MBX02.herefordshire.gov.uk> Jules, Are you going to update the 'MailScanner -V' output to check for these requirements too? Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 27 January 2010 12:14 To: MailScanner discussion Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available I have updated my ClamAV+SpamAssassin package to SpamAssassin 3.3.0. I have added all the new requirements to it, of which there are quite a few (requirements have their own requirements, etc...). I have also improved the installation script a bit for you too. Please do download it from here: http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz and try it out for me! Cheers folks, Jules. On 26/01/2010 16:35, Randal, Phil wrote: > FYI. > > Please note the changed perl module dependencies. > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > NHS Herefordshire& Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, > Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those > of the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended > solely for the use of the addressee. This communication may contain > material protected by law from being passed on. If you are not the > intended recipient and have received this e-mail in error, you are > advised that any use, dissemination, forwarding, printing or copying > of this e-mail is strictly prohibited. If you have received this > e-mail in error please contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: Warren Togami [mailto:wtogami@redhat.com] > Sent: 26 January 2010 16:33 > To: SpamAssassin Users List > Subject: ANNOUNCE: Apache SpamAssassin 3.3.0 available > > Release Notes -- Apache SpamAssassin -- Version 3.3.0 > > > Introduction > ------------ > > This is a major release, incorporating enhancements and bug fixes that > have accumulated in a year and a half of development since the 3.2.5 > release. > Apart from some new or changed dependencies on perl modules, this > version is compatible to large extent with existing installations, so > the upgrade is not expected to be problematic (neither is downgrading, > if need arises). > Please consult the list of known incompatibilities below before > upgrading. > > > Downloading and availability > ---------------------------- > > Downloads are available from: > > http://spamassassin.apache.org/downloads.cgi > > md5sum of archive files: > > 15af629a95108bf245ab600d78ae754b Mail-SpamAssassin-3.3.0.tar.bz2 > 38078b07396c0ab92b46386bc70ef086 Mail-SpamAssassin-3.3.0.tar.gz > e66856085ca14947146d57a40a51beaa Mail-SpamAssassin-3.3.0.zip > 5be313a60c27ae522700e20b557ade33 > Mail-SpamAssassin-rules-3.3.0.r901671.tgz > > sha1sum of archive files: > > 209a97102e2c0568f6ae8151e5a55cd949317b69 > Mail-SpamAssassin-3.3.0.tar.bz2 > 35ff5ab33dd83bf8e3a63bd1540d819ab35117d5 > Mail-SpamAssassin-3.3.0.tar.gz > d1c61c67c806054c4404a854fc113a1a3c3e71c7 Mail-SpamAssassin-3.3.0.zip > 04ac1d5d02a69f382909b01a4426a048a1e69278 > Mail-SpamAssassin-rules-3.3.0.r901671.tgz > > Note that the *-rules-*.tgz files are only necessary if you cannot, or > do not wish to, run "sa-update" after install to download the latest > fresh rules. > > The release files also have a .asc accompanying them. The file serves > as an external GPG signature for the given release file. The signing > key is available via the wwwkeys.pgp.net key server, as well as > http://www.apache.org/dist/spamassassin/KEYS > > The key information is: > > pub 4096R/F7D39814 2009-12-02 > Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 > 9814 > uid SpamAssassin Project Management Committee > > uid SpamAssassin Signing Key (Code Signing Key, > replacement for 1024D/265FA05B) > sub 4096R/7B3265A5 2009-12-02 > > See the INSTALL and UPGRADE files in the distribution for important > installation notes. > > > Summary of major changes since 3.2.5 > ------------------------------------ > > COMPATIBILITY WITH 3.2.5 > > - rules are no longer distributed with the package, but installed by > sa-update - either automatically fetched from the network (preferably) > or from a tar archive, which is available for downloading separately > (see below, section INSTALLING RULES); > > - CPAN module requirements: > - minimum required version of ExtUtils::MakeMaker is 6.17; > - modules now required: Time::HiRes, NetAddr::IP (4.000 or later), > Archive::Tar (1.23 or later), IO::Zlib; > - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later); > expect some tests in t/dkim2.t to fail with versions older than > 0.36_5; > - no longer used: Mail::DomainKeys, Mail::SPF::Query; > - either Digest::SHA or the older Digest::SHA1 is required, though > note that the DKIM plugin requires Digest::SHA for sha256 hashes > and Razor agents still need Digest::SHA1; > - some IPv6 functionality requires IO::Socket::INET6; > > - if keeping the AWL database in SQL, the field awl.ip must be > extended to > 40 characters. The change is necessary to allow AWL to keep track > of > IPv6 > addresses which may appear in a mail header even on non-IPv6 > -enabled host. > While at it, consider also adding a field 'signedby' to the SQL > table 'awl' > (and adding 'auto_whitelist_distinguish_signed 1' to local.cf); > see sql/README.awl for details. The change need not be undone even if > downgrading back to 3.2.* for some reason; > > - fixing a protocol implementation error regarding a PING command > required > bumping up the SPAMC protocol version to 1.5. Spamd retains > compatibility > with older spamc clients. Combining new spamc clients with pre-3.3 > versions > of a spamd daemon is not supported (but happens to work, except for > the > PING and SKIP commands); > > - if using one of the plugins (FreeMail, PhishTag, Reuse) which were > previously not part of the official package, please retire your > local copy > to avoid it conflicting with a new native plugin; > > - as the plugin AWL is no longer loaded by default, to continue using it > the following line is needed in one of the .pre files (e.g. > local.pre): > loadplugin Mail::SpamAssassin::Plugin::AWL > > - it may be worth mentioning that a rule DKIM_VERIFIED has been renamed > to DKIM_VALID to match its semantics; > > - the DKIM plugin is now enabled by default for new installs, if the > perl > module Mail::DKIM is installed. However, installation of SpamAssassin > will not overwrite existing .pre configuration files, so to use > DKIM when > upgrading from a previous release that did not use DKIM, a directive: > > loadplugin Mail::SpamAssassin::Plugin::DKIM > > will need to be uncommented in file "v312.pre", or added to some > other .pre file, such as local.pre; > > - due to changes in some internal data structures (like Bug 6185, 6254), > some third-party plugins may need to be updated. One such example is > the ClamAVPlugin plugin - please find a fresh version, which can be > used > with both SpamAssassin versions 3.2.5 and 3.3.0, on its wiki page at > http://wiki.apache.org/spamassassin/ClamAVPlugin > > - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are > incompatible > with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or > apply > a workaround > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257 > > - support for versions of perl 5.6.* is being gradually revoked > (may still work, but no promises and no support); > > - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later; > > - on FreeBSD, please avoid using multithreaded versions of perl older > than 5.10.0 due to small default main thread's stack size, which may > not suffice for some regular expression evaluations; > > > INSTALLING RULES > > Rules are normally installed by running a sa-update command. > The version of sa-update program should match the version of > SpamAssassin modules, so invoking sa-update should be performed only > after installing or upgrading SpamAssassin code, not before. > > Installing rules from network is done with a single command, normally > run as root: > sa-update > > Installing rules from files: > obtain all the following files: > Mail-SpamAssassin-rules-xxx.tgz > Mail-SpamAssassin-rules-xxx.tgz.asc > Mail-SpamAssassin-rules-xxx.tgz.md5 > Mail-SpamAssassin-rules-xxx.tgz.sha1 > (where xxx may look something like '3.3.0.r893295') > install rules from a compressed tar archive: > sa-update --install Mail-SpamAssassin-rules-xxx.tgz > (sa-update will need corresponding .asc and .sha1 files with the > same base name in the same directory as the .tgz file) > > > MAIN NEW FEATURES > > - IPv6 support was substantially improved (see below); > > - many improvements to the DKIM plugin (understands author domain > signatures, > supports multiple signatures, ADSP support with overrides) - (see > below); > > - added 'if can(Class::method)' conditional statement, allowing > configuration > settings to be conditional on plugin capabilities without requiring > new version releases to do so; > > - added a --verbose option to the sa-update utility to show updated > channels; > > - added a configuration option 'time_limit', defaulting to 300 seconds > or whatever the caller (like spamd) provides; attempting to gracefully > terminate the checking when a time limit is reached, reporting the > score > and test hits that were collected so far, along with an added hit on > a rule TIME_LIMIT_EXCEEDED; > > - more expensive code sections are now instrumented with timing > measurements; > timing report is logged as a debug message by the end of processing, > and made available to a caller and to 'add_header' directives through > a TIMING tag; > > - added a configuration option skip_uribl_checks to the URIDNSBL plugin, > cross-documented it with skip_rbl_checks; > > - preserve order of declared 'add_header' header fields; > > - configurable network mask length for the AWL plugin (see below); > > - added support for DCC reputations (see below); > > - improved error handling and robustness (see below); > > - added timestamps when logging on stderr; > > - allowed debug areas to be excluded from debugging, > e.g.: -D all,norules,noconfig,nodcc > > > BUILDING AND PACKAGING > > - rules are no longer distributed with the package, but installed by > sa-update > > - Makefile.PL has been simplified and a bug fixed in a DESTDIR support > by increasing the minimum required version of ExtUtils::MakeMaker > to > 6.17 > > - tools check_whitelist and check_spamd are now included in the > distribution, > now called 'sa-awl' and 'sa-check_spamd' > > > WORKAROUNDS TO PERL BUGS AND LIMITATIONS > > - modified the Check.pm plugin to produce smaller chunks of source code > from rules (60 kB) to avoid Perl compiler crashing on exceeding > stack size; > > - localized global variables $1, $2, etc at several places, avoiding > taint > issue from propagating; > > - avoided Perl I/O bug by replacing line-by-line reading with read() > where > suitable, or played down the EBADF status in other places and only > report > it as a dbg instead of a die - while also providing a little speedup > (10 .. 25 %) on reading a message; > > - provided a new sub Message::split_into_array_of_short_lines to split > a text into array of paragraph chunks of sizes between 1 kB and 2 kB, > giving less opportunity to runaway regular expressions in rules; > fixes bugs: 5717, 5644, 5795, 5486, 5801, 5041; > > > MEMORY FOOTPRINT > > - as a side-effect of compiling rules in smaller chunks (to avoid > compiler > crashes), virtual memory footprint of SpamAssassin is reduced; > > - saved some memory by not importing the Pod::Usage unless it is > needed; > > - saved 350k+ of memory in sa-compile by replacing DynaLoader with > XSLoader; > > - removed unneeded index from MySQL bayes_token table; > > > IPv6 SUPPORT > > - added IPv6 support for trusted_networks, internal_networks, > msa_networks, > whitelist_from_rcvd, and other stuff that uses NetSet and the Received > header field parser, using NetAddr::IP; > > - allowed usage of a remote dccifd host through an INET or INET6 > socket; > > - added IPv6 support to AWL plugin and its utility modules; a network > mask length is now configurable and defaults to /48, which controls > what data is stored in an AWL database; > > - sql/README.awl and sql/awl_*.sql: increased suggested awl.ip field > width > to 40 characters to be able to hold IPv6 addresses; > > - IP_PRIVATE now includes ipv6 variants of private address space, > as well as the ipv6-mapped ipv4 addresses. > > - NetSet now understands that ::ffff:192.168.1.2 and 192.168.1.2 are > the same address; > > - IPv6 addresses are now properly read from Received header fields; > > - when reading Received header fields, the "IPv6:" prefix is stripped > from > IPv6 addresses, and "::ffff:" is removed from IPv6-mapped IPv4 > addresses > (so strings can match them as simply IPv4 addresses); > > - ::1/128 is always included in the trusted_networks/internal_networks > set > similar to 127.0.0.0/8; > > - some of the IPv6 functionality in SpamAssassin requires that a perl > module > IO::Socket::INET6 is available (like accessing a DNS resolver over > inet6, > talking to a dccifd host over inet6 socket, SPAMC protocol); > > > SPAMC > > - Mail::SpamAssasin::Client ping may erroneously result in broken pipe; > bump spamc protocol version to 1.5, updated spamd, spamc and > Client.pm; > > - added -n / --connect-timeout switch to spamc, allowing to separate > a connection timeout from communication timeout; > > - added --filter-retries and --filter-retry-sleep; > > - increased allowed line length in spamc.conf files to 8 KiB and report > an error when the limit is exceeded; > > - fixed issue where spamc would not time out connections to a hung > spamd; > > - spamc client library leaked the zlib compression buffer if compression > is used; > > - spamc long option '--dest' was broken; > > > SPAMD > > - when spamd is started with the daemonize option do not exit the parent > until a child signals that it has logged the pid, to allow a wrapper > script to simply continue immediately after starting spamd; > > - additional tempfile cleanup in kill_handler; > > - added SPAMD_LOCALHOST option to "make test" to allow specifying > non-127.0.0.1 IP address for use in FreeBSD jail; > > > API > > - adding one optional argument to Mail::SpamAssassin::parse allows > caller > to pass additional out-of-band information to SpamAssassin (such as a > deadline time, DKIM verification results, information about a SMTP > session, > or dynamic rule hits); this information is made available to > plugins and > the rest of the code through a 'suppl_attrib' hash; > > - added option 'master_deadline' to the suppl_attrib argument of a > Mail::SpamAssassin::parse method, allowing the caller to override a > time_limit configuration setting; > > - Plugin::Check - pick up 'rule_hits' from caller via the new mechanism > and call got_hit() on them; > > - simplified adding dynamic score hits and dynamic rules by plugins > (such as AWL, CRM114, FuzzyOcr, Check) by letting got_hit() accept > options tflags and description, and letting it store a supplied > dynamic score for proper reporting; > > - let the timing breakdown information be accessible to a caller through > the existing get_tag mechanism (tag TIMING); > > - let the generated header fields ('add_header' configuration options) > be accessible to a caller through the existing get_tag mechanism > (tags ADDEDHEADER, ADDEDHEADERHAM, ADDEDHEADERSPAM); > > > RULES > > - rules are no longer distributed with the package; > > - new scores were generated by a genetic algorithm (GA) and then > manually > tweaked based on cleaned datasets supplied by a dozen volunteers; > > - dropped redundant rules or rules causing too many false positives; > > - added or updated many rules; incomplete list in no particular order: > vbounce, lotsa_money, muchmoney, image spam, fill_this_form, FreeMail, > European Parliament, HTML attachments, uri_obfu*, urinsrhsbl, > urinsrhssub, > urifullnsrhsbl, URI_OBFU_X9_WS, rDNS=localhost, > INVALID_DATE_TZ_ABSURD, > RCVD_IN_PSBL, FRT_VALIUM*, BOUNCE_MESSAGE, VBOUNCE_MESSAGE, > __BOUNCE_UNDELIVERABLE, HELO_STATIC_HOST, FILL_THIS_FORM_FRAUD_PHISH, > CHALLENGE_RESPONSE, DKIM_VALID, DKIM_VALID_AU, DKIM_ADSP_*, > NML_ADSP_CUSTOM_{LOW,MED,HIGH}, __VIA_ML, MIME_BASE64_TEXT, LOTTO_URI, > FORGED_MUA_THEBAT_BOUN, FORGED_MUA_THEBAT_CS, UNRESOLVED_TEMPLATE, > __THEBAT_MUA, __ANY_OUTLOOK_MUA, RP_MATCHES_RCVD, one-word X-Mailer, > SPAN rules, skype and misquoted-HTML rules, HTML obfuscation and > Google feedproxy URI rules, advance_fee updates including further > evolved advance fee second-order metarules, test rule for > postmaster+abuse missing, FROM_MISSPACED, fixed FROM_CONTAINS_TAB, a > Facebook redirector pattern, fixed FPs with TVD_SPACE_RATIO regarding > one-word emails and ISO-2022-JP, added exclusion for > __ISO_2022_JP_DELIM > to OBFUSCATING_COMMENT, GAPPY_SUBJECT, PLING_QUERY and > FM_FRM_RN_L_BRACK > rules, RATWARE_BOUNDARY plus variant, superseded all previous > RATWARE_OUTLOOK stuff, resolved FP in obfuscated URI rule, fixed > breakage > in tbird image rule, fixed SUBJECT_FUZZY_MEDS FP on unobfuscated > "meds", > added misspaced From header field rule, numeric+cctld URI rule, > updated FH_DATE_PAST_20XX, ... > > - added PSBL blacklist - http://psbl.surriel.com/ > > - added support for http://www.spamhaus.org/css/ > > - replaces HABEAS, BSP and SSC with RP CERTIFIED; > > - use ReturnPath's RNBL, replacing SSBL; > > - added rule for plain text attachments with octet-stream MIME type; > > - avoided false positives on ISO-2022-JP messages in several rules; > > - removed massmailers from uridnsbl_skip_domain in 25_uribl.cf; > > - updated various default whitelists, uridnsbl_skip_domain, > adsp_override, ... > > > PLUGINS > > - new plugins: FreeMail, PhishTag, Reuse; > > - now enabled by default: DKIM; > > - now disabled by default: AWL; > > - retired plugin: DomainKeys; > > > AWL PLUGIN > > - plugin AWL is now disabled by default; > > - added new configuration options auto_whitelist_ipv4_mask_len and > auto_whitelist_ipv6_mask_len to allow more control on what part of > an IP address is stored into an AWL database; > > - README.awl: increased a suggested awl.ip field width to 40 characters > to support IPv6 addresses; > > - AutoWhitelist.pm: allowed storing a canonicalized IPv6 address, > cropped > to a configurable network mask (previously causing SQL server errors: > 'value too long'); > > - let AWL with SQL keep separate records for DKIM-signed and unsigned > mail > (when auto_whitelist_distinguish_signed configuration option is true, > and a field awl.signedby exists); > > - avoided a race condition in SQLBasedAddrList.pm when multiple > processes > try to insert-or-update an awl SQL record: trying INSERT first, and if > that fails go for UPDATE; > > - gracefully handle NaN from corrupted database or a broken emulator or > virtualizer; > > > DCC PLUGIN > > - added support for DCC reputations, added setting dcc_rep_percent, > new test check_dcc_reputation_range(), new tag DCCREP > (DCC servers supply reputation data only to licensed clients); > > - allowed usage of a remote dccifd host through an INET or INET6 > socket; > > > DKIM PLUGIN > > - the DKIM plugin is now enabled by default for new installs if the perl > module Mail::DKIM is installed. However, installing SpamAssassin will > not overwrite existing .pre configuration files, so to use DKIM when > upgrading from a previous release that did not use DKIM, the > directive: > > loadplugin Mail::SpamAssassin::Plugin::DKIM > > will need to be uncommented in file "v312.pre", or added to some > other .pre file, such as local.pre; > > - absolute minimal version of Mail::DKIM is 0.31; > support for ADSP requires Mail::DKIM 0.34; > a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM > 0.36_5, > so effectively the recommended version is Mail::DKIM 0.37 or later; > > - a perl module Digest::SHA is required if the DKIM plugin is enabled. > If a perl module Digest::SHA is available, the module Digest::SHA1 > becomes optional as far as SpamAssassin is concerned, but is still > needed by Razor agents; > > - added support for multiple signatures (useful for whitelisting); > > - plugin now distinguishes author domain signatures from third party > signatures (useful for whitelisting); > > - provides a tag DKIMIDENTITY (in addition to DKIMDOMAIN); > > - DKIM now supports Author Domain Signing Practices - ADSP (RFC 5617); > > - use the Mail::DKIM::AuthorDomainPolicy instead of > Mail::DKIM::DkimPolicy, > when available (since Mail::DKIM 0.34); > > - implements an 'adsp_override' configuration directive and adds > an eval:check_dkim_adsp check, which is used by new DKIM_ADSP_* > rules; > > - rules contain an initial set of 'adsp_override' directives, listing > some of the more popular target domains for phishing (applicable > only to > domains which sign all their direct mail with a DKIM or DK > signature); > > - this plugin can now re-use Mail::DKIM verification results if made > available by a caller, which saves resources and makes it possible > for SpamAssassin to work on a truncated large mail without breaking > DKIM signatures; > > - check_dkim_signed and check_dkim_adsp eval rules can now take an > optional > list of domain names, which limits their action to listed domains > only. > It facilitates building DKIM-based rules for specific domains, without > having to resort to meta rules; > > - draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature based > on > 'd': > updated ADSP code accordingly; changed whitelisting code to be > based on > SDID ('d') instead of AUID ('i'); > > - Plugin/DKIM.pm: terminology changes in comments and logging according > to RFC 5617 and draft-ietf-dkim-rfc4871-errata-07; > > > BUG FIXES > > - fixed Rule2XSBody segfaults; > > - no longer treat user data as perl booleans (a string "0" is a > false); > > - avoid data from the wild be interpreted as perl regular expressions; > > - ArchiveIterator: prevent _scan_directory from passing directories > to _scan_file (on NFS it would fail with EISDIR on read(2); > > - fixed inserting the SpamAssassin -generated header fields after a > multiline Return-Path header field; > > - fixed vpopmail support; > > - fixed incorrect mode bits when creating lock files for AWL; > > - fixed some cases where :addr headers were parsed incorrectly; > > - fixed leakage of 'whitelist_from_rcvd' entries between spamd users; > > - fixing run_and_catch, which failed to catch a non-timed run; > > - 127/8 isn't an illegal IP; > > - reworked the M::S::Timeout module to deal with nested timers as one > would > expect: an inner timer shouldn't be able to extend an outer timer's > limit; > account for time elapsed in the submitted subroutine when > restarting an > outer timer; reset() should have accounted for time already spent; > deal with nested timed runs where alarm(0) does not provide > remaining time; > > - the 'exists:' evaluator in HEADER rules now works as documented > and tests for existence of a header field, instead of testing for > a header field body being nonempty; internally, the pms->get can > also now distinguish between empty and nonexistent header fields; > > - applied fixes to header fields parsing in several places: header field > names are case-insensitive, whitespace is not required after a colon, > obsolete rfc822 syntax allowed whitespace before a colon; > VBounce: match "Received:" only at the beginning of a line; > > - fixed bugs 6237 and 6295: 1.0.0.0/8 and 2.0.0.0/8 are now valid > allocated > address ranges, fixed a corresponding rule RCVD_ILLEGAL_IP; > > - fixed bug 6205 comment 5 in URIDetail.pm; > > - 'pyzor_options' in Plugin/Pyzor.pm was not untainted; > > - made the URIDetail plugin taint safe; > > - fixed parsing of multi-line Received header fields for > BOUNCE_MESSAGE/VBOUNCE_MESSAGE et al; > > - Bug 6206, Bug 2536: spamd: untaint directory as obtained from a > password > file or from vpopmail utilities, avoid implicit untainting; report > error > if user preferences file exists but cannot be accessed; > > - avoided using raw data from DNS as a regexp in Plugin/ASN.pm; > > - ensured the dbg() and info() calls always return the same value (true) > regardless of log level; > > - suppressed logging of $& when its value is not available (i.e. when > no regexp has been evaluated during rule evaluation); > > - Exporter never really worked in SA, was not enclosed in BEGIN {}; > > - masses/runGA and masses/mk-baseline-results: prevent a shell 'source' > command from loading an unrelated file named 'config' which happens > to be > in the current PATH - must use a ./ in an arg to a 'source' > command; > > > ERROR HANDLING, ROBUSTNESS > > - improved error detection and reporting: test status of all system > calls > and I/O operations (or explicitly document where not), and report > unexpected failures; > > - eval calls now check for eval result instead of testing the $@, which > is not always reliable; > > - localized $@ and $! in DESTROY methods to prevent potential calls to > eval > and calls to system routines in code executed from a DESTROY method > from clobbering global variables $@ and $!; > > - Util::helper_app_pipe_open_unix: contain a failing exec with an eval > to prevent additional cases of process cloning. The exec could fail > this way when given tainted arguments; > > - Util::helper_app_pipe_open_unix: flush stdout and stderr before > forking, > otherwise an error reported by exec (such as 'insecure dependency') > was lost in a buffer; > > - eval-protected an open($fh,'-|') to capture implied fork failures > due to lack of system resource; > > - explicit untainting: combine "use re 'taint'" with untaint_var(), > avoiding implicit perl untainting, along with workarounds to > prevent it; > > - added 'use strict' where missing; > > - avoided a bunch of warnings on "Use of uninitialized value"; > > - clearly report reasons for helper application process failures; > > - t/SATest.pm: provide information about the process failure reason > if a system() call fails; improved its reporting of failures; > > - improved error reporting in Plugin/DCC.pm on finding a DCC home > directory > to facilitate troubleshooting; > > > OTHER CHANGES > > - pseudoheader "ALL:raw" returns a pristine header section, > and pseudoheader "ALL" returns a cleaned header section > > - total rewrite of URI detection in plain text body; > > - many updates to the list of top level domains; > > - added 'util_rb_3tld', allowing 3-level TLDs to be listed in URIBLs and > allowing new 3TLDs to be added from rule updates; > > - avoided trusted_networks bog down due to O(n^2) loop with millions > of entries; > > - applied fixes to Plugin/VBounce.pm, updated VBounce ruleset; > > - added support for a 'Communigate Pro' Received header field; > > - parse Communigate Pro "with HTTPU" auth token; > > - let DependencyInfo.pm understand a concept of recommended module > version, > besides a required version; > > - provided a workaround for Net::DNS::Packet::new inconsistency; > > - let SpamAssassin use either Digest::SHA or Digest::SHA1, whichever is > available (the Digest::SHA is now a base module since perl 5.10.0); > > - improved parsing of eval-type rules: allow unquoted domain names as > arguments, disallow unmatched quotes; > > - provided a new module Mail::SpamAssassin::BayesStore::BDB. It should > be > treated as alpha-quality (needs more testing) and is not yet ready for > production use; > > - exposed existing function 'received_within_months' as an eval function > in Plugin/HeaderEval.pm; > > - moved rc script to /var/lock/subsys/spamd instead of > /var/lock/subsys/spamassassin so 'service spamd status' will work; > > - added feature to re-download MIRRRORED.BY files at least once a > week, or if > 'sa-update --refreshmirrors' switch is used; > > - input delimiter $/ can be corrupted by a plugin, localize $/ and $\ > before > calling a plugin; > > - bumped the retry counter to 180 seconds for starting spamd on slow > machines; > > - resolved Bug 5325: syslog severity level in spamc/libspamc.c for max > message size (changed LOG_ERR into LOG_NOTICE for the message: > "skipped message, greater than max message size"); > > - added checker to avoid taint warnings if hostname is returned as > '(none)'; > > - altered sa-update to produce an error message if a channel doesn't > exist; > > - Bug 6150, Bug 6127, Bug 5981, Bug 5950, Bug 6191: let spamd log/report > a child process exit status or aborting condition in an informative > way; > > - added checker to detect accidental match-everything regexps in > rules; > > - updated garescorer for 3.3.0: use more epochs in GA runs for better > scores; > clarify some mass-check warning output, ensure rule name always > appears at > start of line; if a rule had no default/existing score in > 50_scores.cf, > don't tell the GA that 1.0 is an appropriate default value, instead > pick > the midway point of its score range. this produces better results; > remove some dead code from masses/score-ranges-from-freqs; > > - set garescorer.c to report performance as iterations per second; > > - added test to ensure that all config settings are correctly handled > when > switching between users; added more config setting type metadata to > enable > those tests to work; and fix URIDetail to store config on the > {conf} object, > not on the plugin; > > - moved 'release tests' to xt/ directory; mirror long-running, > net-tests and > stress tests with xt/50_testname.t scripts to enforce their run > before a > release; > > - made numerous additional and updated self-tests; > > - added a Test::Perl::Critic release-test; > > - cleaned up some code based on suggestions by perl module > Test::Perl::Critic, > among others: > . enable TestingAndDebugging::ProhibitNoStrict test but allow the > use of 'no strict "refs"'; > . deal with BuiltinFunctions::RequireGlobFunction; > . deal with ControlStructures::ProhibitMutatingListFunctions > removing this exception from xt/60_perlcritic.t; > . deal with BayesStore/BDB.pm, > Variables::ProhibitConditionalDeclarations > . now that the module Time::HiRes is a required module, we can afford > to replace a select() with Time::HiRes::sleep, and remove exception > BuiltinFunctions::ProhibitSleepViaSelect from xt/60_perlcritic.t; > > - updated documentation, fixing numerous typos and mistakes in > documentation > text and in log messages; > > - extensively improved development process: > . automated testing through Hudson, a continuous integration tool; > . improved mass-check system and rules oversight; > > > About Apache SpamAssassin > ------------------------- > > Apache SpamAssassin is a mature, widely-deployed open source project > that serves as a mail filter to identify spam. SpamAssassin uses a > variety of mechanisms including mail header and text analysis, > Bayesian filtering, DNS blocklists, and collaborative filtering > databases. In addition, Apache SpamAssassin has a modular architecture > that allows other technologies to be quickly incorporated as an > addition or as a replacement for existing methods. > Apache SpamAssassin typically runs on a server, classifies and labels > spam before it reaches your mailbox, while allowing other components > of a mail system to act on its results. > > Most of the Apache SpamAssassin is written in Perl, with heavily > traversed code paths carefully optimized. Benefits are portability, > robustness and facilitated maintenance. It can run on a wide variety > of POSIX platforms. > The server and the Perl library feels at home on Unix and Linux > platforms, and reportedly also works on MS Windows systems under > ActivePerl. > > For more information, visit http://spamassassin.apache.org/ > > > About The Apache Software Foundation > ------------------------------------ > > Established in 1999, The Apache Software Foundation provides > organizational, legal, and financial support for more than 100 > freely-available, collaboratively-developed Open Source projects. The > pragmatic Apache License enables individual and commercial users to > easily deploy Apache software; the Foundation's intellectual property > framework limits the legal exposure of its 2,500+ contributors. > > For more information, visit http://www.apache.org/ Any opinion > expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. > You should be aware that Herefordshire Council monitors its email service. > This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From ms-list at alexb.ch Wed Jan 27 13:11:07 2010 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 27 13:10:59 2010 Subject: Not detecting this message In-Reply-To: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> Message-ID: <4B603B6B.7050507@alexb.ch> On 1/27/2010 1:42 PM, Monis Monther wrote: > Hi everyone > > Today I started to get hundereds of messages in the following form > > Hi. > My name is Nicole. > this is about you? http:// > > Goodbye :-) > > > And it has the subject Please > > I also received similar messages with Subjects : Question, Answer me, Please > answer me > > > How can I stop such messages, all passed as clean except the ones that came > from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN > didnt catch any of them > Please don't post spams to the mailing list. many of these sites are hacked legit web sites and will push malware if you visit the URL with a Windows box. Use pastebin for such things From mmmm82 at gmail.com Wed Jan 27 13:25:52 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Wed Jan 27 13:26:01 2010 Subject: Not detecting this message In-Reply-To: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> Message-ID: <837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> Hi Again: Sorry Hostmaster for some reason I my gmail didnt allow to me to reply to your message so I am replying on my own thread First of all thank for the quick responce Now Regarding your concerns Yes i use URIBL Below are the scores I have in my SpamAssassin score URIBL_AB_SURBL 0 1.613 0 1.860 # n=0 n=2 score URIBL_JP_SURBL 0 2.857 0 1.501 # n=0 n=2 score URIBL_OB_SURBL 0 2.132 0 1.500 # n=0 n=2 score URIBL_PH_SURBL 0 2.035 0 1.787 # n=0 n=2 score URIBL_RHS_DOB 0 0.901 0 1.083 # n=0 n=2 score URIBL_SBL 0 2.468 0 1.499 # n=0 n=2 score URIBL_SC_SURBL 0 2.523 0 0.474 # n=0 n=2 score URIBL_WS_SURBL 0 2.100 0 1.500 # n=0 n=2 score URIBL_BLACK 0 1.961 0 1.955 # n=0 n=2 Do you think I need to adjust ?? The message was tagged with URIBL_BLACK with score 1.96, it was also tagged with some other scores, but it did not pass 6 and many other like this one only get a score bwetween 2-5. I use spamhaus-zen and CBL as my RBL lists On Wed, Jan 27, 2010 at 2:42 PM, Monis Monther wrote: > Hi everyone > > Today I started to get hundereds of messages in the following form > > Hi. > My name is Nicole. > this is about you? > Goodbye :-) > > > And it has the subject Please > > I also received similar messages with Subjects : Question, Answer me, > Please answer me > > > How can I stop such messages, all passed as clean except the ones that came > from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN > didnt catch any of them > > Help Please > > Thanks > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/20c8924e/attachment-0001.html From john at tradoc.fr Wed Jan 27 13:52:31 2010 From: john at tradoc.fr (John Wilcock) Date: Wed Jan 27 13:52:50 2010 Subject: update_bad_phishing_emails Message-ID: <4B60451F.90200@tradoc.fr> Hi Julian, I'm updating my gentoo ebuild for 4.79.10, and I note that the 'other linux' tarball (used as a starting point by the gentoo ebuild) contains a new (compared with 4.77) script, update_bad_phishing_emails. However, there doesn't seem to be an equivalent script in the cron subdirectory of the tarball. Is this an oversight? And how often do you recommend it should be run? Hourly, like update_bad_phishing_sites? John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maillists at conactive.com Wed Jan 27 14:25:55 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 27 14:26:06 2010 Subject: update_bad_phishing_emails In-Reply-To: <4B60451F.90200@tradoc.fr> References: <4B60451F.90200@tradoc.fr> Message-ID: Hm, there is no such file coming with the rpm. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jan 27 15:19:11 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 27 15:19:30 2010 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA08B9D9FA@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk><4B602E23.6090005@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA08B9D9FA@HC-MBX02.herefordshire.gov.uk> <4B60596F.4090501@ecs.soton.ac.uk> Message-ID: On 27/01/2010 13:09, Randal, Phil wrote: > Jules, > > Are you going to update the 'MailScanner -V' output to check for these > requirements too? > I haven't listed SpamAssassin's requirements in "MailScanner -v" output in the past, as they are 2 distinct packages. I'm reluctant to change that decision, but am always open to comments on the subject. Jules. > Cheers, > > Phil > -- > Phil Randal | Networks Engineer > NHS Herefordshire& Herefordshire Council | Deputy Chief Executive's > Office | I.C.T. Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: 27 January 2010 12:14 > To: MailScanner discussion > Subject: Re: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available > > I have updated my ClamAV+SpamAssassin package to SpamAssassin 3.3.0. > > I have added all the new requirements to it, of which there are quite a > few (requirements have their own requirements, etc...). I have also > improved the installation script a bit for you too. > > Please do download it from here: > > http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz > > and try it out for me! > > Cheers folks, > Jules. > > On 26/01/2010 16:35, Randal, Phil wrote: > >> FYI. >> >> Please note the changed perl module dependencies. >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal | Networks Engineer >> NHS Herefordshire& Herefordshire Council | Deputy Chief Executive's >> Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, >> Hereford, HR2 6JT >> Tel: 01432 260160 >> email: prandal@herefordshire.gov.uk >> >> Any opinion expressed in this e-mail or any attached files are those >> of the individual and not necessarily those of Herefordshire Council. >> >> This e-mail and any attached files are confidential and intended >> solely for the use of the addressee. This communication may contain >> material protected by law from being passed on. If you are not the >> intended recipient and have received this e-mail in error, you are >> advised that any use, dissemination, forwarding, printing or copying >> of this e-mail is strictly prohibited. If you have received this >> e-mail in error please contact the sender immediately and destroy all >> > copies of it. > >> -----Original Message----- >> From: Warren Togami [mailto:wtogami@redhat.com] >> Sent: 26 January 2010 16:33 >> To: SpamAssassin Users List >> Subject: ANNOUNCE: Apache SpamAssassin 3.3.0 available >> >> Release Notes -- Apache SpamAssassin -- Version 3.3.0 >> >> >> Introduction >> ------------ >> >> This is a major release, incorporating enhancements and bug fixes that >> > >> have accumulated in a year and a half of development since the 3.2.5 >> release. >> Apart from some new or changed dependencies on perl modules, this >> version is compatible to large extent with existing installations, so >> the upgrade is not expected to be problematic (neither is downgrading, >> > >> if need arises). >> Please consult the list of known incompatibilities below before >> upgrading. >> >> >> Downloading and availability >> ---------------------------- >> >> Downloads are available from: >> >> http://spamassassin.apache.org/downloads.cgi >> >> md5sum of archive files: >> >> 15af629a95108bf245ab600d78ae754b Mail-SpamAssassin-3.3.0.tar.bz2 >> 38078b07396c0ab92b46386bc70ef086 Mail-SpamAssassin-3.3.0.tar.gz >> e66856085ca14947146d57a40a51beaa Mail-SpamAssassin-3.3.0.zip >> 5be313a60c27ae522700e20b557ade33 >> Mail-SpamAssassin-rules-3.3.0.r901671.tgz >> >> sha1sum of archive files: >> >> 209a97102e2c0568f6ae8151e5a55cd949317b69 >> Mail-SpamAssassin-3.3.0.tar.bz2 >> 35ff5ab33dd83bf8e3a63bd1540d819ab35117d5 >> Mail-SpamAssassin-3.3.0.tar.gz >> d1c61c67c806054c4404a854fc113a1a3c3e71c7 >> > Mail-SpamAssassin-3.3.0.zip > >> 04ac1d5d02a69f382909b01a4426a048a1e69278 >> Mail-SpamAssassin-rules-3.3.0.r901671.tgz >> >> Note that the *-rules-*.tgz files are only necessary if you cannot, or >> > >> do not wish to, run "sa-update" after install to download the latest >> fresh rules. >> >> The release files also have a .asc accompanying them. The file serves >> > >> as an external GPG signature for the given release file. The signing >> key is available via the wwwkeys.pgp.net key server, as well as >> http://www.apache.org/dist/spamassassin/KEYS >> >> The key information is: >> >> pub 4096R/F7D39814 2009-12-02 >> Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 >> 9814 >> uid SpamAssassin Project Management Committee >> >> uid SpamAssassin Signing Key (Code Signing Key, >> replacement for 1024D/265FA05B) >> sub 4096R/7B3265A5 2009-12-02 >> >> See the INSTALL and UPGRADE files in the distribution for important >> installation notes. >> >> >> Summary of major changes since 3.2.5 >> ------------------------------------ >> >> COMPATIBILITY WITH 3.2.5 >> >> - rules are no longer distributed with the package, but installed by >> sa-update - either automatically fetched from the network >> > (preferably) > >> or from a tar archive, which is available for downloading >> > separately > >> (see below, section INSTALLING RULES); >> >> - CPAN module requirements: >> - minimum required version of ExtUtils::MakeMaker is 6.17; >> - modules now required: Time::HiRes, NetAddr::IP (4.000 or later), >> Archive::Tar (1.23 or later), IO::Zlib; >> - minimal version of Mail::DKIM is 0.31 (preferred: 0.37 or later); >> expect some tests in t/dkim2.t to fail with versions older than >> 0.36_5; >> - no longer used: Mail::DomainKeys, Mail::SPF::Query; >> - either Digest::SHA or the older Digest::SHA1 is required, though >> note that the DKIM plugin requires Digest::SHA for sha256 hashes >> and Razor agents still need Digest::SHA1; >> - some IPv6 functionality requires IO::Socket::INET6; >> >> - if keeping the AWL database in SQL, the field awl.ip must be >> extended to >> 40 characters. The change is necessary to allow AWL to keep track >> of >> IPv6 >> addresses which may appear in a mail header even on non-IPv6 >> -enabled host. >> While at it, consider also adding a field 'signedby' to the SQL >> table 'awl' >> (and adding 'auto_whitelist_distinguish_signed 1' to local.cf); >> see sql/README.awl for details. The change need not be undone even >> > if > >> downgrading back to 3.2.* for some reason; >> >> - fixing a protocol implementation error regarding a PING command >> required >> bumping up the SPAMC protocol version to 1.5. Spamd retains >> compatibility >> with older spamc clients. Combining new spamc clients with pre-3.3 >> versions >> of a spamd daemon is not supported (but happens to work, except for >> > >> the >> PING and SKIP commands); >> >> - if using one of the plugins (FreeMail, PhishTag, Reuse) which were >> previously not part of the official package, please retire your >> local copy >> to avoid it conflicting with a new native plugin; >> >> - as the plugin AWL is no longer loaded by default, to continue using >> > it > >> the following line is needed in one of the .pre files (e.g. >> local.pre): >> loadplugin Mail::SpamAssassin::Plugin::AWL >> >> - it may be worth mentioning that a rule DKIM_VERIFIED has been >> > renamed > >> to DKIM_VALID to match its semantics; >> >> - the DKIM plugin is now enabled by default for new installs, if the >> perl >> module Mail::DKIM is installed. However, installation of >> > SpamAssassin > >> will not overwrite existing .pre configuration files, so to use >> DKIM when >> upgrading from a previous release that did not use DKIM, a >> > directive: > >> loadplugin Mail::SpamAssassin::Plugin::DKIM >> >> will need to be uncommented in file "v312.pre", or added to some >> other .pre file, such as local.pre; >> >> - due to changes in some internal data structures (like Bug 6185, >> > 6254), > >> some third-party plugins may need to be updated. One such example >> > is > >> the ClamAVPlugin plugin - please find a fresh version, which can be >> > >> used >> with both SpamAssassin versions 3.2.5 and 3.3.0, on its wiki page >> > at > >> http://wiki.apache.org/spamassassin/ClamAVPlugin >> >> - versions of amavisd-new between 2.5.2 and 2.6.1 (inclusive) are >> incompatible >> with SpamAssassin 3.3; please upgrade amavisd to 2.6.2 or later, or >> > >> apply >> a workaround >> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6257 >> >> - support for versions of perl 5.6.* is being gradually revoked >> (may still work, but no promises and no support); >> >> - preferred versions of perl are 5.8.8, 5.8.9, and 5.10.1 or later; >> >> - on FreeBSD, please avoid using multithreaded versions of perl older >> than 5.10.0 due to small default main thread's stack size, which >> > may > >> not suffice for some regular expression evaluations; >> >> >> INSTALLING RULES >> >> Rules are normally installed by running a sa-update command. >> The version of sa-update program should match the version of >> SpamAssassin modules, so invoking sa-update should be performed only >> after installing or upgrading SpamAssassin code, not before. >> >> Installing rules from network is done with a single command, normally >> run as root: >> sa-update >> >> Installing rules from files: >> obtain all the following files: >> Mail-SpamAssassin-rules-xxx.tgz >> Mail-SpamAssassin-rules-xxx.tgz.asc >> Mail-SpamAssassin-rules-xxx.tgz.md5 >> Mail-SpamAssassin-rules-xxx.tgz.sha1 >> (where xxx may look something like '3.3.0.r893295') >> install rules from a compressed tar archive: >> sa-update --install Mail-SpamAssassin-rules-xxx.tgz >> (sa-update will need corresponding .asc and .sha1 files with >> > the > >> same base name in the same directory as the .tgz file) >> >> >> MAIN NEW FEATURES >> >> - IPv6 support was substantially improved (see below); >> >> - many improvements to the DKIM plugin (understands author domain >> signatures, >> supports multiple signatures, ADSP support with overrides) - (see >> below); >> >> - added 'if can(Class::method)' conditional statement, allowing >> configuration >> settings to be conditional on plugin capabilities without requiring >> new version releases to do so; >> >> - added a --verbose option to the sa-update utility to show updated >> channels; >> >> - added a configuration option 'time_limit', defaulting to 300 seconds >> or whatever the caller (like spamd) provides; attempting to >> > gracefully > >> terminate the checking when a time limit is reached, reporting the >> score >> and test hits that were collected so far, along with an added hit >> > on > >> a rule TIME_LIMIT_EXCEEDED; >> >> - more expensive code sections are now instrumented with timing >> measurements; >> timing report is logged as a debug message by the end of >> > processing, > >> and made available to a caller and to 'add_header' directives >> > through > >> a TIMING tag; >> >> - added a configuration option skip_uribl_checks to the URIDNSBL >> > plugin, > >> cross-documented it with skip_rbl_checks; >> >> - preserve order of declared 'add_header' header fields; >> >> - configurable network mask length for the AWL plugin (see below); >> >> - added support for DCC reputations (see below); >> >> - improved error handling and robustness (see below); >> >> - added timestamps when logging on stderr; >> >> - allowed debug areas to be excluded from debugging, >> e.g.: -D all,norules,noconfig,nodcc >> >> >> BUILDING AND PACKAGING >> >> - rules are no longer distributed with the package, but installed by >> sa-update >> >> - Makefile.PL has been simplified and a bug fixed in a DESTDIR support >> by increasing the minimum required version of ExtUtils::MakeMaker >> to >> 6.17 >> >> - tools check_whitelist and check_spamd are now included in the >> distribution, >> now called 'sa-awl' and 'sa-check_spamd' >> >> >> WORKAROUNDS TO PERL BUGS AND LIMITATIONS >> >> - modified the Check.pm plugin to produce smaller chunks of source >> > code > >> from rules (60 kB) to avoid Perl compiler crashing on exceeding >> stack size; >> >> - localized global variables $1, $2, etc at several places, avoiding >> taint >> issue from propagating; >> >> - avoided Perl I/O bug by replacing line-by-line reading with read() >> where >> suitable, or played down the EBADF status in other places and only >> report >> it as a dbg instead of a die - while also providing a little >> > speedup > >> (10 .. 25 %) on reading a message; >> >> - provided a new sub Message::split_into_array_of_short_lines to split >> a text into array of paragraph chunks of sizes between 1 kB and 2 >> > kB, > >> giving less opportunity to runaway regular expressions in rules; >> fixes bugs: 5717, 5644, 5795, 5486, 5801, 5041; >> >> >> MEMORY FOOTPRINT >> >> - as a side-effect of compiling rules in smaller chunks (to avoid >> compiler >> crashes), virtual memory footprint of SpamAssassin is reduced; >> >> - saved some memory by not importing the Pod::Usage unless it is >> needed; >> >> - saved 350k+ of memory in sa-compile by replacing DynaLoader with >> XSLoader; >> >> - removed unneeded index from MySQL bayes_token table; >> >> >> IPv6 SUPPORT >> >> - added IPv6 support for trusted_networks, internal_networks, >> msa_networks, >> whitelist_from_rcvd, and other stuff that uses NetSet and the >> > Received > >> header field parser, using NetAddr::IP; >> >> - allowed usage of a remote dccifd host through an INET or INET6 >> socket; >> >> - added IPv6 support to AWL plugin and its utility modules; a network >> mask length is now configurable and defaults to /48, which controls >> what data is stored in an AWL database; >> >> - sql/README.awl and sql/awl_*.sql: increased suggested awl.ip field >> width >> to 40 characters to be able to hold IPv6 addresses; >> >> - IP_PRIVATE now includes ipv6 variants of private address space, >> as well as the ipv6-mapped ipv4 addresses. >> >> - NetSet now understands that ::ffff:192.168.1.2 and 192.168.1.2 are >> the same address; >> >> - IPv6 addresses are now properly read from Received header fields; >> >> - when reading Received header fields, the "IPv6:" prefix is stripped >> from >> IPv6 addresses, and "::ffff:" is removed from IPv6-mapped IPv4 >> addresses >> (so strings can match them as simply IPv4 addresses); >> >> - ::1/128 is always included in the trusted_networks/internal_networks >> set >> similar to 127.0.0.0/8; >> >> - some of the IPv6 functionality in SpamAssassin requires that a perl >> module >> IO::Socket::INET6 is available (like accessing a DNS resolver over >> inet6, >> talking to a dccifd host over inet6 socket, SPAMC protocol); >> >> >> SPAMC >> >> - Mail::SpamAssasin::Client ping may erroneously result in broken >> > pipe; > >> bump spamc protocol version to 1.5, updated spamd, spamc and >> Client.pm; >> >> - added -n / --connect-timeout switch to spamc, allowing to separate >> a connection timeout from communication timeout; >> >> - added --filter-retries and --filter-retry-sleep; >> >> - increased allowed line length in spamc.conf files to 8 KiB and >> > report > >> an error when the limit is exceeded; >> >> - fixed issue where spamc would not time out connections to a hung >> spamd; >> >> - spamc client library leaked the zlib compression buffer if >> > compression > >> is used; >> >> - spamc long option '--dest' was broken; >> >> >> SPAMD >> >> - when spamd is started with the daemonize option do not exit the >> > parent > >> until a child signals that it has logged the pid, to allow a >> > wrapper > >> script to simply continue immediately after starting spamd; >> >> - additional tempfile cleanup in kill_handler; >> >> - added SPAMD_LOCALHOST option to "make test" to allow specifying >> non-127.0.0.1 IP address for use in FreeBSD jail; >> >> >> API >> >> - adding one optional argument to Mail::SpamAssassin::parse allows >> caller >> to pass additional out-of-band information to SpamAssassin (such as >> > a > >> deadline time, DKIM verification results, information about a SMTP >> session, >> or dynamic rule hits); this information is made available to >> plugins and >> the rest of the code through a 'suppl_attrib' hash; >> >> - added option 'master_deadline' to the suppl_attrib argument of a >> Mail::SpamAssassin::parse method, allowing the caller to override a >> time_limit configuration setting; >> >> - Plugin::Check - pick up 'rule_hits' from caller via the new >> > mechanism > >> and call got_hit() on them; >> >> - simplified adding dynamic score hits and dynamic rules by plugins >> (such as AWL, CRM114, FuzzyOcr, Check) by letting got_hit() accept >> options tflags and description, and letting it store a supplied >> dynamic score for proper reporting; >> >> - let the timing breakdown information be accessible to a caller >> > through > >> the existing get_tag mechanism (tag TIMING); >> >> - let the generated header fields ('add_header' configuration options) >> be accessible to a caller through the existing get_tag mechanism >> (tags ADDEDHEADER, ADDEDHEADERHAM, ADDEDHEADERSPAM); >> >> >> RULES >> >> - rules are no longer distributed with the package; >> >> - new scores were generated by a genetic algorithm (GA) and then >> manually >> tweaked based on cleaned datasets supplied by a dozen volunteers; >> >> - dropped redundant rules or rules causing too many false positives; >> >> - added or updated many rules; incomplete list in no particular order: >> vbounce, lotsa_money, muchmoney, image spam, fill_this_form, >> > FreeMail, > >> European Parliament, HTML attachments, uri_obfu*, urinsrhsbl, >> urinsrhssub, >> urifullnsrhsbl, URI_OBFU_X9_WS, rDNS=localhost, >> INVALID_DATE_TZ_ABSURD, >> RCVD_IN_PSBL, FRT_VALIUM*, BOUNCE_MESSAGE, VBOUNCE_MESSAGE, >> __BOUNCE_UNDELIVERABLE, HELO_STATIC_HOST, >> > FILL_THIS_FORM_FRAUD_PHISH, > >> CHALLENGE_RESPONSE, DKIM_VALID, DKIM_VALID_AU, DKIM_ADSP_*, >> NML_ADSP_CUSTOM_{LOW,MED,HIGH}, __VIA_ML, MIME_BASE64_TEXT, >> > LOTTO_URI, > >> FORGED_MUA_THEBAT_BOUN, FORGED_MUA_THEBAT_CS, UNRESOLVED_TEMPLATE, >> __THEBAT_MUA, __ANY_OUTLOOK_MUA, RP_MATCHES_RCVD, one-word >> > X-Mailer, > >> SPAN rules, skype and misquoted-HTML rules, HTML obfuscation and >> Google feedproxy URI rules, advance_fee updates including further >> evolved advance fee second-order metarules, test rule for >> postmaster+abuse missing, FROM_MISSPACED, fixed FROM_CONTAINS_TAB, >> > a > >> Facebook redirector pattern, fixed FPs with TVD_SPACE_RATIO >> > regarding > >> one-word emails and ISO-2022-JP, added exclusion for >> __ISO_2022_JP_DELIM >> to OBFUSCATING_COMMENT, GAPPY_SUBJECT, PLING_QUERY and >> FM_FRM_RN_L_BRACK >> rules, RATWARE_BOUNDARY plus variant, superseded all previous >> RATWARE_OUTLOOK stuff, resolved FP in obfuscated URI rule, fixed >> breakage >> in tbird image rule, fixed SUBJECT_FUZZY_MEDS FP on unobfuscated >> "meds", >> added misspaced From header field rule, numeric+cctld URI rule, >> updated FH_DATE_PAST_20XX, ... >> >> - added PSBL blacklist - http://psbl.surriel.com/ >> >> - added support for http://www.spamhaus.org/css/ >> >> - replaces HABEAS, BSP and SSC with RP CERTIFIED; >> >> - use ReturnPath's RNBL, replacing SSBL; >> >> - added rule for plain text attachments with octet-stream MIME type; >> >> - avoided false positives on ISO-2022-JP messages in several rules; >> >> - removed massmailers from uridnsbl_skip_domain in 25_uribl.cf; >> >> - updated various default whitelists, uridnsbl_skip_domain, >> adsp_override, ... >> >> >> PLUGINS >> >> - new plugins: FreeMail, PhishTag, Reuse; >> >> - now enabled by default: DKIM; >> >> - now disabled by default: AWL; >> >> - retired plugin: DomainKeys; >> >> >> AWL PLUGIN >> >> - plugin AWL is now disabled by default; >> >> - added new configuration options auto_whitelist_ipv4_mask_len and >> auto_whitelist_ipv6_mask_len to allow more control on what part of >> an IP address is stored into an AWL database; >> >> - README.awl: increased a suggested awl.ip field width to 40 >> > characters > >> to support IPv6 addresses; >> >> - AutoWhitelist.pm: allowed storing a canonicalized IPv6 address, >> cropped >> to a configurable network mask (previously causing SQL server >> > errors: > >> 'value too long'); >> >> - let AWL with SQL keep separate records for DKIM-signed and unsigned >> mail >> (when auto_whitelist_distinguish_signed configuration option is >> > true, > >> and a field awl.signedby exists); >> >> - avoided a race condition in SQLBasedAddrList.pm when multiple >> processes >> try to insert-or-update an awl SQL record: trying INSERT first, and >> > if > >> that fails go for UPDATE; >> >> - gracefully handle NaN from corrupted database or a broken emulator >> > or > >> virtualizer; >> >> >> DCC PLUGIN >> >> - added support for DCC reputations, added setting dcc_rep_percent, >> new test check_dcc_reputation_range(), new tag DCCREP >> (DCC servers supply reputation data only to licensed clients); >> >> - allowed usage of a remote dccifd host through an INET or INET6 >> socket; >> >> >> DKIM PLUGIN >> >> - the DKIM plugin is now enabled by default for new installs if the >> > perl > >> module Mail::DKIM is installed. However, installing SpamAssassin >> > will > >> not overwrite existing .pre configuration files, so to use DKIM >> > when > >> upgrading from a previous release that did not use DKIM, the >> directive: >> >> loadplugin Mail::SpamAssassin::Plugin::DKIM >> >> will need to be uncommented in file "v312.pre", or added to some >> other .pre file, such as local.pre; >> >> - absolute minimal version of Mail::DKIM is 0.31; >> support for ADSP requires Mail::DKIM 0.34; >> a DNS test (and rule) for NXDOMAIN is operational since Mail::DKIM >> 0.36_5, >> so effectively the recommended version is Mail::DKIM 0.37 or later; >> >> - a perl module Digest::SHA is required if the DKIM plugin is enabled. >> If a perl module Digest::SHA is available, the module Digest::SHA1 >> becomes optional as far as SpamAssassin is concerned, but is still >> needed by Razor agents; >> >> - added support for multiple signatures (useful for whitelisting); >> >> - plugin now distinguishes author domain signatures from third party >> signatures (useful for whitelisting); >> >> - provides a tag DKIMIDENTITY (in addition to DKIMDOMAIN); >> >> - DKIM now supports Author Domain Signing Practices - ADSP (RFC 5617); >> >> - use the Mail::DKIM::AuthorDomainPolicy instead of >> Mail::DKIM::DkimPolicy, >> when available (since Mail::DKIM 0.34); >> >> - implements an 'adsp_override' configuration directive and adds >> an eval:check_dkim_adsp check, which is used by new DKIM_ADSP_* >> rules; >> >> - rules contain an initial set of 'adsp_override' directives, listing >> some of the more popular target domains for phishing (applicable >> only to >> domains which sign all their direct mail with a DKIM or DK >> signature); >> >> - this plugin can now re-use Mail::DKIM verification results if made >> available by a caller, which saves resources and makes it possible >> for SpamAssassin to work on a truncated large mail without breaking >> DKIM signatures; >> >> - check_dkim_signed and check_dkim_adsp eval rules can now take an >> optional >> list of domain names, which limits their action to listed domains >> only. >> It facilitates building DKIM-based rules for specific domains, >> > without > >> having to resort to meta rules; >> >> - draft-ietf-dkim-ssp-10/RFC-5617 made Author Domain Signature based >> on >> 'd': >> updated ADSP code accordingly; changed whitelisting code to be >> based on >> SDID ('d') instead of AUID ('i'); >> >> - Plugin/DKIM.pm: terminology changes in comments and logging >> > according > >> to RFC 5617 and draft-ietf-dkim-rfc4871-errata-07; >> >> >> BUG FIXES >> >> - fixed Rule2XSBody segfaults; >> >> - no longer treat user data as perl booleans (a string "0" is a >> false); >> >> - avoid data from the wild be interpreted as perl regular expressions; >> >> - ArchiveIterator: prevent _scan_directory from passing directories >> to _scan_file (on NFS it would fail with EISDIR on read(2); >> >> - fixed inserting the SpamAssassin -generated header fields after a >> multiline Return-Path header field; >> >> - fixed vpopmail support; >> >> - fixed incorrect mode bits when creating lock files for AWL; >> >> - fixed some cases where :addr headers were parsed incorrectly; >> >> - fixed leakage of 'whitelist_from_rcvd' entries between spamd users; >> >> - fixing run_and_catch, which failed to catch a non-timed run; >> >> - 127/8 isn't an illegal IP; >> >> - reworked the M::S::Timeout module to deal with nested timers as one >> would >> expect: an inner timer shouldn't be able to extend an outer timer's >> > >> limit; >> account for time elapsed in the submitted subroutine when >> restarting an >> outer timer; reset() should have accounted for time already spent; >> deal with nested timed runs where alarm(0) does not provide >> remaining time; >> >> - the 'exists:' evaluator in HEADER rules now works as documented >> and tests for existence of a header field, instead of testing for >> a header field body being nonempty; internally, the pms->get can >> also now distinguish between empty and nonexistent header fields; >> >> - applied fixes to header fields parsing in several places: header >> > field > >> names are case-insensitive, whitespace is not required after a >> > colon, > >> obsolete rfc822 syntax allowed whitespace before a colon; >> VBounce: match "Received:" only at the beginning of a line; >> >> - fixed bugs 6237 and 6295: 1.0.0.0/8 and 2.0.0.0/8 are now valid >> allocated >> address ranges, fixed a corresponding rule RCVD_ILLEGAL_IP; >> >> - fixed bug 6205 comment 5 in URIDetail.pm; >> >> - 'pyzor_options' in Plugin/Pyzor.pm was not untainted; >> >> - made the URIDetail plugin taint safe; >> >> - fixed parsing of multi-line Received header fields for >> BOUNCE_MESSAGE/VBOUNCE_MESSAGE et al; >> >> - Bug 6206, Bug 2536: spamd: untaint directory as obtained from a >> password >> file or from vpopmail utilities, avoid implicit untainting; report >> error >> if user preferences file exists but cannot be accessed; >> >> - avoided using raw data from DNS as a regexp in Plugin/ASN.pm; >> >> - ensured the dbg() and info() calls always return the same value >> > (true) > >> regardless of log level; >> >> - suppressed logging of $& when its value is not available (i.e. when >> no regexp has been evaluated during rule evaluation); >> >> - Exporter never really worked in SA, was not enclosed in BEGIN {}; >> >> - masses/runGA and masses/mk-baseline-results: prevent a shell >> > 'source' > >> command from loading an unrelated file named 'config' which happens >> > >> to be >> in the current PATH - must use a ./ in an arg to a 'source' >> command; >> >> >> ERROR HANDLING, ROBUSTNESS >> >> - improved error detection and reporting: test status of all system >> calls >> and I/O operations (or explicitly document where not), and report >> unexpected failures; >> >> - eval calls now check for eval result instead of testing the $@, >> > which > >> is not always reliable; >> >> - localized $@ and $! in DESTROY methods to prevent potential calls to >> > >> eval >> and calls to system routines in code executed from a DESTROY method >> from clobbering global variables $@ and $!; >> >> - Util::helper_app_pipe_open_unix: contain a failing exec with an eval >> to prevent additional cases of process cloning. The exec could fail >> this way when given tainted arguments; >> >> - Util::helper_app_pipe_open_unix: flush stdout and stderr before >> forking, >> otherwise an error reported by exec (such as 'insecure dependency') >> was lost in a buffer; >> >> - eval-protected an open($fh,'-|') to capture implied fork failures >> due to lack of system resource; >> >> - explicit untainting: combine "use re 'taint'" with untaint_var(), >> avoiding implicit perl untainting, along with workarounds to >> prevent it; >> >> - added 'use strict' where missing; >> >> - avoided a bunch of warnings on "Use of uninitialized value"; >> >> - clearly report reasons for helper application process failures; >> >> - t/SATest.pm: provide information about the process failure reason >> if a system() call fails; improved its reporting of failures; >> >> - improved error reporting in Plugin/DCC.pm on finding a DCC home >> directory >> to facilitate troubleshooting; >> >> >> OTHER CHANGES >> >> - pseudoheader "ALL:raw" returns a pristine header section, >> and pseudoheader "ALL" returns a cleaned header section >> >> - total rewrite of URI detection in plain text body; >> >> - many updates to the list of top level domains; >> >> - added 'util_rb_3tld', allowing 3-level TLDs to be listed in URIBLs >> > and > >> allowing new 3TLDs to be added from rule updates; >> >> - avoided trusted_networks bog down due to O(n^2) loop with millions >> of entries; >> >> - applied fixes to Plugin/VBounce.pm, updated VBounce ruleset; >> >> - added support for a 'Communigate Pro' Received header field; >> >> - parse Communigate Pro "with HTTPU" auth token; >> >> - let DependencyInfo.pm understand a concept of recommended module >> version, >> besides a required version; >> >> - provided a workaround for Net::DNS::Packet::new inconsistency; >> >> - let SpamAssassin use either Digest::SHA or Digest::SHA1, whichever >> > is > >> available (the Digest::SHA is now a base module since perl 5.10.0); >> >> - improved parsing of eval-type rules: allow unquoted domain names as >> arguments, disallow unmatched quotes; >> >> - provided a new module Mail::SpamAssassin::BayesStore::BDB. It should >> > >> be >> treated as alpha-quality (needs more testing) and is not yet ready >> > for > >> production use; >> >> - exposed existing function 'received_within_months' as an eval >> > function > >> in Plugin/HeaderEval.pm; >> >> - moved rc script to /var/lock/subsys/spamd instead of >> /var/lock/subsys/spamassassin so 'service spamd status' will work; >> >> - added feature to re-download MIRRRORED.BY files at least once a >> week, or if >> 'sa-update --refreshmirrors' switch is used; >> >> - input delimiter $/ can be corrupted by a plugin, localize $/ and $\ >> before >> calling a plugin; >> >> - bumped the retry counter to 180 seconds for starting spamd on slow >> machines; >> >> - resolved Bug 5325: syslog severity level in spamc/libspamc.c for max >> message size (changed LOG_ERR into LOG_NOTICE for the message: >> "skipped message, greater than max message size"); >> >> - added checker to avoid taint warnings if hostname is returned as >> '(none)'; >> >> - altered sa-update to produce an error message if a channel doesn't >> exist; >> >> - Bug 6150, Bug 6127, Bug 5981, Bug 5950, Bug 6191: let spamd >> > log/report > >> a child process exit status or aborting condition in an informative >> > >> way; >> >> - added checker to detect accidental match-everything regexps in >> rules; >> >> - updated garescorer for 3.3.0: use more epochs in GA runs for better >> scores; >> clarify some mass-check warning output, ensure rule name always >> appears at >> start of line; if a rule had no default/existing score in >> 50_scores.cf, >> don't tell the GA that 1.0 is an appropriate default value, instead >> > >> pick >> the midway point of its score range. this produces better results; >> remove some dead code from masses/score-ranges-from-freqs; >> >> - set garescorer.c to report performance as iterations per second; >> >> - added test to ensure that all config settings are correctly handled >> when >> switching between users; added more config setting type metadata to >> > >> enable >> those tests to work; and fix URIDetail to store config on the >> {conf} object, >> not on the plugin; >> >> - moved 'release tests' to xt/ directory; mirror long-running, >> net-tests and >> stress tests with xt/50_testname.t scripts to enforce their run >> before a >> release; >> >> - made numerous additional and updated self-tests; >> >> - added a Test::Perl::Critic release-test; >> >> - cleaned up some code based on suggestions by perl module >> Test::Perl::Critic, >> among others: >> . enable TestingAndDebugging::ProhibitNoStrict test but allow the >> use of 'no strict "refs"'; >> . deal with BuiltinFunctions::RequireGlobFunction; >> . deal with ControlStructures::ProhibitMutatingListFunctions >> removing this exception from xt/60_perlcritic.t; >> . deal with BayesStore/BDB.pm, >> Variables::ProhibitConditionalDeclarations >> . now that the module Time::HiRes is a required module, we can >> > afford > >> to replace a select() with Time::HiRes::sleep, and remove >> > exception > >> BuiltinFunctions::ProhibitSleepViaSelect from xt/60_perlcritic.t; >> >> - updated documentation, fixing numerous typos and mistakes in >> documentation >> text and in log messages; >> >> - extensively improved development process: >> . automated testing through Hudson, a continuous integration tool; >> . improved mass-check system and rules oversight; >> >> >> About Apache SpamAssassin >> ------------------------- >> >> Apache SpamAssassin is a mature, widely-deployed open source project >> that serves as a mail filter to identify spam. SpamAssassin uses a >> variety of mechanisms including mail header and text analysis, >> Bayesian filtering, DNS blocklists, and collaborative filtering >> databases. In addition, Apache SpamAssassin has a modular architecture >> > >> that allows other technologies to be quickly incorporated as an >> addition or as a replacement for existing methods. >> Apache SpamAssassin typically runs on a server, classifies and labels >> spam before it reaches your mailbox, while allowing other components >> of a mail system to act on its results. >> >> Most of the Apache SpamAssassin is written in Perl, with heavily >> traversed code paths carefully optimized. Benefits are portability, >> robustness and facilitated maintenance. It can run on a wide variety >> of POSIX platforms. >> The server and the Perl library feels at home on Unix and Linux >> platforms, and reportedly also works on MS Windows systems under >> ActivePerl. >> >> For more information, visit http://spamassassin.apache.org/ >> >> >> About The Apache Software Foundation >> ------------------------------------ >> >> Established in 1999, The Apache Software Foundation provides >> organizational, legal, and financial support for more than 100 >> freely-available, collaboratively-developed Open Source projects. The >> pragmatic Apache License enables individual and commercial users to >> easily deploy Apache software; the Foundation's intellectual property >> framework limits the legal exposure of its 2,500+ contributors. >> >> For more information, visit http://www.apache.org/ Any opinion >> expressed in this e-mail or any attached files are those of the >> > individual and not necessarily those of Herefordshire Council. > >> You should be aware that Herefordshire Council monitors its email >> > service. > >> This e-mail and any attached files are confidential and intended >> > solely for the use of the addressee. This communication may contain > material protected by law from being passed on. If you are not the > intended recipient and have received this e-mail in error, you are > advised that any use, dissemination, forwarding, printing or copying of > this e-mail is strictly prohibited. If you have received this e-mail in > error please contact the sender immediately and destroy all copies of > it. > >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow > me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. > You should be aware that Herefordshire Council monitors its email service. > This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 27 15:33:17 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 27 15:33:34 2010 Subject: update_bad_phishing_emails In-Reply-To: References: <4B60451F.90200@tradoc.fr> <4B605CBD.30903@ecs.soton.ac.uk> Message-ID: I'm 99% sure this is only actually used by ScamNailer. Check out www.scamnailer.com or www.scamnailer.info for more on that. It probably shouldn't be in the MailScanner distribution at all. Jules. On 27/01/2010 14:25, Kai Schaetzl wrote: > Hm, there is no such file coming with the rpm. > > Kai > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gandalf at shopzeus.com Wed Jan 27 15:45:20 2010 From: gandalf at shopzeus.com (Laszlo Nagy) Date: Wed Jan 27 15:45:31 2010 Subject: Spam filtering stopped working Message-ID: <4B605F90.1050109@shopzeus.com> Hi All, I upgraded my BSD system recently. Portupgrade also upgraded MailScanner and berkley db. For some reason, the new Mailscanner is not doing spam filtering. Everything else is working - bad filenames detected, virus scanner works. The MailScanner configuration file was not changed since last rebuild. The maillog contains no error messages. When starting up MailScanner, I see no error messages. How can I find what the problem is? Where should I start? Thank you, Laszlo From john at tradoc.fr Wed Jan 27 15:47:27 2010 From: john at tradoc.fr (John Wilcock) Date: Wed Jan 27 15:47:42 2010 Subject: update_bad_phishing_emails In-Reply-To: References: <4B60451F.90200@tradoc.fr> <4B605CBD.30903@ecs.soton.ac.uk> Message-ID: <4B60600F.3000707@tradoc.fr> Le 27/01/2010 16:33, Jules Field a ?crit : > I'm 99% sure this is only actually used by ScamNailer. Check out > www.scamnailer.com or www.scamnailer.info for more on that. > > It probably shouldn't be in the MailScanner distribution at all. Thanks Jules. I'll remove all mention of it in my ebuild, then. John. -- -- Over 4000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From prandal at herefordshire.gov.uk Wed Jan 27 16:05:29 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jan 27 16:05:48 2010 Subject: FW: ANNOUNCE: Apache SpamAssassin 3.3.0 available In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk><4B602E23.6090005@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA08B9D9FA@HC-MBX02.herefordshire.gov.uk><4B60596F.4090501@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08B9DB19@HC-MBX02.herefordshire.gov.uk> Jules Field wrote: > On 27/01/2010 13:09, Randal, Phil wrote: >> Jules, >> >> Are you going to update the 'MailScanner -V' output to check for >> these >> requirements too? >> > I haven't listed SpamAssassin's requirements in "MailScanner -v" > output in the past, as they are 2 distinct packages. I'm reluctant to > change that decision, but am always open to comments on the subject. > > Jules That's fair enough. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From maillists at conactive.com Wed Jan 27 16:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 27 16:31:32 2010 Subject: ANNOUNCE: Apache SpamAssassin 3.3.0 available In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA08B9D821@HC-MBX02.herefordshire.gov.uk> <4B602E23.6090005@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA08B9D9FA@HC-MBX02.herefordshire.gov.uk> <4B60596F.4090501@ecs.soton.ac.uk> Message-ID: Jules Field wrote on Wed, 27 Jan 2010 15:19:11 +0000: > I haven't listed SpamAssassin's requirements in "MailScanner -v" output > in the past, as they are 2 distinct packages. I'm reluctant to change > that decision, but am always open to comments on the subject. You could list these as "optional/required for SA", maybe wwith a -vv (version verbose) switch. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Jan 27 17:31:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 27 17:31:32 2010 Subject: Spam filtering stopped working In-Reply-To: <4B605F90.1050109@shopzeus.com> References: <4B605F90.1050109@shopzeus.com> Message-ID: Laszlo Nagy wrote on Wed, 27 Jan 2010 16:45:20 +0100: > Where should I start? by telling the version? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dgottsc at emory.edu Wed Jan 27 17:41:55 2010 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 27 17:42:10 2010 Subject: Off Topic: Caching Bind Server Freezing Message-ID: Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. I'm running version 9.2.4. Any ideas would be greatly appreciated. David Gottschalk UTS Email team david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From gandalf at shopzeus.com Wed Jan 27 14:33:29 2010 From: gandalf at shopzeus.com (Laszlo Nagy) Date: Wed Jan 27 18:02:13 2010 Subject: Spam filtering stopped working In-Reply-To: References: <4B605F90.1050109@shopzeus.com> Message-ID: <4B604EB9.4060601@shopzeus.com> Kai Schaetzl ?rta: > Laszlo Nagy wrote on Wed, 27 Jan 2010 16:45:20 +0100: > > >> Where should I start? >> > > by telling the version? > # uname -a FreeBSD not_telling.com 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #0: Mon Nov 17 21:37:25 EST 2008 root@not_telling:/usr/obj/usr/src/sys/GENERIC amd64 # pkg_info | grep SpamA p5-Mail-SpamAssassin-3.2.5_4 A highly efficient mail filter for identifying spam # pkg_info | grep MailS MailScanner-4.79.4_1 Powerful virus/spam scanning framework for mail gateways # perl -v This is perl, v5.10.1 (*) built for amd64-freebsd From jaearick at colby.edu Wed Jan 27 19:08:33 2010 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jan 27 19:08:50 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: On Wed, 27 Jan 2010, Gottschalk, David wrote: > Date: Wed, 27 Jan 2010 12:41:55 -0500 > From: "Gottschalk, David" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Off Topic: Caching Bind Server Freezing > > Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? > > I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. > > I'm running version 9.2.4. > > Any ideas would be greatly appreciated. Upgrade to a newer version of bind? I'm running DNS caching with bind 9.6.1-P3 on Solaris 10, never had any issues. What OS are you on? Any named related syslog msgs of note? Is named short on memory? Jeff Earickson Colby College From dgottsc at emory.edu Wed Jan 27 19:17:38 2010 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 27 19:17:58 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: Yeah, I was planning on upgrading to a new version of BIND, as I suspect that this might be a bug. I just wanted to see if others had experienced this issue at all. I'm running RHEL 5. Nothing in the logs to note, I don't think named is short on memory. The servers each have 8GB of ram. David Gottschalk UTS Email team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson Sent: Wednesday, January 27, 2010 2:09 PM To: MailScanner discussion Subject: Re: Off Topic: Caching Bind Server Freezing On Wed, 27 Jan 2010, Gottschalk, David wrote: > Date: Wed, 27 Jan 2010 12:41:55 -0500 > From: "Gottschalk, David" > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Off Topic: Caching Bind Server Freezing > > Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? > > I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. > > I'm running version 9.2.4. > > Any ideas would be greatly appreciated. Upgrade to a newer version of bind? I'm running DNS caching with bind 9.6.1-P3 on Solaris 10, never had any issues. What OS are you on? Any named related syslog msgs of note? Is named short on memory? Jeff Earickson Colby College -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From lstewart at superb.net Wed Jan 27 19:31:05 2010 From: lstewart at superb.net (Landon Stewart) Date: Wed Jan 27 19:31:15 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: On Wed, Jan 27, 2010 at 9:41 AM, Gottschalk, David wrote: > Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? > > I have a bind caching server running on each of my MailScanner machines, > and occasionally named will completely freeze up. I'm not sure why this is > occurring. I thought it might have had to do with SpamHaus lookups hanging > (they blocked our lookups), so I disabled them in my mailscanner.cf; > however, that has not resolved the issue. > > I'm running version 9.2.4. > Hi David, Are you blocking UDP:53 or TCP:53 with your iptables or upstream? Do any lookups work at all when its frozen (cached or other)? Can you perform lookups using other name servers from the machine? (eg. dig @bitsy.mit.edu emory.edu). When it is frozen what does the output of lsof look like for that process? Are there a lot of network resources in use by the named process when it freezes? -- Landon Stewart SuperbHosting.Net by Superb Internet Corp. Toll Free (US/Canada): 888-354-6128 x 4199 Local and International: 206-438-5879 x 4199 Web hosting and more "Ahead of the Rest": http://www.superbhosting.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/5b469478/attachment.html From campbell at cnpapers.com Wed Jan 27 19:37:53 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Jan 27 19:38:08 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: <4B609611.1050904@cnpapers.com> Gottschalk, David wrote: > Yeah, I was planning on upgrading to a new version of BIND, as I suspect that this might be a bug. I just wanted to see if others had experienced this issue at all. > > I'm running RHEL 5. Nothing in the logs to note, I don't think named is short on memory. The servers each have 8GB of ram. > > David Gottschalk > UTS Email team > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Wednesday, January 27, 2010 2:09 PM > To: MailScanner discussion > Subject: Re: Off Topic: Caching Bind Server Freezing > > On Wed, 27 Jan 2010, Gottschalk, David wrote: > > >> Date: Wed, 27 Jan 2010 12:41:55 -0500 >> From: "Gottschalk, David" >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Off Topic: Caching Bind Server Freezing >> >> Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? >> >> I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. >> >> I'm running version 9.2.4. >> >> Any ideas would be greatly appreciated. >> > > Upgrade to a newer version of bind? I'm running DNS caching with bind > 9.6.1-P3 on Solaris 10, never had any issues. What OS are you on? > Any named related syslog msgs of note? Is named short on memory? > > Jeff Earickson > Colby College > -- > > I think you can issue "rndc querylog" and it should log all to your messages files. Make sure you turn it off by re-issuing it. steve campbell From peter at farrows.org Wed Jan 27 20:02:15 2010 From: peter at farrows.org (Peter Farrow) Date: Wed Jan 27 20:02:36 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: <4B609BC7.5010009@farrows.org> I have had this problem persistently on Centos 5.3 boxes running MailScanner. Bind became such a problem on these machines I added several other nameservers in resolve.conf. Bind daemon appears to be running but does not respond to service stop command nor does answer any queries. To stop it I find the process number kill -9 it and then restart with the service command, it will then run for a random amount of time from hours to weeks and then go again, I think its a bug. Pete On 27/01/2010 19:17, Gottschalk, David wrote: > Yeah, I was planning on upgrading to a new version of BIND, as I suspect that this might be a bug. I just wanted to see if others had experienced this issue at all. > > I'm running RHEL 5. Nothing in the logs to note, I don't think named is short on memory. The servers each have 8GB of ram. > > David Gottschalk > UTS Email team > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff A. Earickson > Sent: Wednesday, January 27, 2010 2:09 PM > To: MailScanner discussion > Subject: Re: Off Topic: Caching Bind Server Freezing > > On Wed, 27 Jan 2010, Gottschalk, David wrote: > > >> Date: Wed, 27 Jan 2010 12:41:55 -0500 >> From: "Gottschalk, David" >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Off Topic: Caching Bind Server Freezing >> >> Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? >> >> I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. >> >> I'm running version 9.2.4. >> >> Any ideas would be greatly appreciated. >> > Upgrade to a newer version of bind? I'm running DNS caching with bind > 9.6.1-P3 on Solaris 10, never had any issues. What OS are you on? > Any named related syslog msgs of note? Is named short on memory? > > Jeff Earickson > Colby College > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- horizontal ruler Peter Farrow avatar ______________________ Home: 01249 654183 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.peterfarrow.com -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- Skipped content of type multipart/related From dgottsc at emory.edu Wed Jan 27 20:09:28 2010 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 27 20:09:46 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: <4B609BC7.5010009@farrows.org> References: <4B609BC7.5010009@farrows.org> Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 57 bytes Desc: image001.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/ac2bd282/image001.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.gif Type: image/gif Size: 8198 bytes Desc: image002.gif Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/ac2bd282/image002.gif From dgottsc at emory.edu Wed Jan 27 20:09:57 2010 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 27 20:10:14 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: No firewall blocking going on. Lookups to the local server freeze entirely, I have not checked when this happened if remote looks ups still worked or not. I have to kill named when this occurs as it will not voluntarily restart. I even did a strace on named, and there is no activity. Doesn't appear to be a lot of network resources in use when it freezes. David Gottschalk UTS Email team david.gottschalk@emory.edu 404.727.9744 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Landon Stewart Sent: Wednesday, January 27, 2010 2:31 PM To: MailScanner discussion Subject: Re: Off Topic: Caching Bind Server Freezing On Wed, Jan 27, 2010 at 9:41 AM, Gottschalk, David > wrote: Does anyone here use Bind to cache DNS lookups on their MailScanner boxes? I have a bind caching server running on each of my MailScanner machines, and occasionally named will completely freeze up. I'm not sure why this is occurring. I thought it might have had to do with SpamHaus lookups hanging (they blocked our lookups), so I disabled them in my mailscanner.cf; however, that has not resolved the issue. I'm running version 9.2.4. Hi David, Are you blocking UDP:53 or TCP:53 with your iptables or upstream? Do any lookups work at all when its frozen (cached or other)? Can you perform lookups using other name servers from the machine? (eg. dig @bitsy.mit.edu emory.edu). When it is frozen what does the output of lsof look like for that process? Are there a lot of network resources in use by the named process when it freezes? -- Landon Stewart > SuperbHosting.Net by Superb Internet Corp. Toll Free (US/Canada): 888-354-6128 x 4199 Local and International: 206-438-5879 x 4199 Web hosting and more "Ahead of the Rest": http://www.superbhosting.net ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/77f1757a/attachment.html From logs at comp-wiz.com Wed Jan 27 21:24:29 2010 From: logs at comp-wiz.com (Vernon) Date: Wed Jan 27 21:25:18 2010 Subject: MailScanner was attacked by a Denial Of Service attack Message-ID: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> Can anyone please tell me how I can stop this? I have posted it to the lsit before and I was told to make Max Children 3 and I have and yet I am still get this. I'm not running a large email server (at best 100 users). I got more memory as suggested but clients are really starting to get angry now. Here I the message I'm getting. MailScanner was attacked by a Denial Of Service attack, and has therefore deleted this part of the message. Please contact your e-mail providers for more information if you need it, giving them the whole of this report. Attack in: /var/spool/MailScanner/incoming/32069/o0RKmwPH002366/nmsg-32069-89.html -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100127/819b9a24/attachment.html From ms-list at alexb.ch Wed Jan 27 21:27:23 2010 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 27 21:27:17 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: Message-ID: <4B60AFBB.70807@alexb.ch> On 1/27/2010 8:17 PM, Gottschalk, David wrote: > Yeah, I was planning on upgrading to a new version of BIND, as I > suspect that this might be a bug. I just wanted to see if others had > experienced this issue at all. > > I'm running RHEL 5. Nothing in the logs to note, I don't think named > is short on memory. The servers each have 8GB of ram. Been there, switched to powerdns-recursor. Its been solid, fast, smaller footprint. From ms-list at alexb.ch Wed Jan 27 21:41:52 2010 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 27 21:41:42 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: <4B60AFBB.70807@alexb.ch> References: <4B60AFBB.70807@alexb.ch> Message-ID: <4B60B320.4090106@alexb.ch> On 1/27/2010 10:27 PM, Alex Broens wrote: > On 1/27/2010 8:17 PM, Gottschalk, David wrote: >> Yeah, I was planning on upgrading to a new version of BIND, as I >> suspect that this might be a bug. I just wanted to see if others had >> experienced this issue at all. >> >> I'm running RHEL 5. Nothing in the logs to note, I don't think named >> is short on memory. The servers each have 8GB of ram. > > Been there, switched to powerdns-recursor. > Its been solid, fast, smaller footprint. For the record: I'm using the RPMs supplied by http://powerdns.com/en/downloads.aspx Linux x86 RPM (Generic RPM) Linux x86_64 RPM (Generic RPM) Running nicely on Centos 5.x x86 and x86_64 boxes. From MailScanner at ecs.soton.ac.uk Wed Jan 27 21:51:01 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Jan 27 21:51:16 2010 Subject: MailScanner was attacked by a Denial Of Service attack In-Reply-To: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> References: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> <4B60B545.6070100@ecs.soton.ac.uk> Message-ID: For starters, make sure you are running the latest version. Then if you can get a message which repeatedly does it, run it through with MailScanner --debug --id=xxxxxxx where xxxxxx is the id of the message as reported by the MailScanner logs. The send the list the output of that command, presuming that it produces some sort of error message. On 27/01/2010 21:24, Vernon wrote: > > Can anyone please tell me how I can stop this? I have posted it to the > lsit before and I was told to make Max Children 3 and I have and yet I > am still get this. I?m not running a large email server (at best 100 > users). I got more memory as suggested but clients are really starting > to get angry now. Here I the message I?m getting. > > MailScanner was attacked by a Denial Of Service attack, and has > therefore deleted this part of the message. Please contact your e-mail > providers for more information if you need it, giving them the whole > of this report. Attack in: > /var/spool/MailScanner/incoming/32069/o0RKmwPH002366/nmsg-32069-89.html > > > -- > This message has been scanned for viruses and > dangerous content by *comp-wiz.com* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From logs at comp-wiz.com Wed Jan 27 22:13:27 2010 From: logs at comp-wiz.com (Vernon) Date: Wed Jan 27 22:14:16 2010 Subject: MailScanner was attacked by a Denial Of Service attack In-Reply-To: References: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> <4B60B545.6070100@ecs.soton.ac.uk> Message-ID: <002701ca9f9d$f3e5dc90$dbb195b0$@comp-wiz.com> It's the latest version (as I downloaded the latest one and it was the same) and secondly the messages that are having the problem disappear from the location mentioned below. I looked there and they are not there. What seems to happen is I will get them an all messages coming through will have that issue until I restart MailScanner. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Wednesday, January 27, 2010 4:51 PM To: MailScanner discussion Subject: Re: MailScanner was attacked by a Denial Of Service attack For starters, make sure you are running the latest version. Then if you can get a message which repeatedly does it, run it through with MailScanner --debug --id=xxxxxxx where xxxxxx is the id of the message as reported by the MailScanner logs. The send the list the output of that command, presuming that it produces some sort of error message. On 27/01/2010 21:24, Vernon wrote: > > Can anyone please tell me how I can stop this? I have posted it to the > lsit before and I was told to make Max Children 3 and I have and yet I > am still get this. I'm not running a large email server (at best 100 > users). I got more memory as suggested but clients are really starting > to get angry now. Here I the message I'm getting. > > MailScanner was attacked by a Denial Of Service attack, and has > therefore deleted this part of the message. Please contact your e-mail > providers for more information if you need it, giving them the whole > of this report. Attack in: > /var/spool/MailScanner/incoming/32069/o0RKmwPH002366/nmsg-32069-89.htm > l > > > -- > This message has been scanned for viruses and dangerous content by > *comp-wiz.com* , and is believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. From alex at rtpty.com Wed Jan 27 22:21:14 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Wed Jan 27 22:27:02 2010 Subject: Off Topic: Caching Bind Server Freezing Message-ID: <451767989-1264631207-cardhu_decombobulator_blackberry.rim.net-2005708939-@bda942.bisx.prod.on.blackberry> Any easy rpms to implement? Webmin module for the extra lazy? I'm asking for, um... A friend! Yes, that's the ticket! ------Original Message------ From: Alex Broens Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: Re: Off Topic: Caching Bind Server Freezing Sent: Jan 27, 2010 4:27 PM On 1/27/2010 8:17 PM, Gottschalk, David wrote: > Yeah, I was planning on upgrading to a new version of BIND, as I > suspect that this might be a bug. I just wanted to see if others had > experienced this issue at all. > > I'm running RHEL 5. Nothing in the logs to note, I don't think named > is short on memory. The servers each have 8GB of ram. Been there, switched to powerdns-recursor. Its been solid, fast, smaller footprint. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From ms-list at alexb.ch Wed Jan 27 22:34:42 2010 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 27 22:34:33 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: <451767989-1264631207-cardhu_decombobulator_blackberry.rim.net-2005708939-@bda942.bisx.prod.on.blackberry> References: <451767989-1264631207-cardhu_decombobulator_blackberry.rim.net-2005708939-@bda942.bisx.prod.on.blackberry> Message-ID: <4B60BF82.70501@alexb.ch> On 1/27/2010 11:21 PM, Alex Neuman van der Hans wrote: > Any easy rpms to implement? by now you sawmy next msg with the links to the RPMs I'm using on high traffic recursors > Webmin module for the extra lazy? this is a recursor ONLY!!!!!.. the conf file is so simple you don't need a webmin for it. there's nothing much to change except maybe which network is allowed to access. if you need the full blown powerdns package its a different story and requires some rtfm.... I'm asking for, um... A friend! Yes, that's the ticket! :-) > ------Original Message------ > From: Alex Broens > Sender: mailscanner-bounces@lists.mailscanner.info > To: MailScanner discussion > ReplyTo: MailScanner discussion > Subject: Re: Off Topic: Caching Bind Server Freezing > Sent: Jan 27, 2010 4:27 PM > > On 1/27/2010 8:17 PM, Gottschalk, David wrote: >> Yeah, I was planning on upgrading to a new version of BIND, as I >> suspect that this might be a bug. I just wanted to see if others had >> experienced this issue at all. >> >> I'm running RHEL 5. Nothing in the logs to note, I don't think named >> is short on memory. The servers each have 8GB of ram. > > Been there, switched to powerdns-recursor. > Its been solid, fast, smaller footprint. > From glenn.steen at gmail.com Thu Jan 28 00:07:28 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 28 00:07:37 2010 Subject: moving from ubuntu In-Reply-To: <4B5EEEF3020000FC0000F211@gwmail.medicine.wisc.edu> References: <1213490F1F316842A544A850422BFA96129737E35D@BHLSBS.bhl.local> <4B5EEEF3020000FC0000F211@gwmail.medicine.wisc.edu> Message-ID: <223f97701001271607w942d1dbga57a142744b9114f@mail.gmail.com> 2010/1/26 Michael Masse : > Whoever wrote below that postfix is the default on Centos is wrong. ?I've installed plenty of CentOS/RHEL 3, 4 & 5 systems and the default has always been Sendmail. ? ?Not that it isn't trivial to switch to Postfix, but don't be surprised if copying over your current Postfix config doesn't work until you tell CentOS to actually use Postfix. > > -Mike > As Mike alludes to, apart from actually installing postfix ("yum install postfix"? Not really my distro of choice, CentOS, so I might've garbled that:-), it should be a matter of running "system-switch-mail" and choosing PF... really simple, indeed. As always it is prudent to check that any pathes or default settings won't trip up the "config move".$$$$$$$ > >>>> On 1/26/2010 at 12:41 PM, in message > , Gavin Silver > wrote: >> Thanks everyone >> >> After reading all the replies ive decided to go with centos 5.4 and postfix >> as I am already comfortable with using postfix as a gateway and I can pretty >> much copy over all my trans/relay and config files. >> >>> >>> I was just about to ask "why sendmail, are you switching from qmail"? >>> ;-) >>> postfix is default on CentOS and I would leave it this way. >>> >>> Install all the necessary perl libraries and clamav from rpmforge, then >>> build your own SA rpm (just follow the instructions on the SA download >>> page), then install only the mailscanner*.rpm from the MailScanner >>> tarball. There's also a repo, but I don't know if it's up-to-date. >>> >>> Kai >>> >> >> There is also the MailScanner Gold yum repository, which I believe caters >> for CentOS. Although it is a paid service it will help you get up and running >> quickly. There is also the MailScanner beta repository that is free I think? >> >> Jason > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Jan 28 09:32:47 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 28 09:33:05 2010 Subject: MailScanner was attacked by a Denial Of Service attack In-Reply-To: <002701ca9f9d$f3e5dc90$dbb195b0$@comp-wiz.com> References: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> <4B60B545.6070100@ecs.soton.ac.uk> <002701ca9f9d$f3e5dc90$dbb195b0$@comp-wiz.com> <4B6159BF.6020000@ecs.soton.ac.uk> Message-ID: In which case the messages should be in your quarantine. Process a few with "MailScanner --debug" and see if they show any error messages. You say you're running the latest, exactly what version number are you running? (MailScanner -v will tell you at the top of the output). On 27/01/2010 22:13, Vernon wrote: > It's the latest version (as I downloaded the latest one and it was the same) > and secondly the messages that are having the problem disappear from the > location mentioned below. I looked there and they are not there. What seems > to happen is I will get them an all messages coming through will have that > issue until I restart MailScanner. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Wednesday, January 27, 2010 4:51 PM > To: MailScanner discussion > Subject: Re: MailScanner was attacked by a Denial Of Service attack > > For starters, make sure you are running the latest version. > Then if you can get a message which repeatedly does it, run it through with > MailScanner --debug --id=xxxxxxx where xxxxxx is the id of the message as > reported by the MailScanner logs. > The send the list the output of that command, presuming that it produces > some sort of error message. > > On 27/01/2010 21:24, Vernon wrote: > >> Can anyone please tell me how I can stop this? I have posted it to the >> lsit before and I was told to make Max Children 3 and I have and yet I >> am still get this. I'm not running a large email server (at best 100 >> users). I got more memory as suggested but clients are really starting >> to get angry now. Here I the message I'm getting. >> >> MailScanner was attacked by a Denial Of Service attack, and has >> therefore deleted this part of the message. Please contact your e-mail >> providers for more information if you need it, giving them the whole >> of this report. Attack in: >> /var/spool/MailScanner/incoming/32069/o0RKmwPH002366/nmsg-32069-89.htm >> l >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> *comp-wiz.com*, and is believed to be clean. >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me > at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by > comp-wiz.com, and is believed to be clean. > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Jan 28 10:10:22 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 28 10:10:34 2010 Subject: MailScanner was attacked by a Denial Of Service attack In-Reply-To: <002701ca9f9d$f3e5dc90$dbb195b0$@comp-wiz.com> References: <001c01ca9f97$1cdd1750$569745f0$@comp-wiz.com> <4B60B545.6070100@ecs.soton.ac.uk> <002701ca9f9d$f3e5dc90$dbb195b0$@comp-wiz.com> Message-ID: Vernon wrote on Wed, 27 Jan 2010 17:13:27 -0500: > the messages that are having the problem disappear from the > location mentioned below. Then they have been processed on a second/third run I would think. It seems like your machine is too slow at processing them? What's your RAM size and CPU speed? What's the average load? What's the incoming queue size when this happens? How many of these problem messages do you get per day? For 100 users you may be able to go with Max Children = 1. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From richard at sidlin.co.uk Thu Jan 28 13:09:20 2010 From: richard at sidlin.co.uk (Richard Sidlin) Date: Thu Jan 28 13:09:31 2010 Subject: MailScanner Archive Option Message-ID: <8123FDD52B3444B98455DE09BA25255B@Gaffer> Hi I would like to setup mail archiving for one domain. I see from the instructions that it archives to a folder destination that you specify. Could someone explain how it saves it (format) and how the messages are retrieved into either a mail server or mail client? Thanks Richard -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/02beeebf/attachment.html From steve at fsl.com Thu Jan 28 13:49:36 2010 From: steve at fsl.com (Stephen Swaney) Date: Thu Jan 28 13:49:46 2010 Subject: MailScanner Archive Option In-Reply-To: <8123FDD52B3444B98455DE09BA25255B@Gaffer> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> Message-ID: <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> Richard, The messages will be stored as individual message files in a text format in a separate folder for each day The can be rent by changing to the directory contain the message and running sendmail -iot < [message_file_name] Steve On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: > Hi > > I would like to setup mail archiving for one domain. I see from the instructions that it archives to a folder destination that you specify. Could someone explain how it saves it (format) and how the messages are retrieved into either a mail server or mail client? > > Thanks > > Richard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Thanks, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/9d22c02d/attachment.html From mmmm82 at gmail.com Thu Jan 28 15:21:12 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Thu Jan 28 15:21:22 2010 Subject: MailScanner Archive Option In-Reply-To: <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> Message-ID: <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> Steve are you sure about this, in my case this does not work, as they are not saved as rfc281 messages like in quarantine They are stored as message queue files and to retrieve them is a pain Change permission of file to be executable and copy it to the postfix incoming queue (I use postfix), and have to make a customized script to accomplish my need Any advise is appreciated if I am doing something wrong here Thanks Monis On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney wrote: > Richard, > > The messages will be stored as individual message files in a text format in > a separate folder for each day > > The can be rent by changing to the directory contain the message and > running > > sendmail -iot < [message_file_name] > > Steve > > On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: > > Hi > > I would like to setup mail archiving for one domain. I see from the > instructions that it archives to a folder destination that you specify. > Could someone explain how it saves it (format) and how the messages are > retrieved into either a mail server or mail client? > > Thanks > > Richard > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Thanks, > > Steve > > -- > Steve Swaney > steve@fsl.com > 202 595-7760 ext: 601 > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/18f654e7/attachment.html From mmmm82 at gmail.com Thu Jan 28 15:22:35 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Thu Jan 28 15:22:45 2010 Subject: Fwd: Not detecting this message In-Reply-To: <837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> <837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> Message-ID: <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> Hi People any updates please ?? ---------- Forwarded message ---------- From: Monis Monther Date: Wed, Jan 27, 2010 at 3:25 PM Subject: Re: Not detecting this message To: MailScanner discussion Hi Again: Sorry Hostmaster for some reason I my gmail didnt allow to me to reply to your message so I am replying on my own thread First of all thanks for the quick response Now Regarding your concerns Yes i use URIBL Below are the scores I have in my SpamAssassin score URIBL_AB_SURBL 0 1.613 0 1.860 # n=0 n=2 score URIBL_JP_SURBL 0 2.857 0 1.501 # n=0 n=2 score URIBL_OB_SURBL 0 2.132 0 1.500 # n=0 n=2 score URIBL_PH_SURBL 0 2.035 0 1.787 # n=0 n=2 score URIBL_RHS_DOB 0 0.901 0 1.083 # n=0 n=2 score URIBL_SBL 0 2.468 0 1.499 # n=0 n=2 score URIBL_SC_SURBL 0 2.523 0 0.474 # n=0 n=2 score URIBL_WS_SURBL 0 2.100 0 1.500 # n=0 n=2 score URIBL_BLACK 0 1.961 0 1.955 # n=0 n=2 Do you think I need to adjust ?? The message was tagged with URIBL_BLACK with score 1.96, it was also tagged with some other scores, but it did not pass 6 and many other like this one only get a score bwetween 2-5. I use spamhaus-zen and CBL as my RBL lists On Wed, Jan 27, 2010 at 2:42 PM, Monis Monther wrote: > Hi everyone > > Today I started to get hundereds of messages in the following form > > Hi. > My name is Nicole. > this is about you? > > Goodbye :-) > > > And it has the subject Please > > I also received similar messages with Subjects : Question, Answer me, > Please answer me > > > How can I stop such messages, all passed as clean except the ones that came > from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN > didnt catch any of them > > Help Please > > Thanks > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/596002b5/attachment.html From MailScanner at ecs.soton.ac.uk Thu Jan 28 15:29:54 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 28 15:30:08 2010 Subject: MailScanner Archive Option In-Reply-To: <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> <4B61AD72.207@ecs.soton.ac.uk> Message-ID: On 28/01/2010 15:21, Monis Monther wrote: > Steve are you sure about this, in my case this does not work, as they > are not saved as rfc281 messages like in quarantine > > They are stored as message queue files and to retrieve them is a pain Suggest you take a look at this option in MailScanner.conf: # When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = yes > > Change permission of file to be executable and copy it to the postfix > incoming queue (I use postfix), and have to make a customized script > to accomplish my need > > Any advise is appreciated if I am doing something wrong here > > > Thanks > > Monis > > On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney > wrote: > > Richard, > > The messages will be stored as individual message files in a text > format in a separate folder for each day > > The can be rent by changing to the directory contain the message > and running > > sendmail -iot < [message_file_name] > > Steve > > On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: > >> Hi >> I would like to setup mail archiving for one domain. I see from >> the instructions that it archives to a folder destination that >> you specify. Could someone explain how it saves it (format) and >> how the messages are retrieved into either a mail server or mail >> client? >> Thanks >> Richard >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Thanks, > > Steve > > -- > Steve Swaney > steve@fsl.com > 202 595-7760 ext: 601 > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Hostmaster at computerservicecentre.com Thu Jan 28 15:41:39 2010 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Thu Jan 28 15:42:11 2010 Subject: Not detecting this message In-Reply-To: <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com><837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2ACFA5D0@commssrv01.computerservicecentre.com> I would suggest you consider bumping up the score for URIBL_BLACK to something like 4 or maybe higher (I have it at 6 on our MS installations). Looking back at a history of 1.5 million emails total in our MW database (60 days), URIBL_BLACK has hit 149068, of which 35 (0.02%) were FP's. Please note that I am using emails hitting URIBL_BLACK and were quarantined, and then subsequently released from quarantine to calculate FP's. Regards, Richard From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Monis Monther Posted At: 28 January 2010 15:23 Posted To: Hostmaster Conversation: Not detecting this message Subject: Fwd: Not detecting this message Hi People any updates please ?? ---------- Forwarded message ---------- From: Monis Monther Date: Wed, Jan 27, 2010 at 3:25 PM Subject: Re: Not detecting this message To: MailScanner discussion Hi Again: Sorry Hostmaster for some reason I my gmail didnt allow to me to reply to your message so I am replying on my own thread First of all thanks for the quick response Now Regarding your concerns Yes i use URIBL Below are the scores I have in my SpamAssassin score URIBL_AB_SURBL 0 1.613 0 1.860 # n=0 n=2 score URIBL_JP_SURBL 0 2.857 0 1.501 # n=0 n=2 score URIBL_OB_SURBL 0 2.132 0 1.500 # n=0 n=2 score URIBL_PH_SURBL 0 2.035 0 1.787 # n=0 n=2 score URIBL_RHS_DOB 0 0.901 0 1.083 # n=0 n=2 score URIBL_SBL 0 2.468 0 1.499 # n=0 n=2 score URIBL_SC_SURBL 0 2.523 0 0.474 # n=0 n=2 score URIBL_WS_SURBL 0 2.100 0 1.500 # n=0 n=2 score URIBL_BLACK 0 1.961 0 1.955 # n=0 n=2 Do you think I need to adjust ?? The message was tagged with URIBL_BLACK with score 1.96, it was also tagged with some other scores, but it did not pass 6 and many other like this one only get a score bwetween 2-5. I use spamhaus-zen and CBL as my RBL lists On Wed, Jan 27, 2010 at 2:42 PM, Monis Monther wrote: Hi everyone Today I started to get hundereds of messages in the following form Hi. My name is Nicole. this is about you? Goodbye :-) And it has the subject Please I also received similar messages with Subjects : Question, Answer me, Please answer me How can I stop such messages, all passed as clean except the ones that came from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN didnt catch any of them Help Please Thanks All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/3acd692c/attachment.html From steve at fsl.com Thu Jan 28 15:51:07 2010 From: steve at fsl.com (Stephen Swaney) Date: Thu Jan 28 15:51:17 2010 Subject: MailScanner Archive Option In-Reply-To: <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> Message-ID: <00A8DA8B-323C-48D7-AADE-F85FC7DD3E33@fsl.com> On Jan 28, 2010, at 11:21 AM, Monis Monther wrote: > Steve are you sure about this, in my case this does not work, as they are not saved as rfc281 messages like in quarantine > > They are stored as message queue files and to retrieve them is a pain > > Change permission of file to be executable and copy it to the postfix incoming queue (I use postfix), and have to make a customized script to accomplish my need > > Any advise is appreciated if I am doing something wrong here > > > Thanks > > Monis > > On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney wrote: > Richard, > > The messages will be stored as individual message files in a text format in a separate folder for each day > > The can be rent by changing to the directory contain the message and running > > sendmail -iot < [message_file_name] > > Steve > > On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: > >> Hi >> >> I would like to setup mail archiving for one domain. I see from the instructions that it archives to a folder destination that you specify. Could someone explain how it saves it (format) and how the messages are retrieved into either a mail server or mail client? >> >> Thanks >> >> Richard >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > Thanks, > > Steve > > -- > Steve Swaney > steve@fsl.com > 202 595-7760 ext: 601 > www.fsl.com > The most accurate and cost effective anti-spam solutions available > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Sorry I gave you the wrong information. I thought I was answering one of our clients who had just asked an archiving question and uses sendmail. Must have been too early in the AM here. Perhaps one of the Postfix experts can assist you. Steve -- Steve Swaney steve@fsl.com www.fsl.com The most accurate and cost effective anti-spam solutions available -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/532ef592/attachment.html From maillists at conactive.com Thu Jan 28 18:31:20 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 28 18:31:33 2010 Subject: Not detecting this message In-Reply-To: <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> <837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> Message-ID: Please? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ssilva at sgvwater.com Thu Jan 28 20:29:50 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 28 20:30:21 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: <4B609BC7.5010009@farrows.org> References: <4B609BC7.5010009@farrows.org> Message-ID: on 1-27-2010 12:02 PM Peter Farrow spake the following: > I have had this problem persistently on Centos 5.3 boxes running > MailScanner. > > Bind became such a problem on these machines I added several other > nameservers in resolve.conf. > > Bind daemon appears to be running but does not respond to service stop > command nor does answer any queries. > > To stop it I find the process number kill -9 it and then restart with > the service command, it will then run for a random amount of time from > hours to weeks and then go again, > > I think its a bug. > I do believe a bind update came out with 5.4... weeks ago -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100128/99942ae0/signature.bin From mikael at syska.dk Fri Jan 29 01:48:36 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 29 01:49:05 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message Message-ID: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> Hi, I get this when running ./MailScanner --lint Connected to SpamAssassin cache database SpamAssassin reported no errors. I have found scanners installed, and will use them all by default. You appear to have no virus scanners installed at all! This is not good. If you have installed any, then check your virus.scanners.conf file to make sure the locations of your scanners are correct at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 506 Connected to Processing Attempts Database If the above not misleading .... > I have found scanners installed, and will use them all by default. And then the next line: > You appear to have no virus scanners installed at all! Or are we talking about other "scanners" in this context than virus scanners ? In the dir: /opt/MailScanner/ There is a file: INSTALL.FreeBSD I think it either should be deleted or updated ... the file refenced in step 5 does not exists any more. Also some of the other steps seems to be outdated ... How are others using the install.sh packages on FreeBSD to make it start automatically when booting ? normaly I stick with the ports tree ... but this was just to test the install package that Julian and many other are using to stay more current with the development ... and fixes that apear all the time :-) Best regards Mikael Syska From glenn.steen at gmail.com Fri Jan 29 02:09:29 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 29 02:09:42 2010 Subject: MailScanner Archive Option In-Reply-To: <00A8DA8B-323C-48D7-AADE-F85FC7DD3E33@fsl.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> <00A8DA8B-323C-48D7-AADE-F85FC7DD3E33@fsl.com> Message-ID: <223f97701001281809o493dcf8bvefad992e43372b08@mail.gmail.com> 2010/1/28 Stephen Swaney : > > On Jan 28, 2010, at 11:21 AM, Monis Monther wrote: > > Steve are you sure about this, in my case this does not work, as they are > not saved as rfc281 messages like in quarantine > > They are stored as message queue files and to retrieve them is a pain > > Change permission of file to be executable and copy it to the postfix > incoming queue (I use postfix), and have to make a customized script to > accomplish my need > > Any advise is appreciated if I am doing something wrong here > > > Thanks > > Monis > > On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney wrote: >> >> Richard, >> The messages will be stored as individual message files in a text format >> in a separate folder for each day >> The can be rent by changing to the directory contain the message and >> running >> sendmail -iot ?< [message_file_name] >> Steve >> On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: >> >> Hi >> >> I would like to setup mail archiving for one domain. I see from the >> instructions that it archives to a folder destination that you specify. >> Could someone explain how it saves it (format)?and how the messages are >> retrieved into either a mail server or mail client? >> >> Thanks >> >> Richard >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Thanks, >> >> Steve >> >> -- >> Steve Swaney >> steve@fsl.com >> 202 595-7760 ext: 601 >> www.fsl.com >> The most accurate and cost effective?anti-spam solutions available >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Sorry I gave you the wrong information. > I thought I was answering one of our clients who had just asked an archiving > question and uses sendmail. Must have been too early in the AM here. > Perhaps one of the Postfix experts can assist you. > Steve > > -- > Steve Swaney > steve@fsl.com > www.fsl.com > The most accurate and cost effective?anti-spam solutions available > As can be seen here: http://www.mailscanner.info/MailScanner.conf.index.html#Archive%20Mail ..... the archive mail feature is not that easily described:-). It can be individual files, and then will be the MTA format of choice, or mbox, depending on how you set it. Or even just a forwarding rule... But what one need be crystal clear about is that this archive happens first, before _ANY_ scanning is done. So releasing stuff from it, or including choice parts of it into your MUA is probably not a good idea. Depending on the needs you have, might I suggest you instead use the Non Spam Actions to store a copy of all clean mail? All you need do is include "store" in the actions and it'll be stored in your quarantine (and in the quarantine format! Manageable through MailWatch!! Yay!!!:-):-). The path would be something like /var/spool/MailScanner/quarantine//non-spam/ Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Fri Jan 29 10:30:52 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jan 29 10:31:11 2010 Subject: Off Topic: Caching Bind Server Freezing In-Reply-To: References: <4B609BC7.5010009@farrows.org> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA08B9DFA6@HC-MBX02.herefordshire.gov.uk> Scott Silva wrote: > on 1-27-2010 12:02 PM Peter Farrow spake the following: >> I have had this problem persistently on Centos 5.3 boxes running >> MailScanner. >> >> Bind became such a problem on these machines I added several other >> nameservers in resolve.conf. >> >> Bind daemon appears to be running but does not respond to service >> stop command nor does answer any queries. >> >> To stop it I find the process number kill -9 it and then restart with >> the service command, it will then run for a random amount of time >> from hours to weeks and then go again, >> >> I think its a bug. >> > I do believe a bind update came out with 5.4... weeks ago Last Redhat/CentOS post-5.4 bind updates are http://rhn.redhat.com/errata/RHSA-2010-0062.html https://rhn.redhat.com/errata/RHSA-2009-1620.html Changes in bind for Redhat/CentOS 5.4: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Techn ical_Notes/bind.html I've never had any problems with bind here (CentOS 5.4 x64). Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From maillists at conactive.com Fri Jan 29 11:31:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 29 11:31:35 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> Message-ID: Mikael Syska wrote on Fri, 29 Jan 2010 02:48:36 +0100: read again ;-) > If the above not misleading .... > > I have found [if found would be listed here] scanners installed, and will use them all by default. > And then the next line: > > You appear to have no virus scanners installed at all! Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From lyndonl at mexcom.co.za Fri Jan 29 11:41:42 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Jan 29 11:42:23 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> Message-ID: <9FC254DE-E446-4149-B30F-380A999647B6@mexcom.co.za> Did you install from the ports directory? On 29 Jan 2010, at 3:48 AM, Mikael Syska wrote: > > > In the dir: > /opt/MailScanner/ > There is a file: INSTALL.FreeBSD > > -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za From mikael at syska.dk Fri Jan 29 12:36:39 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 29 12:37:07 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> Message-ID: <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> Hi, Also ... found a other thing ... I'm using postfix .... When running: MailScanner --lint It gave me no errors at all .... so I started MailScanner. In the maillog I saw this entry: Jan 29 03:18:40 freebsd MailScanner[89552]: User's home directory /var/spool/postfix is not writable Jan 29 03:18:40 freebsd MailScanner[89552]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to Should the above message not have been found when run MailScanner with the --lint option ? On Fri, Jan 29, 2010 at 12:31 PM, Kai Schaetzl wrote: > Mikael Syska wrote on Fri, 29 Jan 2010 02:48:36 +0100: > > read again ;-) Will do ... I'm not native speaking english ... but > >> If the above not misleading .... >> > I have found [if found would be listed here] scanners installed, and > will use them all by default. It still does say ... "I have found scanners" ... no, you did not find any scanners .... and all the scanners you did not find, will be used ... >> And then the next line: >> > You appear to have no virus scanners installed at all! Still ... just wanted to point it out ... could be misleading. mvh Mikael Syska From mikael at syska.dk Fri Jan 29 12:40:24 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 29 12:40:41 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <9FC254DE-E446-4149-B30F-380A999647B6@mexcom.co.za> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <9FC254DE-E446-4149-B30F-380A999647B6@mexcom.co.za> Message-ID: <6beca9db1001290440y7ee94826n6304d8048a6f87ec@mail.gmail.com> Hi, On Fri, Jan 29, 2010 at 12:41 PM, Lyndon Labuschagne wrote: > Did you install from the ports directory? No ... I wanted for a change try Jules: "Version 4.79.10-1 for Solaris / BSD / Other Linux / Other Unix" install package from the site: http://mailscanner.info/downloads.html mvh > > On 29 Jan 2010, at 3:48 AM, Mikael Syska wrote: > >> >> >> In the dir: >> /opt/MailScanner/ >> There is a file: INSTALL.FreeBSD >> >> > > > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > mvh Mikael Syska From lyndonl at mexcom.co.za Fri Jan 29 12:48:52 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Jan 29 12:49:10 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> Message-ID: This might be a little out of date now for FreeBSD 8.0 But I dont think so I wrote this a while ago, maybe it will help http://joe-ma-how-to.blogspot.com/2008/05/configuring-freebsd-postfix-mailscanner.html > > It gave me no errors at all .... so I started MailScanner. In the > maillog I saw this entry: > Jan 29 03:18:40 freebsd MailScanner[89552]: User's home directory > /var/spool/postfix is not writable > Jan 29 03:18:40 freebsd MailScanner[89552]: You need to set the > "SpamAssassin User State Dir" to a directory that the "Run As User" > can write to > From maillists at conactive.com Fri Jan 29 13:31:19 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 29 13:31:33 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> Message-ID: Mikael Syska wrote on Fri, 29 Jan 2010 13:36:39 +0100: > >> If the above not misleading .... > >> > I have found [if found would be listed here] scanners installed, and > > will use them all by default. > > It still does say ... "I have found scanners" ... no, you did not find > any scanners .... and all the scanners you did not find, will be used > ... It means it didn't find any. Is that so hard to understand? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jrespeto at shadowtechnetworking.com Fri Jan 29 13:31:30 2010 From: jrespeto at shadowtechnetworking.com (Jonathan Respeto) Date: Fri Jan 29 13:31:40 2010 Subject: MailScanner + SA with MySQL userprefs Message-ID: Hi, Trying to setup MailScanner to use SpamAssassin with a MySQL DB for the userprefs. This is to use Squirrelmail with SpamAssassin+SQL Plugin I am able to do it with out MailScanner but then I lose Virus Scanning. The SA docs says "spamd can use SQL user_prefs by calling it with the -q or -Q flags." How does MailScanner call SA? Is there a way I can add the -q option when SA is run? If there is where? Where does MailScanner gets SA configs from? My setup is on CentOS 5.4 with just the basics. Apache, sendmail, MySQL, MailScanner, SpamAssassin, Squirrelmail with SpamAssassin+SQL Plugin. Ref.. http://svn.apache.org/repos/asf/spamassassin/branches/3.2/sql/README http://wiki.apache.org/spamassassin/UsingSQL http://squirrelmail.org/plugin_view.php?id=167 Many thanks in advance. Jonathan From steve.freegard at fsl.com Fri Jan 29 13:44:23 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jan 29 13:44:37 2010 Subject: MailScanner + SA with MySQL userprefs In-Reply-To: References: Message-ID: <4B62E637.70705@fsl.com> On 29/01/10 13:31, Jonathan Respeto wrote: > Hi, > > Trying to setup MailScanner to use SpamAssassin with a MySQL DB for > the userprefs. > > This is to use Squirrelmail with SpamAssassin+SQL Plugin > > I am able to do it with out MailScanner but then I lose Virus Scanning. > The SA docs says "spamd can use SQL user_prefs by calling it with the > -q or -Q flags." > > How does MailScanner call SA? Is there a way I can add the -q option > when SA is run? If there is where? Where does MailScanner gets SA > configs from? > > My setup is on CentOS 5.4 with just the basics. > Apache, sendmail, MySQL, MailScanner, SpamAssassin, Squirrelmail with > SpamAssassin+SQL Plugin. > Can't be done as MailScanner calls the SpamAssassin libraries directly under a single user and does not use spamd (which implements the user_prefs). See the list archives; I posted a plug-in some time ago that implements spamd support in MailScanner - however it's not been tested much and would require a bit of extra logic to work out which user should be sent to SpamAssassin as in the case of multi-recipient messages user preferences become quite 'tricky' to implement. Regards, Steve. From mikael at syska.dk Fri Jan 29 14:00:32 2010 From: mikael at syska.dk (Mikael Syska) Date: Fri Jan 29 14:00:57 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> Message-ID: <6beca9db1001290600s56701ce2y34343857c1287350@mail.gmail.com> Hi, On Fri, Jan 29, 2010 at 2:31 PM, Kai Schaetzl wrote: > Mikael Syska wrote on Fri, 29 Jan 2010 13:36:39 +0100: > >> >> If the above not misleading .... >> >> > I have found [if found would be listed here] scanners installed, and >> > will use them all by default. >> >> It still does say ... "I have found scanners" ... no, you did not find >> any scanners .... and all the scanners you did not find, will be used >> ... > > It means it didn't find any. Is that so hard to understand? This means you dont get me. It could be written better ... If you read it line by line ... its misleading. Maybe something like: Looking for scanners and will use them if any was found. Found: {scanner names} I just wanted to contribute to the MailScanner product, but I can see this was a very bad idea. Its like doing top posting, reversing the conversation. Again ... I can live with ti the way it is, just wanted to help and sorry for that Kai, but I can't guarantee it wont happen again :-) > Kai > -- mvh Mikael Syska From richard at sidlin.co.uk Fri Jan 29 17:16:03 2010 From: richard at sidlin.co.uk (Richard Sidlin) Date: Fri Jan 29 17:16:15 2010 Subject: MailScanner Archive Option In-Reply-To: <223f97701001281809o493dcf8bvefad992e43372b08@mail.gmail.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer><1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com><837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com><00A8DA8B-323C-48D7-AADE-F85FC7DD3E33@fsl.com> <223f97701001281809o493dcf8bvefad992e43372b08@mail.gmail.com> Message-ID: <28979A6C19E64170BDC03200B2E4429D@Gaffer> -------------------------------------------------- From: "Glenn Steen" Sent: Friday, January 29, 2010 2:09 AM To: "MailScanner discussion" Subject: Re: MailScanner Archive Option > 2010/1/28 Stephen Swaney : >> >> On Jan 28, 2010, at 11:21 AM, Monis Monther wrote: >> >> Steve are you sure about this, in my case this does not work, as they are >> not saved as rfc281 messages like in quarantine >> >> They are stored as message queue files and to retrieve them is a pain >> >> Change permission of file to be executable and copy it to the postfix >> incoming queue (I use postfix), and have to make a customized script to >> accomplish my need >> >> Any advise is appreciated if I am doing something wrong here >> >> >> Thanks >> >> Monis >> >> On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney wrote: >>> >>> Richard, >>> The messages will be stored as individual message files in a text format >>> in a separate folder for each day >>> The can be rent by changing to the directory contain the message and >>> running >>> sendmail -iot < [message_file_name] >>> Steve >>> On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: >>> >>> Hi >>> >>> I would like to setup mail archiving for one domain. I see from the >>> instructions that it archives to a folder destination that you specify. >>> Could someone explain how it saves it (format) and how the messages are >>> retrieved into either a mail server or mail client? >>> >>> Thanks >>> >>> Richard >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> Thanks, >>> >>> Steve >>> >>> -- >>> Steve Swaney >>> steve@fsl.com >>> 202 595-7760 ext: 601 >>> www.fsl.com >>> The most accurate and cost effective anti-spam solutions available >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> Sorry I gave you the wrong information. >> I thought I was answering one of our clients who had just asked an >> archiving >> question and uses sendmail. Must have been too early in the AM here. >> Perhaps one of the Postfix experts can assist you. >> Steve >> >> -- >> Steve Swaney >> steve@fsl.com >> www.fsl.com >> The most accurate and cost effective anti-spam solutions available >> > As can be seen here: > http://www.mailscanner.info/MailScanner.conf.index.html#Archive%20Mail > ..... the archive mail feature is not that easily described:-). It can > be individual files, and then will be the MTA format of choice, or > mbox, depending on how you set it. Or even just a forwarding rule... > > But what one need be crystal clear about is that this archive happens > first, before _ANY_ scanning is done. So releasing stuff from it, or > including choice parts of it into your MUA is probably not a good > idea. > Depending on the needs you have, might I suggest you instead use the > Non Spam Actions to store a copy of all clean mail? All you need do is > include "store" in the actions and it'll be stored in your quarantine > (and in the quarantine format! Manageable through MailWatch!! > Yay!!!:-):-). The path would be something like > /var/spool/MailScanner/quarantine//non-spam/ either queue files or RFC 821-decoded text files> > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- Thanks Glenn. What I did in the end was to create a subdomain of the domain that I wanted to archive and set up a rule to forward a copy i.e. *@domain.co.uk to archive@archive.domain.co.uk and that seems to work. I basically wanted to offer my clients an archiving solution should their Exchange or whatever go down. This way, they can simply log into the subdomain to view their mail. From maillists at conactive.com Fri Jan 29 19:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 29 19:31:33 2010 Subject: Using the install package on FreeBSD 8.0 - outdated INSTALL.FreeBSD & a odd lint message In-Reply-To: <6beca9db1001290600s56701ce2y34343857c1287350@mail.gmail.com> References: <6beca9db1001281748u8d1a2d9l6102753c558dad6c@mail.gmail.com> <6beca9db1001290436h2994e122l1346307cae3a2a20@mail.gmail.com> <6beca9db1001290600s56701ce2y34343857c1287350@mail.gmail.com> Message-ID: Mikael Syska wrote on Fri, 29 Jan 2010 15:00:32 +0100: > This means you dont get me. Indeed. Taking your "If" as "Is" (and considering you might have misphrased somewhere else as well) I read that you are not sure if it found scanners or not. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From dcurtis at sbschools.net Fri Jan 29 19:56:13 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 29 19:56:06 2010 Subject: stripped attachments Message-ID: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> I have an end user that keeps getting his attachements stripped on outgoing email. I see nothing in the log, he is whitelisted. At first I thought it might have simply been a pdf issue but I had him try it again as rtf and it still is getting killed. The attachments show up at the end users as 0k so there is something killing it but since I have nothing in the maillog I have no idea as to what might be doing this. Any ideas? Anyone else have anything happen like this? Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.76.25 ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100129/90615a15/attachment.html From dcurtis at sbschools.net Fri Jan 29 20:03:24 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 29 20:05:47 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net> I have been doing more digging and have found this info: Jan 29 14:52:44 spamfilter MailScanner[19613]: Expanding TNEF archive at /dev/shm/19613/EBC4F177500.A6656/winmail.dat Jan 29 14:52:44 spamfilter MailScanner[19613]: Message EBC4F177500.A6656 added TNEF contents Statement.RTF Jan 29 14:52:44 spamfilter MailScanner[19613]: Message EBC4F177500.A6656 has had TNEF winmail.dat removed Jan 29 14:52:44 spamfilter MailScanner[19613]: Requeue: EBC4F177500.A6656 to CC245177506 Jan 29 14:52:44 spamfilter MailScanner[19613]: Logging message EBC4F177500.A6656 to SQL From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Friday, January 29, 2010 2:56 PM To: mailscanner@lists.mailscanner.info Subject: stripped attachments I have an end user that keeps getting his attachements stripped on outgoing email. I see nothing in the log, he is whitelisted. At first I thought it might have simply been a pdf issue but I had him try it again as rtf and it still is getting killed. The attachments show up at the end users as 0k so there is something killing it but since I have nothing in the maillog I have no idea as to what might be doing this. Any ideas? Anyone else have anything happen like this? Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.76.25 ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100129/5118852a/attachment.html From campbell at cnpapers.com Fri Jan 29 20:08:41 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jan 29 20:08:57 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> Message-ID: <4B634049.9050608@cnpapers.com> dcurtis@sbschools.net wrote: > > I have an end user that keeps getting his attachements stripped on > outgoing email. I see nothing in the log, he is whitelisted. At first > I thought it might have simply been a pdf issue but I had him try it > again as rtf and it still is getting killed. The attachments show up > at the end users as 0k so there is something killing it but since I > have nothing in the maillog I have no idea as to what might be doing this. > > > > Any ideas? Anyone else have anything happen like this? > > > > > > Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 > 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux > > This is CentOS release 5.3 (Final) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.76.25 > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* > ,*ClamAV* and *Bitdefender* > , and is > believed to be clean. Filename? Filetype? End-user's mail server stripping it? Not much to go on. steve campbell From dcurtis at sbschools.net Fri Jan 29 20:18:05 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 29 20:20:48 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> <73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net> Message-ID: <73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> I have change the mailscanner conf instead of replace (use TNEF Contents = replace) I set it to no and now they are making it every time? Is there something wrong with the version I have or is clamd causing this kind of behavior? I am running clam 0.95.2 From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Friday, January 29, 2010 3:03 PM To: mailscanner@lists.mailscanner.info Subject: RE: stripped attachments I have been doing more digging and have found this info: Jan 29 14:52:44 spamfilter MailScanner[19613]: Expanding TNEF archive at /dev/shm/19613/EBC4F177500.A6656/winmail.dat Jan 29 14:52:44 spamfilter MailScanner[19613]: Message EBC4F177500.A6656 added TNEF contents Statement.RTF Jan 29 14:52:44 spamfilter MailScanner[19613]: Message EBC4F177500.A6656 has had TNEF winmail.dat removed Jan 29 14:52:44 spamfilter MailScanner[19613]: Requeue: EBC4F177500.A6656 to CC245177506 Jan 29 14:52:44 spamfilter MailScanner[19613]: Logging message EBC4F177500.A6656 to SQL From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dcurtis@sbschools.net Sent: Friday, January 29, 2010 2:56 PM To: mailscanner@lists.mailscanner.info Subject: stripped attachments I have an end user that keeps getting his attachements stripped on outgoing email. I see nothing in the log, he is whitelisted. At first I thought it might have simply been a pdf issue but I had him try it again as rtf and it still is getting killed. The attachments show up at the end users as 0k so there is something killing it but since I have nothing in the maillog I have no idea as to what might be doing this. Any ideas? Anyone else have anything happen like this? Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.76.25 ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner ,ClamAV and Bitdefender , and is believed to be clean. ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100129/ae49c25a/attachment.html From dcurtis at sbschools.net Fri Jan 29 20:23:39 2010 From: dcurtis at sbschools.net (dcurtis@sbschools.net) Date: Fri Jan 29 20:25:47 2010 Subject: stripped attachments In-Reply-To: <4B634049.9050608@cnpapers.com> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net> <4B634049.9050608@cnpapers.com> Message-ID: <73461DFCD2207F44A16F136A4619554547314E@exchange2.sbschools.net> Pdf file, exchange 2003 also had the program the produces the pdf to save as rtf and even took the txt content and saved as a txt attachment. All ended up with the same result, file name sometimes come through without the last character but always zero byte file. The client is using outlook 2003. He has a program that produces a lot of statements and sends them out as pdf's. I had no issue with this in the past. I can have him do the same thing with an internal account and it works 100% of the time, but when it goes outside (through mailscanner) 99% of the time the attachment shows up as zero bytes. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Friday, January 29, 2010 3:09 PM To: MailScanner discussion Subject: Re: stripped attachments dcurtis@sbschools.net wrote: > > I have an end user that keeps getting his attachements stripped on > outgoing email. I see nothing in the log, he is whitelisted. At first > I thought it might have simply been a pdf issue but I had him try it > again as rtf and it still is getting killed. The attachments show up > at the end users as 0k so there is something killing it but since I > have nothing in the maillog I have no idea as to what might be doing this. > > > > Any ideas? Anyone else have anything happen like this? > > > > > > Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 > 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux > > This is CentOS release 5.3 (Final) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.76.25 > > > ______________________________________________________________ > ______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* > ,*ClamAV* and *Bitdefender* > , and is > believed to be clean. Filename? Filetype? End-user's mail server stripping it? Not much to go on. steve campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. From alex at rtpty.com Fri Jan 29 20:32:29 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri Jan 29 20:32:43 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><73461DFCD2207F44A16F136A46195545473148@exchange2.sbschools.net><73461DFCD2207F44A16F136A4619554547314D@exchange2.sbschools.net> Message-ID: <235380206-1264797150-cardhu_decombobulator_blackberry.rim.net-1921838396-@bda942.bisx.prod.on.blackberry> Clam isn't touching it. Leave "replace" alone or have it add the attachment, otherwise you're asking MS to remove the attachment. By saying "use the attachment that came in microsoft's bogus tnef format equals no" you are actually asking for the bogus attachment to be removed. Perhaps the wording of the option or the explanatory text could be improved. I can see how non-English-speaking admins might misunderstand the option's purpose or effect. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Date: Fri, 29 Jan 2010 15:18:05 To: Subject: RE: stripped attachments -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Fri Jan 29 20:35:29 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri Jan 29 20:35:46 2010 Subject: stripped attachments In-Reply-To: <73461DFCD2207F44A16F136A4619554547314E@exchange2.sbschools.net> References: <73461DFCD2207F44A16F136A46195545473145@exchange2.sbschools.net><4B634049.9050608@cnpapers.com><73461DFCD2207F44A16F136A4619554547314E@exchange2.sbschools.net> Message-ID: <2115262968-1264797331-cardhu_decombobulator_blackberry.rim.net-1045598555-@bda942.bisx.prod.on.blackberry> Read the previous posts. Either leave tnef stuff alone or replace/add it, and change the tnef handler if you encounter problems - and try to switch off the forced tnef conversion that the exchange server is doing if possible to avoid problems in the future. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Date: Fri, 29 Jan 2010 15:23:39 To: Subject: RE: stripped attachments Pdf file, exchange 2003 also had the program the produces the pdf to save as rtf and even took the txt content and saved as a txt attachment. All ended up with the same result, file name sometimes come through without the last character but always zero byte file. The client is using outlook 2003. He has a program that produces a lot of statements and sends them out as pdf's. I had no issue with this in the past. I can have him do the same thing with an internal account and it works 100% of the time, but when it goes outside (through mailscanner) 99% of the time the attachment shows up as zero bytes. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Friday, January 29, 2010 3:09 PM To: MailScanner discussion Subject: Re: stripped attachments dcurtis@sbschools.net wrote: > > I have an end user that keeps getting his attachements stripped on > outgoing email. I see nothing in the log, he is whitelisted. At first > I thought it might have simply been a pdf issue but I had him try it > again as rtf and it still is getting killed. The attachments show up > at the end users as 0k so there is something killing it but since I > have nothing in the maillog I have no idea as to what might be doing this. > > > > Any ideas? Anyone else have anything happen like this? > > > > > > Linux sbmail.sbschools.net 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 > 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux > > This is CentOS release 5.3 (Final) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.76.25 > > >______________________________________________________________ >______________________________________________________________ > This email may contain information protected under the Family > Educational Rights and Privacy Act (FERPA) or the Health Insurance > Portability and Accountability Act (HIPAA). If this email contains > confidential and/or privileged health or student information and you > are not entitled to access such information under FERPA or HIPAA, > federal regulations require that you destroy this email without > reviewing it and you may not forward it to anyone. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* > ,*ClamAV* and *Bitdefender* > , and is > believed to be clean. Filename? Filetype? End-user's mail server stripping it? Not much to go on. steve campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ______________________________________________________________ ______________________________________________________________ This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone. -- This message has been scanned for viruses and dangerous content by MailScanner, ClamAV and Bitdefender and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jens at huenerberg.net Fri Jan 29 22:09:51 2010 From: jens at huenerberg.net (Jens Huenerberg) Date: Fri Jan 29 22:09:59 2010 Subject: ClamAV response not interpreted Message-ID: <4B635CAF.2080703@huenerberg.net> Hi, I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0. For the installation, I've used the install script for MailScanner and the latest easy install package for ClamAV and SpamAssassin (which by the way failed to build an RSA module but nevertheless completed successfully). As I'm using CentOS 5.x, I skipped the installation of ClamAV from that package and installed the RPM packages for version 0.95.3 from http://packages.sw.be/clamav/ instead. All this worked out fine. In the end, MailScanner seemed to operate the way it should. Headers are marked and Spam is classified. Great. As I was unsure, whether ClamAV was working, I've sent an EICAR signature in an email from a remote system to my new mail server. I expected to get a reject or at least a warning. But no: "X-myorg-MailScanner: Found to be clean" No warnings, nothing. Surprise, surprise. In a next step, I've performed some tests with ClamAV. And ClamAV always detects the virus signature. Ok. So I adjusted the clamav-wrapper script: ---> $ClamScan $ExtraScanOptions $ScanOptions "$@" retval=$? #Log command and results echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan echo $retval >>/tmp/scanlog <---- What I found, was a virus positive return value (1): /usr/bin/clamscan --tempdir=/tmp/clamav.22701 1 Obviously, ClamAV had been asked to scan the email, found it to contain a virus and reported this back to MailScanner. But MailScanner did not complain in any way. Have I missed some special option to let MailScanner do something with a positive answer? Or am I completely misled and wrong? Any hint or help is very much appreciated ... -- Thanks and kind regards Jens From mmmm82 at gmail.com Fri Jan 29 22:26:56 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Fri Jan 29 22:27:08 2010 Subject: Not detecting this message In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2ACFA5D0@commssrv01.computerservicecentre.com> References: <837e17ab1001270442v1d249b29v1ee96bd632272ae0@mail.gmail.com> <837e17ab1001270525w452abd85r96b8708813bbc7cb@mail.gmail.com> <837e17ab1001280722v35ac9d32xf7047aae77daa33e@mail.gmail.com> <3D9C92F3075F5144B46AA2C590F48E2ACFA5D0@commssrv01.computerservicecentre.com> Message-ID: <837e17ab1001291426u6b091ef0v6db2671fcaa8201c@mail.gmail.com> Thanks Richard I will highly consider your advice and raise it up, as I quarantine our mails for a period of a month so I am not very afraid from FP , I would rather test it with the higher score Thanks for your help Best Regards Monis On Thu, Jan 28, 2010 at 5:41 PM, Hostmaster < Hostmaster@computerservicecentre.com> wrote: > I would suggest you consider bumping up the score for URIBL_BLACK to > something like 4 or maybe higher (I have it at 6 on our MS installations). > Looking back at a history of 1.5 million emails total in our MW database (60 > days), URIBL_BLACK has hit 149068, of which 35 (0.02%) were FP?s. Please > note that I am using emails hitting URIBL_BLACK and were quarantined, and > then subsequently released from quarantine to calculate FP?s. > > > > Regards, > > Richard > > > > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Monis Monther > *Posted At:* 28 January 2010 15:23 > > *Posted To:* Hostmaster > *Conversation:* Not detecting this message > *Subject:* Fwd: Not detecting this message > > > > Hi People any updates please ?? > > > > ---------- Forwarded message ---------- > From: *Monis Monther* > Date: Wed, Jan 27, 2010 at 3:25 PM > Subject: Re: Not detecting this message > To: MailScanner discussion > > Hi Again: > > Sorry Hostmaster for some reason I my gmail didnt allow to me to reply to > your message so I am replying on my own thread > > First of all thanks for the quick response > > Now Regarding your concerns > > Yes i use URIBL > > Below are the scores I have in my SpamAssassin > > score URIBL_AB_SURBL 0 1.613 0 1.860 # n=0 n=2 > score URIBL_JP_SURBL 0 2.857 0 1.501 # n=0 n=2 > score URIBL_OB_SURBL 0 2.132 0 1.500 # n=0 n=2 > score URIBL_PH_SURBL 0 2.035 0 1.787 # n=0 n=2 > score URIBL_RHS_DOB 0 0.901 0 1.083 # n=0 n=2 > score URIBL_SBL 0 2.468 0 1.499 # n=0 n=2 > score URIBL_SC_SURBL 0 2.523 0 0.474 # n=0 n=2 > score URIBL_WS_SURBL 0 2.100 0 1.500 # n=0 n=2 > score URIBL_BLACK 0 1.961 0 1.955 # n=0 n=2 > > > Do you think I need to adjust ?? > > The message was tagged with URIBL_BLACK with score 1.96, it was also tagged > with some other scores, but it did not pass 6 and many other like this one > only get a score bwetween 2-5. > > I use spamhaus-zen and CBL as my RBL lists > > > > > On Wed, Jan 27, 2010 at 2:42 PM, Monis Monther wrote: > > Hi everyone > > Today I started to get hundereds of messages in the following form > > Hi. > My name is Nicole. > > this is about you? > > > Goodbye :-) > > > And it has the subject Please > > I also received similar messages with Subjects : Question, Answer me, > Please answer me > > > How can I stop such messages, all passed as clean except the ones that came > from Black Listed sites, which were tagged and stopped based, SPAM ASSASSIN > didnt catch any of them > > Help Please > > Thanks > > > > > > > > > All E-Mail communications are monitored in addition to being content > checked for malicious codes or viruses. The success of scanning products is > not guaranteed, therefore the recipient(s) should carry out any checks that > they believe to be appropriate in this respect. > > > > This message (including any attachments and/or related materials) is > confidential to and is the property of Computer Service Centre, unless > otherwise noted. If you are not the intended recipient, you should delete > this message and are hereby notified that any disclosure, copying, or > distribution of this message, or the taking of any action based on it, is > strictly prohibited. > > > > Any views or opinions presented are solely those of the author and do not > necessarily represent those of Computer Service Centre. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100130/b30092f2/attachment-0001.html From mmmm82 at gmail.com Fri Jan 29 22:50:48 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Fri Jan 29 22:50:58 2010 Subject: MailScanner Archive Option In-Reply-To: References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <4B61AD72.207@ecs.soton.ac.uk> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> Message-ID: <837e17ab1001291450y709a2864m3a9d1266f5e14fd3@mail.gmail.com> Dear Jules: Thanks for your response , I have this option set to no Quarantine Whole Messages As Queue Files = no Quarantine saves messages as RFC 822 messages (which is very nice) But archived messages are still saved as queue files and to retrieve them is hard. Any help please These are my Archive settings from MailScanner.conf Archive Mail = /var/spool/MailScanner/archive Missing Mail Archive Is = directory Glenn: your approach might be interesting to store only clean messages in quarantine Thanks for everyone On Thu, Jan 28, 2010 at 5:29 PM, Julian Field wrote: > > > On 28/01/2010 15:21, Monis Monther wrote: > >> Steve are you sure about this, in my case this does not work, as they are >> not saved as rfc281 messages like in quarantine >> >> They are stored as message queue files and to retrieve them is a pain >> > Suggest you take a look at this option in MailScanner.conf: > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = yes > > >> Change permission of file to be executable and copy it to the postfix >> incoming queue (I use postfix), and have to make a customized script to >> accomplish my need >> >> Any advise is appreciated if I am doing something wrong here >> >> >> Thanks >> >> Monis >> >> On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney > steve@fsl.com>> wrote: >> >> Richard, >> >> The messages will be stored as individual message files in a text >> format in a separate folder for each day >> >> The can be rent by changing to the directory contain the message >> and running >> >> sendmail -iot < [message_file_name] >> >> Steve >> >> On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: >> >> Hi >>> I would like to setup mail archiving for one domain. I see from >>> the instructions that it archives to a folder destination that >>> you specify. Could someone explain how it saves it (format) and >>> how the messages are retrieved into either a mail server or mail >>> client? >>> Thanks >>> Richard >>> -- MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> Thanks, >> >> Steve >> >> -- Steve Swaney >> steve@fsl.com >> >> 202 595-7760 ext: 601 >> www.fsl.com >> >> The most accurate and cost effective anti-spam solutions available >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100130/740fef2a/attachment.html From glenn.steen at gmail.com Sat Jan 30 14:13:17 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 30 14:13:26 2010 Subject: MailScanner + SA with MySQL userprefs In-Reply-To: <4B62E637.70705@fsl.com> References: <4B62E637.70705@fsl.com> Message-ID: <223f97701001300613j25258ecapdfe1f9bdc7f6e900@mail.gmail.com> Um, Steve... Why not push your excellent MailWatch? Likely all that is needed is per user scores, and it does do that:-P. Cheers 2010/1/29, Steve Freegard : > On 29/01/10 13:31, Jonathan Respeto wrote: >> Hi, >> >> Trying to setup MailScanner to use SpamAssassin with a MySQL DB for >> the userprefs. >> >> This is to use Squirrelmail with SpamAssassin+SQL Plugin >> >> I am able to do it with out MailScanner but then I lose Virus Scanning. >> The SA docs says "spamd can use SQL user_prefs by calling it with the >> -q or -Q flags." >> >> How does MailScanner call SA? Is there a way I can add the -q option >> when SA is run? If there is where? Where does MailScanner gets SA >> configs from? >> >> My setup is on CentOS 5.4 with just the basics. >> Apache, sendmail, MySQL, MailScanner, SpamAssassin, Squirrelmail with >> SpamAssassin+SQL Plugin. >> > > Can't be done as MailScanner calls the SpamAssassin libraries directly > under a single user and does not use spamd (which implements the > user_prefs). > > See the list archives; I posted a plug-in some time ago that implements > spamd support in MailScanner - however it's not been tested much and > would require a bit of extra logic to work out which user should be sent > to SpamAssassin as in the case of multi-recipient messages user > preferences become quite 'tricky' to implement. > > Regards, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Skickat fr?n min mobila enhet -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mark at msapiro.net Sat Jan 30 16:00:47 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sat Jan 30 16:00:59 2010 Subject: ClamAV response not interpreted In-Reply-To: <4B635CAF.2080703@huenerberg.net> References: <4B635CAF.2080703@huenerberg.net> Message-ID: <4B6457AF.8020006@msapiro.net> On 11:59 AM, Jens Huenerberg wrote: > > Obviously, ClamAV had been asked to scan the email, found it to contain > a virus and reported this back to MailScanner. But MailScanner did not > complain in any way. > > Have I missed some special option to let MailScanner do something with a > positive answer? Or am I completely misled and wrong? > > Any hint or help is very much appreciated ... What does 'MailScanner --lint' say? These days, I think clamd is preferred to the ClamAV module. See for info. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jens at huenerberg.net Sat Jan 30 20:12:57 2010 From: jens at huenerberg.net (Jens Huenerberg) Date: Sat Jan 30 20:13:15 2010 Subject: ClamAV response not interpreted In-Reply-To: <4B6457AF.8020006@msapiro.net> References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> Message-ID: <4B6492C9.2040301@huenerberg.net> On 30.01.2010, Mark Sapiro wrote: > On 11:59 AM, Jens Huenerberg wrote: >> >> Obviously, ClamAV had been asked to scan the email, found it to contain >> a virus and reported this back to MailScanner. But MailScanner did not >> complain in any way. > > What does 'MailScanner --lint' say? # MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 858 hostnames from the phishing whitelist Read 5661 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.78.17) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-myorg-MailScanner-From Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.c f": use_dcc 0 SpamAssassin reported an error. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting LibClamAV Warning: *********************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** LibClamAV Warning: *********************************************************** =========================================================================== If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From MailScanner at ecs.soton.ac.uk Sun Jan 31 11:55:55 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Jan 31 11:56:15 2010 Subject: ClamAV response not interpreted In-Reply-To: <4B635CAF.2080703@huenerberg.net> References: <4B635CAF.2080703@huenerberg.net> <4B656FCB.4050206@ecs.soton.ac.uk> Message-ID: Please post all the output from your call to clamscan on this message. Also test that "MailScanner --lint" successfully reports ClamAV finding the EICAR in the "lint test" message that it uses. On 29/01/2010 22:09, Jens Huenerberg wrote: > Hi, > > I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0. > > For the installation, I've used the install script for MailScanner and > the latest easy install package for ClamAV and SpamAssassin (which by > the way failed to build an RSA module but nevertheless completed > successfully). > > As I'm using CentOS 5.x, I skipped the installation of ClamAV from > that package and installed the RPM packages for version 0.95.3 from > > http://packages.sw.be/clamav/ > > instead. All this worked out fine. > > In the end, MailScanner seemed to operate the way it should. > Headers are marked and Spam is classified. Great. > > As I was unsure, whether ClamAV was working, I've sent an EICAR > signature in an email from a remote system to my new mail server. > > I expected to get a reject or at least a warning. But no: > > "X-myorg-MailScanner: Found to be clean" > > No warnings, nothing. Surprise, surprise. In a next step, I've > performed some tests with ClamAV. And ClamAV always detects the virus > signature. Ok. So I adjusted the clamav-wrapper script: > > ---> > > $ClamScan $ExtraScanOptions $ScanOptions "$@" > > retval=$? > > #Log command and results > echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan > echo $retval >>/tmp/scanlog > > <---- > > What I found, was a virus positive return value (1): > > /usr/bin/clamscan --tempdir=/tmp/clamav.22701 > 1 > > Obviously, ClamAV had been asked to scan the email, found it to > contain a virus and reported this back to MailScanner. But MailScanner > did not complain in any way. > > Have I missed some special option to let MailScanner do something with > a positive answer? Or am I completely misled and wrong? > > Any hint or help is very much appreciated ... > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 31 11:58:27 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Jan 31 11:58:41 2010 Subject: ClamAV response not interpreted In-Reply-To: <4B6492C9.2040301@huenerberg.net> References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> <4B6492C9.2040301@huenerberg.net> <4B657063.4020106@ecs.soton.ac.uk> Message-ID: On 30/01/2010 20:12, Jens Huenerberg wrote: > On 30.01.2010, Mark Sapiro wrote: > >> On 11:59 AM, Jens Huenerberg wrote: >>> >>> Obviously, ClamAV had been asked to scan the email, found it to contain >>> a virus and reported this back to MailScanner. But MailScanner did not >>> complain in any way. >> >> What does 'MailScanner --lint' say? > > # MailScanner --lint > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 858 hostnames from the phishing whitelist > Read 5661 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.78.17) is correct. > > Unrar is not installed, it should be in /usr/bin/unrar. > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-myorg-MailScanner-From > > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: failed to parse line, skipping, in > "/etc/mail/spamassassin/mailscanner.c f": > use_dcc 0 > SpamAssassin reported an error. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > LibClamAV Warning: > *********************************************************** > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/support/faq *** > LibClamAV Warning: > *********************************************************** In which case your clamav installation is a bit screwed. It should have reported finding the EICAR test message in the output just here. It is not finding your copy of clamscan at all. I would suspect your /etc/MailScanner/virus.scanners.conf file has the wrong location for clamav, clamavmodule and clamd. If you used the RPMs, then all those lines in that file should say "/usr" at the end and not "/usr/local". > =========================================================================== > > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 31 12:02:10 2010 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Jan 31 12:02:28 2010 Subject: MailScanner Archive Option In-Reply-To: <837e17ab1001291450y709a2864m3a9d1266f5e14fd3@mail.gmail.com> References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <4B61AD72.207@ecs.soton.ac.uk> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> <837e17ab1001291450y709a2864m3a9d1266f5e14fd3@mail.gmail.com> <4B657142.4090001@ecs.soton.ac.uk> Message-ID: On 29/01/2010 22:50, Monis Monther wrote: > Dear Jules: > > Thanks for your response , I have this option set to no > > Quarantine Whole Messages As Queue Files = no > > Quarantine saves messages as RFC 822 messages (which is very nice) > > But archived messages are still saved as queue files and to retrieve > them is hard. The whole point of the Archive Mail setting is to provide a copy of the message in *exactly* the state in which MailScanner found it. To convert the raw queue file into an RFC 822 message involves a lot of interpretation and processing, which may go wrong. So the "Archive Mail" setting works the way it does by design. If the message interpretation went wrong and your Archive got screwed as a result, you would have no way of recovering the original messages. If you want to store the messages in RFC 822 format, use the "store" action in non-spam actions, spam actions and high-spam actions. This can be told to store it into whatever directory structure you like, read all the docs for the "store" action in the MailScanner.conf file, it's very flexible. > > Any help please > > These are my Archive settings from MailScanner.conf > > Archive Mail = /var/spool/MailScanner/archive > Missing Mail Archive Is = directory > > > > > Glenn: your approach might be interesting to store only clean messages > in quarantine > > > Thanks for everyone > > On Thu, Jan 28, 2010 at 5:29 PM, Julian Field > > wrote: > > > > On 28/01/2010 15:21, Monis Monther wrote: > > Steve are you sure about this, in my case this does not work, > as they are not saved as rfc281 messages like in quarantine > > They are stored as message queue files and to retrieve them is > a pain > > Suggest you take a look at this option in MailScanner.conf: > > # When you quarantine an entire message, do you want to store it as > # raw mail queue files (so you can easily send them onto users) or > # as human-readable files (header then body in 1 file)? > Quarantine Whole Messages As Queue Files = yes > > > Change permission of file to be executable and copy it to the > postfix incoming queue (I use postfix), and have to make a > customized script to accomplish my need > > Any advise is appreciated if I am doing something wrong here > > > Thanks > > Monis > > On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney >> wrote: > > Richard, > > The messages will be stored as individual message files in > a text > format in a separate folder for each day > > The can be rent by changing to the directory contain the > message > and running > > sendmail -iot < [message_file_name] > > Steve > > On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: > > Hi > I would like to setup mail archiving for one domain. I > see from > the instructions that it archives to a folder > destination that > you specify. Could someone explain how it saves it > (format) and > how the messages are retrieved into either a mail > server or mail > client? > Thanks > Richard > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > > > Thanks, > > Steve > > -- Steve Swaney > steve@fsl.com > > > 202 595-7760 ext: 601 > www.fsl.com > > The most accurate and cost effective anti-spam solutions > available > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun Jan 31 14:31:23 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 31 14:31:37 2010 Subject: ClamAV response not interpreted In-Reply-To: <4B6492C9.2040301@huenerberg.net> References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> <4B6492C9.2040301@huenerberg.net> Message-ID: Jens Huenerberg wrote on Sat, 30 Jan 2010 21:12:57 +0100: > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** > LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/support/faq *** > LibClamAV Warning: This means you don't have the latest packages from rpmforge or you have installed another clam that "takes over". Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From markus at markusoft.se Sun Jan 31 18:55:39 2010 From: markus at markusoft.se (Markus Nilsson) Date: Sun Jan 31 18:57:18 2010 Subject: Replace Attachment's based on total size In-Reply-To: References: <4B635CAF.2080703@huenerberg.net> <4B6457AF.8020006@msapiro.net> <4B6492C9.2040301@huenerberg.net> Message-ID: <4B65D22B.4000801@markusoft.se> Hi! I would like to create a rule in MailScanner that quarantines all attachments if the total size of all attachments are bigger than 5MB, and replace all attachments with a single file. I guess this means I have to write a CustomFunction for Maximum Attachment Size = that returns different sizes depending on the mail that is processed. In pseudo-code something like: sub Myfunc { my($message) = @_; my $sum = 0; foreach my $attachment (message->{attachments}) { $sum += $attachment->size; } if ($sum > 5000000) { return 1; } else { return 5000000; } } To get the attachment quarantined I need to set Quarantine Infections = yes I don't know how to achieve the last thing, to get all the attachments replaced by a single text-attachment. Can I write a customfunction for Stored Size Message Report to acheive this and in that case how? Stored Size Message Report = %report-dir%/stored.size.message.txt Any recommendations on how to implement the above, are highly appreciated! (both about the last thing about the text report, and about how to implement Maximum Attachment Size) Thank you /Markus From mmmm82 at gmail.com Sun Jan 31 21:12:55 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Sun Jan 31 21:13:04 2010 Subject: MailScanner Archive Option In-Reply-To: References: <8123FDD52B3444B98455DE09BA25255B@Gaffer> <1646AD80-519A-4D00-AD34-9FC82F713A01@fsl.com> <4B61AD72.207@ecs.soton.ac.uk> <837e17ab1001280721pe9073a3if849865bfc01c856@mail.gmail.com> <4B657142.4090001@ecs.soton.ac.uk> <837e17ab1001291450y709a2864m3a9d1266f5e14fd3@mail.gmail.com> Message-ID: <837e17ab1001311312g7e408ab9xc4cd867bf116223c@mail.gmail.com> Thanks Jules On Sun, Jan 31, 2010 at 2:02 PM, Jules Field wrote: > > > On 29/01/2010 22:50, Monis Monther wrote: > >> Dear Jules: >> >> Thanks for your response , I have this option set to no >> >> Quarantine Whole Messages As Queue Files = no >> >> Quarantine saves messages as RFC 822 messages (which is very nice) >> >> But archived messages are still saved as queue files and to retrieve them >> is hard. >> > The whole point of the Archive Mail setting is to provide a copy of the > message in *exactly* the state in which MailScanner found it. To convert the > raw queue file into an RFC 822 message involves a lot of interpretation and > processing, which may go wrong. So the "Archive Mail" setting works the way > it does by design. If the message interpretation went wrong and your Archive > got screwed as a result, you would have no way of recovering the original > messages. > > If you want to store the messages in RFC 822 format, use the "store" action > in non-spam actions, spam actions and high-spam actions. This can be told to > store it into whatever directory structure you like, read all the docs for > the "store" action in the MailScanner.conf file, it's very flexible. > >> >> Any help please >> >> These are my Archive settings from MailScanner.conf >> >> Archive Mail = /var/spool/MailScanner/archive >> Missing Mail Archive Is = directory >> >> >> >> >> Glenn: your approach might be interesting to store only clean messages in >> quarantine >> >> >> Thanks for everyone >> >> On Thu, Jan 28, 2010 at 5:29 PM, Julian Field < >> MailScanner@ecs.soton.ac.uk > wrote: >> >> >> >> On 28/01/2010 15:21, Monis Monther wrote: >> >> Steve are you sure about this, in my case this does not work, >> as they are not saved as rfc281 messages like in quarantine >> >> They are stored as message queue files and to retrieve them is >> a pain >> >> Suggest you take a look at this option in MailScanner.conf: >> >> # When you quarantine an entire message, do you want to store it as >> # raw mail queue files (so you can easily send them onto users) or >> # as human-readable files (header then body in 1 file)? >> Quarantine Whole Messages As Queue Files = yes >> >> >> Change permission of file to be executable and copy it to the >> postfix incoming queue (I use postfix), and have to make a >> customized script to accomplish my need >> >> Any advise is appreciated if I am doing something wrong here >> >> >> Thanks >> >> Monis >> >> On Thu, Jan 28, 2010 at 3:49 PM, Stephen Swaney > > >> >> wrote: >> >> Richard, >> >> The messages will be stored as individual message files in >> a text >> format in a separate folder for each day >> >> The can be rent by changing to the directory contain the >> message >> and running >> >> sendmail -iot < [message_file_name] >> >> Steve >> >> On Jan 28, 2010, at 9:09 AM, Richard Sidlin wrote: >> >> Hi >> I would like to setup mail archiving for one domain. I >> see from >> the instructions that it archives to a folder >> destination that >> you specify. Could someone explain how it saves it >> (format) and >> how the messages are retrieved into either a mail >> server or mail >> client? >> Thanks >> Richard >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> >> >> Thanks, >> >> Steve >> >> -- Steve Swaney >> steve@fsl.com > >> > >> >> 202 595-7760 ext: 601 >> www.fsl.com >> >> >> The most accurate and cost effective anti-spam solutions >> available >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> Jules >> >> -- Julian Field MEng CITP CEng >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and >> twitter.com/MailScanner >> >> >> >> -- This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100131/751fa363/attachment.html