From MailScanner at ecs.soton.ac.uk  Tue Jun  1 08:45:16 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jun  1 08:45:26 2010
Subject: {Disarmed} Warning Is Attachment
In-Reply-To: <AANLkTikoI6pGNotX_NhGVvIJgcoH4L6pvffwSQDzayAq@mail.gmail.com>
References: <AANLkTikoI6pGNotX_NhGVvIJgcoH4L6pvffwSQDzayAq@mail.gmail.com>
	<4C04BA8C.60308@ecs.soton.ac.uk>
Message-ID: <EMEW3|98e5742a497a646ea3d41df5cd035918m508jH0bMailScanner|ecs.soton.ac.uk|4C04BA8C.60308@ecs.soton.ac.uk>

This is mostly down to your email application. They are supplied 
"disposition: inline" but some email programs ignore that and still put 
them as attachments.

Jules.

On 31/05/2010 20:52, Sergio Rodrigues wrote:
> Mostrar romaniza??o
> Hello everyone,
> My MailScanner is almost 100%. I'm trying to get the warning messages 
> arrive in the message body and not as an attachment.
> I've already set the "Warning Is Attachment = no", but the messages 
> still arrive as attachment.
>
> sergios
> ps.: sorry for my english

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Tue Jun  1 23:39:00 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jun  1 23:39:08 2010
Subject: OT: Secondary Anti-virus along side ClamAV
In-Reply-To: <B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
References: <AQHK7IZchsTfQoEQ3E6KcDf2IsVpWQ==>
	<B08BAE926BEC9A479032897B9665A55701288E94E6F4@homedom.Alwood.local>
Message-ID: <AANLkTin3XvPtfWWBjJh8JndbILDfKe4Vb2ET1m34nEQI@mail.gmail.com>

On 5 May 2010 21:04, Garrod M. Alwood <Garrod.Alwood@lorodoes.com> wrote:
> Hey Everyone,
> ? ? I am about to build 4 new servers and I am thinking of adding another anti-virus along side of clamAV. I have really been looking at bit defender, but I'm not sure which bit defender to get either the unices or mail server, so if anyone has any suggestions please let me know.
>
Not the one for mail servers, no... And I'm unsure of how newer bdc
for unices work with what we have.... <i still have a bix with the old
things running, updating and all, but rarely catching anything...:-)

Steve's suggestion seem nice.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From sandrews at andrewscompanies.com  Wed Jun  2 13:28:27 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Wed Jun  2 13:28:37 2010
Subject: clam and sa package
Message-ID: <1964AAFBC212F742958F9275BF63DBB001092C63@winchester.andrewscompanies.com>

Jules, when you get a moment, can you build the latest clam 0.96.1 into
the easy install package?

 

Much obliged.

 

Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100602/020291e4/attachment.html
From MailScanner at ecs.soton.ac.uk  Wed Jun  2 15:44:18 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun  2 15:44:28 2010
Subject: clam and sa package
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB001092C63@winchester.andrewscompanies.com>
References: <1964AAFBC212F742958F9275BF63DBB001092C63@winchester.andrewscompanies.com>
	<4C066E42.8020907@ecs.soton.ac.uk>
Message-ID: <EMEW3|77bb87c942d4d95c2020924e4d8b858am51FiJ0bMailScanner|ecs.soton.ac.uk|4C066E42.8020907@ecs.soton.ac.uk>

All done.

On 02/06/2010 13:28, Steven Andrews wrote:
>
> Jules, when you get a moment, can you build the latest clam 0.96.1 
> into the easy install package?
>
> Much obliged.
>
> Steve**
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at tippingmar.com  Wed Jun  2 17:17:09 2010
From: lists at tippingmar.com (Mark Nienberg)
Date: Wed Jun  2 17:17:26 2010
Subject: clam and sa package
In-Reply-To: <EMEW3|77bb87c942d4d95c2020924e4d8b858am51FiJ0bMailScanner|ecs.soton.ac.uk|4C066E42.8020907@ecs.soton.ac.uk>
References: <1964AAFBC212F742958F9275BF63DBB001092C63@winchester.andrewscompanies.com>	<4C066E42.8020907@ecs.soton.ac.uk>
	<EMEW3|77bb87c942d4d95c2020924e4d8b858am51FiJ0bMailScanner|ecs.soton.ac.uk|4C066E42.8020907@ecs.soton.ac.uk>
Message-ID: <4C068405.1050809@tippingmar.com>

On 6/2/2010 7:44 AM, Jules Field wrote:
> All done.
>
> On 02/06/2010 13:28, Steven Andrews wrote:
>>
>> Jules, when you get a moment, can you build the latest clam 0.96.1 
>> into the easy install package?
>>
>> Much obliged.
>>
>> Steve**
>>
>
> Jules
>
Spamassassin is now at 3.3.1 too.  I still use your package for 
Spamassassin because it is so easy, but I'll understand if you would 
rather stop maintaining it and let everyone switch to rpmforge or some 
other method.

Much obliged too,

Mark Nienberg
From Kevin_Miller at ci.juneau.ak.us  Wed Jun  2 18:31:24 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun  2 18:31:37 2010
Subject: Jibberish in email
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C866DC@city-exchange07>

One of my users is getting jibberish such as the following in email from a particular user.  The text of the message seems to follow below the script

Message:
=========================
try { if(xnet) {} } catch(e) { try { if(window.opener.top.xnet==undefined) throw(2); xnet=window.opener.top.xnet; } catch(e) { try { if(window.top.xnet==undefined) throw(2); xnet=window.top.xnet; } catch(e) { var xmlhttp; try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { xmlhttp = new XMLHttpRequest; } } xmlhttp.open("GET", "/xnet_js/xnet.js.yaws", false); xmlhttp.send(null); var str = xmlhttp.responseText; document.write( ""+ str+ "xnet.setportal(\"webmail.stantec.com\");"+ "xnet.setbend(\"webmailinternal.stantec.com\");"+ "xnet.setprot(\"https\");"+ "xnet.setbprot(\"https\");"+ "xnet.setdepth(4);"+ "xnet.setwhitelist(null);"+ "xnet.setblacklist(null);"+ "xnet.setcookie(null);"+ "xnet.seturi(\"\");"+ "") } } }
George,
 
I have reviewed the summary sheets and have no suggested changes.
 
Thank you for offering to do this task.
========================= 

Slightly sanitized headers follow:

Return-Path: <?g>
Received: from mail1.stantec.com (mail.stantec.com [207.34.120.71])
     by mxg.ci.juneau.ak.us (8.13.6/8.13.6/SuSE Linux 0.8) with ESMTP id o52DufbS015344
     for <*********_*****@ci.juneau.ak.us>; Wed, 2 Jun 2010 05:56:52 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
     boundary="----_=_NextPart_001_01CB025B.6D0D7906"
Subject: FW: Summary of Workshop Input
Date: Wed, 2 Jun 2010 07:54:35 -0600
Message-ID: <F169990C325E874381D6585C1F090D17D522DC@CD1001-M250.corp.ads>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Summary of Workshop Input
Thread-Index: AcsBWAiUAriV1o5AS+aySSxi0fT95gBAxoq4
References: <9B538B154BEB8146BBEDC4560D1E83F503345A1598@EXCH1.nws.oregonstate.edu>
From: "Skinner, Hugh" <****.*******@stantec.com>
To: <copag@oregonstate.edu>
Cc: <Catherine_Fritz@ci.juneau.ak.us>
X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/
Received-SPF: None (mxg.ci.juneau.ak.us: domain of ****.*******@stantec.com
     does not designate permitted sender hosts)
     receiver=mxg.ci.juneau.ak.us; client-ip=207.34.120.71;
     envelope-from=<****.*******@stantec.com>; helo=mail1.stantec.com;

Not all messages contain the script nonsense.  Those that don't have the following content type header, all else seems to be the same:

  Content-Type: multipart/mixed;
     boundary="----_=_NextPart_001_01CB025B.6D0D7906"

Not sure where the problem lies.  I'm using MailScanner version 4.78.17, sendmail, SLES, and MailWatch as a gateway to Exchange 2007.  The user reports that other recipients (external to us) don't show the nonsense when they're included in the message.  I'm not sure if Exchange '07 is just stupid about the multipart/mixed content or if something in MailScanner is stepping on it.

Any clues appreciated...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From peter.ong at hypermediasystems.com  Wed Jun  2 19:31:58 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  2 19:32:10 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <1233479174.37910.1275503475726.JavaMail.root@mail021.dti>
Message-ID: <1649617240.37912.1275503518324.JavaMail.root@mail021.dti>

Hello Everyone,

How does one configure MailScanner such that this does not occur? Allow me to explain. The output below is the product of /usr/bin/file. I like this feature because it let's us discover the type of the file even if it is renamed to .txt. However, some Japanese emails when they are written a certain way cause this:

Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks: No executables (CBD9757287.ACE77 msg-27972-9.txt)
Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire message to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected "msg-27972-9.txt" to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue: CBD9757287.ACE77 to 75104572B2

What happens is the file named message will be quarantined along with msg-27972-9.txt which is actually the same message. When I run /usr/bin/file on "message" it tells me it's an email text message. But when I run it on msg-27972-9.txt it tells me it is a DOS COM file. The /usr/bin/file command decides the filetype by looking at the first 2 bytes of the file. To mitigate this, I have told users to type an empty line or two blank spaces before they begin their japanese emails. However, this is not a graceful solution. Would anyone have a better suggestion? Thank you.

p
From alex at rtpty.com  Wed Jun  2 19:42:41 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun  2 19:42:56 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <1649617240.37912.1275503518324.JavaMail.root@mail021.dti>
References: <1649617240.37912.1275503518324.JavaMail.root@mail021.dti>
Message-ID: <01425045-242E-4F3E-B3CE-885859D5AEEF@rtpty.com>

Can you tell which are the two bytes it thinks are indicators of a DOS COM file and fix the magic file?

On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:

> Hello Everyone,
> 
> How does one configure MailScanner such that this does not occur? Allow me to explain. The output below is the product of /usr/bin/file. I like this feature because it let's us discover the type of the file even if it is renamed to .txt. However, some Japanese emails when they are written a certain way cause this:
> 
> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks: No executables (CBD9757287.ACE77 msg-27972-9.txt)
> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire message to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected "msg-27972-9.txt" to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue: CBD9757287.ACE77 to 75104572B2
> 
> What happens is the file named message will be quarantined along with msg-27972-9.txt which is actually the same message. When I run /usr/bin/file on "message" it tells me it's an email text message. But when I run it on msg-27972-9.txt it tells me it is a DOS COM file. The /usr/bin/file command decides the filetype by looking at the first 2 bytes of the file. To mitigate this, I have told users to type an empty line or two blank spaces before they begin their japanese emails. However, this is not a graceful solution. Would anyone have a better suggestion? Thank you.
> 
> p
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From peter.ong at hypermediasystems.com  Wed Jun  2 19:50:23 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  2 19:50:32 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <01425045-242E-4F3E-B3CE-885859D5AEEF@rtpty.com>
Message-ID: <294361959.37927.1275504623099.JavaMail.root@mail021.dti>

Actually, I just figured it out. I looked in the filetyperules file and the description gave me a clue of what to do. It worked.

But yes, it's the first two bytes. I know only by man file. Hehehe

p

----- Original Message -----

> From: "Alex Neuman" <alex@rtpty.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 2, 2010 11:42:41 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> Can you tell which are the two bytes it thinks are indicators of a DOS
> COM file and fix the magic file?
> 
> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> 
> > Hello Everyone,
> > 
> > How does one configure MailScanner such that this does not occur?
> Allow me to explain. The output below is the product of /usr/bin/file.
> I like this feature because it let's us discover the type of the file
> even if it is renamed to .txt. However, some Japanese emails when they
> are written a certain way cause this:
> > 
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks: No
> executables (CBD9757287.ACE77 msg-27972-9.txt)
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire message
> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> "msg-27972-9.txt" to
> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> CBD9757287.ACE77 to 75104572B2
> > 
> > What happens is the file named message will be quarantined along
> with msg-27972-9.txt which is actually the same message. When I run
> /usr/bin/file on "message" it tells me it's an email text message. But
> when I run it on msg-27972-9.txt it tells me it is a DOS COM file. The
> /usr/bin/file command decides the filetype by looking at the first 2
> bytes of the file. To mitigate this, I have told users to type an
> empty line or two blank spaces before they begin their japanese
> emails. However, this is not a graceful solution. Would anyone have a
> better suggestion? Thank you.
> > 
> > p
> > -- 
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website! 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From ecasarero at gmail.com  Wed Jun  2 21:51:55 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Wed Jun  2 21:52:26 2010
Subject: OT: "Broken" emails
Message-ID: <AANLkTin-FCL506upmN9LB5svtzFgQUjhqv_zn8hWZBdv@mail.gmail.com>

Hi everybody, i now it is OT, but i have 1 customer that from time to time
recieves emails that in the MUA are shown "broken", I mean like header and
body in the body as an text file.

I dont know if i am clear? but does anybody have any clue of what can be
happening? or where does the email loses consistency?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100602/ba17b014/attachment.html
From ms-list at alexb.ch  Wed Jun  2 22:03:46 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Wed Jun  2 22:03:55 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <294361959.37927.1275504623099.JavaMail.root@mail021.dti>
References: <294361959.37927.1275504623099.JavaMail.root@mail021.dti>
Message-ID: <4C06C732.3010003@alexb.ch>

On 2010-06-02 20:50, Peter Ong wrote:
> Actually, I just figured it out. I looked in the filetyperules file
> and the description gave me a clue of what to do. It worked.
> 
> But yes, it's the first two bytes. I know only by man file. Hehehe

My users get lots of these

File Command = /usr/bin/file -i

( -i, --mime                 output mime type strings)


fixed it elegantly without touching the magic strings.
(thanks to a hint from the list archive)

h2h

Alex


> ----- Original Message -----
> 
>> From: "Alex Neuman" <alex@rtpty.com> To: "MailScanner discussion"
>> <mailscanner@lists.mailscanner.info> Sent: Wednesday, June 2, 2010
>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
>> Japanese Emails
>> 
>> Can you tell which are the two bytes it thinks are indicators of a
>> DOS COM file and fix the magic file?
>> 
>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
>> 
>>> Hello Everyone,
>>> 
>>> How does one configure MailScanner such that this does not occur?
>>> 
>> Allow me to explain. The output below is the product of
>> /usr/bin/file. I like this feature because it let's us discover the
>> type of the file even if it is renamed to .txt. However, some
>> Japanese emails when they are written a certain way cause this:
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
>>> No
>> executables (CBD9757287.ACE77 msg-27972-9.txt)
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
>>> message
>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
>> "msg-27972-9.txt" to 
>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
>> CBD9757287.ACE77 to 75104572B2
>>> What happens is the file named message will be quarantined along
>> with msg-27972-9.txt which is actually the same message. When I run
>>  /usr/bin/file on "message" it tells me it's an email text message.
>> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
>> file. The /usr/bin/file command decides the filetype by looking at
>> the first 2 bytes of the file. To mitigate this, I have told users
>> to type an empty line or two blank spaces before they begin their
>> japanese emails. However, this is not a graceful solution. Would
>> anyone have a better suggestion? Thank you.
>>> p -- MailScanner mailing list mailscanner@lists.mailscanner.info 
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>> -- MailScanner mailing list mailscanner@lists.mailscanner.info 
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
From peter.ong at hypermediasystems.com  Wed Jun  2 23:50:31 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  2 23:50:43 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <4C06C732.3010003@alexb.ch>
Message-ID: <81843770.38145.1275519031437.JavaMail.root@mail021.dti>

I was going to add the -i too, but then I saw this:

#
# NOTE: Fields are separated by TAB characters --- Important!
#
# Syntax is allow/deny/deny+delete/email-addresses, then regular expression,
#           then log text, then user report text.
#
# The "email-addresses" can be a space or comma-separated list of email
# addresses. If the rule hits, the message will be sent to these address(es)
# instead of the original recipients.
#
# If none of the rules match, then the filetype is allowed.
#
# An optional fifth field can also be added before the "log text", which
# makes the checked text check against the MIME type of the attachment
# as determined by the output of the "file -i" command.


So, I just did this...

allow   -       text    -       -
#EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS programs allowed
deny    -       x-dosexec       No DOS executables      No DOS programs allowed


----- Original Message -----

> From: "Alex Broens" <ms-list@alexb.ch>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 2, 2010 2:03:46 PM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> On 2010-06-02 20:50, Peter Ong wrote:
> > Actually, I just figured it out. I looked in the filetyperules file
> > and the description gave me a clue of what to do. It worked.
> > 
> > But yes, it's the first two bytes. I know only by man file. Hehehe
> 
> My users get lots of these
> 
> File Command = /usr/bin/file -i
> 
> ( -i, --mime                 output mime type strings)
> 
> 
> fixed it elegantly without touching the magic strings.
> (thanks to a hint from the list archive)
> 
> h2h
> 
> Alex
> 
> 
> > ----- Original Message -----
> > 
> >> From: "Alex Neuman" <alex@rtpty.com> To: "MailScanner discussion"
> >> <mailscanner@lists.mailscanner.info> Sent: Wednesday, June 2, 2010
> >> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
> >> Japanese Emails
> >> 
> >> Can you tell which are the two bytes it thinks are indicators of a
> >> DOS COM file and fix the magic file?
> >> 
> >> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> >> 
> >>> Hello Everyone,
> >>> 
> >>> How does one configure MailScanner such that this does not occur?
> >>> 
> >> Allow me to explain. The output below is the product of
> >> /usr/bin/file. I like this feature because it let's us discover
> the
> >> type of the file even if it is renamed to .txt. However, some
> >> Japanese emails when they are written a certain way cause this:
> >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
> >>> No
> >> executables (CBD9757287.ACE77 msg-27972-9.txt)
> >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
> >>> message
> >> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> >> "msg-27972-9.txt" to 
> >> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> >> CBD9757287.ACE77 to 75104572B2
> >>> What happens is the file named message will be quarantined along
> >> with msg-27972-9.txt which is actually the same message. When I
> run
> >>  /usr/bin/file on "message" it tells me it's an email text
> message.
> >> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
> >> file. The /usr/bin/file command decides the filetype by looking at
> >> the first 2 bytes of the file. To mitigate this, I have told users
> >> to type an empty line or two blank spaces before they begin their
> >> japanese emails. However, this is not a graceful solution. Would
> >> anyone have a better suggestion? Thank you.
> >>> p -- MailScanner mailing list mailscanner@lists.mailscanner.info 
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>> 
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>> 
> >>> Support MailScanner development - buy the book off the website!
> >> -- MailScanner mailing list mailscanner@lists.mailscanner.info 
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> 
> >> Before posting, read http://wiki.mailscanner.info/posting
> >> 
> >> Support MailScanner development - buy the book off the website!
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From peter.ong at hypermediasystems.com  Thu Jun  3 00:13:38 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 00:13:49 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <81843770.38145.1275519031437.JavaMail.root@mail021.dti>
Message-ID: <109359447.38155.1275520418708.JavaMail.root@mail021.dti>

Hmm... I thought this worked, but it is not. 

p
----- Original Message -----

> From: "Peter Ong" <peter.ong@hypermediasystems.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 2, 2010 3:50:31 PM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> I was going to add the -i too, but then I saw this:
> 
> #
> # NOTE: Fields are separated by TAB characters --- Important!
> #
> # Syntax is allow/deny/deny+delete/email-addresses, then regular
> expression,
> #           then log text, then user report text.
> #
> # The "email-addresses" can be a space or comma-separated list of
> email
> # addresses. If the rule hits, the message will be sent to these
> address(es)
> # instead of the original recipients.
> #
> # If none of the rules match, then the filetype is allowed.
> #
> # An optional fifth field can also be added before the "log text",
> which
> # makes the checked text check against the MIME type of the attachment
> # as determined by the output of the "file -i" command.
> 
> 
> So, I just did this...
> 
> allow   -       text    -       -
> #EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS
> programs allowed
> deny    -       x-dosexec       No DOS executables      No DOS
> programs allowed
> 
> 
> ----- Original Message -----
> 
> > From: "Alex Broens" <ms-list@alexb.ch>
> > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Sent: Wednesday, June 2, 2010 2:03:46 PM
> > Subject: Re: Filetype Checks: No executables on Japanese Emails
> >
> > On 2010-06-02 20:50, Peter Ong wrote:
> > > Actually, I just figured it out. I looked in the filetyperules
> file
> > > and the description gave me a clue of what to do. It worked.
> > >
> > > But yes, it's the first two bytes. I know only by man file. Hehehe
> >
> > My users get lots of these
> >
> > File Command = /usr/bin/file -i
> >
> > ( -i, --mime                 output mime type strings)
> >
> >
> > fixed it elegantly without touching the magic strings.
> > (thanks to a hint from the list archive)
> >
> > h2h
> >
> > Alex
> >
> >
> > > ----- Original Message -----
> > >
> > >> From: "Alex Neuman" <alex@rtpty.com> To: "MailScanner discussion"
> > >> <mailscanner@lists.mailscanner.info> Sent: Wednesday, June 2,
> 2010
> > >> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
> > >> Japanese Emails
> > >>
> > >> Can you tell which are the two bytes it thinks are indicators of
> a
> > >> DOS COM file and fix the magic file?
> > >>
> > >> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> > >>
> > >>> Hello Everyone,
> > >>>
> > >>> How does one configure MailScanner such that this does not
> occur?
> > >>>
> > >> Allow me to explain. The output below is the product of
> > >> /usr/bin/file. I like this feature because it let's us discover
> > the
> > >> type of the file even if it is renamed to .txt. However, some
> > >> Japanese emails when they are written a certain way cause this:
> > >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
> > >>> No
> > >> executables (CBD9757287.ACE77 msg-27972-9.txt)
> > >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
> > >>> message
> > >> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> > >> "msg-27972-9.txt" to
> > >> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> > >>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> > >> CBD9757287.ACE77 to 75104572B2
> > >>> What happens is the file named message will be quarantined along
> > >> with msg-27972-9.txt which is actually the same message. When I
> > run
> > >>  /usr/bin/file on "message" it tells me it's an email text
> > message.
> > >> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
> > >> file. The /usr/bin/file command decides the filetype by looking
> at
> > >> the first 2 bytes of the file. To mitigate this, I have told
> users
> > >> to type an empty line or two blank spaces before they begin their
> > >> japanese emails. However, this is not a graceful solution. Would
> > >> anyone have a better suggestion? Thank you.
> > >>> p -- MailScanner mailing list mailscanner@lists.mailscanner.info
> > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>>
> > >>> Before posting, read http://wiki.mailscanner.info/posting
> > >>>
> > >>> Support MailScanner development - buy the book off the website!
> > >> -- MailScanner mailing list mailscanner@lists.mailscanner.info
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Thu Jun  3 09:49:11 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun  3 09:49:21 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <4C06C732.3010003@alexb.ch>
References: <294361959.37927.1275504623099.JavaMail.root@mail021.dti>
	<4C06C732.3010003@alexb.ch> <4C076C87.8080701@ecs.soton.ac.uk>
Message-ID: <EMEW3|510e0494ab5cb32ab55ba1abbd72825fm529nC0bMailScanner|ecs.soton.ac.uk|4C076C87.8080701@ecs.soton.ac.uk>



On 02/06/2010 22:03, Alex Broens wrote:
> On 2010-06-02 20:50, Peter Ong wrote:
>> Actually, I just figured it out. I looked in the filetyperules file
>> and the description gave me a clue of what to do. It worked.
>>
>> But yes, it's the first two bytes. I know only by man file. Hehehe
>
> My users get lots of these
>
> File Command = /usr/bin/file -i
>
> ( -i, --mime                 output mime type strings)
>
>
> fixed it elegantly without touching the magic strings.
> (thanks to a hint from the list archive)
Please don't do that :-(

There is already support in filetype.rules.conf for handling the output 
of "file -i" and checking it against MIME types in the rules, please 
just read the comments at the start of that file and it will explain it 
to you.

Jules.

>
>> ----- Original Message -----
>>
>>> From: "Alex Neuman" <alex@rtpty.com> To: "MailScanner discussion"
>>> <mailscanner@lists.mailscanner.info> Sent: Wednesday, June 2, 2010
>>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
>>> Japanese Emails
>>>
>>> Can you tell which are the two bytes it thinks are indicators of a
>>> DOS COM file and fix the magic file?
>>>
>>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
>>>
>>>> Hello Everyone,
>>>>
>>>> How does one configure MailScanner such that this does not occur?
>>>>
>>> Allow me to explain. The output below is the product of
>>> /usr/bin/file. I like this feature because it let's us discover the
>>> type of the file even if it is renamed to .txt. However, some
>>> Japanese emails when they are written a certain way cause this:
>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
>>>> No
>>> executables (CBD9757287.ACE77 msg-27972-9.txt)
>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
>>>> message
>>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
>>> "msg-27972-9.txt" to 
>>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
>>> CBD9757287.ACE77 to 75104572B2
>>>> What happens is the file named message will be quarantined along
>>> with msg-27972-9.txt which is actually the same message. When I run
>>>  /usr/bin/file on "message" it tells me it's an email text message.
>>> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
>>> file. The /usr/bin/file command decides the filetype by looking at
>>> the first 2 bytes of the file. To mitigate this, I have told users
>>> to type an empty line or two blank spaces before they begin their
>>> japanese emails. However, this is not a graceful solution. Would
>>> anyone have a better suggestion? Thank you.
>>>> p -- MailScanner mailing list mailscanner@lists.mailscanner.info 
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>> -- MailScanner mailing list mailscanner@lists.mailscanner.info 
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jun  3 09:49:55 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun  3 09:50:16 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <109359447.38155.1275520418708.JavaMail.root@mail021.dti>
References: <109359447.38155.1275520418708.JavaMail.root@mail021.dti>
	<4C076CB3.40708@ecs.soton.ac.uk>
Message-ID: <EMEW3|f9df33971c9328439247a75f68f5ec79m529o40bMailScanner|ecs.soton.ac.uk|4C076CB3.40708@ecs.soton.ac.uk>

What did "file -i" on the msg*.txt file produce? If it's something nice 
like text/plain then
allow    -    text/plain    -    -
should do the trick.

On 03/06/2010 00:13, Peter Ong wrote:
> Hmm... I thought this worked, but it is not.
>
> p
> ----- Original Message -----
>
>    
>> From: "Peter Ong"<peter.ong@hypermediasystems.com>
>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, June 2, 2010 3:50:31 PM
>> Subject: Re: Filetype Checks: No executables on Japanese Emails
>>
>> I was going to add the -i too, but then I saw this:
>>
>> #
>> # NOTE: Fields are separated by TAB characters --- Important!
>> #
>> # Syntax is allow/deny/deny+delete/email-addresses, then regular
>> expression,
>> #           then log text, then user report text.
>> #
>> # The "email-addresses" can be a space or comma-separated list of
>> email
>> # addresses. If the rule hits, the message will be sent to these
>> address(es)
>> # instead of the original recipients.
>> #
>> # If none of the rules match, then the filetype is allowed.
>> #
>> # An optional fifth field can also be added before the "log text",
>> which
>> # makes the checked text check against the MIME type of the attachment
>> # as determined by the output of the "file -i" command.
>>
>>
>> So, I just did this...
>>
>> allow   -       text    -       -
>> #EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS
>> programs allowed
>> deny    -       x-dosexec       No DOS executables      No DOS
>> programs allowed
>>
>>
>> ----- Original Message -----
>>
>>      
>>> From: "Alex Broens"<ms-list@alexb.ch>
>>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>>> Sent: Wednesday, June 2, 2010 2:03:46 PM
>>> Subject: Re: Filetype Checks: No executables on Japanese Emails
>>>
>>> On 2010-06-02 20:50, Peter Ong wrote:
>>>        
>>>> Actually, I just figured it out. I looked in the filetyperules
>>>>          
>> file
>>      
>>>> and the description gave me a clue of what to do. It worked.
>>>>
>>>> But yes, it's the first two bytes. I know only by man file. Hehehe
>>>>          
>>> My users get lots of these
>>>
>>> File Command = /usr/bin/file -i
>>>
>>> ( -i, --mime                 output mime type strings)
>>>
>>>
>>> fixed it elegantly without touching the magic strings.
>>> (thanks to a hint from the list archive)
>>>
>>> h2h
>>>
>>> Alex
>>>
>>>
>>>        
>>>> ----- Original Message -----
>>>>
>>>>          
>>>>> From: "Alex Neuman"<alex@rtpty.com>  To: "MailScanner discussion"
>>>>> <mailscanner@lists.mailscanner.info>  Sent: Wednesday, June 2,
>>>>>            
>> 2010
>>      
>>>>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
>>>>> Japanese Emails
>>>>>
>>>>> Can you tell which are the two bytes it thinks are indicators of
>>>>>            
>> a
>>      
>>>>> DOS COM file and fix the magic file?
>>>>>
>>>>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
>>>>>
>>>>>            
>>>>>> Hello Everyone,
>>>>>>
>>>>>> How does one configure MailScanner such that this does not
>>>>>>              
>> occur?
>>      
>>>>>>              
>>>>> Allow me to explain. The output below is the product of
>>>>> /usr/bin/file. I like this feature because it let's us discover
>>>>>            
>>> the
>>>        
>>>>> type of the file even if it is renamed to .txt. However, some
>>>>> Japanese emails when they are written a certain way cause this:
>>>>>            
>>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype Checks:
>>>>>> No
>>>>>>              
>>>>> executables (CBD9757287.ACE77 msg-27972-9.txt)
>>>>>            
>>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
>>>>>> message
>>>>>>              
>>>>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>>>>            
>>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
>>>>>>              
>>>>> "msg-27972-9.txt" to
>>>>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
>>>>>            
>>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
>>>>>>              
>>>>> CBD9757287.ACE77 to 75104572B2
>>>>>            
>>>>>> What happens is the file named message will be quarantined along
>>>>>>              
>>>>> with msg-27972-9.txt which is actually the same message. When I
>>>>>            
>>> run
>>>        
>>>>>   /usr/bin/file on "message" it tells me it's an email text
>>>>>            
>>> message.
>>>        
>>>>> But when I run it on msg-27972-9.txt it tells me it is a DOS COM
>>>>> file. The /usr/bin/file command decides the filetype by looking
>>>>>            
>> at
>>      
>>>>> the first 2 bytes of the file. To mitigate this, I have told
>>>>>            
>> users
>>      
>>>>> to type an empty line or two blank spaces before they begin their
>>>>> japanese emails. However, this is not a graceful solution. Would
>>>>> anyone have a better suggestion? Thank you.
>>>>>            
>>>>>> p -- MailScanner mailing list mailscanner@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>              
>>>>> -- MailScanner mailing list mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>            
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>        

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jun  3 13:55:31 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun  3 13:55:50 2010
Subject: MailScanner ANNOUNCE: New MailScanner Database connector
References: <4C07A643.3050007@ecs.soton.ac.uk>
Message-ID: <EMEW3|9d37d7db1946a73d2e4eebc141770737m52DyZ0bMailScanner|ecs.soton.ac.uk|4C07A643.3050007@ecs.soton.ac.uk>

To develop our new BarricadeMX Plus application, we needed to extend the 
capabilities of MailScanner to allow MailScanner to read its 
configuration from a DBI compatible data source such as MySQL, 
PostgreSQL, Oracle, MS SQL, SQLite. This new feature, ConfigSQL, was 
necessary to allow the slave servers in a cluster to use a replicated 
database, instead of files, to store all configuration data.

Now that BarricadeMX Plus has been completed, tested and released, we 
have donated this code to the MailScanner Open Source Repository so it 
is now available for testing the in the latest MailScanner Beta 4.80.7.

The new module works by overriding the values already read from 
MailScanner.conf so you do not have to supply all possible values unless 
you want to. You can also mix regular file-based rulesets with database 
rulesets but not on the same configuration item. A more detailed 
description of how to use ConfigSQL along with examples will be included 
with the release notes for the next MailScanner Beta and and on our web 
site: http://www.fsl.com/images/docs/mailscanner_configsql_documentation.pdf

A complete list of all the Proprietary Fort Systems Ltd. Products includes:

MailScanner GOLD rpm repository (Beta):
---------------------------------------
http://www.fsl.com/index.php/barricademx/mailscanner-repository/mailscanner-beta

This is a free Yum repository for Red Hat and CentOS 5 i386 and x86_64 
only. It typically contains the latest MailScanner Beta rpm along with 
rpms for SpamAssassin (plus DCC, Razor, DKIM, SPF, IP-Country and 
Rule2XS plug-ins), ClamAV and all Perl module dependencies.


MailScanner GOLD rpm repository (Production):
---------------------------------------------
http://www.fsl.com/index.php/barricademx/mailscanner-repository/mailscanner-production

This is our production Yum repository for Red Hat and CentOS 5 i386 and 
x86_64 only. It contains the latest MailScanner production release rpms 
that have passed testing in the Beta repository along with rpms for 
SpamAssassin (plus DCC, Razor, DKIM, SPF, IP-Country and Rule2XS 
plug-ins), ClamAV and all Perl module dependencies, approximately 70 
rpms in total. Keeping MailScanner, SpamAssassin, ClamAV, all related 
applications and the operating system fully up to date is now as simple 
as running `yum update`.


BarricadeMX:
------------
http://www.fsl.com/index.php/barricademx/barricademx

Provides a simple, inexpensive, low maintenance, standalone anti-spam 
and anti-virus solution. It may also be used with MailScanner to 
substantially increase the capacity of the gateway and improve the 
accuracy of spam detection. Its features include:

? A small and very efficient multi-threaded C program that replaces your 
MTA on port 25 and can handle thousands of simultaneous connections on a 
single CPU system.

? Simple intuitive web interface is provided for configuration and 
statistics.

? BarricadeMX calls spamd and clamd during the DATA phase of the SMTP 
conversation so no quarantine required. Spam and Viruses are detected 
(and rejected) before the SMTP conversation is completed.

? Multiple gateways are easily clustered using peer-to-peer cache sharing.

? Very simple to install, use and maintain.


BarricadeMX Plus:
-----------------
Product Information: 
http://www.fsl.com/index.php/barricademx/barricademx-plus/information
Video Demos: 
http://www.fsl.com/index.php/barricademx/barricademx-plus/support

Packages together MailScanner an BarricadeMX with a new MailWatch like 
web based front end and a PostgreSQL back end. The same web interfacce 
is now used for all BarricadeMX and MailWatch configuration, monitoring 
and reporting.

Its features include:

? Backend authentication for user logins using POP, IMAP or Active 
Directory.

? Web interface provides separate logins and permission levels for 
users, domain administrators and site administrators.

? All MailScanner and sendmail configuration and MailWatch data is 
stored in PostgreSQL.

? A custom multi-threaded database connector provides the needed high 
speed updates to the PostgreSQL database.

? Database replication allows easy clustering of multiple gateways.

? Easily extendible, high capacity ?cloud computing? configurations are 
now possible.

? Reports formatted using .csv, pdf or html can now be delivered by email.

? Virtual Machines supported.

? Easy setup of completely different MailScanner configurations for 
individual users and domains.


And every FSL product is installed and updated automatically using only 
rpms. This makes the installation as well as the maintenance of all 
applications and the operating system, simple and foolproof. So 
installing a free, fully functional, trial of any Fort Systems 
application is quick and easy. You can request your demo at:

http://www.fsl.com/index.php/component/chronocontact/?chronoformname=product-demo-download-request 
.

Best regards,

Steve
--
Steve Swaney
President
Fort Systems Ltd
steve@fsl.com
www.fsl.com


Jules
--
Julian Field MBCS CITP CEng
Chief Technology Officer
Fort Systems Ltd
julian.field@fsl.com

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From norbert.schmidt at interactivedata.com  Thu Jun  3 14:21:22 2010
From: norbert.schmidt at interactivedata.com (Norbert Schmidt)
Date: Thu Jun  3 14:21:34 2010
Subject: Norbert Schmidt is out of the office
Message-ID: <OFAA59A7C4.427664F8-ONC1257737.00495E59-C1257737.00495E59@is-teledata.com>


I will be out of the office starting  01.06.2010 and will not return until
07.06.2010.

I'll answer to your mail, when I get back.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100603/8ec47a83/attachment.html
From alex at rtpty.com  Thu Jun  3 14:38:18 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Jun  3 14:38:42 2010
Subject: Norbert Schmidt is out of the office
In-Reply-To: <OFAA59A7C4.427664F8-ONC1257737.00495E59-C1257737.00495E59@is-teledata.com>
References: <OFAA59A7C4.427664F8-ONC1257737.00495E59-C1257737.00495E59@is-teledata.com>
Message-ID: <1303345780-1275572303-cardhu_decombobulator_blackberry.rim.net-58943325-@bda942.bisx.prod.on.blackberry>

Let's loot his office! He won't be there for a week!
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Norbert Schmidt <norbert.schmidt@interactivedata.com>
Date: Thu, 3 Jun 2010 15:21:22 
To: <mailscanner@lists.mailscanner.info>
Subject: Norbert Schmidt is out of the office

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From peter.ong at hypermediasystems.com  Thu Jun  3 14:38:59 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 14:39:09 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <EMEW3|f9df33971c9328439247a75f68f5ec79m529o40bMailScanner|ecs.soton.ac.uk|4C076CB3.40708@ecs.soton.ac.uk>
Message-ID: <1924369046.38212.1275572339400.JavaMail.root@mail021.dti>

Hi Julian,

Thanks for the reply. I believe my mistake was to escape the "/". I did "allow - text\/plain". I never know when I'm supposed to use regex and when not to, and when it's the kind that requires escapes. Maybe this should be included in the descriptions above.

p

----- Original Message -----

> From: "Julian Field" <MailScanner@ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 1:49:55 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> What did "file -i" on the msg*.txt file produce? If it's something
> nice 
> like text/plain then
> allow    -    text/plain    -    -
> should do the trick.
> 
> On 03/06/2010 00:13, Peter Ong wrote:
> > Hmm... I thought this worked, but it is not.
> >
> > p
> > ----- Original Message -----
> >
> >    
> >> From: "Peter Ong"<peter.ong@hypermediasystems.com>
> >> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
> >> Sent: Wednesday, June 2, 2010 3:50:31 PM
> >> Subject: Re: Filetype Checks: No executables on Japanese Emails
> >>
> >> I was going to add the -i too, but then I saw this:
> >>
> >> #
> >> # NOTE: Fields are separated by TAB characters --- Important!
> >> #
> >> # Syntax is allow/deny/deny+delete/email-addresses, then regular
> >> expression,
> >> #           then log text, then user report text.
> >> #
> >> # The "email-addresses" can be a space or comma-separated list of
> >> email
> >> # addresses. If the rule hits, the message will be sent to these
> >> address(es)
> >> # instead of the original recipients.
> >> #
> >> # If none of the rules match, then the filetype is allowed.
> >> #
> >> # An optional fifth field can also be added before the "log text",
> >> which
> >> # makes the checked text check against the MIME type of the
> attachment
> >> # as determined by the output of the "file -i" command.
> >>
> >>
> >> So, I just did this...
> >>
> >> allow   -       text    -       -
> >> #EXAMPLE: deny  -       x-dosexec       No DOS executables      No
> DOS
> >> programs allowed
> >> deny    -       x-dosexec       No DOS executables      No DOS
> >> programs allowed
> >>
> >>
> >> ----- Original Message -----
> >>
> >>      
> >>> From: "Alex Broens"<ms-list@alexb.ch>
> >>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
> >>> Sent: Wednesday, June 2, 2010 2:03:46 PM
> >>> Subject: Re: Filetype Checks: No executables on Japanese Emails
> >>>
> >>> On 2010-06-02 20:50, Peter Ong wrote:
> >>>        
> >>>> Actually, I just figured it out. I looked in the filetyperules
> >>>>          
> >> file
> >>      
> >>>> and the description gave me a clue of what to do. It worked.
> >>>>
> >>>> But yes, it's the first two bytes. I know only by man file.
> Hehehe
> >>>>          
> >>> My users get lots of these
> >>>
> >>> File Command = /usr/bin/file -i
> >>>
> >>> ( -i, --mime                 output mime type strings)
> >>>
> >>>
> >>> fixed it elegantly without touching the magic strings.
> >>> (thanks to a hint from the list archive)
> >>>
> >>> h2h
> >>>
> >>> Alex
> >>>
> >>>
> >>>        
> >>>> ----- Original Message -----
> >>>>
> >>>>          
> >>>>> From: "Alex Neuman"<alex@rtpty.com>  To: "MailScanner
> discussion"
> >>>>> <mailscanner@lists.mailscanner.info>  Sent: Wednesday, June 2,
> >>>>>            
> >> 2010
> >>      
> >>>>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
> >>>>> Japanese Emails
> >>>>>
> >>>>> Can you tell which are the two bytes it thinks are indicators
> of
> >>>>>            
> >> a
> >>      
> >>>>> DOS COM file and fix the magic file?
> >>>>>
> >>>>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> >>>>>
> >>>>>            
> >>>>>> Hello Everyone,
> >>>>>>
> >>>>>> How does one configure MailScanner such that this does not
> >>>>>>              
> >> occur?
> >>      
> >>>>>>              
> >>>>> Allow me to explain. The output below is the product of
> >>>>> /usr/bin/file. I like this feature because it let's us discover
> >>>>>            
> >>> the
> >>>        
> >>>>> type of the file even if it is renamed to .txt. However, some
> >>>>> Japanese emails when they are written a certain way cause this:
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype
> Checks:
> >>>>>> No
> >>>>>>              
> >>>>> executables (CBD9757287.ACE77 msg-27972-9.txt)
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
> >>>>>> message
> >>>>>>              
> >>>>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> >>>>>>              
> >>>>> "msg-27972-9.txt" to
> >>>>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> >>>>>>              
> >>>>> CBD9757287.ACE77 to 75104572B2
> >>>>>            
> >>>>>> What happens is the file named message will be quarantined
> along
> >>>>>>              
> >>>>> with msg-27972-9.txt which is actually the same message. When I
> >>>>>            
> >>> run
> >>>        
> >>>>>   /usr/bin/file on "message" it tells me it's an email text
> >>>>>            
> >>> message.
> >>>        
> >>>>> But when I run it on msg-27972-9.txt it tells me it is a DOS
> COM
> >>>>> file. The /usr/bin/file command decides the filetype by looking
> >>>>>            
> >> at
> >>      
> >>>>> the first 2 bytes of the file. To mitigate this, I have told
> >>>>>            
> >> users
> >>      
> >>>>> to type an empty line or two blank spaces before they begin
> their
> >>>>> japanese emails. However, this is not a graceful solution.
> Would
> >>>>> anyone have a better suggestion? Thank you.
> >>>>>            
> >>>>>> p -- MailScanner mailing list
> mailscanner@lists.mailscanner.info
> >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>>>
> >>>>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>>>
> >>>>>> Support MailScanner development - buy the book off the
> website!
> >>>>>>              
> >>>>> -- MailScanner mailing list mailscanner@lists.mailscanner.info
> >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>>
> >>>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>>
> >>>>> Support MailScanner development - buy the book off the website!
> >>>>>            
> >>> --
> >>> MailScanner mailing list
> >>> mailscanner@lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>>        
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From peter.ong at hypermediasystems.com  Thu Jun  3 15:08:25 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 15:08:36 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <1223216552.38251.1275573879425.JavaMail.root@mail021.dti>
Message-ID: <2049393458.38253.1275574105409.JavaMail.root@mail021.dti>

Here's what I did... (these are tab separated, btw)

allow   -       text    -       -
allow   -       text/x-mail     -       -
allow   -       text/plain      -       -
allow   -       message/rfc822  -       -

Here's what the configuration shows:
[root@gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
File Command = /usr/bin/file

Furthermore,

[root@gateway005.inf ~]# service MailScanner reload
Reloading MailScanner workers:
         MailScanner:                                      [  OK  ]
    Outgoing postfix:                                      [  OK  ]

But just to get really serious,

[root@gateway005.inf ~]# service MailScanner restart
Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
Waiting for MailScanner to die gracefully ....5....0....5....0 dead.
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:

                                                           [  OK  ]

Let me show you the message I'm about to release:
[root@gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
msg-596-5.txt: text/x-mail; charset=utf-8

So now I'm releasing it:
[root@gateway005.inf 490DC57284.A9461]# sendmail -t -i < message

After releasing it, I get this in the logs:
[root@gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 /var/log/maillog
Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No executables (55E5157282.A9520 msg-15406-4.txt)
Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected "msg-15406-4.txt" to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 55E5157282.A9520 to 964B157280

I go into the /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do this:
[root@gateway005.inf 55E5157282.A9520]# pwd
/var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
[root@gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
msg-15406-4.txt: text/x-mail; charset=utf-8

That's the same message.
b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt

It appears that they are getting caught by the line:
deny    executable      No executables          No programs allowed

What do I do? I need your help. Thank you.

p



----- Original Message -----

> From: "Julian Field" <MailScanner@ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 1:49:55 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> What did "file -i" on the msg*.txt file produce? If it's something
> nice 
> like text/plain then
> allow    -    text/plain    -    -
> should do the trick.
> 
> On 03/06/2010 00:13, Peter Ong wrote:
> > Hmm... I thought this worked, but it is not.
> >
> > p
> > ----- Original Message -----
> >
> >    
> >> From: "Peter Ong"<peter.ong@hypermediasystems.com>
> >> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
> >> Sent: Wednesday, June 2, 2010 3:50:31 PM
> >> Subject: Re: Filetype Checks: No executables on Japanese Emails
> >>
> >> I was going to add the -i too, but then I saw this:
> >>
> >> #
> >> # NOTE: Fields are separated by TAB characters --- Important!
> >> #
> >> # Syntax is allow/deny/deny+delete/email-addresses, then regular
> >> expression,
> >> #           then log text, then user report text.
> >> #
> >> # The "email-addresses" can be a space or comma-separated list of
> >> email
> >> # addresses. If the rule hits, the message will be sent to these
> >> address(es)
> >> # instead of the original recipients.
> >> #
> >> # If none of the rules match, then the filetype is allowed.
> >> #
> >> # An optional fifth field can also be added before the "log text",
> >> which
> >> # makes the checked text check against the MIME type of the
> attachment
> >> # as determined by the output of the "file -i" command.
> >>
> >>
> >> So, I just did this...
> >>
> >> allow   -       text    -       -
> >> #EXAMPLE: deny  -       x-dosexec       No DOS executables      No
> DOS
> >> programs allowed
> >> deny    -       x-dosexec       No DOS executables      No DOS
> >> programs allowed
> >>
> >>
> >> ----- Original Message -----
> >>
> >>      
> >>> From: "Alex Broens"<ms-list@alexb.ch>
> >>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
> >>> Sent: Wednesday, June 2, 2010 2:03:46 PM
> >>> Subject: Re: Filetype Checks: No executables on Japanese Emails
> >>>
> >>> On 2010-06-02 20:50, Peter Ong wrote:
> >>>        
> >>>> Actually, I just figured it out. I looked in the filetyperules
> >>>>          
> >> file
> >>      
> >>>> and the description gave me a clue of what to do. It worked.
> >>>>
> >>>> But yes, it's the first two bytes. I know only by man file.
> Hehehe
> >>>>          
> >>> My users get lots of these
> >>>
> >>> File Command = /usr/bin/file -i
> >>>
> >>> ( -i, --mime                 output mime type strings)
> >>>
> >>>
> >>> fixed it elegantly without touching the magic strings.
> >>> (thanks to a hint from the list archive)
> >>>
> >>> h2h
> >>>
> >>> Alex
> >>>
> >>>
> >>>        
> >>>> ----- Original Message -----
> >>>>
> >>>>          
> >>>>> From: "Alex Neuman"<alex@rtpty.com>  To: "MailScanner
> discussion"
> >>>>> <mailscanner@lists.mailscanner.info>  Sent: Wednesday, June 2,
> >>>>>            
> >> 2010
> >>      
> >>>>> 11:42:41 AM Subject: Re: Filetype Checks: No executables on
> >>>>> Japanese Emails
> >>>>>
> >>>>> Can you tell which are the two bytes it thinks are indicators
> of
> >>>>>            
> >> a
> >>      
> >>>>> DOS COM file and fix the magic file?
> >>>>>
> >>>>> On Jun 2, 2010, at 1:31 PM, Peter Ong wrote:
> >>>>>
> >>>>>            
> >>>>>> Hello Everyone,
> >>>>>>
> >>>>>> How does one configure MailScanner such that this does not
> >>>>>>              
> >> occur?
> >>      
> >>>>>>              
> >>>>> Allow me to explain. The output below is the product of
> >>>>> /usr/bin/file. I like this feature because it let's us discover
> >>>>>            
> >>> the
> >>>        
> >>>>> type of the file even if it is renamed to .txt. However, some
> >>>>> Japanese emails when they are written a certain way cause this:
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Filetype
> Checks:
> >>>>>> No
> >>>>>>              
> >>>>> executables (CBD9757287.ACE77 msg-27972-9.txt)
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved entire
> >>>>>> message
> >>>>>>              
> >>>>> to /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Saved infected
> >>>>>>              
> >>>>> "msg-27972-9.txt" to
> >>>>> /var/spool/MailScanner/quarantine/20100602/CBD9757287.ACE77
> >>>>>            
> >>>>>> Jun  2 11:08:29 gateway005 MailScanner[27972]: Requeue:
> >>>>>>              
> >>>>> CBD9757287.ACE77 to 75104572B2
> >>>>>            
> >>>>>> What happens is the file named message will be quarantined
> along
> >>>>>>              
> >>>>> with msg-27972-9.txt which is actually the same message. When I
> >>>>>            
> >>> run
> >>>        
> >>>>>   /usr/bin/file on "message" it tells me it's an email text
> >>>>>            
> >>> message.
> >>>        
> >>>>> But when I run it on msg-27972-9.txt it tells me it is a DOS
> COM
> >>>>> file. The /usr/bin/file command decides the filetype by looking
> >>>>>            
> >> at
> >>      
> >>>>> the first 2 bytes of the file. To mitigate this, I have told
> >>>>>            
> >> users
> >>      
> >>>>> to type an empty line or two blank spaces before they begin
> their
> >>>>> japanese emails. However, this is not a graceful solution.
> Would
> >>>>> anyone have a better suggestion? Thank you.
> >>>>>            
> >>>>>> p -- MailScanner mailing list
> mailscanner@lists.mailscanner.info
> >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>>>
> >>>>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>>>
> >>>>>> Support MailScanner development - buy the book off the
> website!
> >>>>>>              
> >>>>> -- MailScanner mailing list mailscanner@lists.mailscanner.info
> >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>>
> >>>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>>
> >>>>> Support MailScanner development - buy the book off the website!
> >>>>>            
> >>> --
> >>> MailScanner mailing list
> >>> mailscanner@lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>>        
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From ms-list at alexb.ch  Thu Jun  3 15:18:10 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jun  3 15:18:19 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <2049393458.38253.1275574105409.JavaMail.root@mail021.dti>
References: <2049393458.38253.1275574105409.JavaMail.root@mail021.dti>
Message-ID: <4C07B9A2.9090009@alexb.ch>

On 2010-06-03 16:08, Peter Ong wrote:
> Here's what I did... (these are tab separated, btw)
> 
> allow   -       text    -       -
> allow   -       text/x-mail     -       -
> allow   -       text/plain      -       -
> allow   -       message/rfc822  -       -
> 
> Here's what the configuration shows:
> [root@gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
> File Command = /usr/bin/file
> 
> Furthermore,
> 
> [root@gateway005.inf ~]# service MailScanner reload
> Reloading MailScanner workers:
>          MailScanner:                                      [  OK  ]
>     Outgoing postfix:                                      [  OK  ]
> 
> But just to get really serious,
> 
> [root@gateway005.inf ~]# service MailScanner restart
> Shutting down MailScanner daemons:
>          MailScanner:                                      [  OK  ]
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
> Waiting for MailScanner to die gracefully ....5....0....5....0 dead.
> Starting MailScanner daemons:
>          incoming postfix:                                 [  OK  ]
>          outgoing postfix:                                 [  OK  ]
>          MailScanner:
> 
>                                                            [  OK  ]
> 
> Let me show you the message I'm about to release:
> [root@gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
> msg-596-5.txt: text/x-mail; charset=utf-8
> 
> So now I'm releasing it:
> [root@gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
> 
> After releasing it, I get this in the logs:
> [root@gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 /var/log/maillog
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No executables (55E5157282.A9520 msg-15406-4.txt)
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected "msg-15406-4.txt" to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 55E5157282.A9520 to 964B157280
> 
> I go into the /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do this:
> [root@gateway005.inf 55E5157282.A9520]# pwd
> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> [root@gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
> msg-15406-4.txt: text/x-mail; charset=utf-8
> 
> That's the same message.
> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
> 
> It appears that they are getting caught by the line:
> deny    executable      No executables          No programs allowed
> 
> What do I do? I need your help. Thank you.

Tried this?

revert all rules filetypes to default then

use in MailScanner.conf

File Command = /usr/bin/file -i

This works for my chinese/japanese/korean/russian users

Alex
From davidj at synaq.com  Thu Jun  3 15:31:12 2010
From: davidj at synaq.com (David Jacobson)
Date: Thu Jun  3 15:34:12 2010
Subject: MailScanner ANNOUNCE: New MailScanner Database connector
In-Reply-To: <EMEW3|9d37d7db1946a73d2e4eebc141770737m52DyZ0bMailScanner|ecs.soton.ac.uk|4C
	07A643.3050007@ecs.soton.ac.uk>
Message-ID: <9f76f8de-6f1c-11df-9a93-0050569@asp14.rocketseed.com>



Julian, 

You rock. 

The lack of config DB support is the only thing (imo) that has made mailscanner not seem like an enterprise class application. 

Kudos on implementing this, we will definitely be testing and feedback. 

Regards, 
David 


From: "Julian Field" <MailScanner@ecs.soton.ac.uk> 
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>, "MailScanner-Announce mailing list list" <mailscanner-announce@lists.mailscanner.info> 
Sent: Thursday, June 3, 2010 2:55:31 PM 
Subject: MailScanner ANNOUNCE: New MailScanner Database connector 

To develop our new BarricadeMX Plus application, we needed to extend the 
capabilities of MailScanner to allow MailScanner to read its 
configuration from a DBI compatible data source such as MySQL, 
PostgreSQL, Oracle, MS SQL, SQLite. This new feature, ConfigSQL, was 
necessary to allow the slave servers in a cluster to use a replicated 
database, instead of files, to store all configuration data. 

Now that BarricadeMX Plus has been completed, tested and released, we 
have donated this code to the MailScanner Open Source Repository so it 
is now available for testing the in the latest MailScanner Beta 4.80.7. 

The new module works by overriding the values already read from 
MailScanner.conf so you do not have to supply all possible values unless 
you want to. You can also mix regular file-based rulesets with database 
rulesets but not on the same configuration item. A more detailed 
description of how to use ConfigSQL along with examples will be included 
with the release notes for the next MailScanner Beta and and on our web 
site: http://www.fsl.com/images/docs/mailscanner_configsql_documentation.pdf 

A complete list of all the Proprietary Fort Systems Ltd. Products includes: 

MailScanner GOLD rpm repository (Beta): 
--------------------------------------- 
http://www.fsl.com/index.php/barricademx/mailscanner-repository/mailscanner-beta 

This is a free Yum repository for Red Hat and CentOS 5 i386 and x86_64 
only. It typically contains the latest MailScanner Beta rpm along with 
rpms for SpamAssassin (plus DCC, Razor, DKIM, SPF, IP-Country and 
Rule2XS plug-ins), ClamAV and all Perl module dependencies. 


MailScanner GOLD rpm repository (Production): 
--------------------------------------------- 
http://www.fsl.com/index.php/barricademx/mailscanner-repository/mailscanner-production 

This is our production Yum repository for Red Hat and CentOS 5 i386 and 
x86_64 only. It contains the latest MailScanner production release rpms 
that have passed testing in the Beta repository along with rpms for 
SpamAssassin (plus DCC, Razor, DKIM, SPF, IP-Country and Rule2XS 
plug-ins), ClamAV and all Perl module dependencies, approximately 70 
rpms in total. Keeping MailScanner, SpamAssassin, ClamAV, all related 
applications and the operating system fully up to date is now as simple 
as running `yum update`. 


BarricadeMX: 
------------ 
http://www.fsl.com/index.php/barricademx/barricademx 

Provides a simple, inexpensive, low maintenance, standalone anti-spam 
and anti-virus solution. It may also be used with MailScanner to 
substantially increase the capacity of the gateway and improve the 
accuracy of spam detection. Its features include: 

? A small and very efficient multi-threaded C program that replaces your 
MTA on port 25 and can handle thousands of simultaneous connections on a 
single CPU system. 

? Simple intuitive web interface is provided for configuration and 
statistics. 

? BarricadeMX calls spamd and clamd during the DATA phase of the SMTP 
conversation so no quarantine required. Spam and Viruses are detected 
(and rejected) before the SMTP conversation is completed. 

? Multiple gateways are easily clustered using peer-to-peer cache sharing. 

? Very simple to install, use and maintain. 


BarricadeMX Plus: 
----------------- 
Product Information: 
http://www.fsl.com/index.php/barricademx/barricademx-plus/information 
Video Demos: 
http://www.fsl.com/index.php/barricademx/barricademx-plus/support 

Packages together MailScanner an BarricadeMX with a new MailWatch like 
web based front end and a PostgreSQL back end. The same web interfacce 
is now used for all BarricadeMX and MailWatch configuration, monitoring 
and reporting. 

Its features include: 

? Backend authentication for user logins using POP, IMAP or Active 
Directory. 

? Web interface provides separate logins and permission levels for 
users, domain administrators and site administrators. 

? All MailScanner and sendmail configuration and MailWatch data is 
stored in PostgreSQL. 

? A custom multi-threaded database connector provides the needed high 
speed updates to the PostgreSQL database. 

? Database replication allows easy clustering of multiple gateways. 

? Easily extendible, high capacity ?cloud computing? configurations are 
now possible. 

? Reports formatted using .csv, pdf or html can now be delivered by email. 

? Virtual Machines supported. 

? Easy setup of completely different MailScanner configurations for 
individual users and domains. 


And every FSL product is installed and updated automatically using only 
rpms. This makes the installation as well as the maintenance of all 
applications and the operating system, simple and foolproof. So 
installing a free, fully functional, trial of any Fort Systems 
application is quick and easy. You can request your demo at: 

http://www.fsl.com/index.php/component/chronocontact/?chronoformname=product-demo-download-request 
. 

Best regards, 

Steve 
-- 
Steve Swaney 
President 
Fort Systems Ltd 
steve@fsl.com 
www.fsl.com 


Jules 
-- 
Julian Field MBCS CITP CEng 
Chief Technology Officer 
Fort Systems Ltd 
julian.field@fsl.com 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

-- 
MailScanner mailing list 
mailscanner@lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 


<table border=0 cellspacing=0 cellpadding=0>

<tr>
<td  bgcolor="#000000" width="2px"  align="left" valign="top" nowrap>
  
</td>
<td  bgcolor="#FFFFFF" width="2px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#f08a35" width="2px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#FFFFFF" width="5px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#FFFFFF"  align="left" valign="top" nowrap>
  <table cellspacing="1" cellpadding="1" border="0" width="413">   <tr>   <td colspan="2"><strong><font face="tahoma,arial,helvetica,sans-serif" size="2">David Jacobson</font></strong></td>  </tr>    <tr>   <td colspan="2"><font face="tahoma,arial,helvetica,sans-serif" size="2">Technical Director</font></td>  </tr>    <tr>   <td width="36"><font face="verdana,geneva" size="1">Tel:</font></td>    <td width="370"><font face="verdana,geneva" size="1">011 262 3632</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Fax:</font></td>    <td><font face="verdana,geneva" size="1">086 637 8868</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Cell:</font></td>    <td><font face="verdana,geneva" size="1">083 235 0760</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Email:</font></td>    <td><font face="verdana,geneva" size="1">davidj@synaq.com</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Web:</font></td>    <td><font face="verdana,geneva" size="1"><a style="text-decoration: none;" href="http://www.synaq.com"><font color="#000000">www.synaq.com</font></a></font></td>  </tr>    <tr>   <td colspan="2"><font face="verdana,geneva" size="1"><br />   Sandhaven Office Park, Pongola Crescent<br />   Eastgate Ext 17 Sandton</font></td>  </tr>  </table>   
</td></tr>
</table>

<table border=0 cellspacing=0 cellpadding=0><tr>

<td valign="top" align="left">
<table border=0 align="left" cellspacing=0 cellpadding=0>
<tr><td valign="top" align="left">&nbsp;</td></tr>
<tr><td valign="top" align="left">

</td></tr>
<tr><td valign="top" align="left">&nbsp;</td></tr>
<tr><td valign="top" align="left">

</td></tr>
</table>
</td>

</tr></table>

<table border=0 cellspacing=0 cellpadding=0>
<tr>

</tr>
</table>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100603/599ebca3/attachment.html
From ka at pacific.net  Thu Jun  3 15:35:13 2010
From: ka at pacific.net (Ken A.)
Date: Thu Jun  3 15:35:01 2010
Subject: MailScanner ANNOUNCE: New MailScanner Database connector
In-Reply-To: <EMEW3|9d37d7db1946a73d2e4eebc141770737m52DyZ0bMailScanner|ecs.soton.ac.uk|4C07A643.3050007@ecs.soton.ac.uk>
References: <4C07A643.3050007@ecs.soton.ac.uk>
	<EMEW3|9d37d7db1946a73d2e4eebc141770737m52DyZ0bMailScanner|ecs.soton.ac.uk|4C07A643.3050007@ecs.soton.ac.uk>
Message-ID: <4C07BDA1.9090501@pacific.net>


On 06/03/2010 05:55 AM, Julian Field wrote:

> The new module works by overriding the values already read from
> MailScanner.conf so you do not have to supply all possible values unless
> you want to. You can also mix regular file-based rulesets with database
> rulesets but not on the same configuration item. A more detailed
> description of how to use ConfigSQL along with examples will be included
> with the release notes for the next MailScanner Beta and and on our web
> site:
> http://www.fsl.com/images/docs/mailscanner_configsql_documentation.pdf
>


That is good news! We currently generate the rules files from mysql and 
sync them to 2 MailScanner boxes (~17k whitelist entries).
This will greatly simplify things.
Thank you!

Ken Anderson
Pacific.Net

> Jules
> --
> Julian Field MBCS CITP CEng
> Chief Technology Officer
> Fort Systems Ltd
> julian.field@fsl.com
>

From ssilva at sgvwater.com  Thu Jun  3 16:32:18 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jun  3 16:32:42 2010
Subject: Norbert Schmidt is out of the office
In-Reply-To: <1303345780-1275572303-cardhu_decombobulator_blackberry.rim.net-58943325-@bda942.bisx.prod.on.blackberry>
References: <OFAA59A7C4.427664F8-ONC1257737.00495E59-C1257737.00495E59@is-teledata.com>
	<1303345780-1275572303-cardhu_decombobulator_blackberry.rim.net-58943325-@bda942.bisx.prod.on.blackberry>
Message-ID: <hu8hu2$tp5$1@dough.gmane.org>

I already browsed porn sites on his pc and left it infected

> Let's loot his office! He won't be there for a week!
> --
> 
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com
> 
> -----Original Message-----
> From: Norbert Schmidt <norbert.schmidt@interactivedata.com>
> Date: Thu, 3 Jun 2010 15:21:22 
> To: <mailscanner@lists.mailscanner.info>
> Subject: Norbert Schmidt is out of the office
> 


From MailScanner at ecs.soton.ac.uk  Thu Jun  3 17:12:43 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun  3 17:13:07 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <4C07B9A2.9090009@alexb.ch>
References: <2049393458.38253.1275574105409.JavaMail.root@mail021.dti>
	<4C07B9A2.9090009@alexb.ch> <4C07D47B.1040207@ecs.soton.ac.uk>
Message-ID: <EMEW3|1998a40fcac8a7edf96fe9279e34b3aem52HCk0bMailScanner|ecs.soton.ac.uk|4C07D47B.1040207@ecs.soton.ac.uk>



On 03/06/2010 15:18, Alex Broens wrote:
> On 2010-06-03 16:08, Peter Ong wrote:
>> Here's what I did... (these are tab separated, btw)
>>
>> allow   -       text    -       -
>> allow   -       text/x-mail     -       -
>> allow   -       text/plain      -       -
>> allow   -       message/rfc822  -       -
>>
>> Here's what the configuration shows:
>> [root@gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
>> File Command = /usr/bin/file
>>
>> Furthermore,
>>
>> [root@gateway005.inf ~]# service MailScanner reload
>> Reloading MailScanner workers:
>>          MailScanner:                                      [  OK  ]
>>     Outgoing postfix:                                      [  OK  ]
>>
>> But just to get really serious,
>>
>> [root@gateway005.inf ~]# service MailScanner restart
>> Shutting down MailScanner daemons:
>>          MailScanner:                                      [  OK  ]
>>          incoming postfix:                                 [  OK  ]
>>          outgoing postfix:                                 [  OK  ]
>> Waiting for MailScanner to die gracefully ....5....0....5....0 dead.
>> Starting MailScanner daemons:
>>          incoming postfix:                                 [  OK  ]
>>          outgoing postfix:                                 [  OK  ]
>>          MailScanner:
>>
>>                                                            [  OK  ]
>>
>> Let me show you the message I'm about to release:
>> [root@gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
>> msg-596-5.txt: text/x-mail; charset=utf-8
>>
>> So now I'm releasing it:
>> [root@gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
>>
>> After releasing it, I get this in the logs:
>> [root@gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 
>> /var/log/maillog
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No 
>> executables (55E5157282.A9520 msg-15406-4.txt)
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message 
>> to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected 
>> "msg-15406-4.txt" to 
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 
>> 55E5157282.A9520 to 964B157280
>>
>> I go into the 
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do this:
>> [root@gateway005.inf 55E5157282.A9520]# pwd
>> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
>> [root@gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
>> msg-15406-4.txt: text/x-mail; charset=utf-8
>>
>> That's the same message.
>> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
>> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
>>
>> It appears that they are getting caught by the line:
>> deny    executable      No executables          No programs allowed
>>
>> What do I do? I need your help. Thank you.
>
> Tried this?
>
> revert all rules filetypes to default then
>
> use in MailScanner.conf
>
> File Command = /usr/bin/file -i
>
> This works for my chinese/japanese/korean/russian users
As I said earlier, please don't do this, MIME type checking is already 
built into the filetype.rules.conf file, just read the documentation at 
the top of the file.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter.ong at hypermediasystems.com  Thu Jun  3 17:48:30 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 17:48:41 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <EMEW3|1998a40fcac8a7edf96fe9279e34b3aem52HCk0bMailScanner|ecs.soton.ac.uk|4C07D47B.1040207@ecs.soton.ac.uk>
Message-ID: <49702557.38456.1275583710633.JavaMail.root@mail021.dti>

Jules,

I could really use your advice on this. Did you read my troubleshooting steps? It only appears lengthy. I did what you recommended and the results are in my post.

p

----- Original Message -----

> From: "Julian Field" <MailScanner@ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 9:12:43 AM
> Subject: Re: Filetype Checks: No executables on Japanese Emails
> 
> On 03/06/2010 15:18, Alex Broens wrote:
> > On 2010-06-03 16:08, Peter Ong wrote:
> >> Here's what I did... (these are tab separated, btw)
> >>
> >> allow   -       text    -       -
> >> allow   -       text/x-mail     -       -
> >> allow   -       text/plain      -       -
> >> allow   -       message/rfc822  -       -
> >>
> >> Here's what the configuration shows:
> >> [root@gateway005.inf MailScanner]# grep bin\/file MailScanner.conf
> >> File Command = /usr/bin/file
> >>
> >> Furthermore,
> >>
> >> [root@gateway005.inf ~]# service MailScanner reload
> >> Reloading MailScanner workers:
> >>          MailScanner:                                      [  OK 
> ]
> >>     Outgoing postfix:                                      [  OK 
> ]
> >>
> >> But just to get really serious,
> >>
> >> [root@gateway005.inf ~]# service MailScanner restart
> >> Shutting down MailScanner daemons:
> >>          MailScanner:                                      [  OK 
> ]
> >>          incoming postfix:                                 [  OK 
> ]
> >>          outgoing postfix:                                 [  OK 
> ]
> >> Waiting for MailScanner to die gracefully ....5....0....5....0
> dead.
> >> Starting MailScanner daemons:
> >>          incoming postfix:                                 [  OK 
> ]
> >>          outgoing postfix:                                 [  OK 
> ]
> >>          MailScanner:
> >>
> >>                                                            [  OK 
> ]
> >>
> >> Let me show you the message I'm about to release:
> >> [root@gateway005.inf 490DC57284.A9461]# file -i msg-596-5.txt
> >> msg-596-5.txt: text/x-mail; charset=utf-8
> >>
> >> So now I'm releasing it:
> >> [root@gateway005.inf 490DC57284.A9461]# sendmail -t -i < message
> >>
> >> After releasing it, I get this in the logs:
> >> [root@gateway005.inf 55E5157282.A9520]# grep 55E5157282.A9520 
> >> /var/log/maillog
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Filetype Checks: No
> 
> >> executables (55E5157282.A9520 msg-15406-4.txt)
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved entire message
> 
> >> to /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> Jun  3 06:57:48 gateway005 MailScanner[15406]: Saved infected 
> >> "msg-15406-4.txt" to 
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> Jun  3 06:57:49 gateway005 MailScanner[15406]: Requeue: 
> >> 55E5157282.A9520 to 964B157280
> >>
> >> I go into the 
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520 and do
> this:
> >> [root@gateway005.inf 55E5157282.A9520]# pwd
> >> /var/spool/MailScanner/quarantine/20100603/55E5157282.A9520
> >> [root@gateway005.inf 55E5157282.A9520]# file -i msg-15406-4.txt
> >> msg-15406-4.txt: text/x-mail; charset=utf-8
> >>
> >> That's the same message.
> >> b1beb5fc88372863f249d91a717bb9ee  msg-596-5.txt
> >> b1beb5fc88372863f249d91a717bb9ee  msg-15406-4.txt
> >>
> >> It appears that they are getting caught by the line:
> >> deny    executable      No executables          No programs
> allowed
> >>
> >> What do I do? I need your help. Thank you.
> >
> > Tried this?
> >
> > revert all rules filetypes to default then
> >
> > use in MailScanner.conf
> >
> > File Command = /usr/bin/file -i
> >
> > This works for my chinese/japanese/korean/russian users
> As I said earlier, please don't do this, MIME type checking is already
> 
> built into the filetype.rules.conf file, just read the documentation
> at 
> the top of the file.
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From rlopezcnm at gmail.com  Thu Jun  3 18:04:17 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu Jun  3 18:04:27 2010
Subject: Maximum addresses in To:
Message-ID: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>

 From some place I think I read MailScanner limits white-listed email
to 20 recipients and beyond 20 it will start scanning despite
white-list.
I think I read this in the book.

ASIDE: Julian, Please expand the index in the next addition. A
permuted index would be fantastic. :-)

It that is correct I must know does this apply if email from a sender
is to bypass MailScanner scanning according to it's entry in a
scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
file.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From mailbag at partnersolutions.ca  Thu Jun  3 18:50:47 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu Jun  3 18:50:22 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <49702557.38456.1275583710633.JavaMail.root@mail021.dti>
References: <EMEW3|1998a40fcac8a7edf96fe9279e34b3aem52HCk0bMailScanner|ecs.soton.ac.uk|4C07D47B.1040207@ecs.soton.ac.uk>
	<49702557.38456.1275583710633.JavaMail.root@mail021.dti>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1FF2@PSIMS008.pshosting.intranet>

As a test try:

allow	text	text/x-mail	-	-

-Joshua
From peter.ong at hypermediasystems.com  Thu Jun  3 19:11:55 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 19:12:05 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1FF2@PSIMS008.pshosting.intranet>
Message-ID: <1040717757.38709.1275588715361.JavaMail.root@mail021.dti>

Will do.

Although, can you just confirm that on the 3rd field where it says "text/x-mail", the slash does not require escaping? Thanks.

p

----- Original Message -----

> From: "PSI Mailbag" <mailbag@partnersolutions.ca>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 10:50:47 AM
> Subject: RE: Filetype Checks: No executables on Japanese Emails
> 
> As a test try:
> 
> allow	text	text/x-mail	-	-
> 
> -Joshua
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From mailbag at partnersolutions.ca  Thu Jun  3 19:24:58 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Thu Jun  3 19:24:32 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <1040717757.38709.1275588715361.JavaMail.root@mail021.dti>
References: <38773FB858C8DD4EB14ACC4310E34DF04D1FF2@PSIMS008.pshosting.intranet>
	<1040717757.38709.1275588715361.JavaMail.root@mail021.dti>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D1FF6@PSIMS008.pshosting.intranet>

> Although, can you just confirm that on the 3rd field where it says
> "text/x-mail", the slash does not require escaping? Thanks.

I'm not too sure.. but you could find out by declaring them both as a deny with a different log description and see which one matches. I don't have any rules for the extended mime type at the moment.

-Joshua

From peter.ong at hypermediasystems.com  Thu Jun  3 19:46:27 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 19:46:38 2010
Subject: Filetype Checks: No executables on Japanese Emails
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D1FF6@PSIMS008.pshosting.intranet>
Message-ID: <584033430.38734.1275590787345.JavaMail.root@mail021.dti>

Joshua,

Sir, you're a genius! The suggestion worked.

allow text text/x-mail - -

that worked. BRILLIANT!

p


----- Original Message -----

> From: "PSI Mailbag" <mailbag@partnersolutions.ca>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 11:24:58 AM
> Subject: RE: Filetype Checks: No executables on Japanese Emails
> 
> > Although, can you just confirm that on the 3rd field where it says
> > "text/x-mail", the slash does not require escaping? Thanks.
> 
> I'm not too sure.. but you could find out by declaring them both as a
> deny with a different log description and see which one matches. I
> don't have any rules for the extended mime type at the moment.
> 
> -Joshua
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From maxsec at gmail.com  Thu Jun  3 20:01:50 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Thu Jun  3 20:01:59 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
Message-ID: <AANLkTimMdUuZ7KIfoBORBj4cy2s_qKnvoa8HY_sVRhF7@mail.gmail.com>

Whitelist will look at the envelope-to, not the entire 'to'. Only way to get
it to examine all the 'to' is to split the email up into individual emails
with a single recipient (see the wiki for how-to's for most MTA's).

-- 
Martin Hepworth
Oxford, UK

On 3 June 2010 18:04, Robert Lopez <rlopezcnm@gmail.com> wrote:

>  From some place I think I read MailScanner limits white-listed email
> to 20 recipients and beyond 20 it will start scanning despite
> white-list.
> I think I read this in the book.
>
> ASIDE: Julian, Please expand the index in the next addition. A
> permuted index would be fantastic. :-)
>
> It that is correct I must know does this apply if email from a sender
> is to bypass MailScanner scanning according to it's entry in a
> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
> file.
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100603/98da7952/attachment-0001.html
From rlopezcnm at gmail.com  Thu Jun  3 20:19:39 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu Jun  3 20:19:50 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTimMdUuZ7KIfoBORBj4cy2s_qKnvoa8HY_sVRhF7@mail.gmail.com>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
	<AANLkTimMdUuZ7KIfoBORBj4cy2s_qKnvoa8HY_sVRhF7@mail.gmail.com>
Message-ID: <AANLkTineXkbxIAr5tDzTc0sohhUiZB1rL6VeL13wC4Y1@mail.gmail.com>

On Thu, Jun 3, 2010 at 1:01 PM, Martin Hepworth <maxsec@gmail.com> wrote:
> Whitelist will look at the envelope-to, not the entire 'to'. Only way to get
> it to examine all the 'to' is to split the email up into individual emails
> with a single recipient (see the wiki for how-to's for most MTA's).
> --
> Martin Hepworth
> Oxford, UK
>
> On 3 June 2010 18:04, Robert Lopez <rlopezcnm@gmail.com> wrote:
>>
>> ?From some place I think I read MailScanner limits white-listed email
>> to 20 recipients and beyond 20 it will start scanning despite
>> white-list.
>> I think I read this in the book.
>>
>> ASIDE: Julian, Please expand the index in the next addition. A
>> permuted index would be fantastic. :-)
>>
>> It that is correct I must know does this apply if email from a sender
>> is to bypass MailScanner scanning according to it's entry in a
>> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
>> file.
>>
>> --
>> Robert Lopez
>> Unix Systems Administrator
>> Central New Mexico Community College (CNM)
>> 525 Buena Vista SE
>> Albuquerque, New Mexico 87106
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>

Thank you Martin.

I stated one big  "IF TRUE ... "  that I am wondering about.

So, if that is true, then I am specifically wanting to find when email
is bypassing scanning due to the use of Scan Messages =
%rules-dir%/scan.messages.rules that bypass will be stopped due to the
number of recipients.

I am not caring to "get it to scan". I am caring to make certain it
does not scan.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From glenn.steen at gmail.com  Thu Jun  3 21:04:07 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jun  3 21:04:16 2010
Subject: OT: "Broken" emails
In-Reply-To: <AANLkTin-FCL506upmN9LB5svtzFgQUjhqv_zn8hWZBdv@mail.gmail.com>
References: <AANLkTin-FCL506upmN9LB5svtzFgQUjhqv_zn8hWZBdv@mail.gmail.com>
Message-ID: <AANLkTikAYaNnuU7wHBRXDt1UWF3hB7QpNWMp2_243WNL@mail.gmail.com>

Someone or something is inserting a blank line in the headers, likely.
He you look at the total text of it all... Is there a discernible
pattern? Should be possible to see exactly what/where, so to speak.
Could you give up an example?

2010/6/2, Eduardo Casarero <ecasarero@gmail.com>:
> Hi everybody, i now it is OT, but i have 1 customer that from time to time
> recieves emails that in the MUA are shown "broken", I mean like header and
> body in the body as an text file.
>
> I dont know if i am clear? but does anybody have any clue of what can be
> happening? or where does the email loses consistency?
>
> Thanks!
>

-- 
Skickat fr?n min mobila enhet

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mark at msapiro.net  Thu Jun  3 21:17:33 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Thu Jun  3 21:17:44 2010
Subject: Problem with 4.80.7 rpm install.
Message-ID: <PC1952010060313173304686449f135@msapiro>

My system is CentOS 5. I was running MailScanner 4.80.4. In my
configuration I have

Run As User = postfix
Run As Group = postfix

I downloaded
<http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
unpacked it and ran the install.sh script as usual.

MailScanner --lint

ran normally, but when I ran

service MailScanner restartms

children died during initialization with

Jun  3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
ownership of /var/spool/MailScanner/incoming correct?

This would then spawn another child which would die the same way.

It seems the install process (run as root) changed the owner of
/var/spool/MailScanner/incoming from postfix to root.

chown postfix /var/spool/MailScanner/incoming/

fixed the problem, but the owner shouldn't have been changed in the
first place.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From glenn.steen at gmail.com  Thu Jun  3 21:20:02 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jun  3 21:20:11 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTineXkbxIAr5tDzTc0sohhUiZB1rL6VeL13wC4Y1@mail.gmail.com>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
	<AANLkTimMdUuZ7KIfoBORBj4cy2s_qKnvoa8HY_sVRhF7@mail.gmail.com>
	<AANLkTineXkbxIAr5tDzTc0sohhUiZB1rL6VeL13wC4Y1@mail.gmail.com>
Message-ID: <AANLkTikn6RYe6Y_t8msKFX9U7aIRcrlUlwLnWiWwC8Qo@mail.gmail.com>

Martins advice, to use "recipient splitting", is absolutely what you
want... Two reasons:
1. It will ensure that only mail to the actual recipients hit the
bypass... The rulesets will act on the first envelope recipient,
elsewise.
2. MailScanner will never see more than one recipient, thus making
your concern a moot point.
Neat and tidy;-)

2010/6/3, Robert Lopez <rlopezcnm@gmail.com>:
> On Thu, Jun 3, 2010 at 1:01 PM, Martin Hepworth <maxsec@gmail.com> wrote:
>> Whitelist will look at the envelope-to, not the entire 'to'. Only way to
>> get
>> it to examine all the 'to' is to split the email up into individual emails
>> with a single recipient (see the wiki for how-to's for most MTA's).
>> --
>> Martin Hepworth
>> Oxford, UK
>>
>> On 3 June 2010 18:04, Robert Lopez <rlopezcnm@gmail.com> wrote:
>>>
>>> ?From some place I think I read MailScanner limits white-listed email
>>> to 20 recipients and beyond 20 it will start scanning despite
>>> white-list.
>>> I think I read this in the book.
>>>
>>> ASIDE: Julian, Please expand the index in the next addition. A
>>> permuted index would be fantastic. :-)
>>>
>>> It that is correct I must know does this apply if email from a sender
>>> is to bypass MailScanner scanning according to it's entry in a
>>> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
>>> file.
>>>
>>> --
>>> Robert Lopez
>>> Unix Systems Administrator
>>> Central New Mexico Community College (CNM)
>>> 525 Buena Vista SE
>>> Albuquerque, New Mexico 87106
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> Thank you Martin.
>
> I stated one big  "IF TRUE ... "  that I am wondering about.
>
> So, if that is true, then I am specifically wanting to find when email
> is bypassing scanning due to the use of Scan Messages =
> %rules-dir%/scan.messages.rules that bypass will be stopped due to the
> number of recipients.
>
> I am not caring to "get it to scan". I am caring to make certain it
> does not scan.
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
Skickat fr?n min mobila enhet

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From peter.ong at hypermediasystems.com  Thu Jun  3 22:26:08 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun  3 22:26:18 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
Message-ID: <400838940.39084.1275600368399.JavaMail.root@mail021.dti>

There's a config parameter in mailscanner.conf that says something like this.

p

----- Original Message -----

> From: "Robert Lopez" <rlopezcnm@gmail.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Thursday, June 3, 2010 10:04:17 AM
> Subject: Maximum addresses in To:
> 
> From some place I think I read MailScanner limits white-listed email
> to 20 recipients and beyond 20 it will start scanning despite
> white-list.
> I think I read this in the book.
> 
> ASIDE: Julian, Please expand the index in the next addition. A
> permuted index would be fantastic. :-)
> 
> It that is correct I must know does this apply if email from a sender
> is to bypass MailScanner scanning according to it's entry in a
> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
> file.
> 
> -- 
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From rlopezcnm at gmail.com  Thu Jun  3 22:48:57 2010
From: rlopezcnm at gmail.com (Robert Lopez)
Date: Thu Jun  3 22:49:06 2010
Subject: Maximum addresses in To:
In-Reply-To: <400838940.39084.1275600368399.JavaMail.root@mail021.dti>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
	<400838940.39084.1275600368399.JavaMail.root@mail021.dti>
Message-ID: <AANLkTik2H2ZNjnPvKhzJrHYK4Fho2hmk4jMi8u-mfZlW@mail.gmail.com>

On Thu, Jun 3, 2010 at 3:26 PM, Peter Ong
<peter.ong@hypermediasystems.com> wrote:
> There's a config parameter in mailscanner.conf that says something like this.
>
> p
>
> ----- Original Message -----
>
>> From: "Robert Lopez" <rlopezcnm@gmail.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Thursday, June 3, 2010 10:04:17 AM
>> Subject: Maximum addresses in To:
>>
>> From some place I think I read MailScanner limits white-listed email
>> to 20 recipients and beyond 20 it will start scanning despite
>> white-list.
>> I think I read this in the book.
>>
>> ASIDE: Julian, Please expand the index in the next addition. A
>> permuted index would be fantastic. :-)
>>
>> It that is correct I must know does this apply if email from a sender
>> is to bypass MailScanner scanning according to it's entry in a
>> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
>> file.
>>
>> --
>> Robert Lopez
>> Unix Systems Administrator
>> Central New Mexico Community College (CNM)
>> 525 Buena Vista SE
>> Albuquerque, New Mexico 87106
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Yes Peter, there is and I am using it (thanks to advice from Julian Fields).

This college has contracted with an emergency communications service
which will use many forms of communication to send out emergency
messages.
One of the methods is email and they will send email to every email
address a person has given them.
That company will "blast" email to get them delivered as fast as possible.
For many reasons, the college is white-listing them to postfix.
Our config of postfix passes everything on to MailScanner.
I have set up rules in the scan.messages.rules file which will match
patterns in email coming from the service.
The match will tell MailScanner, via the parameter "Scan Messages",
not to scan the email from them.

Martin and Glenn now have informed me I should be looking to see how
to tell postfix to do "recipient splitting".

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
From glenn.steen at gmail.com  Fri Jun  4 08:22:03 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jun  4 08:22:12 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTik2H2ZNjnPvKhzJrHYK4Fho2hmk4jMi8u-mfZlW@mail.gmail.com>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
	<400838940.39084.1275600368399.JavaMail.root@mail021.dti>
	<AANLkTik2H2ZNjnPvKhzJrHYK4Fho2hmk4jMi8u-mfZlW@mail.gmail.com>
Message-ID: <AANLkTikOC8Hyrnlizs8bIvncgUqJRfvvA7erLBXCEVTy@mail.gmail.com>

On 3 June 2010 23:48, Robert Lopez <rlopezcnm@gmail.com> wrote:
> On Thu, Jun 3, 2010 at 3:26 PM, Peter Ong
> <peter.ong@hypermediasystems.com> wrote:
>> There's a config parameter in mailscanner.conf that says something like this.
>>
>> p
>>
>> ----- Original Message -----
>>
>>> From: "Robert Lopez" <rlopezcnm@gmail.com>
>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> Sent: Thursday, June 3, 2010 10:04:17 AM
>>> Subject: Maximum addresses in To:
>>>
>>> From some place I think I read MailScanner limits white-listed email
>>> to 20 recipients and beyond 20 it will start scanning despite
>>> white-list.
>>> I think I read this in the book.
>>>
>>> ASIDE: Julian, Please expand the index in the next addition. A
>>> permuted index would be fantastic. :-)
>>>
>>> It that is correct I must know does this apply if email from a sender
>>> is to bypass MailScanner scanning according to it's entry in a
>>> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
>>> file.
>>>
>>> --
>>> Robert Lopez
>>> Unix Systems Administrator
>>> Central New Mexico Community College (CNM)
>>> 525 Buena Vista SE
>>> Albuquerque, New Mexico 87106
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> Yes Peter, there is and I am using it (thanks to advice from Julian Fields).
>
> This college has contracted with an emergency communications service
> which will use many forms of communication to send out emergency
> messages.
> One of the methods is email and they will send email to every email
> address a person has given them.
> That company will "blast" email to get them delivered as fast as possible.
> For many reasons, the college is white-listing them to postfix.
> Our config of postfix passes everything on to MailScanner.
> I have set up rules in the scan.messages.rules file which will match
> patterns in email coming from the service.
> The match will tell MailScanner, via the parameter "Scan Messages",
> not to scan the email from them.
>
> Martin and Glenn now have informed me I should be looking to see how
> to tell postfix to do "recipient splitting".
>
Have a look at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient
... It's been a while since I typed that lot up, so there is likely
room for improvement:-). But it really does work;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri Jun  4 08:30:15 2010
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri Jun  4 08:30:24 2010
Subject: Problem with 4.80.7 rpm install.
In-Reply-To: <PC1952010060313173304686449f135@msapiro>
References: <PC1952010060313173304686449f135@msapiro>
Message-ID: <AANLkTimVWWvONuZOZQnK-J6UpPQWGbMjiSEV0SxtgU6S@mail.gmail.com>

On 3 June 2010 22:17, Mark Sapiro <mark@msapiro.net> wrote:
> My system is CentOS 5. I was running MailScanner 4.80.4. In my
> configuration I have
>
> Run As User = postfix
> Run As Group = postfix
>
> I downloaded
> <http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
> unpacked it and ran the install.sh script as usual.
>
> MailScanner --lint
>
> ran normally, but when I ran
>
> service MailScanner restartms
>
> children died during initialization with
>
> Jun ?3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
> Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
> ownership of /var/spool/MailScanner/incoming correct?
>
> This would then spawn another child which would die the same way.
>
> It seems the install process (run as root) changed the owner of
> /var/spool/MailScanner/incoming from postfix to root.
>
> chown postfix /var/spool/MailScanner/incoming/
>
> fixed the problem, but the owner shouldn't have been changed in the
> first place.
>
Thanks for the headup Mark!

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From maxsec at gmail.com  Fri Jun  4 08:37:16 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Fri Jun  4 08:37:24 2010
Subject: Maximum addresses in To:
In-Reply-To: <AANLkTik2H2ZNjnPvKhzJrHYK4Fho2hmk4jMi8u-mfZlW@mail.gmail.com>
References: <AANLkTimtdx4F1kniszPVRusGIx4ryyaU6HkF9Ohu6-hI@mail.gmail.com>
	<400838940.39084.1275600368399.JavaMail.root@mail021.dti>
	<AANLkTik2H2ZNjnPvKhzJrHYK4Fho2hmk4jMi8u-mfZlW@mail.gmail.com>
Message-ID: <AANLkTilbssGQxHRa-aN2KjimUHqvJ4FVcId0HkpGnrva@mail.gmail.com>

Robert

perhaps you're referring to this setting..

http://www.mailscanner.info/MailScanner.conf.index.html#Ignore%20Spam%20Whitelist%20If%20Recipients%20Exceed



-- 
Martin Hepworth
Oxford, UK

On 3 June 2010 22:48, Robert Lopez <rlopezcnm@gmail.com> wrote:

> On Thu, Jun 3, 2010 at 3:26 PM, Peter Ong
> <peter.ong@hypermediasystems.com> wrote:
> > There's a config parameter in mailscanner.conf that says something like
> this.
> >
> > p
> >
> > ----- Original Message -----
> >
> >> From: "Robert Lopez" <rlopezcnm@gmail.com>
> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> >> Sent: Thursday, June 3, 2010 10:04:17 AM
> >> Subject: Maximum addresses in To:
> >>
> >> From some place I think I read MailScanner limits white-listed email
> >> to 20 recipients and beyond 20 it will start scanning despite
> >> white-list.
> >> I think I read this in the book.
> >>
> >> ASIDE: Julian, Please expand the index in the next addition. A
> >> permuted index would be fantastic. :-)
> >>
> >> It that is correct I must know does this apply if email from a sender
> >> is to bypass MailScanner scanning according to it's entry in a
> >> scan.messages.rules (Scan Messages = %rules-dir%/scan.messages.rules)
> >> file.
> >>
> >> --
> >> Robert Lopez
> >> Unix Systems Administrator
> >> Central New Mexico Community College (CNM)
> >> 525 Buena Vista SE
> >> Albuquerque, New Mexico 87106
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> Yes Peter, there is and I am using it (thanks to advice from Julian
> Fields).
>
> This college has contracted with an emergency communications service
> which will use many forms of communication to send out emergency
> messages.
> One of the methods is email and they will send email to every email
> address a person has given them.
> That company will "blast" email to get them delivered as fast as possible.
> For many reasons, the college is white-listing them to postfix.
> Our config of postfix passes everything on to MailScanner.
> I have set up rules in the scan.messages.rules file which will match
> patterns in email coming from the service.
> The match will tell MailScanner, via the parameter "Scan Messages",
> not to scan the email from them.
>
> Martin and Glenn now have informed me I should be looking to see how
> to tell postfix to do "recipient splitting".
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100604/2b6cedb3/attachment.html
From MailScanner at ecs.soton.ac.uk  Fri Jun  4 09:14:03 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jun  4 09:14:20 2010
Subject: Problem with 4.80.7 rpm install.
In-Reply-To: <AANLkTimVWWvONuZOZQnK-J6UpPQWGbMjiSEV0SxtgU6S@mail.gmail.com>
References: <PC1952010060313173304686449f135@msapiro>
	<AANLkTimVWWvONuZOZQnK-J6UpPQWGbMjiSEV0SxtgU6S@mail.gmail.com>
	<4C08B5CB.9000209@ecs.soton.ac.uk>
Message-ID: <EMEW3|84c74d36400e5f47db5d589f72ce902am539E70bMailScanner|ecs.soton.ac.uk|4C08B5CB.9000209@ecs.soton.ac.uk>



On 04/06/2010 08:30, Glenn Steen wrote:
> On 3 June 2010 22:17, Mark Sapiro<mark@msapiro.net>  wrote:
>    
>> My system is CentOS 5. I was running MailScanner 4.80.4. In my
>> configuration I have
>>
>> Run As User = postfix
>> Run As Group = postfix
>>
>> I downloaded
>> <http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
>> unpacked it and ran the install.sh script as usual.
>>
>> MailScanner --lint
>>
>> ran normally, but when I ran
>>
>> service MailScanner restartms
>>
>> children died during initialization with
>>
>> Jun  3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
>> Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
>> ownership of /var/spool/MailScanner/incoming correct?
>>
>> This would then spawn another child which would die the same way.
>>
>> It seems the install process (run as root) changed the owner of
>> /var/spool/MailScanner/incoming from postfix to root.
>>
>> chown postfix /var/spool/MailScanner/incoming/
>>
>> fixed the problem, but the owner shouldn't have been changed in the
>> first place.
>>
>>      
> Thanks for the headup Mark!
>    
That's odd, this one shouldn't happen. In the installation process (when 
it installs the mailscanner*rpm), it does this:

# Create the incoming and quarantine dirs if needed
for F in incoming quarantine incoming/Locks
do
   if [ \! -d /var/spool/MailScanner/$F ]; then
     mkdir -p /var/spool/MailScanner/$F
     chown root.root /var/spool/MailScanner/$F
     chmod 0755 /var/spool/MailScanner/$F
   fi
done

which should leave any pre-existing directories alone. Can you see any 
reason why this wouldn't work on your system?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Fri Jun  4 11:55:17 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Fri Jun  4 11:57:40 2010
Subject: OT: "Broken" emails
In-Reply-To: <AANLkTikAYaNnuU7wHBRXDt1UWF3hB7QpNWMp2_243WNL@mail.gmail.com>
References: <AANLkTin-FCL506upmN9LB5svtzFgQUjhqv_zn8hWZBdv@mail.gmail.com>
	<AANLkTikAYaNnuU7wHBRXDt1UWF3hB7QpNWMp2_243WNL@mail.gmail.com>
Message-ID: <13108163f8627fecfb25c621da63aefa@127.0.0.1>


On Thu, 3 Jun 2010 22:04:07 +0200, Glenn Steen <glenn.steen@gmail.com>
wrote:
> Someone or something is inserting a blank line in the headers, likely.
> He you look at the total text of it all... Is there a discernible
> pattern? Should be possible to see exactly what/where, so to speak.

I recall having seen something like this when the sender is not correctly
using the CRLF combination as required in the RFC.

With only CR or LF the message gets corrected later without a problem. But
if you use LF/CR instead of CRLF you end up with CRLF/CRLF as corrected
seperator and then you are up a creek.

Hugo.

-- 
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From mark at msapiro.net  Fri Jun  4 15:05:18 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Fri Jun  4 15:05:28 2010
Subject: Problem with 4.80.7 rpm install.
In-Reply-To: <EMEW3|84c74d36400e5f47db5d589f72ce902am539E70bMailScanner|ecs.soton.ac.uk|4C08B5CB.9000209@ecs.soton.ac.uk>
References: <PC1952010060313173304686449f135@msapiro>	<AANLkTimVWWvONuZOZQnK-J6UpPQWGbMjiSEV0SxtgU6S@mail.gmail.com>	<4C08B5CB.9000209@ecs.soton.ac.uk>
	<EMEW3|84c74d36400e5f47db5d589f72ce902am539E70bMailScanner|ecs.soton.ac.uk|4C08B5CB.9000209@ecs.soton.ac.uk>
Message-ID: <4C09081E.3080904@msapiro.net>

On 11:59 AM, Julian Field wrote:
> 
> 
> On 04/06/2010 08:30, Glenn Steen wrote:
>> On 3 June 2010 22:17, Mark Sapiro<mark@msapiro.net>  wrote:
>>   
>>> My system is CentOS 5. I was running MailScanner 4.80.4. In my
>>> configuration I have
>>>
>>> Run As User = postfix
>>> Run As Group = postfix
>>>
>>> I downloaded
>>> <http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
>>>
>>> unpacked it and ran the install.sh script as usual.
>>>
>>> MailScanner --lint
>>>
>>> ran normally, but when I ran
>>>
>>> service MailScanner restartms
>>>
>>> children died during initialization with
>>>
>>> Jun  3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
>>> Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
>>> ownership of /var/spool/MailScanner/incoming correct?
>>>
>>> This would then spawn another child which would die the same way.
>>>
>>> It seems the install process (run as root) changed the owner of
>>> /var/spool/MailScanner/incoming from postfix to root.
>>>
>>> chown postfix /var/spool/MailScanner/incoming/
>>>
>>> fixed the problem, but the owner shouldn't have been changed in the
>>> first place.
>>>
>>>      
>> Thanks for the headup Mark!
>>    
> That's odd, this one shouldn't happen. In the installation process (when
> it installs the mailscanner*rpm), it does this:
> 
> # Create the incoming and quarantine dirs if needed
> for F in incoming quarantine incoming/Locks
> do
>   if [ \! -d /var/spool/MailScanner/$F ]; then
>     mkdir -p /var/spool/MailScanner/$F
>     chown root.root /var/spool/MailScanner/$F
>     chmod 0755 /var/spool/MailScanner/$F
>   fi
> done
> 
> which should leave any pre-existing directories alone. Can you see any
> reason why this wouldn't work on your system?


No. I don't see why that wouldn't work. Also, that is apparently not
what did it as the group of all 3 was still postfix; the owner of
quarantine and incoming/Locks was still postfix, and the mode of
incoming/Locks which was 0750 before was unchanged.

Perhaps it was just some glitch or something I did without realizing.
We'll see if it happens to others.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From hvdkooij at vanderkooij.org  Fri Jun  4 15:47:29 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Fri Jun  4 15:49:50 2010
Subject: Problem with 4.80.7 rpm install.
In-Reply-To: <4C09081E.3080904@msapiro.net>
References: <PC1952010060313173304686449f135@msapiro>	<AANLkTimVWWvONuZOZQnK-J6UpPQWGbMjiSEV0SxtgU6S@mail.gmail.com>	<4C08B5CB.9000209@ecs.soton.ac.uk>
	<EMEW3|84c74d36400e5f47db5d589f72ce902am539E70bMailScanner|ecs.soton.ac.uk|4C08B5CB.9000209@ecs.soton.ac.uk>
	<4C09081E.3080904@msapiro.net>
Message-ID: <32bf0f2fd371e3748f027779d2ff63cd@127.0.0.1>


On Fri, 04 Jun 2010 07:05:18 -0700, Mark Sapiro <mark@msapiro.net> wrote:

>> which should leave any pre-existing directories alone. Can you see any
>> reason why this wouldn't work on your system?
> 
> No. I don't see why that wouldn't work. Also, that is apparently not
> what did it as the group of all 3 was still postfix; the owner of
> quarantine and incoming/Locks was still postfix, and the mode of
> incoming/Locks which was 0750 before was unchanged.

I recall that one of the update commands actually sets the owner back to
root. But I must admit my memory is not good enough to remember the exact
command that did this.

Hugo

-- 
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From Ron.Ghetti at town.barnstable.ma.us  Fri Jun  4 16:01:28 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Fri Jun  4 16:03:54 2010
Subject: Blocking word documents
Message-ID: <0983B1770B088F4FBDF604A4C2834F570AEE56@ITMAIL.town.barnstable.ma.us>


 This is a strange one.
 I don't have anything set up to block word documents
 Which would be pretty important to always allow.
 Any thoughts on why this is happening ?

 thanks



This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "AsletonParkSeriesJuly9-2010.doc"
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

If you wish to receive a copy of the original attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Fri Jun  4 08:16:08 2010 the virus scanner said:
   MailScanner: No programs allowed (AsletonParkSeriesJuly9-2010.doc)

Note to Help Desk: Look on the town-barnstable-ma-us () MailScanner in
/var/spool/MailScanner/quarantine/20100604 (message 33B923DA7E.A55C5).
-- 
Postmaster


For all your IT requirements visit: http://www.transtec.co.uk
From alex at rtpty.com  Fri Jun  4 16:11:05 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Jun  4 16:11:19 2010
Subject: Blocking word documents
In-Reply-To: <0983B1770B088F4FBDF604A4C2834F570AEE56@ITMAIL.town.barnstable.ma.us>
References: <0983B1770B088F4FBDF604A4C2834F570AEE56@ITMAIL.town.barnstable.ma.us>
Message-ID: <8CBE41B6-EA99-4CC1-B61D-9363BCC9A21D@rtpty.com>

It thinks it's a program.
Check the "file -i" discussion earlier on the list.

On Jun 4, 2010, at 10:01 AM, Ghetti, Ron wrote:

> 
> This is a strange one.
> I don't have anything set up to block word documents
> Which would be pretty important to always allow.
> Any thoughts on why this is happening ?
> 
> thanks
> 
> 
> 
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "AsletonParkSeriesJuly9-2010.doc"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
> 
> If you wish to receive a copy of the original attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
> 
> At Fri Jun  4 08:16:08 2010 the virus scanner said:
>   MailScanner: No programs allowed (AsletonParkSeriesJuly9-2010.doc)
> 
> Note to Help Desk: Look on the town-barnstable-ma-us () MailScanner in
> /var/spool/MailScanner/quarantine/20100604 (message 33B923DA7E.A55C5).
> -- 
> Postmaster
> 
> 
> For all your IT requirements visit: http://www.transtec.co.uk
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From peter.ong at hypermediasystems.com  Fri Jun  4 17:52:55 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun  4 17:53:06 2010
Subject: Blocking word documents
In-Reply-To: <0983B1770B088F4FBDF604A4C2834F570AEE56@ITMAIL.town.barnstable.ma.us>
Message-ID: <473487611.39493.1275670375186.JavaMail.root@mail021.dti>

In MailScanner.conf, go to the section "Logging"

Turn those on. Send an email with a word doc attached. Then post your log.

p

----- Original Message -----

> From: "Ron Ghetti" <Ron.Ghetti@town.barnstable.ma.us>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 4, 2010 8:01:28 AM
> Subject: Blocking word documents
> 
> This is a strange one.
>  I don't have anything set up to block word documents
>  Which would be pretty important to always allow.
>  Any thoughts on why this is happening ?
> 
>  thanks
> 
> 
> 
> This is a message from the MailScanner E-Mail Virus Protection
> Service
> ----------------------------------------------------------------------
> The original e-mail attachment "AsletonParkSeriesJuly9-2010.doc"
> is on the list of unacceptable attachments for this site and has been
> replaced by this warning message.
> 
> If you wish to receive a copy of the original attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
> 
> At Fri Jun  4 08:16:08 2010 the virus scanner said:
>    MailScanner: No programs allowed (AsletonParkSeriesJuly9-2010.doc)
> 
> Note to Help Desk: Look on the town-barnstable-ma-us () MailScanner
> in
> /var/spool/MailScanner/quarantine/20100604 (message
> 33B923DA7E.A55C5).
> -- 
> Postmaster
> 
> 
> For all your IT requirements visit: http://www.transtec.co.uk
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From nsnidanko at harperpowerproducts.com  Fri Jun  4 18:45:46 2010
From: nsnidanko at harperpowerproducts.com (Naz Snidanko)
Date: Fri Jun  4 18:45:59 2010
Subject: Sharing my mailscanner setup
Message-ID: <9453A32CAC9FFB4D8F59285E34B6A5062DE2@hotc_exch.harperotc.com>

Hi Gents,

 

I want to share my MailScanner setup and hope this will be useful to
someone:

Server runs postfix with mailscanner in gateway mode, which forwards all
email to our exchange servers (3 in total).

We don't use mailwatch, since there is no need for it. The only thing we
really care about is "stripped" attachments.

To make it simple, I moved quarantine folder to /var/www/quarantine
(configured on apache as root directory) and installed QuiXplorer
(simple php based file manager) in /var/www to browse quarantine folders
and pull out attachments without any effort.

 

To implement simple security we use .htacess files on /var/www to have
basic authentication.

 

Feel free to email me questions about running mailscanner in gateway
mode for Ms. Exchange.

 

Hope it will be useful,

Naz Snidanko

Desktop & Network Support

Harper Power Products Inc.

(p) 416 201- 7506

nsnidanko@harperpowerproducts.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100604/7d54b175/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Fri Jun  4 19:08:18 2010
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Fri Jun  4 19:08:42 2010
Subject: Blocking word documents
Message-ID: <0983B1770B088F4FBDF604A4C2834F570AEE59@ITMAIL.town.barnstable.ma.us>



Ok, I see it thanks.

I turned off deny programs, 
I'll let postfix and the firewall handle that 
Before it gets this far.





-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex
Neuman
Sent: Friday, June 04, 2010 11:11 AM
To: MailScanner discussion
Subject: Re: Blocking word documents


It thinks it's a program.
Check the "file -i" discussion earlier on the list.

On Jun 4, 2010, at 10:01 AM, Ghetti, Ron wrote:

> 
> This is a strange one.
> I don't have anything set up to block word documents
> Which would be pretty important to always allow.
> Any thoughts on why this is happening ?
> 
> thanks
> 
> 
> 
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "AsletonParkSeriesJuly9-2010.doc" is on

> the list of unacceptable attachments for this site and has been 
> replaced by this warning message.
> 
> If you wish to receive a copy of the original attachment, please 
> e-mail helpdesk and include the whole of this message in your request.

> Alternatively, you can call them, with the contents of this message to

> hand when you call.
> 
> At Fri Jun  4 08:16:08 2010 the virus scanner said:
>   MailScanner: No programs allowed (AsletonParkSeriesJuly9-2010.doc)
> 
> Note to Help Desk: Look on the town-barnstable-ma-us () MailScanner in

> /var/spool/MailScanner/quarantine/20100604 (message 33B923DA7E.A55C5).
> --
> Postmaster
> 
> 
> For all your IT requirements visit: http://www.transtec.co.uk
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From mailbag at partnersolutions.ca  Fri Jun  4 19:59:31 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Fri Jun  4 20:00:26 2010
Subject: Sharing my mailscanner setup
In-Reply-To: <9453A32CAC9FFB4D8F59285E34B6A5062DE2@hotc_exch.harperotc.com>
References: <9453A32CAC9FFB4D8F59285E34B6A5062DE2@hotc_exch.harperotc.com>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D200F@PSIMS008.pshosting.intranet>

> Feel free to email me questions about running mailscanner in gateway
mode for Ms. Exchange.


Hi Naz,

 It doesn't sound like anything too different, but you should take a
look at the MailScanner Wiki and update it if there's anything special
about your deployment that you feel may be useful for someone else.

 For example:
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:postfix:installation

 (there's a few other Postfix specific pages as well)

 Cheers,
-Joshua
From roland at inbox4u.de  Sun Jun  6 12:00:58 2010
From: roland at inbox4u.de (Ehle, Roland)
Date: Sun Jun  6 12:01:18 2010
Subject: Messaging statistics for a MailScanner / Exchange 2007 environment
Message-ID: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local>

Hi all,

I wrote a Powershell Script to have  the daily overall messaging statistics in a MailScanner / Exchange 2007 environment.  The script collects the information from the Message Tracking Logs of all Transport Servers and by doing some selects on the MailWatch MySQL database.

Prerequisites:
Windows computer with Powershell and Exchange 2007 Administration Tools installed. Powershell version can either be 1.0 or 2.0, depending on your environment.
For the MySQL Part of the script you need to download the .Net MySQL Connector from http://dev.mysql.com/downloads/connector/net/5.1.html and place the file MySQLData.dll into the directory, where the script is located at.

Results are sent by E-Mail and stored into c:\daily.csv (semicolon is used as delimiter) for further usage.

The script has been successfully tested on Exchange 2010 too. Script is herewith contributed as is. If you find the script useful, a link to my homepage http://www.roland-ehle.de is highly appreciated.

Script has no comments yet, sorry.

Regards,
Roland

$hubs = Get-TransportServer

# Get the start date for the tracking log search
$Start = (Get-Date -Hour 00 -Minute 00 -Second 00).AddDays(-1)

# Get the end date for the tracking log search
$End = (Get-Date -Hour 23 -Minute 59 -Second 59).AddDays(-1)

$Datum = $Start.ToShortDateString()

$receive = $hubs | get-messagetrackinglog -Start $Start -End $End -EventID "RECEIVE" -ResultSize Unlimited | select Sender,RecipientCount,TotalBytes,Recipients
$send = $hubs | get-messagetrackinglog -Start $Start -End $End -EventID "SEND" -ResultSize Unlimited | select Sender,RecipientCount,TotalBytes
$mreceive = $receive | Measure-Object TotalBytes -maximum -minimum -average -sum
$msend = $send | Measure-Object TotalBytes -maximum -minimum -average -sum

$anzahl = $mreceive.count + $msend.count
$volumen = ($mreceive.sum + $msend.sum) / (1024 * 1024)

$volumen = "{0:N2}" -f $volumen + " MB"

$msendmb = $msend.sum / (1024 * 1024)
$vsend = "{0:N2}" -f $msendmb + " MB"
$bigsend = $msend.maximum / (1024 * 1024)
$avsend = $msend.average / 1024

$bigsendmb = "{0:N2}" -f $bigsend + " MB"
$avsendkb = "{0:N2}" -f $avsend + " KB"


$mreceivemb = $mreceive.sum / (1024 * 1024)
$vreceive = "{0:N2}" -f $mreceivemb + " MB"
$bigreceive = $mreceive.maximum / (1024 * 1024)
$avreceive = $mreceive.average / 1024
#

$bigreceivemb = "{0:N2}" -f $bigreceive + " MB"
$avreceivekb = "{0:N2}" -f $avreceive + " KB"


#$senders = $send | Group-Object Sender | Sort-Object Count -Descending
#$topsender = $senders[0].Name
#$topsender += $senders[0].Count


#$receivers = $receive | Group-Object Recipients | Sort-Object Count -Descending
#$topreceiver = $receivers[0]
#$topreceiver
#$msend.Count


$Yesterday = (get-date -date ((get-date).AddDays(-1)) -uFormat "%Y-%m-%d");
# get the script's execution path
$myPath = Split-Path -Parent $MyInvocation.MyCommand.Path;
# load MySQL driver and query database
[void][system.reflection.Assembly]::LoadFrom($myPath + "\MySQL.Data.dll");


function getDatafromDb($q)
{

# the connection string used to connect to the database
$connString = "Server=mailwatchserver;Database=mailscanner;Uid=mailwatch;Pwd=password";
#

#

$conn = New-Object MySql.Data.MySqlClient.MySqlConnection;
$conn.ConnectionString = $connString;
$conn.Open();
$command = New-Object MySql.Data.MySqlClient.MySqlCommand;
$command.Connection = $conn;
$command.CommandText = $q;
$reader = $command.ExecuteReader();
while($reader.Read())
{
  $script:results = $reader.GetString(0);
}
$conn.Close();
}

$qAnzahl = "SELECT Count(*) FROM maillog where date='$Yesterday'";
getDatafromDB $qAnzahl
$ganzahl = $results

$qinbound = "select COUNT(*) from maillog where date='$Yesterday' and clientip not REGEXP '^10.24.|^130.55.|^127.0.0.1';"
getDatafromDB $qinbound
$inbound = $results

$qoutbound = "select COUNT(*) from maillog where date='$Yesterday' and clientip REGEXP '^10.24.245.37|^10.24.20.21';"
getDatafromDB $qoutbound
$outbound = $results

$qdkbout = "select COUNT(*) from maillog where date='$Yesterday' and clientip REGEXP '^10.24.245.37|^10.24.20.21' and to_domain='dkb.de';"
getDatafromDB $qdkbout
$dkbout = $results

$qkopierer = "select COUNT(*) from maillog where date='$Yesterday' and clientip REGEXP '^10.24|^130.55' and clientip not REGEXP '^10.24.245.37|^10.24.20.21|^127.0.0.1';"
getDatafromDB $qkopierer
$kopierer = $results

$qvkopierer = "select SUM(size) from maillog where date='$Yesterday' and clientip REGEXP '^10.24|^130.55' and clientip not REGEXP '^10.24.245.37|^10.24.20.21|^127.0.0.1';"
getDatafromDB $qvkopierer
$vkopierer = $results / (1024*1024)
$vkopierer = "{0:N2}" -f $vkopierer + " MB"

$qmkopierer = "select MAX(size) from maillog where date='$Yesterday' and clientip REGEXP '^10.24|^130.55' and clientip not REGEXP '^10.24.245.37|^10.24.20.21|^127.0.0.1';"
getDatafromDB $qmkopierer
$mkopierer = $results / (1024*1024)
$mkopierer = "{0:N2}" -f $mkopierer + " MB"

$qspam = "select COUNT(*) from maillog where date='$Yesterday' and clientip not REGEXP '^10.24.|^130.55.' and isspam > 0;"
getDatafromDB $qspam
$spam = $results

$qvspam = "select SUM(size) from maillog where date='$Yesterday' and clientip not REGEXP '^10.24.|^130.55.' and isspam > 0;"
getDatafromDB $qvspam
$vspam = $results / (1024*1024)
$vspam = "{0:N2}" -f $vspam + " MB"

$qvirus = "select COUNT(*) from maillog where date='$Yesterday' and clientip not REGEXP '^10.24.|^130.55.' and virusinfected > 0;"
getDatafromDB $qvirus
$virus = $results

$internal = $msend.Count - $outbound

$in = [int]$inbound
$in2 = [int]$spam

$spampercent = ($in2 *100) / $in
$spampercent = "{0:N2}" -f $spampercent + "%"



$obj = new-object psObject

$obj |Add-Member -MemberType noteproperty -Name "Exchange" -value "Werte"
$obj |Add-Member -MemberType noteproperty -Name "Date" -Value $Yesterday
$obj |Add-Member -MemberType noteproperty -Name " E-Mails Out  Exchange" -Value $msend.Count
$obj |Add-Member -MemberType noteproperty -Name "Internal E-Mail traffic " -value $internal
$obj |Add-Member -MemberType noteproperty -Name "Volume of E-Mails Out" -Value $vsend
$obj |Add-Member -MemberType noteproperty -Name "Largest E-Mail Out" -value $bigsendmb
$obj |Add-Member -MemberType noteproperty -Name "Average size of E-Mails Out" -value $avsendkb
$obj |Add-Member -MemberType noteproperty -Name "E-Mails In Exchange" -Value $mreceive.Count
$obj |Add-Member -MemberType noteproperty -Name "Volume of E-Mails In Exchange" -Value $vreceive
$obj |Add-Member -MemberType noteproperty -Name "Largest E-Mail In" -value $bigreceivemb
$obj |Add-Member -MemberType noteproperty -Name "Average Size of E-Mails In" -value $avreceivekb
$obj |Add-Member -MemberType noteproperty -Name "Messages Total" -Value $anzahl
$obj |Add-Member -MemberType noteproperty -Name "Volume Total " -Value $volumen


$objm = new-object psObject
$objm |Add-Member -MemberType noteproperty -Name "Mailgateways" -Value "Werte"
$objm |Add-Member -MemberType noteproperty -Name "E-Mails Out Mailgateways" -Value $outbound
$objm |Add-Member -MemberType noteproperty -Name "E-Mails to company 2" -Value $dkbout
$objm |Add-Member -MemberType noteproperty -Name "E-Mails In Mailgateways" -Value $inbound
$objm |Add-Member -MemberType noteproperty -Name " Spam E-Mails" -value $spam
$objm |Add-Member -MemberType noteproperty -Name "Spam in %" -value $spampercent
$objm |Add-Member -MemberType noteproperty -Name "Volume of Spam" -value $vspam
$objm |Add-Member -MemberType noteproperty -Name "Viruses found" -value $virus


$out = $Datum + ";" + $msend.count + ";" + $vsend + ";" + $avsendkb + ";" + $mreceive.count + ";" + $vreceive + ";" + $avreceivekb + ";" + $anzahl + ";" + $volumen + ";" + $outbound + ";" + $dkbout + ";" + $inbound + ";" + $spam + ";" + $spampercent + ";" + $vspam + ";" + $virus

$out | out-file c:\daily.csv -append -encoding default

#function sendmail($body)
function sendmail
{
    $SmtpClient = new-object system.net.mail.smtpClient
    $MailMessage = New-Object system.net.mail.mailmessage
    $SmtpClient.Host = "mailserver"
    $mailmessage.from = "admexchange@domain.tld"
    $mailmessage.To.add("recipient@domain.tld")
    $mailmessage.CC.add("recipient@domain.tld")
    $mailmessage.Subject = "Messaging infrastructure daily report for $Datum"
    $MailMessage.IsBodyHtml = $true
    #$mailmessage.Body = $body
    $mailmessage.Body = Get-Content status2.html
    $smtpclient.Send($mailmessage)

}

$obj |out-file test.csv -encoding default
(gc test.csv | where {$_ -ne ""} ) > test2.csv
(gc test2.csv) -replace ' {2,}','' > test3.csv
(gc test3.csv) -replace '\.','' > test4.csv
(gc test4.csv) -replace ',','.' > test5.csv
(gc test5.csv) -replace ': ',',' > test6.csv

$objm |out-file testm.csv -encoding default
(gc testm.csv | where {$_ -ne ""} ) > testm2.csv
(gc testm2.csv) -replace ' {2,}','' > testm3.csv
(gc testm3.csv) -replace '\.','' > testm4.csv
(gc testm4.csv) -replace ',','.' > testm5.csv
(gc testm5.csv) -replace ': ',',' > testm6.csv


$obj2 = import-csv test6.csv
$objm2 = import-csv testm6.csv

#Remove-Item test.csv
#Remove-Item test2.csv
#Remove-Item test3.csv

$a = "<style>"
$a = $a + "BODY{background-color:white;}"
$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"
$a = $a + "TH{width: 300px;border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:#0099FF;text-align: left}"
$a = $a + "TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:palegoldenrod;}"
$a = $a + "</style>"

$obj2 | ConvertTo-HTML -head $a | Out-File status.html
$objm2 | ConvertTo-Html | Out-File status.html -append

(gc status.html) -replace '\.',',' > status2.html
sendmail

Mit freundlichen Gr??en,

Roland Ehle
Mail: roland@inbox4u.de<mailto:roland@inbox4u.de>
Phone: +491702174446
BB Pin: 215B8A18

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100606/7c9006d9/attachment.html
From rogeride at rogeride.com  Mon Jun  7 16:00:39 2010
From: rogeride at rogeride.com (Roger Ide)
Date: Mon Jun  7 16:01:10 2010
Subject: Remote SMTP not working after upgrade to MS 4.79.11-1
In-Reply-To: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local>
References: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local>
Message-ID: <2C8BD34A79C748B38284D3311DA4ABFF@Roger2>

We can no longer remotely send email from external clients such as Outlook
via sendmail with MailScanner running, since an upgrade from MS 4.63.x to MS
4.79.11-1, also involving an upgrade to ClamAv 0.96.1, and SpamAssassin
3.3.0. This despite the fact that each user that is being denied access is
properly listed in /etc/relay-domains, and the /etc/mail/shadow, and
/etc/mail/passwd files. Saslauthd in running and testsaslauthd shows a
Success with a properly authorized user/password combination.

We're running EnsimPro Ensim Pro 10.3.0-fc.6.11, and everything was fine
before the upgrade. We have just the one website that we are hosting.
Sendmail, MailScanner and the rest are all located at the root level and
service the this one website which is 'site1'. The aforementioned
/etc/mail/shadow and passwd files are on at /home/virtual/site1/fst/etc.

With MailScanner off, sendmail has no trouble finding these files on its
own, and granting access to listed users.

With MailScanner running, sendmail does not seem to know where to look for
those files. The basic message I get is 'user information cannot be found'
(my paraphrase).

Experimentally, I copied the user data from
/home/virtual/site1/fst/etc/shadow into /etc/shadow, and did the same with
the passwd file user data. 

PRESTO! We are back to running normally. Except it's a fudge and the
question still needs answer.

Presumably the problem lies with the sendmail instances run by MailScanner
(or ClamAv or SpamAssassin), such that they no longer know where they
belong. Could this be a user/group issue, or the possibility that there is a
configuration that I have overlooked?

In order to deal with the multiple-recipient emails that we get, I followed
the suggestion at sendmail.org to set up a sendmail-in.cf (via a
sendmail-in.mc). This has been in place for over two years, so I haven't
considered it to be in the investigation stream. 

Additionally, it should be said that MailScanner upgrades have to be applied
outside the Ensim Pro environment since it was obsolecing even as we
acquired it on our 'new' server in 2007. I upgraded successfully to 4.63.x
at that time, but I may have had to make an adjustment at the time to avoid
this very problem. I don't remember that I had this problem, and I haven't
run across anything that would remind me of it. 

Thank you if you have read this far. If any of this rings a bell, or if
there is better information that I can provide, I will be happy to do so.

Roger Ide




From maxsec at gmail.com  Mon Jun  7 17:02:45 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Mon Jun  7 17:02:56 2010
Subject: Remote SMTP not working after upgrade to MS 4.79.11-1
In-Reply-To: <2C8BD34A79C748B38284D3311DA4ABFF@Roger2>
References: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local>
	<2C8BD34A79C748B38284D3311DA4ABFF@Roger2>
Message-ID: <AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>

look in the logs....mailscanner/etc doesn't do smtp thats purely up to
Sendmail.

Martin

On 7 June 2010 16:00, Roger Ide <rogeride@rogeride.com> wrote:

> We can no longer remotely send email from external clients such as Outlook
> via sendmail with MailScanner running, since an upgrade from MS 4.63.x to
> MS
> 4.79.11-1, also involving an upgrade to ClamAv 0.96.1, and SpamAssassin
> 3.3.0. This despite the fact that each user that is being denied access is
> properly listed in /etc/relay-domains, and the /etc/mail/shadow, and
> /etc/mail/passwd files. Saslauthd in running and testsaslauthd shows a
> Success with a properly authorized user/password combination.
>
> We're running EnsimPro Ensim Pro 10.3.0-fc.6.11, and everything was fine
> before the upgrade. We have just the one website that we are hosting.
> Sendmail, MailScanner and the rest are all located at the root level and
> service the this one website which is 'site1'. The aforementioned
> /etc/mail/shadow and passwd files are on at /home/virtual/site1/fst/etc.
>
> With MailScanner off, sendmail has no trouble finding these files on its
> own, and granting access to listed users.
>
> With MailScanner running, sendmail does not seem to know where to look for
> those files. The basic message I get is 'user information cannot be found'
> (my paraphrase).
>
> Experimentally, I copied the user data from
> /home/virtual/site1/fst/etc/shadow into /etc/shadow, and did the same with
> the passwd file user data.
>
> PRESTO! We are back to running normally. Except it's a fudge and the
> question still needs answer.
>
> Presumably the problem lies with the sendmail instances run by MailScanner
> (or ClamAv or SpamAssassin), such that they no longer know where they
> belong. Could this be a user/group issue, or the possibility that there is
> a
> configuration that I have overlooked?
>
> In order to deal with the multiple-recipient emails that we get, I followed
> the suggestion at sendmail.org to set up a sendmail-in.cf (via a
> sendmail-in.mc). This has been in place for over two years, so I haven't
> considered it to be in the investigation stream.
>
> Additionally, it should be said that MailScanner upgrades have to be
> applied
> outside the Ensim Pro environment since it was obsolecing even as we
> acquired it on our 'new' server in 2007. I upgraded successfully to 4.63.x
> at that time, but I may have had to make an adjustment at the time to avoid
> this very problem. I don't remember that I had this problem, and I haven't
> run across anything that would remind me of it.
>
> Thank you if you have read this far. If any of this rings a bell, or if
> there is better information that I can provide, I will be happy to do so.
>
> Roger Ide
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100607/25f15a22/attachment.html
From mailbag at partnersolutions.ca  Mon Jun  7 17:30:11 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Mon Jun  7 17:29:29 2010
Subject: Remote SMTP not working after upgrade to MS 4.79.11-1
In-Reply-To: <AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>
References: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local><2C8BD34A79C748B38284D3311DA4ABFF@Roger2>
	<AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D201F@PSIMS008.pshosting.intranet>

Most likely when you start sendmail outside of MailScanner, it's running
with certain arguments or options that are not being called from the
MailScanner init scripts, since your config files aren't in the standard
place. Compare their startup options and you'll probably find out why it
isn't running properly.

-Joshua


From rogeride at rogeride.com  Mon Jun  7 18:01:56 2010
From: rogeride at rogeride.com (Roger Ide)
Date: Mon Jun  7 18:02:26 2010
Subject: Remote SMTP not working after upgrade to MS 4.79.11-1
In-Reply-To: <AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>
References: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local><2C8BD34A79C748B38284D3311DA4ABFF@Roger2>
	<AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>
Message-ID: <5EA81401EC434B97B8162319E857A377@Roger2>

look in the logs....mailscanner/etc doesn't do smtp thats purely up to
Sendmail. 

Martin 
 
You're right. Still, sendmail behaves differently (for me) when MailScanner
is running, and so I'm trying to imagine what might be causing that
difference, that only appeared after running the update. It has occurred to
me that waiting too long between versions can be a bad thing.

Thanks.

Roger


On 7 June 2010 16:00, Roger Ide <rogeride@rogeride.com> wrote:


	We can no longer remotely send email from external clients such as
Outlook
	via sendmail with MailScanner running, since an upgrade from MS
4.63.x to MS
	4.79.11-1, also involving an upgrade to ClamAv 0.96.1, and
SpamAssassin
	3.3.0. This despite the fact that each user that is being denied
access is
	properly listed in /etc/relay-domains, and the /etc/mail/shadow, and
	/etc/mail/passwd files. Saslauthd in running and testsaslauthd shows
a
	Success with a properly authorized user/password combination.
	
	We're running EnsimPro Ensim Pro 10.3.0-fc.6.11, and everything was
fine
	before the upgrade. We have just the one website that we are
hosting.
	Sendmail, MailScanner and the rest are all located at the root level
and
	service the this one website which is 'site1'. The aforementioned
	/etc/mail/shadow and passwd files are on at
/home/virtual/site1/fst/etc.
	
	With MailScanner off, sendmail has no trouble finding these files on
its
	own, and granting access to listed users.
	
	With MailScanner running, sendmail does not seem to know where to
look for
	those files. The basic message I get is 'user information cannot be
found'
	(my paraphrase).
	
	Experimentally, I copied the user data from
	/home/virtual/site1/fst/etc/shadow into /etc/shadow, and did the
same with
	the passwd file user data.
	
	PRESTO! We are back to running normally. Except it's a fudge and the
	question still needs answer.
	
	Presumably the problem lies with the sendmail instances run by
MailScanner
	(or ClamAv or SpamAssassin), such that they no longer know where
they
	belong. Could this be a user/group issue, or the possibility that
there is a
	configuration that I have overlooked?
	
	In order to deal with the multiple-recipient emails that we get, I
followed
	the suggestion at sendmail.org to set up a sendmail-in.cf (via a
	sendmail-in.mc). This has been in place for over two years, so I
haven't
	considered it to be in the investigation stream.
	
	Additionally, it should be said that MailScanner upgrades have to be
applied
	outside the Ensim Pro environment since it was obsolecing even as we
	acquired it on our 'new' server in 2007. I upgraded successfully to
4.63.x
	at that time, but I may have had to make an adjustment at the time
to avoid
	this very problem. I don't remember that I had this problem, and I
haven't
	run across anything that would remind me of it.
	
	Thank you if you have read this far. If any of this rings a bell, or
if
	there is better information that I can provide, I will be happy to
do so.
	
	Roger Ide
	
	
	
	
	--
	MailScanner mailing list
	mailscanner@lists.mailscanner.info
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
	
	Before posting, read http://wiki.mailscanner.info/posting
	
	Support MailScanner development - buy the book off the website!
	




-- 
Martin Hepworth
Oxford, UK


From rogeride at rogeride.com  Mon Jun  7 18:09:19 2010
From: rogeride at rogeride.com (Roger Ide)
Date: Mon Jun  7 18:09:51 2010
Subject: Remote SMTP not working after upgrade to MS 4.79.11-1
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D201F@PSIMS008.pshosting.intranet>
References: <421A1DB68F0A9B4984D56913C4DFDE2204A97500@ts-dc3.ts-webarts.local><2C8BD34A79C748B38284D3311DA4ABFF@Roger2><AANLkTin5Jsd4EmuF9OeQngy7MEJEoWabuT6OGxSC35R1@mail.gmail.com>
	<38773FB858C8DD4EB14ACC4310E34DF04D201F@PSIMS008.pshosting.intranet>
Message-ID: <9233FFAEA2CF4996AF95490020846891@Roger2>

 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of PSI Mailbag
Sent: Monday, June 07, 2010 12:30 PM
To: MailScanner discussion
Subject: RE: Remote SMTP not working after upgrade to MS 4.79.11-1

Most likely when you start sendmail outside of MailScanner, it's running
with certain arguments or options that are not being called from the
MailScanner init scripts, since your config files aren't in the standard
place. Compare their startup options and you'll probably find out why it
isn't running properly.

-Joshua

Well, sendmail is in the same place as ever, and new MailScanner is still
where it was when I ran the original upgrade in 2007, and everything runs
beautifully, except that sasl can't find the users when they're not in /etc.
Somehow, two weeks ago it knew to look in /home/virtual/site1/fst/etc for
those users (shadow/passwd files).

Thanks.

Roger

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From richard at fastnet.co.uk  Wed Jun  9 15:38:23 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Wed Jun  9 15:37:24 2010
Subject: RBL's
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>

Hi everyone,

 

OT I know, I was just wondering what everyone is using for their RBL's
at MTA level? 

In light of Sorbs blacklisting everyone at the moment, plus SpamHaus
charging for usage, does anyone have any recommendations? 

 

I'm currently using Barracuda, Sorbs (with about a million white list
entries) and spamcop. 

 

Thanks,
Rich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100609/e1acb0ee/attachment.html
From peter at farrows.org  Wed Jun  9 15:49:35 2010
From: peter at farrows.org (Peter Farrow)
Date: Wed Jun  9 15:49:45 2010
Subject: RBL's
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
Message-ID: <4C0FA9FF.1030402@farrows.org>

I use spamcop amongst others...

On 09/06/2010 15:38, Richard Mealing wrote:
>
> Hi everyone,
>
> OT I know, I was just wondering what everyone is using for their RBL's 
> at MTA level?
>
> In light of Sorbs blacklisting everyone at the moment, plus SpamHaus 
> charging for usage, does anyone have any recommendations?
>
> I'm currently using Barracuda, Sorbs (with about a million white list 
> entries) and spamcop.
>
> Thanks,
> Rich
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Togethia MailScanner* 
> <http://www.togethia.net/>, and is
> believed to be clean. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100609/5addc569/attachment.html
From peter.ong at hypermediasystems.com  Wed Jun  9 17:57:08 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  9 17:57:19 2010
Subject: Release Spam Messages
In-Reply-To: <1527187185.42028.1276102417898.JavaMail.root@mail021.dti>
Message-ID: <147723914.42030.1276102628597.JavaMail.root@mail021.dti>

Hello Everyone,

I am having trouble releasing messages that have been caught by MailScanner. I have followed the instructions here:
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail#releasing_mail_from_the_quarantine_-_queue_files

Specifically, I have moved files from the spam folder into /var/spool/postfix/incoming. However, the file just stays there. What am I doing wrong?

My configuration file:

%org-name% = yoursite
%org-long-name% = Your Organisation Name Here
%web-site% = www.your-organisation.com
%etc-dir% = /etc/MailScanner
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
Max Children = 5
Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 6
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
Restart Every = 7200
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail
Incoming Work User =
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0600
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Scan Messages = yes
Reject Message = no
Maximum Processing Attempts = 6
Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
File Command = /usr/bin/file
File Timeout = 20
Gunzip Command = /bin/gunzip
Gunzip Timeout = 50
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
Find UU-Encoded Files = yes
Maximum Message Size = %rules-dir%/max.message.size.rules
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 8
Find Archives By Content = yes
Unpack Microsoft Documents = yes
Zip Attachments = no
Attachments Zip Filename = MessageAttachments.zip
Attachments Min Total Size To Zip = 100k
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
Add Text Of Doc = no
Antiword = /usr/bin/antiword -f
Antiword Timeout = 50
Unzip Maximum Files Per Archive = 0
Unzip Maximum File Size = 50k
Unzip Filenames = *.txt *.ini *.log *.csv
Unzip MimeType = text/plain
Virus Scanning = yes
Virus Scanners = auto
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report:
Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish*
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = yes
Allowed Sophos Error Messages =
Sophos IDE Dir = /opt/sophos-av/lib/sav
Sophos Lib Dir = /opt/sophos-av/lib
Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd
ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250
Clamd Port = 3310
Clamd Socket = /var/run/clamav/clamd.sock # /tmp/clamd.socket
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = no
ClamAV Full Message Scan = yes
Fpscand Port = 10200
Dangerous Content Scanning = yes
Allow Partial Messages = no
Allow External Message Bodies = no
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf
Allow IFrame Tags = disarm
Allow Form Tags = disarm
Allow Script Tags = disarm
Allow WebBugs = disarm
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
Known Web Bug Servers = msgtag.com
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Archives Are = zip rar ole
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf
Allow Filetypes =
Allow File MIME Types =
Deny Filetypes =
Deny File MIME Types =
Filetype Rules = %etc-dir%/filetype.rules.conf
Archives: Allow Filenames =
Archives: Deny Filenames =
Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf
Archives: Allow Filetypes =
Archives: Allow File MIME Types =
Archives: Deny Filetypes =
Archives: Deny File MIME Types =
Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf
Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
Keep Spam And MCP Archive Clean = no
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report  = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report        = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report        = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report  = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report        = %report-dir%/stored.virus.message.txt
Stored Size Message Report        = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report        = %report-dir%/sender.content.report.txt
Sender Error Report        = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report        = %report-dir%/sender.virus.report.txt
Sender Size Report         = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
Information Header = X-%org-name%-MailScanner-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
ID Header = X-%org-name%-MailScanner-ID:
IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 4
Clean Header Value       = Found to be clean
Infected Header Value    = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = no
Multiple Headers = add
Place New Headers At Top Of Message = yes
Hostname = the %org-name% ($HOSTNAME) MailScanner
Sign Messages Already Processed = no
Sign Clean Messages = no
Attach Image To Signature = no
Attach Image To HTML Message Only = no
Allow Multiple HTML Signatures = no
Dont Sign HTML If Headers Exist = # In-Reply-To: References:
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages = yes
Notify Senders = yes
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = yes
Notify Senders Of Blocked Size Attachments = yes
Notify Senders Of Other Blocked Content = no
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = start
Virus Subject Text = {Virus?}
Filename Modify Subject = start
Filename Subject Text = {Filename?}
Content Modify Subject = start
Content Subject Text = {Dangerous Content?}
Size Modify Subject = start
Size Subject Text = {Size}
Disarmed Modify Subject = no
Disarmed Subject Text = {Disarmed}
Phishing Modify Subject = no
Phishing Subject Text = {Fraud?}
Spam Modify Subject = start
Spam Subject Text = {Spam?}
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Spam?}
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1
Archive Mail =
Missing Mail Archive Is = directory
Send Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner
Notices To = postmaster
Local Postmaster = postmaster
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
Spam Checks = yes
Spam List = spamhaus-ZEN SBL+XBL spamcop.net NJABL MAPS-RBL MAPS-DUL MAPS-RSS SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL MSRBL-COMBINED
Spam Domain List = spamhaus-ZEN SBL+XBL spamcop.net NJABL MAPS-RBL MAPS-DUL MAPS-RSS SORBS-DNSBL SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-SPAM SORBS-BLOCK SORBS-ZOMBIE SORBS-ZOMBIE SORBS-DUL SORBS-RHSBL CBL MSRBL-COMBINED
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 1
Spam List Timeout = 10
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 20
Max Spam Check Size = 200k
Use Watermarking = no
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = nothing
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-Watermark:
Use SpamAssassin = yes
Max SpamAssassin Size = 200k
Required SpamAssassin Score = 6
High SpamAssassin Score = 10
SpamAssassin Auto Whitelist = yes
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Include Binary Attachments In SpamAssassin = yes
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = yes
Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = store
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report         = %report-dir%/sender.spam.report.txt
Sender Spam List Report    = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no
Syslog Facility = mail
Log Speed = yes
Log Spam = yes
Log Non Spam = yes
Log Delivery And Non-Delivery = yes
Log Permitted Filenames = yes
Log Permitted Filetypes = yes
Log Permitted File MIME Types = yes
Log Silent Viruses = no
Log Dangerous HTML Tags = yes
Log SpamAssassin Rule Actions = yes
SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
SpamAssassin Default Rules Dir =
MCP Checks = yes
First Check = spam
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt
Use Default Rules With Multiple Recipients = no
Read IP Address From Received Header = no
Spam Score Number Format = %d
MailScanner Version Number = 4.79.11
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = no
Run In Foreground = no
Always Looked Up Last = no
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = no
Lockfile Dir = /var/spool/MailScanner/incoming/Locks
Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported
include /etc/MailScanner/conf.d/*
From mailbag at partnersolutions.ca  Wed Jun  9 18:19:24 2010
From: mailbag at partnersolutions.ca (PSI Mailbag)
Date: Wed Jun  9 18:20:04 2010
Subject: Release Spam Messages
In-Reply-To: <147723914.42030.1276102628597.JavaMail.root@mail021.dti>
References: <1527187185.42028.1276102417898.JavaMail.root@mail021.dti>
	<147723914.42030.1276102628597.JavaMail.root@mail021.dti>
Message-ID: <38773FB858C8DD4EB14ACC4310E34DF04D2045@PSIMS008.pshosting.intranet>

> Specifically, I have moved files from the spam folder into
> /var/spool/postfix/incoming. However, the file just stays there. What
> am I doing wrong?

Is the file owned by the 'postfix' user? Is it executable? Did you rename it to the proper postfix queue name format? Put you move it to the right queue folder for your installation?

Here's some examples.. (I use two postfix installations, one for incoming - /var/spool/postfix.in, one for outgoing - /var/spool/postfix).



[root@psimf001 spam]# pwd
/var/spool/MailScanner/quarantine/20100609/spam

[root@psimf001 spam]# chmod +x AAC40746521.00000

[root@psimf001 spam]# ls -l AAC40746521.00000
-rwx--x--x 1 postfix quarantine 5878 Jun  9 03:12 AAC40746521.00000

[root@psimf001 spam]# cp -p AAC40746521.00000 /var/spool/postfix/incoming/A/AAC40746521


-Joshua
From peter.ong at hypermediasystems.com  Wed Jun  9 18:43:11 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  9 18:43:20 2010
Subject: Release Spam Messages
In-Reply-To: <760834301.42102.1276105237078.JavaMail.root@mail021.dti>
Message-ID: <1093607808.42104.1276105391357.JavaMail.root@mail021.dti>

My configuration was in my original post, also the instructions I followed.

"> Is the file owned by the 'postfix' user?"
Yes.

"Is it executable?"
No. I will try this.

"Did you rename it to the proper postfix queue name format?"
Yes. But unlike your example, I did not place the file in a folder named the message's first character.
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes

"Put you move it to the right queue folder for your installation?"
If this is the folder, then yes.
Outgoing Queue Dir = /var/spool/postfix/incoming



----- Original Message -----

> From: "PSI Mailbag" <mailbag@partnersolutions.ca>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 9, 2010 10:19:24 AM
> Subject: RE: Release Spam Messages
> 
> > Specifically, I have moved files from the spam folder into
> > /var/spool/postfix/incoming. However, the file just stays there.
> What
> > am I doing wrong?
> 
> Is the file owned by the 'postfix' user? Is it executable? Did you
> rename it to the proper postfix queue name format? Put you move it to
> the right queue folder for your installation?
> 
> Here's some examples.. (I use two postfix installations, one for
> incoming - /var/spool/postfix.in, one for outgoing -
> /var/spool/postfix).
> 
> 
> 
> [root@psimf001 spam]# pwd
> /var/spool/MailScanner/quarantine/20100609/spam
> 
> [root@psimf001 spam]# chmod +x AAC40746521.00000
> 
> [root@psimf001 spam]# ls -l AAC40746521.00000
> -rwx--x--x 1 postfix quarantine 5878 Jun  9 03:12 AAC40746521.00000
> 
> [root@psimf001 spam]# cp -p AAC40746521.00000
> /var/spool/postfix/incoming/A/AAC40746521
> 
> 
> -Joshua
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From peter.ong at hypermediasystems.com  Wed Jun  9 18:46:17 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun  9 18:46:26 2010
Subject: Release Spam Messages
In-Reply-To: <38773FB858C8DD4EB14ACC4310E34DF04D2045@PSIMS008.pshosting.intranet>
Message-ID: <1524714553.42110.1276105577681.JavaMail.root@mail021.dti>

I was missing the chmod +x! That was brilliant! Thank you so much!

p

----- Original Message -----

> From: "PSI Mailbag" <mailbag@partnersolutions.ca>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 9, 2010 10:19:24 AM
> Subject: RE: Release Spam Messages
> 
> > Specifically, I have moved files from the spam folder into
> > /var/spool/postfix/incoming. However, the file just stays there.
> What
> > am I doing wrong?
> 
> Is the file owned by the 'postfix' user? Is it executable? Did you
> rename it to the proper postfix queue name format? Put you move it to
> the right queue folder for your installation?
> 
> Here's some examples.. (I use two postfix installations, one for
> incoming - /var/spool/postfix.in, one for outgoing -
> /var/spool/postfix).
> 
> 
> 
> [root@psimf001 spam]# pwd
> /var/spool/MailScanner/quarantine/20100609/spam
> 
> [root@psimf001 spam]# chmod +x AAC40746521.00000
> 
> [root@psimf001 spam]# ls -l AAC40746521.00000
> -rwx--x--x 1 postfix quarantine 5878 Jun  9 03:12 AAC40746521.00000
> 
> [root@psimf001 spam]# cp -p AAC40746521.00000
> /var/spool/postfix/incoming/A/AAC40746521
> 
> 
> -Joshua
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From noel.butler at ausics.net  Thu Jun 10 06:23:32 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Thu Jun 10 06:23:49 2010
Subject: RBL's
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
Message-ID: <1276147412.7469.3.camel@tardis>

On Wed, 2010-06-09 at 15:38 +0100, Richard Mealing wrote:
> Hi everyone,
> 
>  
> 
> OT I know, I was just wondering what everyone is using for their RBL?s
> at MTA level? 
> 

SORBS, spamcop, abuseat...  and a few smaller ones and a private


> In light of Sorbs blacklisting everyone at the moment,
> 


explain?  I don't see anything out of the ordinary with them.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100610/4fb643e8/attachment.html
From lstewart at superb.net  Thu Jun 10 10:24:49 2010
From: lstewart at superb.net (Landon Stewart)
Date: Thu Jun 10 10:25:00 2010
Subject: RBL's
In-Reply-To: <1276147412.7469.3.camel@tardis>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
	<1276147412.7469.3.camel@tardis>
Message-ID: <AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>

I
hate
SORBS

We use spamhaus among others. They have to have both a responsive and
responsible listing  AND delisting policy to be worthwhile or you get
more problems than solutions in the end. Customers who can't get mail
because we you use some rogue RBL is not going to fly but you have to
block spam as best you can.

On Wednesday, June 9, 2010, Noel Butler <noel.butler@ausics.net> wrote:
>
>
>
>
>
>
>
> On Wed, 2010-06-09 at 15:38 +0100, Richard Mealing wrote:
>
>     Hi everyone,
>
>
>
>     OT I know, I was just wondering what everyone is using for their RBL?s at MTA level?
>
>
> SORBS, spamcop, abuseat...? and a few smaller ones and a private
>
>
>     In light of Sorbs blacklisting everyone at the moment,
>
>
>
> explain?? I don't see anything out of the ordinary with them.
>
>
>
>
>
>

-- 
Landon Stewart <LStewart@SUPERB.NET>
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
From ywang at lfm-agile.com.hk  Thu Jun 10 10:41:14 2010
From: ywang at lfm-agile.com.hk (Yang Wang)
Date: Thu Jun 10 10:39:15 2010
Subject: RBL's
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
Message-ID: <7B265A5C32364137B80FB401BB74C113@cngd01comp909>

I using below rbl

                             reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5,
                             reject_rbl_client bl.spamcop.net=127.0.0.2,
                             reject_rbl_client xbl.spamhaus.org=127.0.0.4




Best Regards!
Yang Wang

  ----- Original Message ----- 
  From: Richard Mealing 
  To: MailScanner discussion 
  Sent: Wednesday, June 09, 2010 10:38 PM
  Subject: RBL's


  Hi everyone,

   

  OT I know, I was just wondering what everyone is using for their RBL's at MTA level? 

  In light of Sorbs blacklisting everyone at the moment, plus SpamHaus charging for usage, does anyone have any recommendations? 

   

  I'm currently using Barracuda, Sorbs (with about a million white list entries) and spamcop. 

   

  Thanks,
  Rich



------------------------------------------------------------------------------


  -- 
  MailScanner mailing list
  mailscanner@lists.mailscanner.info
  http://lists.mailscanner.info/mailman/listinfo/mailscanner

  Before posting, read http://wiki.mailscanner.info/posting

  Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100610/c5615a31/attachment.html
From peter at farrows.org  Thu Jun 10 11:00:36 2010
From: peter at farrows.org (Peter Farrow)
Date: Thu Jun 10 11:01:05 2010
Subject: RBL's
In-Reply-To: <AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>
	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
Message-ID: <4C10B7C4.9000108@farrows.org>

I have no problems with Sorbs, used it for many years processing 
millions of emails a month.

The rule to the sender is, if you're listed on SORBS or any other 
blacklist its very real and its for a reason.

I have had no problems telling blacklisted senders how to unlist 
themselves, its pretty simple and fairly

black and white, if you want to email my clients: SORBS is one the 
blacklists you must not be on.

If they are on it, it becomes a revenue opportunity to help them get off 
of it.  Usually its one of the following:

1)They have sent spam and been caught red handed either because they 
have a weak server config or they actually send spam
2)They are on a dynamic IP which was used for spam before, which is the 
fault of the ISP for letting it happen
3)Their servers ISP they relay through is blacklisted, because it sent 
lots of spam and the ISP did nothing about it.

There are no excuses here, and SORBS is a good blacklist,  if you have 
trouble with SORBS it generally means your

clients senders are on crappy ISPs that need to sort themselves out or 
start taking spam seriously

Pete




On 10/06/2010 10:24, Landon Stewart wrote:
> I
> hate
> SORBS
>
> We use spamhaus among others. They have to have both a responsive and
> responsible listing  AND delisting policy to be worthwhile or you get
> more problems than solutions in the end. Customers who can't get mail
> because we you use some rogue RBL is not going to fly but you have to
> block spam as best you can.
>
> On Wednesday, June 9, 2010, Noel Butler<noel.butler@ausics.net>  wrote:
>    
>>
>>
>>
>>
>>
>>
>> On Wed, 2010-06-09 at 15:38 +0100, Richard Mealing wrote:
>>
>>      Hi everyone,
>>
>>
>>
>>      OT I know, I was just wondering what everyone is using for their RBL?s at MTA level?
>>
>>
>> SORBS, spamcop, abuseat...  and a few smaller ones and a private
>>
>>
>>      In light of Sorbs blacklisting everyone at the moment,
>>
>>
>>
>> explain?  I don't see anything out of the ordinary with them.
>>
>>
>>
>>
>>
>>
>>      
>    


-- 
horizontal ruler

Peter Farrow
avatar 	
______________________
Home: 	01249 654183
Fax: 	01249 461 548
Mobile: 	07799605617
Skype: 	peter_farrow
Web: 	www.peterfarrow.com <http://www.peterfarrow.com>

-------------- next part --------------
Skipped content of type multipart/related
From ms-list at alexb.ch  Thu Jun 10 11:28:28 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jun 10 11:28:34 2010
Subject: RBL's
In-Reply-To: <4C10B7C4.9000108@farrows.org>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
	<4C10B7C4.9000108@farrows.org>
Message-ID: <4C10BE4C.4030906@alexb.ch>

On 2010-06-10 12:00, Peter Farrow wrote:
> I have no problems with Sorbs, used it for many years processing millions of 
> emails a month.
> 
> The rule to the sender is, if you're listed on SORBS or any other blacklist its 
> very real and its for a reason.
> 
> I have had no problems telling blacklisted senders how to unlist themselves, its 
> pretty simple and fairly
> 
> black and white, if you want to email my clients: SORBS is one the blacklists 
> you must not be on.
> 
> If they are on it, it becomes a revenue opportunity to help them get off of it.  
> Usually its one of the following:
> 
> 1)They have sent spam and been caught red handed either because they have a weak 
> server config or they actually send spam
> 2)They are on a dynamic IP which was used for spam before, which is the fault of 
> the ISP for letting it happen
> 3)Their servers ISP they relay through is blacklisted, because it sent lots of 
> spam and the ISP did nothing about it.
> 
> There are no excuses here, and SORBS is a good blacklist,  if you have trouble 
> with SORBS it generally means your
> 
> clients senders are on crappy ISPs that need to sort themselves out or start 
> taking spam seriously


how many users do you cater for? only regional mail?
From m.anderlini at database.it  Thu Jun 10 11:53:46 2010
From: m.anderlini at database.it (Marcello Anderlini)
Date: Thu Jun 10 11:54:00 2010
Subject: R: RBL's
In-Reply-To: <4C10BE4C.4030906@alexb.ch>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com><4C10B7C4.9000108@farrows.org>
	<4C10BE4C.4030906@alexb.ch>
Message-ID: <FCE4B01DF7914B0D9759CFF35F46C97E@dbdomain.database.it>

Hello, do you use all SORBS db or just someone ? 
Do you use it with sendmail ? 

Thank you



Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 

-----Messaggio originale-----
Da: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Alex Broens
Inviato: 10/06/2010 12:28
A: MailScanner discussion
Oggetto: Re: RBL's

On 2010-06-10 12:00, Peter Farrow wrote:
> I have no problems with Sorbs, used it for many years processing 
> millions of emails a month.
> 
> The rule to the sender is, if you're listed on SORBS or any other 
> blacklist its very real and its for a reason.
> 
> I have had no problems telling blacklisted senders how to unlist 
> themselves, its pretty simple and fairly
> 
> black and white, if you want to email my clients: SORBS is one the 
> blacklists you must not be on.
> 
> If they are on it, it becomes a revenue opportunity to help them get off
of it.  
> Usually its one of the following:
> 
> 1)They have sent spam and been caught red handed either because they 
> have a weak server config or they actually send spam 2)They are on a 
> dynamic IP which was used for spam before, which is the fault of the 
> ISP for letting it happen 3)Their servers ISP they relay through is 
> blacklisted, because it sent lots of spam and the ISP did nothing 
> about it.
> 
> There are no excuses here, and SORBS is a good blacklist,  if you have 
> trouble with SORBS it generally means your
> 
> clients senders are on crappy ISPs that need to sort themselves out or 
> start taking spam seriously


how many users do you cater for? only regional mail?
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From noel.butler at ausics.net  Thu Jun 10 12:03:41 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Thu Jun 10 12:04:00 2010
Subject: RBL's
In-Reply-To: <4C10B7C4.9000108@farrows.org>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
	<1276147412.7469.3.camel@tardis>
	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
	<4C10B7C4.9000108@farrows.org>
Message-ID: <1276167821.12979.6.camel@tardis>

On Thu, 2010-06-10 at 11:00 +0100, Peter Farrow wrote:

> I have no problems with Sorbs, used it for many years processing
> millions of emails a month.
> 


Indeed, except millions per day.


> The rule to the sender is, if you're listed on SORBS or any other
> blacklist its very real and its for a reason.
> 


The OP's IP was checked in SORBS (ok, not likely  the ones he's upset
about being listed) and no listing was found, it was however found in
another RBL,  the backscatter list.


> I have had no problems telling blacklisted senders how to unlist
> themselves, its pretty simple and fairly 
> 
> black and white, if you want to email my clients: SORBS is one the
> blacklists you must not be on.
> 


*nods*


> There are no excuses here, and SORBS is a good blacklist,  if you have
> trouble with SORBS it generally means your
> 
> clients senders are on crappy ISPs that need to sort themselves out or
> start taking spam seriously
> 


*nods* most of the time the listing with SORBS is because X sent spam to
a spamtrap address, and given the above mentioned factor, thats likely
to happen more often than not with a certain posters server(s).


Cheers
n.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100610/a4c8366f/attachment.html
From noel.butler at ausics.net  Thu Jun 10 12:09:00 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Thu Jun 10 12:09:14 2010
Subject: R: RBL's
In-Reply-To: <FCE4B01DF7914B0D9759CFF35F46C97E@dbdomain.database.it>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>
	<1276147412.7469.3.camel@tardis>
	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
	<4C10B7C4.9000108@farrows.org> <4C10BE4C.4030906@alexb.ch>
	<FCE4B01DF7914B0D9759CFF35F46C97E@dbdomain.database.it>
Message-ID: <1276168140.12979.12.camel@tardis>

On Thu, 2010-06-10 at 12:53 +0200, Marcello Anderlini wrote:

> Hello, do you use all SORBS db or just someone ? 
> Do you use it with sendmail ? 
> 


I've used it since 2002'ish, in environments that processed millions of
messages a day, that's accepted mails, not total connections, and it was
never really a problem, we have more complaints about spamhaus blockings
than sorbs or spamcop.

and yea we use it at  MTA level, both sendmail and postfix
Cheers
n.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100610/92e190f4/attachment.html
From peter at farrows.org  Thu Jun 10 12:19:48 2010
From: peter at farrows.org (Peter Farrow)
Date: Thu Jun 10 12:20:02 2010
Subject: RBL's
In-Reply-To: <4C10BE4C.4030906@alexb.ch>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>	<4C10B7C4.9000108@farrows.org>
	<4C10BE4C.4030906@alexb.ch>
Message-ID: <4C10CA54.8060607@farrows.org>

On 10/06/2010 11:28, Alex Broens wrote:
> On 2010-06-10 12:00, Peter Farrow wrote:
>> I have no problems with Sorbs, used it for many years processing 
>> millions of emails a month.
>>
>> The rule to the sender is, if you're listed on SORBS or any other 
>> blacklist its very real and its for a reason.
>>
>> I have had no problems telling blacklisted senders how to unlist 
>> themselves, its pretty simple and fairly
>>
>> black and white, if you want to email my clients: SORBS is one the 
>> blacklists you must not be on.
>>
>> If they are on it, it becomes a revenue opportunity to help them get 
>> off of it.  Usually its one of the following:
>>
>> 1)They have sent spam and been caught red handed either because they 
>> have a weak server config or they actually send spam
>> 2)They are on a dynamic IP which was used for spam before, which is 
>> the fault of the ISP for letting it happen
>> 3)Their servers ISP they relay through is blacklisted, because it 
>> sent lots of spam and the ISP did nothing about it.
>>
>> There are no excuses here, and SORBS is a good blacklist,  if you 
>> have trouble with SORBS it generally means your
>>
>> clients senders are on crappy ISPs that need to sort themselves out 
>> or start taking spam seriously
>
>
> how many users do you cater for? only regional mail?
10,000++ of users, ranging from UK, to USA, Canada and Austrailia, 
several big clients in Oz, I also do email for Daimler Chrysler 
corporation, no problems with SORBs at all.
I use at MTA level, and its blowout if you're listed...

P



From ms-list at alexb.ch  Thu Jun 10 12:41:39 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jun 10 12:41:44 2010
Subject: RBL's
In-Reply-To: <4C10CA54.8060607@farrows.org>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>	<4C10B7C4.9000108@farrows.org>	<4C10BE4C.4030906@alexb.ch>
	<4C10CA54.8060607@farrows.org>
Message-ID: <4C10CF73.5020606@alexb.ch>

On 2010-06-10 13:19, Peter Farrow wrote:
>
>> how many users do you cater for? only regional mail?

> 10,000++ of users, ranging from UK, to USA, Canada and Austrailia, 
> several big clients in Oz, I also do email for Daimler Chrysler 
> corporation, no problems with SORBs at all.
> I use at MTA level, and its blowout if you're listed...

guess it depends on how restirctive you can afford to be, and how much 
potential support cases it may cause.
I wouldn't dare...


Alex
From richard at fastnet.co.uk  Thu Jun 10 13:56:26 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Thu Jun 10 13:55:24 2010
Subject: RBL's
In-Reply-To: <AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local><1276147412.7469.3.camel@tardis>
	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D602271F6F@fnserver02.fastnet.local>

Noted, but I don't want to pay for it. They (SpamHaus) are asking for too much, so I had to remove that one.
They even want money for tesing via Spam Assassin. I had to turn this off also.


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Landon Stewart
Sent: 10 June 2010 10:25
To: MailScanner discussion
Subject: Re: RBL's

I
hate
SORBS

We use spamhaus among others. They have to have both a responsive and
responsible listing  AND delisting policy to be worthwhile or you get
more problems than solutions in the end. Customers who can't get mail
because we you use some rogue RBL is not going to fly but you have to
block spam as best you can.

On Wednesday, June 9, 2010, Noel Butler <noel.butler@ausics.net> wrote:
>
>
>
>
>
>
>
> On Wed, 2010-06-09 at 15:38 +0100, Richard Mealing wrote:
>
>     Hi everyone,
>
>
>
>     OT I know, I was just wondering what everyone is using for their RBL's at MTA level?
>
>
> SORBS, spamcop, abuseat...? and a few smaller ones and a private
>
>
>     In light of Sorbs blacklisting everyone at the moment,
>
>
>
> explain?? I don't see anything out of the ordinary with them.
>
>
>
>
>
>

-- 
Landon Stewart <LStewart@SUPERB.NET>
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


From peter at farrows.org  Thu Jun 10 14:17:55 2010
From: peter at farrows.org (Peter Farrow)
Date: Thu Jun 10 14:18:04 2010
Subject: RBL's
In-Reply-To: <4C10CF73.5020606@alexb.ch>
References: <E6BE51A3C3EE3147947B0CBCE62442D602271E12@fnserver02.fastnet.local>	<1276147412.7469.3.camel@tardis>	<AANLkTimVMzHOX58302NpOZ-gbD_2GQKsF0BrGNRuPWCz@mail.gmail.com>	<4C10B7C4.9000108@farrows.org>	<4C10BE4C.4030906@alexb.ch>	<4C10CA54.8060607@farrows.org>
	<4C10CF73.5020606@alexb.ch>
Message-ID: <4C10E603.2070009@farrows.org>

On 10/06/2010 12:41, Alex Broens wrote:
> On 2010-06-10 13:19, Peter Farrow wrote:
>>
>>> how many users do you cater for? only regional mail?
>
>> 10,000++ of users, ranging from UK, to USA, Canada and Austrailia, 
>> several big clients in Oz, I also do email for Daimler Chrysler 
>> corporation, no problems with SORBs at all.
>> I use at MTA level, and its blowout if you're listed...
>
> guess it depends on how restirctive you can afford to be, and how much 
> potential support cases it may cause.
> I wouldn't dare...
>
>
> Alex
Thats the whole point, I get virtually no complaints and virtually no 
support work load arising from the use of such blacklists,  I handle it 
myself and its just me and one other part time person in my business.

Its no bother at all,  I can't even remember the last time I had to 
track down an email rejected at MTA level that was legitimate, its 
certainly not happened in 2010 yet....and my users don't get spam either!

P.




From davejones70 at gmail.com  Thu Jun 10 19:03:30 2010
From: davejones70 at gmail.com (Dave Jones)
Date: Thu Jun 10 19:03:40 2010
Subject: Using rules for "Remove These Headers"
Message-ID: <AANLkTimof4_SR9_kIBocauARMnqzJOjh8vph1nFUhpRP@mail.gmail.com>

I need to remove read receipt headers from email coming in from the
Internet. ?There are 4 SMTP proxy firewalls (172.16.21.10,
172.16.21.11, 172.16.11.10, 172.16.11.11) in front of the MailScanner
servers that show up in the Received: headers.

Received: from server.blahblah.com (firewall.blahblah.com [172.16.11.11])
? ? ?by sendmail.blahblah.com (8.13.8/8.13.8) with ESMTP id o5AHZkoM025256
? ? ?for <someone@somedomain.com>; Thu, 10 Jun 2010 12:35:46 -0500

MailScanner.conf?(4.78.17)
======================
Remove These Headers = %rules-dir%/remove-these-headers.rules

remove-these-headers.rules
======================
From: ? ? ? ? ? /172\.16\.[12]1\.1[10]/
Disposition-Notification-To: X-Mozilla-Status: X-Mozilla-Status2:
FromOrTo: ? ? ? default ? ? ? ? X-Mozilla-Status: X-Mozilla-Status2:

I have tried many combinations from the MailScanner Wiki ruleset
examples but the header gets through.

Does the "From:" in rulesets cover the from email address and any
Received: headers too? ?The wiki seems to show that but I am not able
to remove the header no matter what I use in the second field.

Dave
From marc at marcsnet.com  Fri Jun 11 07:50:41 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 07:50:59 2010
Subject: log spam
Message-ID: <4C11DCC1.5080300@marcsnet.com>

/etc/MailScanner/MailScanner.conf
Spam Actions = &logspam store forward <email address>

/usr/lib/MailScanner/MailScanner/CustomConfig.pm
sub Initlogspam {};
sub Endlogspam {};
sub logspam {
  my($message) = @_;
  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
};

this doesn't work.  Complains about @  If I put &logspam at the end, it 
gets ignored.

I want to log the ip address of the person sending me spam, store the 
message and then forward it to my spam box.  Can I have my cake and eat 
it to?  If so, how?


Thanks in advance
Marc
From marc at marcsnet.com  Fri Jun 11 08:07:21 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 08:07:31 2010
Subject: log spam
In-Reply-To: <4C11DCC1.5080300@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com>
Message-ID: <4C11E0A9.5090101@marcsnet.com>

Sorry - "Complains about @  If I put &logspam at the end, it gets 
ignored." refers to "Spam Actions = &logspam store forward <email address>"

Marc Lucke wrote:
> /etc/MailScanner/MailScanner.conf
> Spam Actions = &logspam store forward <email address>
>
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm
> sub Initlogspam {};
> sub Endlogspam {};
> sub logspam {
>  my($message) = @_;
>  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
> };
>
> this doesn't work.  Complains about @  If I put &logspam at the end, 
> it gets ignored.
>
> I want to log the ip address of the person sending me spam, store the 
> message and then forward it to my spam box.  Can I have my cake and 
> eat it to?  If so, how?
>
>
> Thanks in advance
> Marc
From john at tradoc.fr  Fri Jun 11 08:15:33 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri Jun 11 08:15:48 2010
Subject: log spam
In-Reply-To: <4C11DCC1.5080300@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com>
Message-ID: <4C11E295.40205@tradoc.fr>

Le 11/06/2010 08:50, Marc Lucke a ?crit :
> I want to log the ip address of the person sending me spam, store the
> message and then forward it to my spam box.  Can I have my cake and eat
> it to?  If so, how?

If all you need to log is the IP address, what's wrong with 
MailScanner's built-in logging functions?

Log Spam = yes

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From marc at marcsnet.com  Fri Jun 11 08:32:38 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 08:32:52 2010
Subject: log spam
In-Reply-To: <4C11E295.40205@tradoc.fr>
References: <4C11DCC1.5080300@marcsnet.com> <4C11E295.40205@tradoc.fr>
Message-ID: <4C11E696.2060807@marcsnet.com>

is that all - lol - I'll have  look.  Whoops :)

John Wilcock wrote:
> Le 11/06/2010 08:50, Marc Lucke a ?crit :
>> I want to log the ip address of the person sending me spam, store the
>> message and then forward it to my spam box.  Can I have my cake and eat
>> it to?  If so, how?
>
> If all you need to log is the IP address, what's wrong with 
> MailScanner's built-in logging functions?
>
> Log Spam = yes
>
> John.
>
From marc at marcsnet.com  Fri Jun 11 08:51:42 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 08:51:54 2010
Subject: log spam
In-Reply-To: <4C11E696.2060807@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com> <4C11E295.40205@tradoc.fr>
	<4C11E696.2060807@marcsnet.com>
Message-ID: <4C11EB0E.1060607@marcsnet.com>

for anyone interested who uses fail2ban:

# cat filter.d/spam.conf
failregex = Message .* from <HOST> .* is spam
ignoreregex =
# tail -n 8 jail.conf
[spam]
enabled = true
filter = spam
maxretry = 1
bantime  = 3600
action = iptables-multiport[name=spam port="smtp", protocol=tcp]
           sendmail-whois[name=spam, dest=root, sender=root]
logpath = /var/log/maillog

works a treat :)  Thanks John!  I was getting too complicated.


Marc Lucke wrote:
> is that all - lol - I'll have  look.  Whoops :)
>
> John Wilcock wrote:
>> Le 11/06/2010 08:50, Marc Lucke a ?crit :
>>> I want to log the ip address of the person sending me spam, store the
>>> message and then forward it to my spam box.  Can I have my cake and eat
>>> it to?  If so, how?
>>
>> If all you need to log is the IP address, what's wrong with 
>> MailScanner's built-in logging functions?
>>
>> Log Spam = yes
>>
>> John.
>>
From marc at marcsnet.com  Fri Jun 11 09:04:15 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 09:04:31 2010
Subject: log spam
In-Reply-To: <4C11EB0E.1060607@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com> <4C11E295.40205@tradoc.fr>
	<4C11E696.2060807@marcsnet.com> <4C11EB0E.1060607@marcsnet.com>
Message-ID: <4C11EDFF.3070301@marcsnet.com>

should have debugged.  action = iptables[name=spam, port=smtp, protocol=tcp]

Marc Lucke wrote:
> for anyone interested who uses fail2ban:
>
> # cat filter.d/spam.conf
> failregex = Message .* from <HOST> .* is spam
> ignoreregex =
> # tail -n 8 jail.conf
> [spam]
> enabled = true
> filter = spam
> maxretry = 1
> bantime  = 3600
> action = iptables-multiport[name=spam port="smtp", protocol=tcp]
>           sendmail-whois[name=spam, dest=root, sender=root]
> logpath = /var/log/maillog
>
> works a treat :)  Thanks John!  I was getting too complicated.
>
>
> Marc Lucke wrote:
>> is that all - lol - I'll have  look.  Whoops :)
>>
>> John Wilcock wrote:
>>> Le 11/06/2010 08:50, Marc Lucke a ?crit :
>>>> I want to log the ip address of the person sending me spam, store the
>>>> message and then forward it to my spam box.  Can I have my cake and 
>>>> eat
>>>> it to?  If so, how?
>>>
>>> If all you need to log is the IP address, what's wrong with 
>>> MailScanner's built-in logging functions?
>>>
>>> Log Spam = yes
>>>
>>> John.
>>>
>
From peter at farrows.org  Fri Jun 11 09:04:32 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri Jun 11 09:04:42 2010
Subject: log spam
In-Reply-To: <4C11EB0E.1060607@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com>
	<4C11E295.40205@tradoc.fr>	<4C11E696.2060807@marcsnet.com>
	<4C11EB0E.1060607@marcsnet.com>
Message-ID: <4C11EE10.6000302@farrows.org>

On 11/06/2010 08:51, Marc Lucke wrote:
> for anyone interested who uses fail2ban:
>
> # cat filter.d/spam.conf
> failregex = Message .* from <HOST> .* is spam
> ignoreregex =
> # tail -n 8 jail.conf
> [spam]
> enabled = true
> filter = spam
> maxretry = 1
> bantime  = 3600
> action = iptables-multiport[name=spam port="smtp", protocol=tcp]
>           sendmail-whois[name=spam, dest=root, sender=root]
> logpath = /var/log/maillog
>
> works a treat :)  Thanks John!  I was getting too complicated.
>
>
> Marc Lucke wrote:
>> is that all - lol - I'll have  look.  Whoops :)
>>
>> John Wilcock wrote:
>>> Le 11/06/2010 08:50, Marc Lucke a ?crit :
>>>> I want to log the ip address of the person sending me spam, store the
>>>> message and then forward it to my spam box.  Can I have my cake and 
>>>> eat
>>>> it to?  If so, how?
>>>
>>> If all you need to log is the IP address, what's wrong with 
>>> MailScanner's built-in logging functions?
>>>
>>> Log Spam = yes
>>>
>>> John.
>>>
Marc,

this is excellent, thanks for posting this

Pete


From MailScanner at ecs.soton.ac.uk  Fri Jun 11 09:33:55 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jun 11 09:34:10 2010
Subject: log spam
In-Reply-To: <4C11DCC1.5080300@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com>
 <4C11F4F3.10804@ecs.soton.ac.uk>
Message-ID: <EMEW3|3b572e3161f6730ba6582acc42f358d4m5A9Xw0bMailScanner|ecs.soton.ac.uk|4C11F4F3.10804@ecs.soton.ac.uk>

In addition to what John told you, you can't use Custom Functions like 
this. A Custom Function takes the message object as its parameter, and 
returns a string (or number) giving the value you want for this 
MailScanner.conf setting for this message. So in "Spam Actions =", a 
Custom Function could return something like "store forward 
wibble@foobar.com". Of course a Custom Function can have side effects 
such as extra logging, but fundamentally it is just a way to calculate 
the value of a MailScanner.conf setting programmatically. It isn't an 
additional Spam Action, which is what you are trying to do with it.

It's all a whole lot simpler than you are imagining.

Jules.

On 11/06/2010 07:50, Marc Lucke wrote:
> /etc/MailScanner/MailScanner.conf
> Spam Actions = &logspam store forward <email address>
>
> /usr/lib/MailScanner/MailScanner/CustomConfig.pm
> sub Initlogspam {};
> sub Endlogspam {};
> sub logspam {
>  my($message) = @_;
>  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
> };
>
> this doesn't work.  Complains about @  If I put &logspam at the end, 
> it gets ignored.
>
> I want to log the ip address of the person sending me spam, store the 
> message and then forward it to my spam box.  Can I have my cake and 
> eat it to?  If so, how?
>
>
> Thanks in advance
> Marc

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mogens at fumlersoft.dk  Fri Jun 11 11:21:58 2010
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Fri Jun 11 11:22:11 2010
Subject: Using rules for "Remove These Headers"
In-Reply-To: <AANLkTimof4_SR9_kIBocauARMnqzJOjh8vph1nFUhpRP@mail.gmail.com>
References: <AANLkTimof4_SR9_kIBocauARMnqzJOjh8vph1nFUhpRP@mail.gmail.com>
Message-ID: <ec0b7a8041b4312c269b3644ac6a00c2.squirrel@mail.fumlersoft.dk>

Hi Dave

I believe the expresion you are looking for is:

172\.16\.[1-2]1\.1[0-1]

On Thu, June 10, 2010 20:03, Dave Jones wrote:
> I need to remove read receipt headers from email coming in from the
> Internet. ?There are 4 SMTP proxy firewalls (172.16.21.10,
> 172.16.21.11, 172.16.11.10, 172.16.11.11) in front of the MailScanner
> servers that show up in the Received: headers.
>
> Received: from server.blahblah.com (firewall.blahblah.com [172.16.11.11])
> ? ? ?by sendmail.blahblah.com (8.13.8/8.13.8) with ESMTP id o5AHZkoM025256
> ? ? ?for <someone@somedomain.com>; Thu, 10 Jun 2010 12:35:46 -0500
>
> MailScanner.conf?(4.78.17)
> ======================
> Remove These Headers = %rules-dir%/remove-these-headers.rules
>
> remove-these-headers.rules
> ======================
> From: ? ? ? ? ? /172\.16\.[12]1\.1[10]/
> Disposition-Notification-To: X-Mozilla-Status: X-Mozilla-Status2:
> FromOrTo: ? ? ? default ? ? ? ? X-Mozilla-Status: X-Mozilla-Status2:
>
> I have tried many combinations from the MailScanner Wiki ruleset
> examples but the header gets through.
>
> Does the "From:" in rulesets cover the from email address and any
> Received: headers too? ?The wiki seems to show that but I am not able
> to remove the header no matter what I use in the second field.
>
> Dave
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-- 
Later

Mogens Melander



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri Jun 11 12:03:57 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jun 11 12:04:13 2010
Subject: Using rules for "Remove These Headers"
In-Reply-To: <AANLkTimof4_SR9_kIBocauARMnqzJOjh8vph1nFUhpRP@mail.gmail.com>
References: <AANLkTimof4_SR9_kIBocauARMnqzJOjh8vph1nFUhpRP@mail.gmail.com>
	<4C12181D.9050505@ecs.soton.ac.uk>
Message-ID: <EMEW3|fb7e1629adadc5e83dfc01cbf3884316m5AC410bMailScanner|ecs.soton.ac.uk|4C12181D.9050505@ecs.soton.ac.uk>



On 10/06/2010 19:03, Dave Jones wrote:
> I need to remove read receipt headers from email coming in from the
> Internet.  There are 4 SMTP proxy firewalls (172.16.21.10,
> 172.16.21.11, 172.16.11.10, 172.16.11.11) in front of the MailScanner
> servers that show up in the Received: headers.
>
> Received: from server.blahblah.com (firewall.blahblah.com [172.16.11.11])
>       by sendmail.blahblah.com (8.13.8/8.13.8) with ESMTP id o5AHZkoM025256
>       for<someone@somedomain.com>; Thu, 10 Jun 2010 12:35:46 -0500
>
> MailScanner.conf (4.78.17)
> ======================
> Remove These Headers = %rules-dir%/remove-these-headers.rules
>
> remove-these-headers.rules
> ======================
> From:           /172\.16\.[12]1\.1[10]/
> Disposition-Notification-To: X-Mozilla-Status: X-Mozilla-Status2:
> FromOrTo:       default         X-Mozilla-Status: X-Mozilla-Status2:
>    
Your regexp is right.
Check your maillog for any complaint about "Invalid expression in rule".

You can also test out things without having to generate test messages 
and so on using the command-line arguments that the MailScanner program 
will take.
[root@al MailScanner]# MailScanner --help
Usage:
MailScanner [ -h|-v|--debug|--debug-sa|--lint ] |
             [ --processing | --processing=<minimum> ] |
             [ -c|--changed ] |
             [ --id=<message-id> ] |
             [ --inqueuedir=<dir-name|glob> ] |
             [--value=<option-name> --from=<from-address>
              --to=<to-address>,    --to=<to-address-2>, ...]
              --ip=<ip-address>,    --virus=<virus-name> ]
<MailScanner.conf-file-location>

So a command like this might help you:

[root@al MailScanner]# MailScanner --value=removetheseheaders 
--from=came@from.here --to=going@to.here --ip=172.16.11.11 
/etc/MailScanner/MailScanner.conf

This should at least make your testing a lot easier.
If all else fails, 4 separate rules instead of a regexp will work pretty 
darned quickly :-)

Jules.

> I have tried many combinations from the MailScanner Wiki ruleset
> examples but the header gets through.
>
> Does the "From:" in rulesets cover the from email address and any
> Received: headers too?  The wiki seems to show that but I am not able
> to remove the header no matter what I use in the second field.
>
> Dave
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From marc at marcsnet.com  Fri Jun 11 13:29:52 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 13:30:06 2010
Subject: log spam
In-Reply-To: <EMEW3|3b572e3161f6730ba6582acc42f358d4m5A9Xw0bMailScanner|ecs.soton.ac.uk|4C11F4F3.10804@ecs.soton.ac.uk>
References: <4C11DCC1.5080300@marcsnet.com> <4C11F4F3.10804@ecs.soton.ac.uk>
	<EMEW3|3b572e3161f6730ba6582acc42f358d4m5A9Xw0bMailScanner|ecs.soton.ac.uk|4C11F4F3.10804@ecs.soton.ac.uk>
Message-ID: <4C122C40.9040701@marcsnet.com>

and now everything becomes clear!  Very clever.  So in fact all I would 
need to have done was to have returned "store forward <email address>" 
and that would have done what I wanted.

I was looking for a way to combine milter-greylist with fail2ban - i.e. 
send me spam and you get banned for 4 hours (in my example) instead of 
told do go away for 5 minutes.  I've decied to turn milter-greylist off 
altogether and use fail2ban on a "you abuse me, I block you" basis 
rather than assume everyone's the enemy to begin with.  milter-greylist 
has the lag, but too (lol) it was pretty successful and I like some good 
and varied spam samples to feed to SA.

fail2ban is a poor name.  So far it hasn't failed to ban anything (boom 
boom) :)


Julian Field wrote:
> In addition to what John told you, you can't use Custom Functions like 
> this. A Custom Function takes the message object as its parameter, and 
> returns a string (or number) giving the value you want for this 
> MailScanner.conf setting for this message. So in "Spam Actions =", a 
> Custom Function could return something like "store forward 
> wibble@foobar.com". Of course a Custom Function can have side effects 
> such as extra logging, but fundamentally it is just a way to calculate 
> the value of a MailScanner.conf setting programmatically. It isn't an 
> additional Spam Action, which is what you are trying to do with it.
>
> It's all a whole lot simpler than you are imagining.
>
> Jules.
>
> On 11/06/2010 07:50, Marc Lucke wrote:
>> /etc/MailScanner/MailScanner.conf
>> Spam Actions = &logspam store forward <email address>
>>
>> /usr/lib/MailScanner/MailScanner/CustomConfig.pm
>> sub Initlogspam {};
>> sub Endlogspam {};
>> sub logspam {
>>  my($message) = @_;
>>  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
>> };
>>
>> this doesn't work.  Complains about @  If I put &logspam at the end, 
>> it gets ignored.
>>
>> I want to log the ip address of the person sending me spam, store the 
>> message and then forward it to my spam box.  Can I have my cake and 
>> eat it to?  If so, how?
>>
>>
>> Thanks in advance
>> Marc
>
> Jules
>
From marc at marcsnet.com  Fri Jun 11 13:34:28 2010
From: marc at marcsnet.com (Marc Lucke)
Date: Fri Jun 11 13:34:41 2010
Subject: log spam
In-Reply-To: <4C122C40.9040701@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com> <4C11F4F3.10804@ecs.soton.ac.uk>
	<EMEW3|3b572e3161f6730ba6582acc42f358d4m5A9Xw0bMailScanner|ecs.soton.ac.uk|4C11F4F3.10804@ecs.soton.ac.uk>
	<4C122C40.9040701@marcsnet.com>
Message-ID: <4C122D54.8070801@marcsnet.com>

(so off topic - sorry to offend any purists): what I'd now like to do is 
say something like "you're banned for double the amount of time you were 
last time".


Marc Lucke wrote:
> and now everything becomes clear!  Very clever.  So in fact all I 
> would need to have done was to have returned "store forward <email 
> address>" and that would have done what I wanted.
>
> I was looking for a way to combine milter-greylist with fail2ban - 
> i.e. send me spam and you get banned for 4 hours (in my example) 
> instead of told do go away for 5 minutes.  I've decied to turn 
> milter-greylist off altogether and use fail2ban on a "you abuse me, I 
> block you" basis rather than assume everyone's the enemy to begin 
> with.  milter-greylist has the lag, but too (lol) it was pretty 
> successful and I like some good and varied spam samples to feed to SA.
>
> fail2ban is a poor name.  So far it hasn't failed to ban anything 
> (boom boom) :)
>
>
> Julian Field wrote:
>> In addition to what John told you, you can't use Custom Functions 
>> like this. A Custom Function takes the message object as its 
>> parameter, and returns a string (or number) giving the value you want 
>> for this MailScanner.conf setting for this message. So in "Spam 
>> Actions =", a Custom Function could return something like "store 
>> forward wibble@foobar.com". Of course a Custom Function can have side 
>> effects such as extra logging, but fundamentally it is just a way to 
>> calculate the value of a MailScanner.conf setting programmatically. 
>> It isn't an additional Spam Action, which is what you are trying to 
>> do with it.
>>
>> It's all a whole lot simpler than you are imagining.
>>
>> Jules.
>>
>> On 11/06/2010 07:50, Marc Lucke wrote:
>>> /etc/MailScanner/MailScanner.conf
>>> Spam Actions = &logspam store forward <email address>
>>>
>>> /usr/lib/MailScanner/MailScanner/CustomConfig.pm
>>> sub Initlogspam {};
>>> sub Endlogspam {};
>>> sub logspam {
>>>  my($message) = @_;
>>>  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
>>> };
>>>
>>> this doesn't work.  Complains about @  If I put &logspam at the end, 
>>> it gets ignored.
>>>
>>> I want to log the ip address of the person sending me spam, store 
>>> the message and then forward it to my spam box.  Can I have my cake 
>>> and eat it to?  If so, how?
>>>
>>>
>>> Thanks in advance
>>> Marc
>>
>> Jules
>>
>
From peter.ong at hypermediasystems.com  Fri Jun 11 15:20:02 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun 11 15:20:15 2010
Subject: RBL's
In-Reply-To: <2061137865.43364.1276265564297.JavaMail.root@mail021.dti>
Message-ID: <14943029.43376.1276266002740.JavaMail.root@mail021.dti>

My number of users isn't nearly as voluminous as everyone's here, but the emails easily reach in the hundreds of thousands. If I configure MailScanner such that if an email address is found only in one RBL, consider it spam; but SORBS contains many false positives. To remedy, I configured MailScanner to consider an email spam if it is seen in 2 spam lists. I use all the ones listed in the spam list file included with MailScanner.

Of course, our spam countermeasures do not rely solely on RBLs, or MailScanner for that matter. On top of it, we have implemented greylisting.

So here's what happens. On the postfix side, we have implemented about a dozen RBLs so many are blocked at the postfix level. If they get past that, they get greylisted. Those that get through get chewed by MailScanner (and sa with the fsl bayes db and full rules emporium rules and clamd with stock and unofficial dbs) and then on to the users.

p


----- Original Message -----

> From: "Richard Mealing" <richard@fastnet.co.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 9, 2010 7:38:23 AM
> Subject: RBL's
> 
> Hi everyone,
> 
> 
> 
> OT I know, I was just wondering what everyone is using for their RBL?s
> at MTA level?
> 
> In light of Sorbs blacklisting everyone at the moment, plus SpamHaus
> charging for usage, does anyone have any recommendations?
> 
> 
> 
> I?m currently using Barracuda, Sorbs (with about a million white list
> entries) and spamcop.
> 
> 
> 
> Thanks,
> Rich 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From peter at farrows.org  Fri Jun 11 15:29:43 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri Jun 11 15:29:55 2010
Subject: RBL's
In-Reply-To: <14943029.43376.1276266002740.JavaMail.root@mail021.dti>
References: <14943029.43376.1276266002740.JavaMail.root@mail021.dti>
Message-ID: <4C124857.6040405@farrows.org>

I do the same, but if you're on an RBL you don't get through, end of 
story...

P.

On 11/06/2010 15:20, Peter Ong wrote:
> My number of users isn't nearly as voluminous as everyone's here, but the emails easily reach in the hundreds of thousands. If I configure MailScanner such that if an email address is found only in one RBL, consider it spam; but SORBS contains many false positives. To remedy, I configured MailScanner to consider an email spam if it is seen in 2 spam lists. I use all the ones listed in the spam list file included with MailScanner.
>
> Of course, our spam countermeasures do not rely solely on RBLs, or MailScanner for that matter. On top of it, we have implemented greylisting.
>
> So here's what happens. On the postfix side, we have implemented about a dozen RBLs so many are blocked at the postfix level. If they get past that, they get greylisted. Those that get through get chewed by MailScanner (and sa with the fsl bayes db and full rules emporium rules and clamd with stock and unofficial dbs) and then on to the users.
>
> p
>
>
> ----- Original Message -----
>
>    
>> From: "Richard Mealing"<richard@fastnet.co.uk>
>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, June 9, 2010 7:38:23 AM
>> Subject: RBL's
>>
>> Hi everyone,
>>
>>
>>
>> OT I know, I was just wondering what everyone is using for their RBL?s
>> at MTA level?
>>
>> In light of Sorbs blacklisting everyone at the moment, plus SpamHaus
>> charging for usage, does anyone have any recommendations?
>>
>>
>>
>> I?m currently using Barracuda, Sorbs (with about a million white list
>> entries) and spamcop.
>>
>>
>>
>> Thanks,
>> Rich
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>    


From malli at mcrirents.com  Fri Jun 11 16:37:16 2010
From: malli at mcrirents.com (Mohammed Alli)
Date: Fri Jun 11 15:41:31 2010
Subject: RBL's
In-Reply-To: <4C124857.6040405@farrows.org>
References: <14943029.43376.1276266002740.JavaMail.root@mail021.dti>
	<4C124857.6040405@farrows.org>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD930246FD6B@exchange.computerrents.com>

I am currently doing rbl, greylist and spf checks the same way as Perter Ong.  I have postfix handling rbls because I want everything blocked at the MTA level.  However, I do have a global whitelist access list for postfix, which queries the MailScanner whitelist table for lookups.  This bypasses rbl, greylist, spf and mailscanner checks for any whitelist entries. 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow
Sent: Friday, June 11, 2010 9:30 AM
To: MailScanner discussion
Subject: Re: RBL's

I do the same, but if you're on an RBL you don't get through, end of 
story...

P.

On 11/06/2010 15:20, Peter Ong wrote:
> My number of users isn't nearly as voluminous as everyone's here, but the emails easily reach in the hundreds of thousands. If I configure MailScanner such that if an email address is found only in one RBL, consider it spam; but SORBS contains many false positives. To remedy, I configured MailScanner to consider an email spam if it is seen in 2 spam lists. I use all the ones listed in the spam list file included with MailScanner.
>
> Of course, our spam countermeasures do not rely solely on RBLs, or MailScanner for that matter. On top of it, we have implemented greylisting.
>
> So here's what happens. On the postfix side, we have implemented about a dozen RBLs so many are blocked at the postfix level. If they get past that, they get greylisted. Those that get through get chewed by MailScanner (and sa with the fsl bayes db and full rules emporium rules and clamd with stock and unofficial dbs) and then on to the users.
>
> p
>
>
> ----- Original Message -----
>
>    
>> From: "Richard Mealing"<richard@fastnet.co.uk>
>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, June 9, 2010 7:38:23 AM
>> Subject: RBL's
>>
>> Hi everyone,
>>
>>
>>
>> OT I know, I was just wondering what everyone is using for their RBL?s
>> at MTA level?
>>
>> In light of Sorbs blacklisting everyone at the moment, plus SpamHaus
>> charging for usage, does anyone have any recommendations?
>>
>>
>>
>> I?m currently using Barracuda, Sorbs (with about a million white list
>> entries) and spamcop.
>>
>>
>>
>> Thanks,
>> Rich
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>    


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From richard at fastnet.co.uk  Fri Jun 11 17:34:05 2010
From: richard at fastnet.co.uk (Richard Mealing)
Date: Fri Jun 11 17:33:01 2010
Subject: RBL's
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD930246FD6B@exchange.computerrents.com>
References: <14943029.43376.1276266002740.JavaMail.root@mail021.dti><4C124857.6040405@farrows.org>
	<3B1A431BDA34C54581BE43253BC1BD930246FD6B@exchange.computerrents.com>
Message-ID: <E6BE51A3C3EE3147947B0CBCE62442D6022720C8@fnserver02.fastnet.local>

Thanks for all the comments, I'm not using Sorbs any longer.

I'm on Barracuda, CBL (sorbs replacement) and Spamcop. They stop just as much (800k each per day) and they don't seem to be blocking everyone. I've had so many emails this week about Sorbs, I've just had enough of them.!!

Have a good weekend all!

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mohammed Alli
Sent: 11 June 2010 16:37
To: MailScanner discussion
Subject: RE: RBL's

I am currently doing rbl, greylist and spf checks the same way as Perter Ong.  I have postfix handling rbls because I want everything blocked at the MTA level.  However, I do have a global whitelist access list for postfix, which queries the MailScanner whitelist table for lookups.  This bypasses rbl, greylist, spf and mailscanner checks for any whitelist entries. 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter Farrow
Sent: Friday, June 11, 2010 9:30 AM
To: MailScanner discussion
Subject: Re: RBL's

I do the same, but if you're on an RBL you don't get through, end of story...

P.

On 11/06/2010 15:20, Peter Ong wrote:
> My number of users isn't nearly as voluminous as everyone's here, but the emails easily reach in the hundreds of thousands. If I configure MailScanner such that if an email address is found only in one RBL, consider it spam; but SORBS contains many false positives. To remedy, I configured MailScanner to consider an email spam if it is seen in 2 spam lists. I use all the ones listed in the spam list file included with MailScanner.
>
> Of course, our spam countermeasures do not rely solely on RBLs, or MailScanner for that matter. On top of it, we have implemented greylisting.
>
> So here's what happens. On the postfix side, we have implemented about a dozen RBLs so many are blocked at the postfix level. If they get past that, they get greylisted. Those that get through get chewed by MailScanner (and sa with the fsl bayes db and full rules emporium rules and clamd with stock and unofficial dbs) and then on to the users.
>
> p
>
>
> ----- Original Message -----
>
>    
>> From: "Richard Mealing"<richard@fastnet.co.uk>
>> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, June 9, 2010 7:38:23 AM
>> Subject: RBL's
>>
>> Hi everyone,
>>
>>
>>
>> OT I know, I was just wondering what everyone is using for their 
>> RBL?s at MTA level?
>>
>> In light of Sorbs blacklisting everyone at the moment, plus SpamHaus 
>> charging for usage, does anyone have any recommendations?
>>
>>
>>
>> I?m currently using Barracuda, Sorbs (with about a million white list
>> entries) and spamcop.
>>
>>
>>
>> Thanks,
>> Rich
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>    


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From steve.freegard at fsl.com  Fri Jun 11 17:47:58 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Fri Jun 11 17:48:09 2010
Subject: RBL's
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D6022720C8@fnserver02.fastnet.local>
References: <14943029.43376.1276266002740.JavaMail.root@mail021.dti><4C124857.6040405@farrows.org>	<3B1A431BDA34C54581BE43253BC1BD930246FD6B@exchange.computerrents.com>
	<E6BE51A3C3EE3147947B0CBCE62442D6022720C8@fnserver02.fastnet.local>
Message-ID: <4C1268BE.3050202@fsl.com>

On 11/06/10 17:34, Richard Mealing wrote:
> Thanks for all the comments, I'm not using Sorbs any longer.
>
> I'm on Barracuda, CBL (sorbs replacement) and Spamcop. They stop just as much (800k each per day) and they don't seem to be blocking everyone. I've had so many emails this week about Sorbs, I've just had enough of them.!!
>

Just my 2c:

Often people use 'dnsbl.sorbs.net' as that's the example shown on the 
'Using SORBS' page.

Even the SORBS maintainer doesn't recommend using this list at the MTA 
level; instead the aggregate list 'safe.dnsbl.sorbs.net' is what is 
recommended as this zone does not include the 'recent' and 'escalations' 
zones.  See http://www.au.sorbs.net/using.shtml

Regards,
Steve.

--
Steve Freegard
Development Director
Fort Systems Ltd.
From peter.ong at hypermediasystems.com  Fri Jun 11 18:39:32 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun 11 18:39:43 2010
Subject: RBL's
In-Reply-To: <E6BE51A3C3EE3147947B0CBCE62442D6022720C8@fnserver02.fastnet.local>
Message-ID: <893241551.43634.1276277972758.JavaMail.root@mail021.dti>

> I'm on Barracuda, CBL (sorbs replacement) and Spamcop. They stop just
> as much (800k each per day) and they don't seem to be blocking
> everyone. I've had so many emails this week about Sorbs, I've just had
> enough of them.!!

BTW, Barracuda is second worst; Sorbs being the number 1 spot. FYI.

p

----- Original Message -----

> From: "Richard Mealing" <richard@fastnet.co.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 11, 2010 9:34:05 AM
> Subject: RE: RBL's
> 
> Thanks for all the comments, I'm not using Sorbs any longer.
> 
> I'm on Barracuda, CBL (sorbs replacement) and Spamcop. They stop just
> as much (800k each per day) and they don't seem to be blocking
> everyone. I've had so many emails this week about Sorbs, I've just had
> enough of them.!!
> 
> Have a good weekend all!
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Mohammed Alli
> Sent: 11 June 2010 16:37
> To: MailScanner discussion
> Subject: RE: RBL's
> 
> I am currently doing rbl, greylist and spf checks the same way as
> Perter Ong.  I have postfix handling rbls because I want everything
> blocked at the MTA level.  However, I do have a global whitelist
> access list for postfix, which queries the MailScanner whitelist table
> for lookups.  This bypasses rbl, greylist, spf and mailscanner checks
> for any whitelist entries. 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter
> Farrow
> Sent: Friday, June 11, 2010 9:30 AM
> To: MailScanner discussion
> Subject: Re: RBL's
> 
> I do the same, but if you're on an RBL you don't get through, end of
> story...
> 
> P.
> 
> On 11/06/2010 15:20, Peter Ong wrote:
> > My number of users isn't nearly as voluminous as everyone's here,
> but the emails easily reach in the hundreds of thousands. If I
> configure MailScanner such that if an email address is found only in
> one RBL, consider it spam; but SORBS contains many false positives. To
> remedy, I configured MailScanner to consider an email spam if it is
> seen in 2 spam lists. I use all the ones listed in the spam list file
> included with MailScanner.
> >
> > Of course, our spam countermeasures do not rely solely on RBLs, or
> MailScanner for that matter. On top of it, we have implemented
> greylisting.
> >
> > So here's what happens. On the postfix side, we have implemented
> about a dozen RBLs so many are blocked at the postfix level. If they
> get past that, they get greylisted. Those that get through get chewed
> by MailScanner (and sa with the fsl bayes db and full rules emporium
> rules and clamd with stock and unofficial dbs) and then on to the
> users.
> >
> > p
> >
> >
> > ----- Original Message -----
> >
> >    
> >> From: "Richard Mealing"<richard@fastnet.co.uk>
> >> To: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
> >> Sent: Wednesday, June 9, 2010 7:38:23 AM
> >> Subject: RBL's
> >>
> >> Hi everyone,
> >>
> >>
> >>
> >> OT I know, I was just wondering what everyone is using for their 
> >> RBL?s at MTA level?
> >>
> >> In light of Sorbs blacklisting everyone at the moment, plus
> SpamHaus 
> >> charging for usage, does anyone have any recommendations?
> >>
> >>
> >>
> >> I?m currently using Barracuda, Sorbs (with about a million white
> list
> >> entries) and spamcop.
> >>
> >>
> >>
> >> Thanks,
> >> Rich
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>      
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >    
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From ssilva at sgvwater.com  Fri Jun 11 19:46:28 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jun 11 19:46:45 2010
Subject: log spam
In-Reply-To: <4C122D54.8070801@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com>
	<4C11F4F3.10804@ecs.soton.ac.uk>	<EMEW3|3b572e3161f6730ba6582acc42f358d4m5A9Xw0bMailScanner|ecs.soton.ac.uk|4C11F4F3.10804@ecs.soton.ac.uk>	<4C122C40.9040701@marcsnet.com>
	<4C122D54.8070801@marcsnet.com>
Message-ID: <huu0a3$h3s$1@dough.gmane.org>

on 6-11-2010 5:34 AM Marc Lucke spake the following:
> (so off topic - sorry to offend any purists): what I'd now like to do is
> say something like "you're banned for double the amount of time you were
> last time".
> 
> 
> Marc Lucke wrote:
>> and now everything becomes clear!  Very clever.  So in fact all I
>> would need to have done was to have returned "store forward <email
>> address>" and that would have done what I wanted.
>>
>> I was looking for a way to combine milter-greylist with fail2ban -
>> i.e. send me spam and you get banned for 4 hours (in my example)
>> instead of told do go away for 5 minutes.  I've decied to turn
>> milter-greylist off altogether and use fail2ban on a "you abuse me, I
>> block you" basis rather than assume everyone's the enemy to begin
>> with.  milter-greylist has the lag, but too (lol) it was pretty
>> successful and I like some good and varied spam samples to feed to SA.
>>
>> fail2ban is a poor name.  So far it hasn't failed to ban anything
>> (boom boom) :)
>>
>>
>> Julian Field wrote:
>>> In addition to what John told you, you can't use Custom Functions
>>> like this. A Custom Function takes the message object as its
>>> parameter, and returns a string (or number) giving the value you want
>>> for this MailScanner.conf setting for this message. So in "Spam
>>> Actions =", a Custom Function could return something like "store
>>> forward wibble@foobar.com". Of course a Custom Function can have side
>>> effects such as extra logging, but fundamentally it is just a way to
>>> calculate the value of a MailScanner.conf setting programmatically.
>>> It isn't an additional Spam Action, which is what you are trying to
>>> do with it.
>>>
>>> It's all a whole lot simpler than you are imagining.
>>>
>>> Jules.
>>>
>>> On 11/06/2010 07:50, Marc Lucke wrote:
>>>> /etc/MailScanner/MailScanner.conf
>>>> Spam Actions = &logspam store forward <email address>
>>>>
>>>> /usr/lib/MailScanner/MailScanner/CustomConfig.pm
>>>> sub Initlogspam {};
>>>> sub Endlogspam {};
>>>> sub logspam {
>>>>  my($message) = @_;
>>>>  MailScanner::Log::InfoLog("MailScanner: spam: ".$message->{clientip});
>>>> };
>>>>
>>>> this doesn't work.  Complains about @  If I put &logspam at the end,
>>>> it gets ignored.
>>>>
>>>> I want to log the ip address of the person sending me spam, store
>>>> the message and then forward it to my spam box.  Can I have my cake
>>>> and eat it to?  If so, how?
>>>>
>>>>
>>>> Thanks in advance
>>>> Marc
>>>
>>> Jules
>>>
>>
There is also a program. Vispan... That does a lot of this... also works with
the access file

From ssilva at sgvwater.com  Fri Jun 11 19:48:27 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jun 11 19:50:13 2010
Subject: RBL's
In-Reply-To: <4C124857.6040405@farrows.org>
References: <14943029.43376.1276266002740.JavaMail.root@mail021.dti>
	<4C124857.6040405@farrows.org>
Message-ID: <huu0dr$h3s$2@dough.gmane.org>

on 6-11-2010 7:29 AM Peter Farrow spake the following:
> I do the same, but if you're on an RBL you don't get through, end of
> story...
> 
> P.
Same here... Except postmaster and abuse are unmolested.

From MailScanner at ecs.soton.ac.uk  Sat Jun 12 16:11:01 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat Jun 12 16:11:14 2010
Subject: MailScanner ANNOUNCE: Dropoff
References: <4C13A385.1020503@ecs.soton.ac.uk>
Message-ID: <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>

The Scenario:

You have installed MailScanner at your site to protect all your users 
and clients from all sorts of dangerous email content.
Okay so far.
But your users need to be able to send large files, executables, and all 
sorts of other things that they used to try to send by email. Some of 
these are restricted by MailScanner, others (such as large files) are 
restricted by your email system's capacity.
And your users also need to be able to receive files from other sites 
around the world, without having any username/password access to your 
systems.
And it needs to be secure.

So your users need to be able to send and receive all sort of files and 
email is not the right tool for the job.

Say "Hello!" to Dropoff.

This is a simple web-based system where your users can send and receive 
files to and from anyone in the world, and yet it can't be used for 
public warez or porn sharing.

Anyone in the world can send files to you (but not to the rest of the 
world), and your users can send files to anyone in the world. All 
uploaded files are scanned for viruses, so it's safe. Authentication of 
your users can be done via Active Directory, LDAP, IMAP or a static 
file. It's small, light-weight, simple and safe. It's all written in PHP 
so you can read the source and add or change features as you desire.

Take a look at
             www.dropoff.me
where you can read about it and download it.

It's entirely free and open source, of course.

Note: I did not write all of this. Dropoff is my fork of the "Dropbox" 
package originally written at the University of Delaware. I have added 
new features and fixed some bugs. I intend to continue developing it as 
needed.

Let me know what you think!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From arthur.sherman at gmail.com  Sat Jun 12 19:18:24 2010
From: arthur.sherman at gmail.com (Arthur Sherman)
Date: Sat Jun 12 19:18:53 2010
Subject: OT: Goodbye and hosting wanted
In-Reply-To: <4BCF8F7B.4000501@pixelhammer.com>
References: <4BCF8F7B.4000501@pixelhammer.com>
Message-ID: <AANLkTikFhECWaojNbtNLmM7Bu144FqDSRb6FdwyVcGAb@mail.gmail.com>

Dave,

have a good life and thank you for being with us.


Best wishes,
--
A.

On Thu, Apr 22, 2010 at 2:51 AM, DAve <dave.list@pixelhammer.com> wrote:

> All,
>
> I will be unsubscribed to a lot of mail lists this week as my position
> has been closed. I am uncertain I want to continue with IT.
>
> I know some of you from as far back as my Userland Frontier and
> HyperCard days. I want to thank everyone for their help and assistance
> over the past 15 years. (Yes this is going out to several lists).
>
> I will need to move my hosted domain, email, and DNS this week. I am
> sure I could continue to host it with my employer but I would rather
> not. I don't need much, less than a dozen email accounts, simple PHP or
> perl, and DNS. My wife would like to start a LiveJournal or something
> like it for her work here if a host can be found that supports that,
> http://flickr.com/catchoftheday (Feel free to offer to purchase
> something ;^). Now that I am unemployed, inexpensive would be nice. I am
> open to suggestions for hosting services.
>
> Today, my wife and I are going to play hooky and do nothing. Again,
> thanks everyone.
>
> DAve
> --
> "Posterity, you will know how much it cost the present generation to
> preserve your freedom.  I hope you will make good use of it.  If you
> do not, I shall repent in heaven that ever I took half the pains to
> preserve it." John Adams
>
> http://appleseedinfo.org
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100612/3cdbe3bd/attachment.html
From steve.freegard at fsl.com  Sat Jun 12 23:42:59 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Sat Jun 12 23:43:14 2010
Subject: Bug
Message-ID: <4C140D73.6010008@fsl.com>

With:

Quarantine Whole Messages As Queue Files = No
Quarantine Whole Message = Yes

and a message which causes MailScanner to crash and the Processing 
Attempts database causes the message to be quarantined - then the 
resulting 'message' file in the quarantine directory is missing the 
headers (e.g. corrupt) and cannot therefore be released.

This is on MailScanner 4.77.10; can someone verify that this is still a 
problem on the current version?  I don't see anything in the change log 
that would indicate this was reported or fixed in a newer version.

Cheers,
Steve.
From supunr at lankacom.net  Sun Jun 13 05:11:54 2010
From: supunr at lankacom.net (Supun Rathnayake)
Date: Sun Jun 13 05:12:19 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
Message-ID: <4C145A8A.6070902@lankacom.net>

Hi jules,

Thank you very much for the interesting tool, very much essential for 
the obvious reasons that you have explained.

This is just an idea, how about integrating this tool with MailScanner 
for quarantine management.

Thanks,
Supun.


On 06/12/2010 08:41 PM, Jules Field wrote:
> The Scenario:
>
> You have installed MailScanner at your site to protect all your users 
> and clients from all sorts of dangerous email content.
> Okay so far.
> But your users need to be able to send large files, executables, and 
> all sorts of other things that they used to try to send by email. Some 
> of these are restricted by MailScanner, others (such as large files) 
> are restricted by your email system's capacity.
> And your users also need to be able to receive files from other sites 
> around the world, without having any username/password access to your 
> systems.
> And it needs to be secure.
>
> So your users need to be able to send and receive all sort of files 
> and email is not the right tool for the job.
>
> Say "Hello!" to Dropoff.
>
> This is a simple web-based system where your users can send and 
> receive files to and from anyone in the world, and yet it can't be 
> used for public warez or porn sharing.
>
> Anyone in the world can send files to you (but not to the rest of the 
> world), and your users can send files to anyone in the world. All 
> uploaded files are scanned for viruses, so it's safe. Authentication 
> of your users can be done via Active Directory, LDAP, IMAP or a static 
> file. It's small, light-weight, simple and safe. It's all written in 
> PHP so you can read the source and add or change features as you desire.
>
> Take a look at
>             www.dropoff.me
> where you can read about it and download it.
>
> It's entirely free and open source, of course.
>
> Note: I did not write all of this. Dropoff is my fork of the "Dropbox" 
> package originally written at the University of Delaware. I have added 
> new features and fixed some bugs. I intend to continue developing it 
> as needed.
>
> Let me know what you think!
>
> Jules
>
From willm at merkens.ca  Sun Jun 13 13:50:13 2010
From: willm at merkens.ca (Will Merkens)
Date: Sun Jun 13 13:50:48 2010
Subject: Start/Stop script for mailScanner
Message-ID: <4C14D405.2000502@merkens.ca>

System:

MailScanner 4.80.1
Sendmail 8.14.3

I am finding a issue with the /etc/init.d/MailScanner start/stop script
as it is not seem to be stopping sendmail.


Symptoms show up as messages with out X-...-mail-MailScanner headers and
the logs show it started but do not show any

Jun 13 06:32:20 gateway MailScanner[2834]: New Batch: Scanning 1
messages, 2659 bytes
Jun 13 06:32:20 gateway MailScanner[2834]: Virus and Content Scanning:
Starting
Jun 13 06:32:33 gateway MailScanner[2834]: Spam Checks: Starting

Also

When you do a service MailScanner stop (/etc/init.dMailScanner stop) and
do a ps ax | grep send you often still see sendmail running.

As soon as this occurs and you start MailScanner it comes back no error
and shows it started but in actuality it's not doing anything.

The only way I seem to be able to correct this to kill the PID's of
sendmail after MailScanner is stopped to insure that clean ones are
started .

ps. Side note, where do wiki content page errors get sent too.

on http://wiki.mailscanner.info/doku.php

in Tips and tweaks

    *
      Clustering MailScanner with CentOS and Pirahna
      <http://wiki.mailscanner.info/doku.php?id=documentation:clustering_mailscanner_with_centos_and_pirahna>
    *
      Acne Scar Removal <http://zenmed-acne-scar-treatment.com/>
    *
      Teen Chat <http://www.teensay.com/>
    *
      Dating Chat Rooms <http://www.chatixdating.com/>
    *

What the heck are 3 spam/non MailScanner related sites doing in these links.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100613/9640d06b/attachment.html
From steve at fsl.com  Sun Jun 13 14:57:44 2010
From: steve at fsl.com (Stephen Swaney)
Date: Sun Jun 13 14:57:53 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C14D405.2000502@merkens.ca>
References: <4C14D405.2000502@merkens.ca>
Message-ID: <B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>

Will,

some observations are below.

On Jun 13, 2010, at 8:50 AM, Will Merkens wrote:

> System:
> 
> MailScanner 4.80.1
> Sendmail 8.14.3
> 
> I am finding a issue with the /etc/init.d/MailScanner start/stop script as it is not seem to be stopping sendmail.
> 
> 

Is sendmail still being started by the systems default init script? The MailScanner script should be used to start sendmail, NOT the systems default script.

You can see if this is the porblem:

	1. Stop MailScanner using the MailScanner init script
	2. Kill any sendmail processes that are still running
	3. Start MailScanner using the MailScanner init script

If MailScanner starts working, this was the problem.

You don't say what OS you are using but from the location of the MailScanner start script, But it looks like it might be Red Hat, CentOS od som other similar Linux variant. If so these commands might also help.

To see if the systems sendmail init script is configured "on", run:

	chkconfig sendmail --list

This should return 

	sendmail       	0:off	1:off	2:off	3:off	4:off	5:off	6:off

Anything else is a problem.

To turn off the systems sendmail init script run:

	chkconfig sendmail off

> Symptoms show up as messages with out X-...-mail-MailScanner headers and the logs show it started but do not show any
> 
> Jun 13 06:32:20 gateway MailScanner[2834]: New Batch: Scanning 1 messages, 2659 bytes 
> Jun 13 06:32:20 gateway MailScanner[2834]: Virus and Content Scanning: Starting 
> Jun 13 06:32:33 gateway MailScanner[2834]: Spam Checks: Starting 
> 
> Also
> 
> When you do a service MailScanner stop (/etc/init.dMailScanner stop) and do a ps ax | grep send you often still see sendmail running.
> 
> As soon as this occurs and you start MailScanner it comes back no error and shows it started but in actuality it's not doing anything.
> 
> The only way I seem to be able to correct this to kill the PID's of sendmail after MailScanner is stopped to insure that clean ones are started .
> 
> ps. Side note, where do wiki content page errors get sent too.
> 
> on http://wiki.mailscanner.info/doku.php
> 
> in Tips and tweaks
> 
> Clustering MailScanner with CentOS and Pirahna
> Acne Scar Removal
> Teen Chat
> Dating Chat Rooms
> 
> What the heck are 3 spam/non MailScanner related sites doing in these links.
> 

I hope this helps,

Steve
-- 
Steve Swaney
steve@fsl.com
www.fsl.com
The most accurate and cost effective anti-spam solutions available

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100613/a91851bb/attachment.html
From mark at msapiro.net  Sun Jun 13 16:25:55 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Sun Jun 13 16:26:17 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C14D405.2000502@merkens.ca>
Message-ID: <PC1952010061308255507811d604d44@msapiro>

Will Merkens wrote:
>
>ps. Side note, where do wiki content page errors get sent too.
>
>on http://wiki.mailscanner.info/doku.php
>
>in Tips and tweaks
>
>    *
>      Clustering MailScanner with CentOS and Pirahna
>      <http://wiki.mailscanner.info/doku.php?id=documentation:clustering_mailscanner_with_centos_and_pirahna>
>    *
>      Acne Scar Removal ...
>    *
>      Teen Chat ...
>    *
>      Dating Chat Rooms ...
>    *
>
>What the heck are 3 spam/non MailScanner related sites doing in these links.


It's a wiki. Just as the spammers have done, you can register, log in
and edit the page. These and a few others on that page have been
removed for the moment, but there are probably others. Wiki gardening
is a continuing process. Spammers ruin everything for the rest of us.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From MailScanner at ecs.soton.ac.uk  Sun Jun 13 19:30:28 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun Jun 13 19:30:48 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <4C145A8A.6070902@lankacom.net>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net> <4C1523C4.10604@ecs.soton.ac.uk>
Message-ID: <EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>

Thanks for the comment.

As for integrating it, that counts as 'user front-end interface' in 
MailScanner, which is an area I have never got involved in. So it will 
remain a separate project for the time being, albeit one which 
MailScanner admins might like to install for their users' benefit.

Jules.

On 13/06/2010 05:11, Supun Rathnayake wrote:
> Hi jules,
>
> Thank you very much for the interesting tool, very much essential for 
> the obvious reasons that you have explained.
>
> This is just an idea, how about integrating this tool with MailScanner 
> for quarantine management.
>
> Thanks,
> Supun.
>
>
> On 06/12/2010 08:41 PM, Jules Field wrote:
>> The Scenario:
>>
>> You have installed MailScanner at your site to protect all your users 
>> and clients from all sorts of dangerous email content.
>> Okay so far.
>> But your users need to be able to send large files, executables, and 
>> all sorts of other things that they used to try to send by email. 
>> Some of these are restricted by MailScanner, others (such as large 
>> files) are restricted by your email system's capacity.
>> And your users also need to be able to receive files from other sites 
>> around the world, without having any username/password access to your 
>> systems.
>> And it needs to be secure.
>>
>> So your users need to be able to send and receive all sort of files 
>> and email is not the right tool for the job.
>>
>> Say "Hello!" to Dropoff.
>>
>> This is a simple web-based system where your users can send and 
>> receive files to and from anyone in the world, and yet it can't be 
>> used for public warez or porn sharing.
>>
>> Anyone in the world can send files to you (but not to the rest of the 
>> world), and your users can send files to anyone in the world. All 
>> uploaded files are scanned for viruses, so it's safe. Authentication 
>> of your users can be done via Active Directory, LDAP, IMAP or a 
>> static file. It's small, light-weight, simple and safe. It's all 
>> written in PHP so you can read the source and add or change features 
>> as you desire.
>>
>> Take a look at
>>             www.dropoff.me
>> where you can read about it and download it.
>>
>> It's entirely free and open source, of course.
>>
>> Note: I did not write all of this. Dropoff is my fork of the 
>> "Dropbox" package originally written at the University of Delaware. I 
>> have added new features and fixed some bugs. I intend to continue 
>> developing it as needed.
>>
>> Let me know what you think!
>>
>> Jules
>>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From J.Ede at birchenallhowden.co.uk  Sun Jun 13 20:36:29 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Sun Jun 13 20:36:50 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net> <4C1523C4.10604@ecs.soton.ac.uk>
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
Message-ID: <1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>

It looks fantastic Jules, will definitely download it and have a play.

Jason

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Jules Field
> Sent: 13 June 2010 19:30
> To: MailScanner discussion
> Subject: Re: MailScanner ANNOUNCE: Dropoff
> 
> Thanks for the comment.
> 
> As for integrating it, that counts as 'user front-end interface' in
> MailScanner, which is an area I have never got involved in. So it will
> remain a separate project for the time being, albeit one which
> MailScanner admins might like to install for their users' benefit.
> 
> Jules.
> 
> On 13/06/2010 05:11, Supun Rathnayake wrote:
> > Hi jules,
> >
> > Thank you very much for the interesting tool, very much essential for
> > the obvious reasons that you have explained.
> >
> > This is just an idea, how about integrating this tool with
> MailScanner
> > for quarantine management.
> >
> > Thanks,
> > Supun.
> >
> >
> > On 06/12/2010 08:41 PM, Jules Field wrote:
> >> The Scenario:
> >>
> >> You have installed MailScanner at your site to protect all your
> users
> >> and clients from all sorts of dangerous email content.
> >> Okay so far.
> >> But your users need to be able to send large files, executables, and
> >> all sorts of other things that they used to try to send by email.
> >> Some of these are restricted by MailScanner, others (such as large
> >> files) are restricted by your email system's capacity.
> >> And your users also need to be able to receive files from other
> sites
> >> around the world, without having any username/password access to
> your
> >> systems.
> >> And it needs to be secure.
> >>
> >> So your users need to be able to send and receive all sort of files
> >> and email is not the right tool for the job.
> >>
> >> Say "Hello!" to Dropoff.
> >>
> >> This is a simple web-based system where your users can send and
> >> receive files to and from anyone in the world, and yet it can't be
> >> used for public warez or porn sharing.
> >>
> >> Anyone in the world can send files to you (but not to the rest of
> the
> >> world), and your users can send files to anyone in the world. All
> >> uploaded files are scanned for viruses, so it's safe. Authentication
> >> of your users can be done via Active Directory, LDAP, IMAP or a
> >> static file. It's small, light-weight, simple and safe. It's all
> >> written in PHP so you can read the source and add or change features
> >> as you desire.
> >>
> >> Take a look at
> >>             www.dropoff.me
> >> where you can read about it and download it.
> >>
> >> It's entirely free and open source, of course.
> >>
> >> Note: I did not write all of this. Dropoff is my fork of the
> >> "Dropbox" package originally written at the University of Delaware.
> I
> >> have added new features and fixed some bugs. I intend to continue
> >> developing it as needed.
> >>
> >> Let me know what you think!
> >>
> >> Jules
> >>
> 
> Jules
> 
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Sun Jun 13 20:45:44 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun Jun 13 20:45:58 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C145A8A.6070902@lankacom.net>
	<4C1523C4.10604@ecs.soton.ac.uk>	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
	<4C153568.3080504@ecs.soton.ac.uk>
Message-ID: <EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>

I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of it, 
which will save you all a lot of work configuring it and fixing bugs in 
PHP that prevent large uploads.

The documentation text is already written, I've just got to get the VMDK 
off my vSphere.

Jules.

On 13/06/2010 20:36, Jason Ede wrote:
> It looks fantastic Jules, will definitely download it and have a play.
>
> Jason
>
>    
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>> Sent: 13 June 2010 19:30
>> To: MailScanner discussion
>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>
>> Thanks for the comment.
>>
>> As for integrating it, that counts as 'user front-end interface' in
>> MailScanner, which is an area I have never got involved in. So it will
>> remain a separate project for the time being, albeit one which
>> MailScanner admins might like to install for their users' benefit.
>>
>> Jules.
>>
>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>      
>>> Hi jules,
>>>
>>> Thank you very much for the interesting tool, very much essential for
>>> the obvious reasons that you have explained.
>>>
>>> This is just an idea, how about integrating this tool with
>>>        
>> MailScanner
>>      
>>> for quarantine management.
>>>
>>> Thanks,
>>> Supun.
>>>
>>>
>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>        
>>>> The Scenario:
>>>>
>>>> You have installed MailScanner at your site to protect all your
>>>>          
>> users
>>      
>>>> and clients from all sorts of dangerous email content.
>>>> Okay so far.
>>>> But your users need to be able to send large files, executables, and
>>>> all sorts of other things that they used to try to send by email.
>>>> Some of these are restricted by MailScanner, others (such as large
>>>> files) are restricted by your email system's capacity.
>>>> And your users also need to be able to receive files from other
>>>>          
>> sites
>>      
>>>> around the world, without having any username/password access to
>>>>          
>> your
>>      
>>>> systems.
>>>> And it needs to be secure.
>>>>
>>>> So your users need to be able to send and receive all sort of files
>>>> and email is not the right tool for the job.
>>>>
>>>> Say "Hello!" to Dropoff.
>>>>
>>>> This is a simple web-based system where your users can send and
>>>> receive files to and from anyone in the world, and yet it can't be
>>>> used for public warez or porn sharing.
>>>>
>>>> Anyone in the world can send files to you (but not to the rest of
>>>>          
>> the
>>      
>>>> world), and your users can send files to anyone in the world. All
>>>> uploaded files are scanned for viruses, so it's safe. Authentication
>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>> static file. It's small, light-weight, simple and safe. It's all
>>>> written in PHP so you can read the source and add or change features
>>>> as you desire.
>>>>
>>>> Take a look at
>>>>              www.dropoff.me
>>>> where you can read about it and download it.
>>>>
>>>> It's entirely free and open source, of course.
>>>>
>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>> "Dropbox" package originally written at the University of Delaware.
>>>>          
>> I
>>      
>>>> have added new features and fixed some bugs. I intend to continue
>>>> developing it as needed.
>>>>
>>>> Let me know what you think!
>>>>
>>>> Jules
>>>>
>>>>          
>> Jules
>>
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Mon Jun 14 09:41:09 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jun 14 09:41:24 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
Message-ID: <EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>

I have just uploaded the VMWare disk image of a fully functional Dropoff 
system. There are some docs on the Dropoff.me website that will tell you 
how to configure it for your site once you've built a VM around it.

Jules.

On 13/06/2010 20:45, Jules Field wrote:
> I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of 
> it, which will save you all a lot of work configuring it and fixing 
> bugs in PHP that prevent large uploads.
>
> The documentation text is already written, I've just got to get the 
> VMDK off my vSphere.
>
> Jules.
>
> On 13/06/2010 20:36, Jason Ede wrote:
>> It looks fantastic Jules, will definitely download it and have a play.
>>
>> Jason
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>> Sent: 13 June 2010 19:30
>>> To: MailScanner discussion
>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>
>>> Thanks for the comment.
>>>
>>> As for integrating it, that counts as 'user front-end interface' in
>>> MailScanner, which is an area I have never got involved in. So it will
>>> remain a separate project for the time being, albeit one which
>>> MailScanner admins might like to install for their users' benefit.
>>>
>>> Jules.
>>>
>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>> Hi jules,
>>>>
>>>> Thank you very much for the interesting tool, very much essential for
>>>> the obvious reasons that you have explained.
>>>>
>>>> This is just an idea, how about integrating this tool with
>>> MailScanner
>>>> for quarantine management.
>>>>
>>>> Thanks,
>>>> Supun.
>>>>
>>>>
>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>> The Scenario:
>>>>>
>>>>> You have installed MailScanner at your site to protect all your
>>> users
>>>>> and clients from all sorts of dangerous email content.
>>>>> Okay so far.
>>>>> But your users need to be able to send large files, executables, and
>>>>> all sorts of other things that they used to try to send by email.
>>>>> Some of these are restricted by MailScanner, others (such as large
>>>>> files) are restricted by your email system's capacity.
>>>>> And your users also need to be able to receive files from other
>>> sites
>>>>> around the world, without having any username/password access to
>>> your
>>>>> systems.
>>>>> And it needs to be secure.
>>>>>
>>>>> So your users need to be able to send and receive all sort of files
>>>>> and email is not the right tool for the job.
>>>>>
>>>>> Say "Hello!" to Dropoff.
>>>>>
>>>>> This is a simple web-based system where your users can send and
>>>>> receive files to and from anyone in the world, and yet it can't be
>>>>> used for public warez or porn sharing.
>>>>>
>>>>> Anyone in the world can send files to you (but not to the rest of
>>> the
>>>>> world), and your users can send files to anyone in the world. All
>>>>> uploaded files are scanned for viruses, so it's safe. Authentication
>>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>>> static file. It's small, light-weight, simple and safe. It's all
>>>>> written in PHP so you can read the source and add or change features
>>>>> as you desire.
>>>>>
>>>>> Take a look at
>>>>>              www.dropoff.me
>>>>> where you can read about it and download it.
>>>>>
>>>>> It's entirely free and open source, of course.
>>>>>
>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>> "Dropbox" package originally written at the University of Delaware.
>>> I
>>>>> have added new features and fixed some bugs. I intend to continue
>>>>> developing it as needed.
>>>>>
>>>>> Let me know what you think!
>>>>>
>>>>> Jules
>>>>>
>>> Jules
>>>
>>> -- 
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> Follow me at twitter.com/JulesFM
>>>
>>>
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>
> Jules
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Mon Jun 14 20:24:33 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jun 14 20:24:54 2010
Subject: Bug
In-Reply-To: <4C140D73.6010008@fsl.com>
References: <4C140D73.6010008@fsl.com>
Message-ID: <hv5vlh$7ju$1@dough.gmane.org>

on 6-12-2010 3:42 PM Steve Freegard spake the following:
> With:
> 
> Quarantine Whole Messages As Queue Files = No
> Quarantine Whole Message = Yes
> 
> and a message which causes MailScanner to crash and the Processing
> Attempts database causes the message to be quarantined - then the
> resulting 'message' file in the quarantine directory is missing the
> headers (e.g. corrupt) and cannot therefore be released.
> 
> This is on MailScanner 4.77.10; can someone verify that this is still a
> problem on the current version?  I don't see anything in the change log
> that would indicate this was reported or fixed in a newer version.
> 
> Cheers,
> Steve.
I haven't see this, but I'm using sendmail, if that makes a difference.

From brent.addis at nsp.co.nz  Mon Jun 14 20:33:28 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Mon Jun 14 20:33:45 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
Message-ID: <6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>

Would you like a xenserver version? I have an aversion to vmware. I
come up with spots at the mere thought of it.

On 14/06/2010, at 8:53 PM, "Julian Field"
<MailScanner@ecs.soton.ac.uk> wrote:

> I have just uploaded the VMWare disk image of a fully functional
> Dropoff
> system. There are some docs on the Dropoff.me website that will tell
> you
> how to configure it for your site once you've built a VM around it.
>
> Jules.
>
> On 13/06/2010 20:45, Jules Field wrote:
>> I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of
>> it, which will save you all a lot of work configuring it and fixing
>> bugs in PHP that prevent large uploads.
>>
>> The documentation text is already written, I've just got to get the
>> VMDK off my vSphere.
>>
>> Jules.
>>
>> On 13/06/2010 20:36, Jason Ede wrote:
>>> It looks fantastic Jules, will definitely download it and have a
>>> play.
>>>
>>> Jason
>>>
>>>>

Brent Addis
Systems Integration Specialist
Mob: +64 21 971 695

Network Service Providers Ltd.
Unit 32a, 88 Cook St, Auckland 1010
PO Box 90208, Victoria West, Auckland

Email: mailto:brent.addis@nsp.co.nz | Customer Service:
cs@nsp.co.nz | Web: http://www.nsp.co.nz
Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239

Disclaimer:
This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Network Service Providers is a limited liability company registered in New Zealand.

-----Original Message-----
>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>> [mailto:mailscanner-
>>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>>> Sent: 13 June 2010 19:30
>>>> To: MailScanner discussion
>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>
>>>> Thanks for the comment.
>>>>
>>>> As for integrating it, that counts as 'user front-end interface' in
>>>> MailScanner, which is an area I have never got involved in. So it
>>>> will
>>>> remain a separate project for the time being, albeit one which
>>>> MailScanner admins might like to install for their users' benefit.
>>>>
>>>> Jules.
>>>>
>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>> Hi jules,
>>>>>
>>>>> Thank you very much for the interesting tool, very much
>>>>> essential for
>>>>> the obvious reasons that you have explained.
>>>>>
>>>>> This is just an idea, how about integrating this tool with
>>>> MailScanner
>>>>> for quarantine management.
>>>>>
>>>>> Thanks,
>>>>> Supun.
>>>>>
>>>>>
>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>> The Scenario:
>>>>>>
>>>>>> You have installed MailScanner at your site to protect all your
>>>> users
>>>>>> and clients from all sorts of dangerous email content.
>>>>>> Okay so far.
>>>>>> But your users need to be able to send large files,
>>>>>> executables, and
>>>>>> all sorts of other things that they used to try to send by email.
>>>>>> Some of these are restricted by MailScanner, others (such as
>>>>>> large
>>>>>> files) are restricted by your email system's capacity.
>>>>>> And your users also need to be able to receive files from other
>>>> sites
>>>>>> around the world, without having any username/password access to
>>>> your
>>>>>> systems.
>>>>>> And it needs to be secure.
>>>>>>
>>>>>> So your users need to be able to send and receive all sort of
>>>>>> files
>>>>>> and email is not the right tool for the job.
>>>>>>
>>>>>> Say "Hello!" to Dropoff.
>>>>>>
>>>>>> This is a simple web-based system where your users can send and
>>>>>> receive files to and from anyone in the world, and yet it can't
>>>>>> be
>>>>>> used for public warez or porn sharing.
>>>>>>
>>>>>> Anyone in the world can send files to you (but not to the rest of
>>>> the
>>>>>> world), and your users can send files to anyone in the world. All
>>>>>> uploaded files are scanned for viruses, so it's safe.
>>>>>> Authentication
>>>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>>>> static file. It's small, light-weight, simple and safe. It's all
>>>>>> written in PHP so you can read the source and add or change
>>>>>> features
>>>>>> as you desire.
>>>>>>
>>>>>> Take a look at
>>>>>>             www.dropoff.me
>>>>>> where you can read about it and download it.
>>>>>>
>>>>>> It's entirely free and open source, of course.
>>>>>>
>>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>>> "Dropbox" package originally written at the University of
>>>>>> Delaware.
>>>> I
>>>>>> have added new features and fixed some bugs. I intend to continue
>>>>>> developing it as needed.
>>>>>>
>>>>>> Let me know what you think!
>>>>>>
>>>>>> Jules
>>>>>>
>>>> Jules
>>>>
>>>> --
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new requirements from your
>>>> boss?
>>>> Contact me!
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>> Follow me at twitter.com/JulesFM
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>
>> Jules
>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Mon Jun 14 21:40:08 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Mon Jun 14 21:40:20 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>	<4C153568.3080504@ecs.soton.ac.uk>	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
	<4C1693A8.9030501@ecs.soton.ac.uk>
Message-ID: <EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>

Not right now, thanks. I use VMWare as if you want to run a decent sized 
installation (we currently have about 1 rack full of it) there doesn't 
appear to be much competition.

I've got a whole load of other things to do right now.

Thanks for the offer anyway, try me again in a few months.

Cheers,
Jules.

On 14/06/2010 20:33, Brent Addis wrote:
> Would you like a xenserver version? I have an aversion to vmware. I
> come up with spots at the mere thought of it.
>
> On 14/06/2010, at 8:53 PM, "Julian Field"
> <MailScanner@ecs.soton.ac.uk>  wrote:
>
>    
>> I have just uploaded the VMWare disk image of a fully functional
>> Dropoff
>> system. There are some docs on the Dropoff.me website that will tell
>> you
>> how to configure it for your site once you've built a VM around it.
>>
>> Jules.
>>
>> On 13/06/2010 20:45, Jules Field wrote:
>>      
>>> I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of
>>> it, which will save you all a lot of work configuring it and fixing
>>> bugs in PHP that prevent large uploads.
>>>
>>> The documentation text is already written, I've just got to get the
>>> VMDK off my vSphere.
>>>
>>> Jules.
>>>
>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>        
>>>> It looks fantastic Jules, will definitely download it and have a
>>>> play.
>>>>
>>>> Jason
>>>>
>>>>          
>>>>>            
> Brent Addis
> Systems Integration Specialist
> Mob: +64 21 971 695
>
> Network Service Providers Ltd.
> Unit 32a, 88 Cook St, Auckland 1010
> PO Box 90208, Victoria West, Auckland
>
> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
> cs@nsp.co.nz | Web: http://www.nsp.co.nz
> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>
> Disclaimer:
> This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
> Network Service Providers is a limited liability company registered in New Zealand.
>
> -----Original Message-----
>    
>>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>> [mailto:mailscanner-
>>>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>>>> Sent: 13 June 2010 19:30
>>>>> To: MailScanner discussion
>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>
>>>>> Thanks for the comment.
>>>>>
>>>>> As for integrating it, that counts as 'user front-end interface' in
>>>>> MailScanner, which is an area I have never got involved in. So it
>>>>> will
>>>>> remain a separate project for the time being, albeit one which
>>>>> MailScanner admins might like to install for their users' benefit.
>>>>>
>>>>> Jules.
>>>>>
>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>            
>>>>>> Hi jules,
>>>>>>
>>>>>> Thank you very much for the interesting tool, very much
>>>>>> essential for
>>>>>> the obvious reasons that you have explained.
>>>>>>
>>>>>> This is just an idea, how about integrating this tool with
>>>>>>              
>>>>> MailScanner
>>>>>            
>>>>>> for quarantine management.
>>>>>>
>>>>>> Thanks,
>>>>>> Supun.
>>>>>>
>>>>>>
>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>              
>>>>>>> The Scenario:
>>>>>>>
>>>>>>> You have installed MailScanner at your site to protect all your
>>>>>>>                
>>>>> users
>>>>>            
>>>>>>> and clients from all sorts of dangerous email content.
>>>>>>> Okay so far.
>>>>>>> But your users need to be able to send large files,
>>>>>>> executables, and
>>>>>>> all sorts of other things that they used to try to send by email.
>>>>>>> Some of these are restricted by MailScanner, others (such as
>>>>>>> large
>>>>>>> files) are restricted by your email system's capacity.
>>>>>>> And your users also need to be able to receive files from other
>>>>>>>                
>>>>> sites
>>>>>            
>>>>>>> around the world, without having any username/password access to
>>>>>>>                
>>>>> your
>>>>>            
>>>>>>> systems.
>>>>>>> And it needs to be secure.
>>>>>>>
>>>>>>> So your users need to be able to send and receive all sort of
>>>>>>> files
>>>>>>> and email is not the right tool for the job.
>>>>>>>
>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>
>>>>>>> This is a simple web-based system where your users can send and
>>>>>>> receive files to and from anyone in the world, and yet it can't
>>>>>>> be
>>>>>>> used for public warez or porn sharing.
>>>>>>>
>>>>>>> Anyone in the world can send files to you (but not to the rest of
>>>>>>>                
>>>>> the
>>>>>            
>>>>>>> world), and your users can send files to anyone in the world. All
>>>>>>> uploaded files are scanned for viruses, so it's safe.
>>>>>>> Authentication
>>>>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>>>>> static file. It's small, light-weight, simple and safe. It's all
>>>>>>> written in PHP so you can read the source and add or change
>>>>>>> features
>>>>>>> as you desire.
>>>>>>>
>>>>>>> Take a look at
>>>>>>>              www.dropoff.me
>>>>>>> where you can read about it and download it.
>>>>>>>
>>>>>>> It's entirely free and open source, of course.
>>>>>>>
>>>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>>>> "Dropbox" package originally written at the University of
>>>>>>> Delaware.
>>>>>>>                
>>>>> I
>>>>>            
>>>>>>> have added new features and fixed some bugs. I intend to continue
>>>>>>> developing it as needed.
>>>>>>>
>>>>>>> Let me know what you think!
>>>>>>>
>>>>>>> Jules
>>>>>>>
>>>>>>>                
>>>>> Jules
>>>>>
>>>>> --
>>>>> Julian Field MEng CITP CEng
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your systems?
>>>>> Contact me!
>>>>> Need help getting you started solving new requirements from your
>>>>> boss?
>>>>> Contact me!
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>> Follow me at twitter.com/JulesFM
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>            
>>> Jules
>>>
>>>        
>> Jules
>>
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From bbecken at aafp.org  Mon Jun 14 21:53:43 2010
From: bbecken at aafp.org (Brad Beckenhauer)
Date: Mon Jun 14 21:54:06 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
Message-ID: <4C165088020000680005262C@smtp.aafp.org>

I downloaded the dropoff vm.
 
Since the download site did not list if the vm was 32-bit or 64-bit, I used 64-bit and it started ok.  It also may become more important later to also list what version of Ubanto was used to create the vm or include the configuration file in the zip file.
 
After logging in I tried running the "sudo su -" command, entered the password and kept getting back "dropoff is not in the sudoers file....".
 
I'm calling it a day here.  Looking forward to giving dropoff a trial run.
 
thank you
brad
 
 

>>> On 6/12/2010 at 10:11 AM, in message <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>, Jules Field <MailScanner@ecs.soton.ac.uk> wrote:

The Scenario:

You have installed MailScanner at your site to protect all your users 
and clients from all sorts of dangerous email content.
Okay so far.
But your users need to be able to send large files, executables, and all 
sorts of other things that they used to try to send by email. Some of 
these are restricted by MailScanner, others (such as large files) are 
restricted by your email system's capacity.
And your users also need to be able to receive files from other sites 
around the world, without having any username/password access to your 
systems.
And it needs to be secure.

So your users need to be able to send and receive all sort of files and 
email is not the right tool for the job.

Say "Hello!" to Dropoff.

This is a simple web-based system where your users can send and receive 
files to and from anyone in the world, and yet it can't be used for 
public warez or porn sharing.

Anyone in the world can send files to you (but not to the rest of the 
world), and your users can send files to anyone in the world. All 
uploaded files are scanned for viruses, so it's safe. Authentication of 
your users can be done via Active Directory, LDAP, IMAP or a static 
file. It's small, light-weight, simple and safe. It's all written in PHP 
so you can read the source and add or change features as you desire.

Take a look at
             www.dropoff.me
where you can read about it and download it.

It's entirely free and open source, of course.

Note: I did not write all of this. Dropoff is my fork of the "Dropbox" 
package originally written at the University of Delaware. I have added 
new features and fixed some bugs. I intend to continue developing it as 
needed.

Let me know what you think!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100614/0a9a0162/attachment.html
From MailScanner at ecs.soton.ac.uk  Mon Jun 14 22:17:07 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Mon Jun 14 22:17:22 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <4C165088020000680005262C@smtp.aafp.org>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C165088020000680005262C@smtp.aafp.org>
	<4C169C53.2060807@ecs.soton.ac.uk>
Message-ID: <EMEW3|124dd50848319fc08aed475ff20ac390m5DMHA0bMailScanner|ecs.soton.ac.uk|4C169C53.2060807@ecs.soton.ac.uk>



On 14/06/2010 21:53, Brad Beckenhauer wrote:
> I downloaded the dropoff vm.
> Since the download site did not list if the vm was 32-bit or 64-bit, I 
> used 64-bit and it started ok.  It also may become more important 
> later to also list what version of Ubanto was used to create the vm or 
> include the configuration file in the zip file.
> After logging in I tried running the "sudo su -" command, entered the 
> password and kept getting back "dropoff is not in the sudoers file....".
Balls. Could swear I tested that. Clearly not. It's a 64-bit VM, you're 
quite right. What configuration file were you thinking of to include in 
the zip file?

You should be able to boot it with "init=/bin/sh" on the end of the 
kernel command line and break in that way, then force a new root 
password with "passwd root". At which point you should be able to reboot 
and then log in as root anyway.
> I'm calling it a day here.  Looking forward to giving dropoff a trial run.
I'm probably going to rename it ZendTo. (The domain names are available)

Jules.

> thank you
> brad
>
> >>> On 6/12/2010 at 10:11 AM, in message 
> <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>, 
> Jules Field <MailScanner@ecs.soton.ac.uk> wrote:
> The Scenario:
>
> You have installed MailScanner at your site to protect all your users
> and clients from all sorts of dangerous email content.
> Okay so far.
> But your users need to be able to send large files, executables, and all
> sorts of other things that they used to try to send by email. Some of
> these are restricted by MailScanner, others (such as large files) are
> restricted by your email system's capacity.
> And your users also need to be able to receive files from other sites
> around the world, without having any username/password access to your
> systems.
> And it needs to be secure.
>
> So your users need to be able to send and receive all sort of files and
> email is not the right tool for the job.
>
> Say "Hello!" to Dropoff.
>
> This is a simple web-based system where your users can send and receive
> files to and from anyone in the world, and yet it can't be used for
> public warez or porn sharing.
>
> Anyone in the world can send files to you (but not to the rest of the
> world), and your users can send files to anyone in the world. All
> uploaded files are scanned for viruses, so it's safe. Authentication of
> your users can be done via Active Directory, LDAP, IMAP or a static
> file. It's small, light-weight, simple and safe. It's all written in PHP
> so you can read the source and add or change features as you desire.
>
> Take a look at
>              www.dropoff.me
> where you can read about it and download it.
>
> It's entirely free and open source, of course.
>
> Note: I did not write all of this. Dropoff is my fork of the "Dropbox"
> package originally written at the University of Delaware. I have added
> new features and fixed some bugs. I intend to continue developing it as
> needed.
>
> Let me know what you think!
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Mon Jun 14 22:49:24 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Mon Jun 14 22:49:37 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|124dd50848319fc08aed475ff20ac390m5DMHA0bMailScanner|ecs.soton.ac.uk|4C169C53.2060807@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C165088020000680005262C@smtp.aafp.org>	<4C169C53.2060807@ecs.soton.ac.uk>
	<EMEW3|124dd50848319fc08aed475ff20ac390m5DMHA0bMailScanner|ecs.soton.ac.uk|4C169C53.2060807@ecs.soton.ac.uk>
	<4C16A3E4.5020809@ecs.soton.ac.uk>
Message-ID: <EMEW3|702d6037128c0e39106d8cab3021f73bm5DMnR0bMailScanner|ecs.soton.ac.uk|4C16A3E4.5020809@ecs.soton.ac.uk>



On 14/06/2010 22:17, Jules Field wrote:
>
>
> On 14/06/2010 21:53, Brad Beckenhauer wrote:
>> I downloaded the dropoff vm.
>> Since the download site did not list if the vm was 32-bit or 64-bit, 
>> I used 64-bit and it started ok.  It also may become more important 
>> later to also list what version of Ubanto was used to create the vm 
>> or include the configuration file in the zip file.
>> After logging in I tried running the "sudo su -" command, entered the 
>> password and kept getting back "dropoff is not in the sudoers file....".
> Balls. Could swear I tested that. Clearly not. It's a 64-bit VM, 
> you're quite right. What configuration file were you thinking of to 
> include in the zip file?
>
> You should be able to boot it with "init=/bin/sh" on the end of the 
> kernel command line and break in that way, then force a new root 
> password with "passwd root". At which point you should be able to 
> reboot and then log in as root anyway.
I've just done it myself, and I'll fix the VMDK image first thing 
tomorrow morning (after all the other things I've promised to people 
first thing tomorrow morning!). It's getting the image off my vSphere 
right now.

>> I'm calling it a day here.  Looking forward to giving dropoff a trial 
>> run.
> I'm probably going to rename it ZendTo. (The domain names are available)
>
> Jules.
>
>> thank you
>> brad
>>
>> >>> On 6/12/2010 at 10:11 AM, in message 
>> <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>, 
>> Jules Field <MailScanner@ecs.soton.ac.uk> wrote:
>> The Scenario:
>>
>> You have installed MailScanner at your site to protect all your users
>> and clients from all sorts of dangerous email content.
>> Okay so far.
>> But your users need to be able to send large files, executables, and all
>> sorts of other things that they used to try to send by email. Some of
>> these are restricted by MailScanner, others (such as large files) are
>> restricted by your email system's capacity.
>> And your users also need to be able to receive files from other sites
>> around the world, without having any username/password access to your
>> systems.
>> And it needs to be secure.
>>
>> So your users need to be able to send and receive all sort of files and
>> email is not the right tool for the job.
>>
>> Say "Hello!" to Dropoff.
>>
>> This is a simple web-based system where your users can send and receive
>> files to and from anyone in the world, and yet it can't be used for
>> public warez or porn sharing.
>>
>> Anyone in the world can send files to you (but not to the rest of the
>> world), and your users can send files to anyone in the world. All
>> uploaded files are scanned for viruses, so it's safe. Authentication of
>> your users can be done via Active Directory, LDAP, IMAP or a static
>> file. It's small, light-weight, simple and safe. It's all written in PHP
>> so you can read the source and add or change features as you desire.
>>
>> Take a look at
>>              www.dropoff.me
>> where you can read about it and download it.
>>
>> It's entirely free and open source, of course.
>>
>> Note: I did not write all of this. Dropoff is my fork of the "Dropbox"
>> package originally written at the University of Delaware. I have added
>> new features and fixed some bugs. I intend to continue developing it as
>> needed.
>>
>> Let me know what you think!
>>
>> Jules
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> Jules
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dragonslayr at gmail.com  Tue Jun 15 06:19:00 2010
From: dragonslayr at gmail.com (Dragon Slayr)
Date: Tue Jun 15 06:19:12 2010
Subject: spamassassin with mailscanner
Message-ID: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>

I've just built a box with Ubuntu Lucid. Everything now now going great in
testing.
However, I attempted to import my old spamassassin database as root with
this command.
sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
sa_bayes_backup.txt

That gave me a nice database in the /root directory. :(

So, I thought I'd better ask. Should I run this as the postfix user like
this?
sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf --restore
sa_bayes_backup.txt

Also, now when I do sudo -u postfix spamassassin --lint -D, I get permission
errors attempting to read root..   <Sigh...>

As you can see, I'm a bit confused. For a last question, can change things
so spamassassin just keeps a global database and forget all this user
stuff?  It's a incoming mail server only. There are no local users.

Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/ddcb31d8/attachment.html
From seven at seven.dorksville.net  Tue Jun 15 06:36:48 2010
From: seven at seven.dorksville.net (Anthony Giggins)
Date: Tue Jun 15 06:37:11 2010
Subject: OT: log spam
In-Reply-To: <4C11EDFF.3070301@marcsnet.com>
References: <4C11DCC1.5080300@marcsnet.com> <4C11E295.40205@tradoc.fr>
	<4C11E696.2060807@marcsnet.com> <4C11EB0E.1060607@marcsnet.com>
	<4C11EDFF.3070301@marcsnet.com>
Message-ID: <11107.125.168.254.15.1276580208.squirrel@seven.dorksville.net>

> should have debugged.  action = iptables[name=spam, port=smtp,
> protocol=tcp]
>
> Marc Lucke wrote:
>> for anyone interested who uses fail2ban:
>>
>> # cat filter.d/spam.conf
>> failregex = Message .* from <HOST> .* is spam
>> ignoreregex =
>> # tail -n 8 jail.conf
>> [spam]
>> enabled = true
>> filter = spam
>> maxretry = 1
>> bantime  = 3600
>> action = iptables-multiport[name=spam port="smtp", protocol=tcp]
>>           sendmail-whois[name=spam, dest=root, sender=root]
>> logpath = /var/log/maillog
>>
>> works a treat :)  Thanks John!  I was getting too complicated.

Has anyone got a known working fail2ban config for dovecot Auth failures?

/etc/fail2ban/filter.d/dovecot.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = dovecot
failregex = dovecot.*authentication failure.*rhost\=<HOST>
ignoreregex =

It seems to pass fail2ban-regex

ie. /usr/bin/fail2ban-regex /var/log/secure.1
/etc/fail2ban/filter.d/dovecot.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/dovecot.conf
Use log file   : /var/log/secure.1


Results
=======

Failregex
|- Regular expressions:
|  [1] dovecot.*authentication failure.*rhost\=<HOST>
|
`- Number of matches:
   [1] 32 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
    66.207.197.12 (Mon Jun 07 21:31:33 2010)
    66.207.197.12 (Mon Jun 07 21:31:33 2010)
    66.207.197.12 (Mon Jun 07 21:31:33 2010)
    66.207.197.12 (Mon Jun 07 21:31:33 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    66.207.197.12 (Mon Jun 07 21:31:34 2010)
    41.196.251.149 (Tue Jun 08 12:11:43 2010)
    41.196.251.149 (Tue Jun 08 12:11:43 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:44 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    41.196.251.149 (Tue Jun 08 12:11:45 2010)
    60.8.11.54 (Tue Jun 08 17:23:06 2010)
    60.8.11.54 (Tue Jun 08 17:23:07 2010)
    60.8.11.54 (Tue Jun 08 17:23:08 2010)

Date template hits:
132 hit(s): Month Day Hour:Minute:Second
0 hit(s): Weekday Month Day Hour:Minute:Second Year
0 hit(s): Weekday Month Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-Month-Year Hour:Minute:Second[.Millisecond]
0 hit(s): TAI64N
0 hit(s): Epoch

Success, the total number of match is 32

However, look at the above section 'Running tests' which could contain
important
information.



but I've never seen it block anything :(

Cheers

Anthony


From lhaig at haigmail.com  Tue Jun 15 08:42:06 2010
From: lhaig at haigmail.com (Lance Haig)
Date: Tue Jun 15 08:42:26 2010
Subject: new SQL config
Message-ID: <4C172ECE.1020606@haigmail.com>

I want to test the new sql functionality of the conf file.

Has anyone tried this and what do I need to do to make it work?

I gather that a db is needed and I can't find an sql file that helps 
setup the db does something like that exist?

Thanks

Lance

--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com

From maxsec at gmail.com  Tue Jun 15 09:10:50 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue Jun 15 09:10:59 2010
Subject: spamassassin with mailscanner
In-Reply-To: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
References: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
Message-ID: <AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>

On 15 June 2010 06:19, Dragon Slayr <dragonslayr@gmail.com> wrote:

> I've just built a box with Ubuntu Lucid. Everything now now going great in
> testing.
> However, I attempted to import my old spamassassin database as root with
> this command.
> sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
> sa_bayes_backup.txt
>
> That gave me a nice database in the /root directory. :(
>
> So, I thought I'd better ask. Should I run this as the postfix user like
> this?
> sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf --restore
> sa_bayes_backup.txt
>
> Also, now when I do sudo -u postfix spamassassin --lint -D, I get
> permission errors attempting to read root..   <Sigh...>
>
> As you can see, I'm a bit confused. For a last question, can change things
> so spamassassin just keeps a global database and forget all this user
> stuff?  It's a incoming mail server only. There are no local users.
>
> Thanks in advance!
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> Hi

you need to make sure that the bayes files are pointing at the correct place
in the mailscanner.conf for the user you are running mailscanner as, and
also of course make sure the permissions on the bayes dir/files are good for
the 'run as' user.


-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/0f8acce9/attachment.html
From MailScanner at ecs.soton.ac.uk  Tue Jun 15 10:03:03 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jun 15 10:03:32 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|702d6037128c0e39106d8cab3021f73bm5DMnR0bMailScanner|ecs.soton.ac.uk|4C16A3E4.5020809@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C165088020000680005262C@smtp.aafp.org>	<4C169C53.2060807@ecs.soton.ac.uk>	<EMEW3|124dd50848319fc08aed475ff20ac390m5DMHA0bMailScanner|ecs.soton.ac.uk|4C169C53.2060807@ecs.soton.ac.uk>	<4C16A3E4.5020809@ecs.soton.ac.uk>
	<EMEW3|702d6037128c0e39106d8cab3021f73bm5DMnR0bMailScanner|ecs.soton.ac.uk|4C16A3E4.5020809@ecs.soton.ac.uk>
	<4C1741C7.1070800@ecs.soton.ac.uk>
Message-ID: <EMEW3|4cbf7e5e720fea80b2d77c1a25137975m5EA390bMailScanner|ecs.soton.ac.uk|4C1741C7.1070800@ecs.soton.ac.uk>



On 14/06/2010 22:49, Jules Field wrote:
>
>
> On 14/06/2010 22:17, Jules Field wrote:
>>
>>
>> On 14/06/2010 21:53, Brad Beckenhauer wrote:
>>> I downloaded the dropoff vm.
>>> Since the download site did not list if the vm was 32-bit or 64-bit, 
>>> I used 64-bit and it started ok.  It also may become more important 
>>> later to also list what version of Ubanto was used to create the vm 
>>> or include the configuration file in the zip file.
>>> After logging in I tried running the "sudo su -" command, entered 
>>> the password and kept getting back "dropoff is not in the sudoers 
>>> file....".
>> Balls. Could swear I tested that. Clearly not. It's a 64-bit VM, 
>> you're quite right. What configuration file were you thinking of to 
>> include in the zip file?
>>
>> You should be able to boot it with "init=/bin/sh" on the end of the 
>> kernel command line and break in that way, then force a new root 
>> password with "passwd root". At which point you should be able to 
>> reboot and then log in as root anyway.
> I've just done it myself, and I'll fix the VMDK image first thing 
> tomorrow morning (after all the other things I've promised to people 
> first thing tomorrow morning!). It's getting the image off my vSphere 
> right now.
I've uploaded 4.63-2, so you should be able to try it again now.
>
>>> I'm calling it a day here.  Looking forward to giving dropoff a 
>>> trial run.
>> I'm probably going to rename it ZendTo. (The domain names are available)
>>
>> Jules.
>>
>>> thank you
>>> brad
>>>
>>> >>> On 6/12/2010 at 10:11 AM, in message 
>>> <EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>, 
>>> Jules Field <MailScanner@ecs.soton.ac.uk> wrote:
>>> The Scenario:
>>>
>>> You have installed MailScanner at your site to protect all your users
>>> and clients from all sorts of dangerous email content.
>>> Okay so far.
>>> But your users need to be able to send large files, executables, and 
>>> all
>>> sorts of other things that they used to try to send by email. Some of
>>> these are restricted by MailScanner, others (such as large files) are
>>> restricted by your email system's capacity.
>>> And your users also need to be able to receive files from other sites
>>> around the world, without having any username/password access to your
>>> systems.
>>> And it needs to be secure.
>>>
>>> So your users need to be able to send and receive all sort of files and
>>> email is not the right tool for the job.
>>>
>>> Say "Hello!" to Dropoff.
>>>
>>> This is a simple web-based system where your users can send and receive
>>> files to and from anyone in the world, and yet it can't be used for
>>> public warez or porn sharing.
>>>
>>> Anyone in the world can send files to you (but not to the rest of the
>>> world), and your users can send files to anyone in the world. All
>>> uploaded files are scanned for viruses, so it's safe. Authentication of
>>> your users can be done via Active Directory, LDAP, IMAP or a static
>>> file. It's small, light-weight, simple and safe. It's all written in 
>>> PHP
>>> so you can read the source and add or change features as you desire.
>>>
>>> Take a look at
>>>              www.dropoff.me
>>> where you can read about it and download it.
>>>
>>> It's entirely free and open source, of course.
>>>
>>> Note: I did not write all of this. Dropoff is my fork of the "Dropbox"
>>> package originally written at the University of Delaware. I have added
>>> new features and fixed some bugs. I intend to continue developing it as
>>> needed.
>>>
>>> Let me know what you think!
>>>
>>> Jules
>>>
>>> -- 
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>
>>>
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> Jules
>>
>
> Jules
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From davidj at synaq.com  Tue Jun 15 11:56:53 2010
From: davidj at synaq.com (David Jacobson)
Date: Tue Jun 15 11:57:14 2010
Subject: SQLBlackWhiteList.pm + IP Block whitelist
Message-ID: <a4b0164c-786c-11df-be58-0050569@asp14.rocketseed.com>



Hi There, 

MailScanner 4.7.9-11.1 

We use SQLBlackWhiteList.pm for whitelisting/blacklisting. 

Is it possible to whitelist IP blocks? 

>From what we have noticed you can only whitelist single IP's. 

Thanks, 


<table border=0 cellspacing=0 cellpadding=0>

<tr>
<td  bgcolor="#000000" width="2px"  align="left" valign="top" nowrap>
  
</td>
<td  bgcolor="#FFFFFF" width="2px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#f08a35" width="2px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#FFFFFF" width="5px"  align="left" valign="top" nowrap>
 
</td>
<td  bgcolor="#FFFFFF"  align="left" valign="top" nowrap>
  <table cellspacing="1" cellpadding="1" border="0" width="413">   <tr>   <td colspan="2"><strong><font face="tahoma,arial,helvetica,sans-serif" size="2">David Jacobson</font></strong></td>  </tr>    <tr>   <td colspan="2"><font face="tahoma,arial,helvetica,sans-serif" size="2">Technical Director</font></td>  </tr>    <tr>   <td width="36"><font face="verdana,geneva" size="1">Tel:</font></td>    <td width="370"><font face="verdana,geneva" size="1">011 262 3632</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Fax:</font></td>    <td><font face="verdana,geneva" size="1">086 637 8868</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Cell:</font></td>    <td><font face="verdana,geneva" size="1">083 235 0760</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Email:</font></td>    <td><font face="verdana,geneva" size="1">davidj@synaq.com</font></td>  </tr>    <tr>   <td><font face="verdana,geneva" size="1">Web:</font></td>    <td><font face="verdana,geneva" size="1"><a style="text-decoration: none;" href="http://www.synaq.com"><font color="#000000">www.synaq.com</font></a></font></td>  </tr>    <tr>   <td colspan="2"><font face="verdana,geneva" size="1"><br />   Sandhaven Office Park, Pongola Crescent<br />   Eastgate Ext 17 Sandton</font></td>  </tr>  </table>   
</td></tr>
</table>

<table border=0 cellspacing=0 cellpadding=0><tr>

<td valign="top" align="left">
<table border=0 align="left" cellspacing=0 cellpadding=0>
<tr><td valign="top" align="left">&nbsp;</td></tr>
<tr><td valign="top" align="left">

</td></tr>
<tr><td valign="top" align="left">&nbsp;</td></tr>
<tr><td valign="top" align="left">

</td></tr>
</table>
</td>

</tr></table>

<table border=0 cellspacing=0 cellpadding=0>
<tr>

</tr>
</table>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/9477663c/attachment.html
From dyioulos at firstbhph.com  Tue Jun 15 13:00:45 2010
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Tue Jun 15 13:01:34 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
Message-ID: <201006150800.45872.dyioulos@firstbhph.com>

Jules,

Thanks so much for this handy new tool!

Ours is a 32-bit shop.  I know you're frightfully 
busy, but Is there any chance you can create a 
32-bit virtual machine version?

Thanks again.

Dimitri


On Monday 14 June 2010 4:41:09 am Julian Field 
wrote:
> I have just uploaded the VMWare disk image of a
> fully functional Dropoff system. There are some
> docs on the Dropoff.me website that will tell
> you how to configure it for your site once
> you've built a VM around it.
>
> Jules.
>
> On 13/06/2010 20:45, Jules Field wrote:
> > I'm just about to put up a VMDK (i.e. VMWare
> > virtual disk image) of it, which will save
> > you all a lot of work configuring it and
> > fixing bugs in PHP that prevent large
> > uploads.
> >
> > The documentation text is already written,
> > I've just got to get the VMDK off my vSphere.
> >
> > Jules.
> >
> > On 13/06/2010 20:36, Jason Ede wrote:
> >> It looks fantastic Jules, will definitely
> >> download it and have a play.
> >>
> >> Jason
> >>
> >>> -----Original Message-----
> >>> From:
> >>> mailscanner-bounces@lists.mailscanner.info
> >>> [mailto:mailscanner-
> >>> bounces@lists.mailscanner.info] On Behalf
> >>> Of Jules Field Sent: 13 June 2010 19:30
> >>> To: MailScanner discussion
> >>> Subject: Re: MailScanner ANNOUNCE: Dropoff
> >>>
> >>> Thanks for the comment.
> >>>
> >>> As for integrating it, that counts as 'user
> >>> front-end interface' in MailScanner, which
> >>> is an area I have never got involved in. So
> >>> it will remain a separate project for the
> >>> time being, albeit one which MailScanner
> >>> admins might like to install for their
> >>> users' benefit.
> >>>
> >>> Jules.
> >>>
> >>> On 13/06/2010 05:11, Supun Rathnayake wrote:
> >>>> Hi jules,
> >>>>
> >>>> Thank you very much for the interesting
> >>>> tool, very much essential for the obvious
> >>>> reasons that you have explained.
> >>>>
> >>>> This is just an idea, how about
> >>>> integrating this tool with
> >>>
> >>> MailScanner
> >>>
> >>>> for quarantine management.
> >>>>
> >>>> Thanks,
> >>>> Supun.
> >>>>
> >>>> On 06/12/2010 08:41 PM, Jules Field wrote:
> >>>>> The Scenario:
> >>>>>
> >>>>> You have installed MailScanner at your
> >>>>> site to protect all your
> >>>
> >>> users
> >>>
> >>>>> and clients from all sorts of dangerous
> >>>>> email content. Okay so far.
> >>>>> But your users need to be able to send
> >>>>> large files, executables, and all sorts
> >>>>> of other things that they used to try to
> >>>>> send by email. Some of these are
> >>>>> restricted by MailScanner, others (such
> >>>>> as large files) are restricted by your
> >>>>> email system's capacity. And your users
> >>>>> also need to be able to receive files
> >>>>> from other
> >>>
> >>> sites
> >>>
> >>>>> around the world, without having any
> >>>>> username/password access to
> >>>
> >>> your
> >>>
> >>>>> systems.
> >>>>> And it needs to be secure.
> >>>>>
> >>>>> So your users need to be able to send and
> >>>>> receive all sort of files and email is
> >>>>> not the right tool for the job.
> >>>>>
> >>>>> Say "Hello!" to Dropoff.
> >>>>>
> >>>>> This is a simple web-based system where
> >>>>> your users can send and receive files to
> >>>>> and from anyone in the world, and yet it
> >>>>> can't be used for public warez or porn
> >>>>> sharing.
> >>>>>
> >>>>> Anyone in the world can send files to you
> >>>>> (but not to the rest of
> >>>
> >>> the
> >>>
> >>>>> world), and your users can send files to
> >>>>> anyone in the world. All uploaded files
> >>>>> are scanned for viruses, so it's safe.
> >>>>> Authentication of your users can be done
> >>>>> via Active Directory, LDAP, IMAP or a
> >>>>> static file. It's small, light-weight,
> >>>>> simple and safe. It's all written in PHP
> >>>>> so you can read the source and add or
> >>>>> change features as you desire.
> >>>>>
> >>>>> Take a look at
> >>>>>              www.dropoff.me
> >>>>> where you can read about it and download
> >>>>> it.
> >>>>>
> >>>>> It's entirely free and open source, of
> >>>>> course.
> >>>>>
> >>>>> Note: I did not write all of this.
> >>>>> Dropoff is my fork of the "Dropbox"
> >>>>> package originally written at the
> >>>>> University of Delaware.
> >>>
> >>> I
> >>>
> >>>>> have added new features and fixed some
> >>>>> bugs. I intend to continue developing it
> >>>>> as needed.
> >>>>>
> >>>>> Let me know what you think!
> >>>>>
> >>>>> Jules
> >>>
> >>> Jules
> >>>
> >>> --
> >>> Julian Field MEng CITP CEng
> >>> www.MailScanner.info
> >>> Buy the MailScanner book at
> >>> www.MailScanner.info/store
> >>>
> >>> Need help customising MailScanner?
> >>> Contact me!
> >>> Need help fixing or optimising your
> >>> systems? Contact me!
> >>> Need help getting you started solving new
> >>> requirements from your boss? Contact me!
> >>>
> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
> >>> 7222 11F6 5947 1415 B654 Follow me at
> >>> twitter.com/JulesFM
> >>>
> >>>
> >>> --
> >>> This message has been scanned for viruses
> >>> and dangerous content by MailScanner, and
> >>> is believed to be clean.
> >>>
> >>> --
> >>> MailScanner mailing list
> >>> mailscanner@lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listi
> >>>nfo/mailscanner
> >>>
> >>> Before posting, read
> >>> http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the
> >>> book off the website!
> >
> > Jules
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at
> www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new
> requirements from your boss? Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
> 11F6 5947 1415 B654 Follow me at
> twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/
>mailscanner
>
> Before posting, read
> http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book
> off the website!



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jun 15 14:09:53 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jun 15 14:10:05 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <201006150800.45872.dyioulos@firstbhph.com>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<201006150800.45872.dyioulos@firstbhph.com>
	<4C177BA1.2080705@ecs.soton.ac.uk>
Message-ID: <EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>

I'm afraid a 32-bit version is not going to be very high on my priority 
list, when everyone else in the world is adopting 64-bit if they haven't 
already.

What's stopping you running the 64-bit version?

On 15/06/2010 13:00, Dimitri Yioulos wrote:
> Jules,
>
> Thanks so much for this handy new tool!
>
> Ours is a 32-bit shop.  I know you're frightfully
> busy, but Is there any chance you can create a
> 32-bit virtual machine version?
>
> Thanks again.
>
> Dimitri
>
>
> On Monday 14 June 2010 4:41:09 am Julian Field
> wrote:
>    
>> I have just uploaded the VMWare disk image of a
>> fully functional Dropoff system. There are some
>> docs on the Dropoff.me website that will tell
>> you how to configure it for your site once
>> you've built a VM around it.
>>
>> Jules.
>>
>> On 13/06/2010 20:45, Jules Field wrote:
>>      
>>> I'm just about to put up a VMDK (i.e. VMWare
>>> virtual disk image) of it, which will save
>>> you all a lot of work configuring it and
>>> fixing bugs in PHP that prevent large
>>> uploads.
>>>
>>> The documentation text is already written,
>>> I've just got to get the VMDK off my vSphere.
>>>
>>> Jules.
>>>
>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>        
>>>> It looks fantastic Jules, will definitely
>>>> download it and have a play.
>>>>
>>>> Jason
>>>>
>>>>          
>>>>> -----Original Message-----
>>>>> From:
>>>>> mailscanner-bounces@lists.mailscanner.info
>>>>> [mailto:mailscanner-
>>>>> bounces@lists.mailscanner.info] On Behalf
>>>>> Of Jules Field Sent: 13 June 2010 19:30
>>>>> To: MailScanner discussion
>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>
>>>>> Thanks for the comment.
>>>>>
>>>>> As for integrating it, that counts as 'user
>>>>> front-end interface' in MailScanner, which
>>>>> is an area I have never got involved in. So
>>>>> it will remain a separate project for the
>>>>> time being, albeit one which MailScanner
>>>>> admins might like to install for their
>>>>> users' benefit.
>>>>>
>>>>> Jules.
>>>>>
>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>            
>>>>>> Hi jules,
>>>>>>
>>>>>> Thank you very much for the interesting
>>>>>> tool, very much essential for the obvious
>>>>>> reasons that you have explained.
>>>>>>
>>>>>> This is just an idea, how about
>>>>>> integrating this tool with
>>>>>>              
>>>>> MailScanner
>>>>>
>>>>>            
>>>>>> for quarantine management.
>>>>>>
>>>>>> Thanks,
>>>>>> Supun.
>>>>>>
>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>              
>>>>>>> The Scenario:
>>>>>>>
>>>>>>> You have installed MailScanner at your
>>>>>>> site to protect all your
>>>>>>>                
>>>>> users
>>>>>
>>>>>            
>>>>>>> and clients from all sorts of dangerous
>>>>>>> email content. Okay so far.
>>>>>>> But your users need to be able to send
>>>>>>> large files, executables, and all sorts
>>>>>>> of other things that they used to try to
>>>>>>> send by email. Some of these are
>>>>>>> restricted by MailScanner, others (such
>>>>>>> as large files) are restricted by your
>>>>>>> email system's capacity. And your users
>>>>>>> also need to be able to receive files
>>>>>>> from other
>>>>>>>                
>>>>> sites
>>>>>
>>>>>            
>>>>>>> around the world, without having any
>>>>>>> username/password access to
>>>>>>>                
>>>>> your
>>>>>
>>>>>            
>>>>>>> systems.
>>>>>>> And it needs to be secure.
>>>>>>>
>>>>>>> So your users need to be able to send and
>>>>>>> receive all sort of files and email is
>>>>>>> not the right tool for the job.
>>>>>>>
>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>
>>>>>>> This is a simple web-based system where
>>>>>>> your users can send and receive files to
>>>>>>> and from anyone in the world, and yet it
>>>>>>> can't be used for public warez or porn
>>>>>>> sharing.
>>>>>>>
>>>>>>> Anyone in the world can send files to you
>>>>>>> (but not to the rest of
>>>>>>>                
>>>>> the
>>>>>
>>>>>            
>>>>>>> world), and your users can send files to
>>>>>>> anyone in the world. All uploaded files
>>>>>>> are scanned for viruses, so it's safe.
>>>>>>> Authentication of your users can be done
>>>>>>> via Active Directory, LDAP, IMAP or a
>>>>>>> static file. It's small, light-weight,
>>>>>>> simple and safe. It's all written in PHP
>>>>>>> so you can read the source and add or
>>>>>>> change features as you desire.
>>>>>>>
>>>>>>> Take a look at
>>>>>>>               www.dropoff.me
>>>>>>> where you can read about it and download
>>>>>>> it.
>>>>>>>
>>>>>>> It's entirely free and open source, of
>>>>>>> course.
>>>>>>>
>>>>>>> Note: I did not write all of this.
>>>>>>> Dropoff is my fork of the "Dropbox"
>>>>>>> package originally written at the
>>>>>>> University of Delaware.
>>>>>>>                
>>>>> I
>>>>>
>>>>>            
>>>>>>> have added new features and fixed some
>>>>>>> bugs. I intend to continue developing it
>>>>>>> as needed.
>>>>>>>
>>>>>>> Let me know what you think!
>>>>>>>
>>>>>>> Jules
>>>>>>>                
>>>>> Jules
>>>>>
>>>>> --
>>>>> Julian Field MEng CITP CEng
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at
>>>>> www.MailScanner.info/store
>>>>>
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your
>>>>> systems? Contact me!
>>>>> Need help getting you started solving new
>>>>> requirements from your boss? Contact me!
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
>>>>> 7222 11F6 5947 1415 B654 Follow me at
>>>>> twitter.com/JulesFM
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses
>>>>> and dangerous content by MailScanner, and
>>>>> is believed to be clean.
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listi
>>>>> nfo/mailscanner
>>>>>
>>>>> Before posting, read
>>>>> http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the
>>>>> book off the website!
>>>>>            
>>> Jules
>>>        
>> Jules
>>
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at
>> www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new
>> requirements from your boss? Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
>> 11F6 5947 1415 B654 Follow me at
>> twitter.com/JulesFM and twitter.com/MailScanner
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/
>> mailscanner
>>
>> Before posting, read
>> http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book
>> off the website!
>>      
>
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mikael at syska.dk  Tue Jun 15 14:33:28 2010
From: mikael at syska.dk (Mikael Syska)
Date: Tue Jun 15 14:33:44 2010
Subject: SQLBlackWhiteList.pm + IP Block whitelist
In-Reply-To: <a4b0164c-786c-11df-be58-0050569@asp14.rocketseed.com>
References: <a4b0164c-786c-11df-be58-0050569@asp14.rocketseed.com>
Message-ID: <AANLkTike7szxtN4Ngk_KbM9ViJ8xsCqBNUa9Ht69To20@mail.gmail.com>

Hi,

On Tue, Jun 15, 2010 at 12:56 PM, David Jacobson <davidj@synaq.com> wrote:
>
>
> Hi There,
>
> MailScanner 4.7.9-11.1
>
> We use SQLBlackWhiteList.pm for whitelisting/blacklisting.

I think this is a MailWatch thing, and not MailScanner.

>
> Is it possible to whitelist IP blocks?

Yes, the rules format should support it I think ... and with the new
Config.pm (think the name was) ... rules can be read from a database.
So you need to change something.

Look up an announcement by Jules, its a sponsored module by FLS, that
they use in there own software.

>
> From what we have noticed you can only whitelist single IP's.

Correct.

>
> Thanks,
>
> David Jacobson
> Technical Director
> Tel: 011 262 3632
> Fax: 086 637 8868
> Cell: 083 235 0760
> Email: davidj@synaq.com
> Web: www.synaq.com
> Sandhaven Office Park, Pongola Crescent
> Eastgate Ext 17 Sandton
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From peter.ong at hypermediasystems.com  Tue Jun 15 15:39:09 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 15 15:39:20 2010
Subject: How to edit filetypes rules file with these specific filetypes
Message-ID: <815690958.45042.1276612749894.JavaMail.root@mail021.dti>

Hello Everyone,

Another filetype question. But first, thanks to everyone for helping me with my previous ignorances. :-)

Let me show you where I am confused:

[root@gateway005.inf BF43C572C4.AE33A]# ls
message  msg-19254-23.txt

[root@gateway005.inf BF43C572C4.AE33A]# file message
message: RFC 822 mail text

[root@gateway005.inf BF43C572C4.AE33A]# file -i msg-19254-23.txt
msg-19254-23.txt: text/plain; charset=iso-8859-1

Here is an excerpt of our current filetypes rules file:
allow   text    text    -       -
allow   text    text/x-mail     -       -
allow   data    text/x-mail     -       -
allow   text    text/plain      -       -
allow   data    text/plain      -       -
allow   text    message/rfc822  -       -
allow   text            -                       -

How do I enter this in the filetype rules file?

Do I enter it this way:
allow<tab>RFC 822 mail text<tab>text/plain; charset=iso-8859-1<tab>-<tab>-

Thank you.

p
From dragonslayr at gmail.com  Tue Jun 15 16:38:43 2010
From: dragonslayr at gmail.com (Dragon Slayr)
Date: Tue Jun 15 16:38:53 2010
Subject: spamassassin with mailscanner
In-Reply-To: <AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>
References: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
	<AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>
Message-ID: <AANLkTin9ZQNa2fqYQc0CZxzRVV48jgJQskKn9Y8V8iNt@mail.gmail.com>

On Tue, Jun 15, 2010 at 3:10 AM, Martin Hepworth <maxsec@gmail.com> wrote:

>
>
> On 15 June 2010 06:19, Dragon Slayr <dragonslayr@gmail.com> wrote:
>
>> I've just built a box with Ubuntu Lucid. Everything now now going great in
>> testing.
>> However, I attempted to import my old spamassassin database as root with
>> this command.
>> sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
>> sa_bayes_backup.txt
>>
>> That gave me a nice database in the /root directory. :(
>>
>> So, I thought I'd better ask. Should I run this as the postfix user like
>> this?
>> sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf --restore
>> sa_bayes_backup.txt
>>
>> Also, now when I do sudo -u postfix spamassassin --lint -D, I get
>> permission errors attempting to read root..   <Sigh...>
>>
>> As you can see, I'm a bit confused. For a last question, can change things
>> so spamassassin just keeps a global database and forget all this user
>> stuff?  It's a incoming mail server only. There are no local users.
>>
>> Thanks in advance!
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> Hi
>
> you need to make sure that the bayes files are pointing at the correct
> place in the mailscanner.conf for the user you are running mailscanner as,
> and also of course make sure the permissions on the bayes dir/files are good
> for the 'run as' user.
>
> Thank You! For googling sake, I'll post what I did.

Run this line, with every spamassissin command
-p /etc/MailScanner/spam.assassin.prefs.conf

Then, after learning, the permissions were messed up on the bayes files in
/var/lib/MailScanner. "As shown my MailScanner --lint
I changed them by doing "chown postfix:www-data bayes*"

Note, since I had deleted the /root/.spamassassin directory, to keep
spamassassin from barfing, I relearned one spam message as root.







>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/3df0860d/attachment.html
From mark at msapiro.net  Tue Jun 15 16:54:57 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Tue Jun 15 16:55:25 2010
Subject: DNS issue with ScamNailer updates
Message-ID: <PC195201006150854570406ac72678f@msapiro>

ScamNailer gets its updates from www.mailscanner.tv which has a CNAME
pointing to www.mailscannertv.bastionnetworksl.netdna-cdn.com, but
there is no A record for
www.mailscannertv.bastionnetworksl.netdna-cdn.com, the A record is for
wwwmailscannertv.bastionnetworksl.netdna-cdn.com (no '.' after www).

This situation began earlier today. The authoritative DNS for
www.mailscanner.tv is ns.blacknightsolutions.com and
ns2.blacknightsolutions.com which have the
www.mailscannertv.bastionnetworksl.netdna-cdn.com CNAME. Either these
need to be updated to wwwmailscannertv.bastionnetworksl.netdna-cdn.com
or an A record for www.mailscannertv.bastionnetworksl.netdna-cdn.com
needs to be added at ns1.netdna-cdn.com and ns2.netdna-cdn.com.
Probably the former is the correct solution.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From maxsec at gmail.com  Tue Jun 15 17:03:21 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue Jun 15 17:03:32 2010
Subject: spamassassin with mailscanner
In-Reply-To: <AANLkTin9ZQNa2fqYQc0CZxzRVV48jgJQskKn9Y8V8iNt@mail.gmail.com>
References: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
	<AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>
	<AANLkTin9ZQNa2fqYQc0CZxzRVV48jgJQskKn9Y8V8iNt@mail.gmail.com>
Message-ID: <AANLkTil7-V7AcYCrJxS8Em6c9uoy5bMsawQb6xIQLY4K@mail.gmail.com>

On 15 June 2010 16:38, Dragon Slayr <dragonslayr@gmail.com> wrote:

>
>
> On Tue, Jun 15, 2010 at 3:10 AM, Martin Hepworth <maxsec@gmail.com> wrote:
>
>>
>>
>> On 15 June 2010 06:19, Dragon Slayr <dragonslayr@gmail.com> wrote:
>>
>>> I've just built a box with Ubuntu Lucid. Everything now now going great
>>> in testing.
>>> However, I attempted to import my old spamassassin database as root with
>>> this command.
>>> sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
>>> sa_bayes_backup.txt
>>>
>>> That gave me a nice database in the /root directory. :(
>>>
>>> So, I thought I'd better ask. Should I run this as the postfix user like
>>> this?
>>> sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf
>>> --restore sa_bayes_backup.txt
>>>
>>> Also, now when I do sudo -u postfix spamassassin --lint -D, I get
>>> permission errors attempting to read root..   <Sigh...>
>>>
>>> As you can see, I'm a bit confused. For a last question, can change
>>> things so spamassassin just keeps a global database and forget all this user
>>> stuff?  It's a incoming mail server only. There are no local users.
>>>
>>> Thanks in advance!
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> Hi
>>
>> you need to make sure that the bayes files are pointing at the correct
>> place in the mailscanner.conf for the user you are running mailscanner as,
>> and also of course make sure the permissions on the bayes dir/files are good
>> for the 'run as' user.
>>
>> Thank You! For googling sake, I'll post what I did.
>
> Run this line, with every spamassissin command
>
> -p /etc/MailScanner/spam.assassin.prefs.conf
>
> Then, after learning, the permissions were messed up on the bayes files in
> /var/lib/MailScanner. "As shown my MailScanner --lint
> I changed them by doing "chown postfix:www-data bayes*"
>
> Note, since I had deleted the /root/.spamassassin directory, to keep
> spamassassin from barfing, I relearned one spam message as root.
>
>
>
>
>
you shouldn't need the -p anymore. Mailscanner now inserts a
mailscanner.cfwith a correct sym link back to
/etc/MailScanner/spam.assassin.prefs.conf
.....unless of course you're running a really really old MS.

make sure you do the sa-learns as the postfix account and you'll won't get
SA messing with the perms of the bayes.




-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/fc49e0d2/attachment.html
From MailScanner at ecs.soton.ac.uk  Tue Jun 15 17:09:19 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jun 15 17:09:29 2010
Subject: DNS issue with ScamNailer updates
In-Reply-To: <PC195201006150854570406ac72678f@msapiro>
References: <PC195201006150854570406ac72678f@msapiro>
	<4C17A5AF.5040001@ecs.soton.ac.uk>
Message-ID: <EMEW3|35088614a3824d7ccae3814b6da3bbbdm5EH9K0bMailScanner|ecs.soton.ac.uk|4C17A5AF.5040001@ecs.soton.ac.uk>

This was caused by a slight cockup.
It should be undone automatically as soon as the whois changes propagate 
for the mailscanner.tv domain, as it is in the process of moving itself 
to a DNS server which has the correct record.

I will request that the faulty record by fixed in the mean time, 
however, so you don't have to wait for the whois propagation to happen.

Jules.

On 15/06/2010 16:54, Mark Sapiro wrote:
> ScamNailer gets its updates from www.mailscanner.tv which has a CNAME
> pointing to www.mailscannertv.bastionnetworksl.netdna-cdn.com, but
> there is no A record for
> www.mailscannertv.bastionnetworksl.netdna-cdn.com, the A record is for
> wwwmailscannertv.bastionnetworksl.netdna-cdn.com (no '.' after www).
>
> This situation began earlier today. The authoritative DNS for
> www.mailscanner.tv is ns.blacknightsolutions.com and
> ns2.blacknightsolutions.com which have the
> www.mailscannertv.bastionnetworksl.netdna-cdn.com CNAME. Either these
> need to be updated to wwwmailscannertv.bastionnetworksl.netdna-cdn.com
> or an A record for www.mailscannertv.bastionnetworksl.netdna-cdn.com
> needs to be added at ns1.netdna-cdn.com and ns2.netdna-cdn.com.
> Probably the former is the correct solution.
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter.ong at hypermediasystems.com  Tue Jun 15 18:25:38 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 15 18:25:48 2010
Subject: How to edit filetypes rules file with these specific filetypes
In-Reply-To: <815690958.45042.1276612749894.JavaMail.root@mail021.dti>
Message-ID: <1953448394.45336.1276622738819.JavaMail.root@mail021.dti>

I'm not getting any love over here.

p

----- Original Message -----

> From: "Peter Ong" <peter.ong@hypermediasystems.com>
> To: mailscanner@lists.mailscanner.info
> Sent: Tuesday, June 15, 2010 7:39:09 AM
> Subject: How to edit filetypes rules file with these specific filetypes
> 
> Hello Everyone,
> 
> Another filetype question. But first, thanks to everyone for helping
> me with my previous ignorances. :-)
> 
> Let me show you where I am confused:
> 
> [root@gateway005.inf BF43C572C4.AE33A]# ls
> message  msg-19254-23.txt
> 
> [root@gateway005.inf BF43C572C4.AE33A]# file message
> message: RFC 822 mail text
> 
> [root@gateway005.inf BF43C572C4.AE33A]# file -i msg-19254-23.txt
> msg-19254-23.txt: text/plain; charset=iso-8859-1
> 
> Here is an excerpt of our current filetypes rules file:
> allow   text    text    -       -
> allow   text    text/x-mail     -       -
> allow   data    text/x-mail     -       -
> allow   text    text/plain      -       -
> allow   data    text/plain      -       -
> allow   text    message/rfc822  -       -
> allow   text            -                       -
> 
> How do I enter this in the filetype rules file?
> 
> Do I enter it this way:
> allow<tab>RFC 822 mail text<tab>text/plain;
> charset=iso-8859-1<tab>-<tab>-
> 
> Thank you.
> 
> p
From dragonslayr at gmail.com  Tue Jun 15 19:19:05 2010
From: dragonslayr at gmail.com (Dragon Slayr)
Date: Tue Jun 15 19:19:20 2010
Subject: spamassassin with mailscanner
In-Reply-To: <AANLkTil7-V7AcYCrJxS8Em6c9uoy5bMsawQb6xIQLY4K@mail.gmail.com>
References: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
	<AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>
	<AANLkTin9ZQNa2fqYQc0CZxzRVV48jgJQskKn9Y8V8iNt@mail.gmail.com>
	<AANLkTil7-V7AcYCrJxS8Em6c9uoy5bMsawQb6xIQLY4K@mail.gmail.com>
Message-ID: <AANLkTinOhrLC8A8WJNHKo-Bzp2_Qii_h0KnpVgs1vPsN@mail.gmail.com>

On Tue, Jun 15, 2010 at 11:03 AM, Martin Hepworth <maxsec@gmail.com> wrote:

>
>
>
> On 15 June 2010 16:38, Dragon Slayr <dragonslayr@gmail.com> wrote:
>
>>
>>
>> On Tue, Jun 15, 2010 at 3:10 AM, Martin Hepworth <maxsec@gmail.com>wrote:
>>
>>>
>>>
>>> On 15 June 2010 06:19, Dragon Slayr <dragonslayr@gmail.com> wrote:
>>>
>>>> I've just built a box with Ubuntu Lucid. Everything now now going great
>>>> in testing.
>>>> However, I attempted to import my old spamassassin database as root with
>>>> this command.
>>>> sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
>>>> sa_bayes_backup.txt
>>>>
>>>> That gave me a nice database in the /root directory. :(
>>>>
>>>> So, I thought I'd better ask. Should I run this as the postfix user like
>>>> this?
>>>> sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf
>>>> --restore sa_bayes_backup.txt
>>>>
>>>> Also, now when I do sudo -u postfix spamassassin --lint -D, I get
>>>> permission errors attempting to read root..   <Sigh...>
>>>>
>>>> As you can see, I'm a bit confused. For a last question, can change
>>>> things so spamassassin just keeps a global database and forget all this user
>>>> stuff?  It's a incoming mail server only. There are no local users.
>>>>
>>>> Thanks in advance!
>>>>
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> Hi
>>>
>>> you need to make sure that the bayes files are pointing at the correct
>>> place in the mailscanner.conf for the user you are running mailscanner as,
>>> and also of course make sure the permissions on the bayes dir/files are good
>>> for the 'run as' user.
>>>
>>> Thank You! For googling sake, I'll post what I did.
>>
>> Run this line, with every spamassissin command
>>
>> -p /etc/MailScanner/spam.assassin.prefs.conf
>>
>> Then, after learning, the permissions were messed up on the bayes files in
>> /var/lib/MailScanner. "As shown my MailScanner --lint
>> I changed them by doing "chown postfix:www-data bayes*"
>>
>> Note, since I had deleted the /root/.spamassassin directory, to keep
>> spamassassin from barfing, I relearned one spam message as root.
>>
>>
>>
>>
>>
> you shouldn't need the -p anymore. Mailscanner now inserts a
> mailscanner.cf with a correct sym link back to
> /etc/MailScanner/spam.assassin.prefs.conf .....unless of course you're
> running a really really old MS.
>
> make sure you do the sa-learns as the postfix account and you'll won't get
> SA messing with the perms of the bayes.
>
>


How odd..  I do not seem to have a "mailscanner.cf" on the system. I am
running version Installed: 4.79.11-2 obtained from here.
http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.79.11-2_all.deb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100615/3233d886/attachment.html
From craem at craem.net  Tue Jun 15 21:03:13 2010
From: craem at craem.net (Angel)
Date: Tue Jun 15 21:03:29 2010
Subject: OT: log spam
In-Reply-To: <11107.125.168.254.15.1276580208.squirrel@seven.dorksville.net>
References: <4C11DCC1.5080300@marcsnet.com> <4C11E295.40205@tradoc.fr>
	<4C11E696.2060807@marcsnet.com> <4C11EB0E.1060607@marcsnet.com>
	<4C11EDFF.3070301@marcsnet.com>
	<11107.125.168.254.15.1276580208.squirrel@seven.dorksville.net>
Message-ID: <1276632193.2455.4.camel@cepheus.craem.net>

Thanks!!!

Good RBL Filter -


?ngel Elena



El mar, 15-06-2010 a las 15:36 +1000, Anthony Giggins escribi?:
> > should have debugged.  action = iptables[name=spam, port=smtp,
> > protocol=tcp]
> >
> > Marc Lucke wrote:
> >> for anyone interested who uses fail2ban:
> >>
> >> # cat filter.d/spam.conf
> >> failregex = Message .* from <HOST> .* is spam
> >> ignoreregex =
> >> # tail -n 8 jail.conf
> >> [spam]
> >> enabled = true
> >> filter = spam
> >> maxretry = 1
> >> bantime  = 3600
> >> action = iptables-multiport[name=spam port="smtp", protocol=tcp]
> >>           sendmail-whois[name=spam, dest=root, sender=root]
> >> logpath = /var/log/maillog
> >>
> >> works a treat :)  Thanks John!  I was getting too complicated.
> 
> Has anyone got a known working fail2ban config for dovecot Auth failures?
> 
> /etc/fail2ban/filter.d/dovecot.conf
> [INCLUDES]
> before = common.conf
> [Definition]
> _daemon = dovecot
> failregex = dovecot.*authentication failure.*rhost\=<HOST>
> ignoreregex =
> 
> It seems to pass fail2ban-regex
> 
> ie. /usr/bin/fail2ban-regex /var/log/secure.1
> /etc/fail2ban/filter.d/dovecot.conf
> 
> Running tests
> =============
> 
> Use regex file : /etc/fail2ban/filter.d/dovecot.conf
> Use log file   : /var/log/secure.1
> 
> 
> Results
> =======
> 
> Failregex
> |- Regular expressions:
> |  [1] dovecot.*authentication failure.*rhost\=<HOST>
> |
> `- Number of matches:
>    [1] 32 match(es)
> 
> Ignoreregex
> |- Regular expressions:
> |
> `- Number of matches:
> 
> Summary
> =======
> 
> Addresses found:
> [1]
>     66.207.197.12 (Mon Jun 07 21:31:33 2010)
>     66.207.197.12 (Mon Jun 07 21:31:33 2010)
>     66.207.197.12 (Mon Jun 07 21:31:33 2010)
>     66.207.197.12 (Mon Jun 07 21:31:33 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     66.207.197.12 (Mon Jun 07 21:31:34 2010)
>     41.196.251.149 (Tue Jun 08 12:11:43 2010)
>     41.196.251.149 (Tue Jun 08 12:11:43 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:44 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     41.196.251.149 (Tue Jun 08 12:11:45 2010)
>     60.8.11.54 (Tue Jun 08 17:23:06 2010)
>     60.8.11.54 (Tue Jun 08 17:23:07 2010)
>     60.8.11.54 (Tue Jun 08 17:23:08 2010)
> 
> Date template hits:
> 132 hit(s): Month Day Hour:Minute:Second
> 0 hit(s): Weekday Month Day Hour:Minute:Second Year
> 0 hit(s): Weekday Month Day Hour:Minute:Second
> 0 hit(s): Year/Month/Day Hour:Minute:Second
> 0 hit(s): Day/Month/Year:Hour:Minute:Second
> 0 hit(s): Year-Month-Day Hour:Minute:Second
> 0 hit(s): Day-Month-Year Hour:Minute:Second[.Millisecond]
> 0 hit(s): TAI64N
> 0 hit(s): Epoch
> 
> Success, the total number of match is 32
> 
> However, look at the above section 'Running tests' which could contain
> important
> information.
> 
> 
> 
> but I've never seen it block anything :(
> 
> Cheers
> 
> Anthony
> 
> 

From brent.addis at nsp.co.nz  Tue Jun 15 21:29:19 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Tue Jun 15 21:29:24 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
	<4C1693A8.9030501@ecs.soton.ac.uk>
	<EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
Message-ID: <E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz>

Sorry no idea what you mean by no competition. Xenserver eats vmware
for Lunch. We have multiple clients with more than 1 rack of
xenservers in a pool, often with offsite rdundant mirrors, with fibre
sans and multipathing. Probably what you are using too?

I'm going to perform a conversion for our own use internally

On 15/06/2010, at 8:48 AM, "Jules Field" <MailScanner@ecs.soton.ac.uk>
wrote:

> Not right now, thanks. I use VMWare as if you want to run a decent
> sized
> installation (we currently have about 1 rack full of it) there doesn't
> appear to be much competition.
>
> I've got a whole load of other things to do right now.
>
> Thanks for the offer anyway, try me again in a few months.
>
> Cheers,
> Jules.
>
> On 14/06/2010 20:33, Brent Addis wrote:
>> Would you like a xenserver version? I have an aversion to vmware. I
>> come up with spots at the mere thought of it.
>>
>> On 14/06/2010, at 8:53 PM, "Julian Field"
>> <MailScanner@ecs.soton.ac.uk>  wrote:
>>
>>
>>> I have just uploaded the VMWare disk image of a fully functional
>>> Dropoff
>>> system. There are some docs on the Dropoff.me website that will tell
>>> you
>>> how to configure it for your site once you've built a VM around it.
>>>
>>> Jules.
>>>
>>> On 13/06/2010 20:45, Jules Field wrote:
>>>
>>>> I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of
>>>> it, which will save you all a lot of work configuring it and fixing
>>>> bugs in PHP that prevent large uploads.
>>>>
>>>> The documentation text is already written, I've just got to get the
>>>> VMDK off my vSphere.
>>>>
>>>> Jules.
>>>>
>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>
>>>>> It looks fantastic Jules, will definitely download it and have a
>>>>> play.
>>>>>
>>>>> Jason
>>>>>
>>>>>
>>>>>>
>> Brent Addis
>> Systems Integration Specialist
>> Mob: +64 21 971 695
>>
>> Network Service Providers Ltd.
>> Unit 32a, 88 Cook St, Auckland 1010
>> PO Box 90208, Victoria West, Auckland
>>
>> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
>> cs@nsp.co.nz | Web: http://www.nsp.co.nz
>> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>>
>> Disclaimer:
>> This message contains confidential information and is intended only
>> for mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>> . If you are not mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>>  you should not disseminate, distribute or copy this e-mail. Please
>> notify brent.addis@nsp.co.nz immediately by e-mail if you have
>> received this e-mail by mistake and delete this e-mail from your
>> system. E-mail transmission cannot be guaranteed to be secure or
>> error-free as information could be intercepted, corrupted, lost,
>> destroyed, arrive late or incomplete, or contain viruses. Brent
>> Addis therefore does not accept liability for any errors or
>> omissions in the contents of this message, which arise as a result
>> of e-mail transmission. If verification is required please request
>> a hard-copy version.
>> Network Service Providers is a limited liability company registered
>> in New Zealand.
>>
>>

Brent Addis
Systems Integration Specialist
Mob: +64 21 971 695

Network Service Providers Ltd.
Unit 32a, 88 Cook St, Auckland 1010
PO Box 90208, Victoria West, Auckland

Email: mailto:brent.addis@nsp.co.nz | Customer Service:
cs@nsp.co.nz | Web: http://www.nsp.co.nz
Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239

Disclaimer:
This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Network Service Providers is a limited liability company registered in New Zealand.

-----Original Message-----
>>
>>>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>>> [mailto:mailscanner-
>>>>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>>>>> Sent: 13 June 2010 19:30
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>
>>>>>> Thanks for the comment.
>>>>>>
>>>>>> As for integrating it, that counts as 'user front-end
>>>>>> interface' in
>>>>>> MailScanner, which is an area I have never got involved in. So it
>>>>>> will
>>>>>> remain a separate project for the time being, albeit one which
>>>>>> MailScanner admins might like to install for their users'
>>>>>> benefit.
>>>>>>
>>>>>> Jules.
>>>>>>
>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>
>>>>>>> Hi jules,
>>>>>>>
>>>>>>> Thank you very much for the interesting tool, very much
>>>>>>> essential for
>>>>>>> the obvious reasons that you have explained.
>>>>>>>
>>>>>>> This is just an idea, how about integrating this tool with
>>>>>>>
>>>>>> MailScanner
>>>>>>
>>>>>>> for quarantine management.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Supun.
>>>>>>>
>>>>>>>
>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>
>>>>>>>> The Scenario:
>>>>>>>>
>>>>>>>> You have installed MailScanner at your site to protect all your
>>>>>>>>
>>>>>> users
>>>>>>
>>>>>>>> and clients from all sorts of dangerous email content.
>>>>>>>> Okay so far.
>>>>>>>> But your users need to be able to send large files,
>>>>>>>> executables, and
>>>>>>>> all sorts of other things that they used to try to send by
>>>>>>>> email.
>>>>>>>> Some of these are restricted by MailScanner, others (such as
>>>>>>>> large
>>>>>>>> files) are restricted by your email system's capacity.
>>>>>>>> And your users also need to be able to receive files from other
>>>>>>>>
>>>>>> sites
>>>>>>
>>>>>>>> around the world, without having any username/password access
>>>>>>>> to
>>>>>>>>
>>>>>> your
>>>>>>
>>>>>>>> systems.
>>>>>>>> And it needs to be secure.
>>>>>>>>
>>>>>>>> So your users need to be able to send and receive all sort of
>>>>>>>> files
>>>>>>>> and email is not the right tool for the job.
>>>>>>>>
>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>
>>>>>>>> This is a simple web-based system where your users can send and
>>>>>>>> receive files to and from anyone in the world, and yet it can't
>>>>>>>> be
>>>>>>>> used for public warez or porn sharing.
>>>>>>>>
>>>>>>>> Anyone in the world can send files to you (but not to the
>>>>>>>> rest of
>>>>>>>>
>>>>>> the
>>>>>>
>>>>>>>> world), and your users can send files to anyone in the world.
>>>>>>>> All
>>>>>>>> uploaded files are scanned for viruses, so it's safe.
>>>>>>>> Authentication
>>>>>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>>>>>> static file. It's small, light-weight, simple and safe. It's
>>>>>>>> all
>>>>>>>> written in PHP so you can read the source and add or change
>>>>>>>> features
>>>>>>>> as you desire.
>>>>>>>>
>>>>>>>> Take a look at
>>>>>>>>             www.dropoff.me
>>>>>>>> where you can read about it and download it.
>>>>>>>>
>>>>>>>> It's entirely free and open source, of course.
>>>>>>>>
>>>>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>>>>> "Dropbox" package originally written at the University of
>>>>>>>> Delaware.
>>>>>>>>
>>>>>> I
>>>>>>
>>>>>>>> have added new features and fixed some bugs. I intend to
>>>>>>>> continue
>>>>>>>> developing it as needed.
>>>>>>>>
>>>>>>>> Let me know what you think!
>>>>>>>>
>>>>>>>> Jules
>>>>>>>>
>>>>>>>>
>>>>>> Jules
>>>>>>
>>>>>> --
>>>>>> Julian Field MEng CITP CEng
>>>>>> www.MailScanner.info
>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>
>>>>>> Need help customising MailScanner?
>>>>>> Contact me!
>>>>>> Need help fixing or optimising your systems?
>>>>>> Contact me!
>>>>>> Need help getting you started solving new requirements from your
>>>>>> boss?
>>>>>> Contact me!
>>>>>>
>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>> Follow me at twitter.com/JulesFM
>>>>>>
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>> Jules
>>>>
>>>>
>>> Jules
>>>
>>> --
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your
>>> boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Tue Jun 15 22:04:36 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Tue Jun 15 22:04:54 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>	<4C153568.3080504@ecs.soton.ac.uk>	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>	<4C1693A8.9030501@ecs.soton.ac.uk>	<EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
	<E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz>
	<4C17EAE4.4020603@ecs.soton.ac.uk>
Message-ID: <EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>



On 15/06/2010 21:29, Brent Addis wrote:
> Sorry no idea what you mean by no competition. Xenserver eats vmware
> for Lunch. We have multiple clients with more than 1 rack of
> xenservers in a pool, often with offsite rdundant mirrors, with fibre
> sans and multipathing. Probably what you are using too?
>
> I'm going to perform a conversion for our own use internally
>    
If you fancy documenting how to convert it from a VMWare image to a 
Xenserver image, that would be good!

Thanks,
Jules.

> On 15/06/2010, at 8:48 AM, "Jules Field"<MailScanner@ecs.soton.ac.uk>
> wrote:
>
>    
>> Not right now, thanks. I use VMWare as if you want to run a decent
>> sized
>> installation (we currently have about 1 rack full of it) there doesn't
>> appear to be much competition.
>>
>> I've got a whole load of other things to do right now.
>>
>> Thanks for the offer anyway, try me again in a few months.
>>
>> Cheers,
>> Jules.
>>
>> On 14/06/2010 20:33, Brent Addis wrote:
>>      
>>> Would you like a xenserver version? I have an aversion to vmware. I
>>> come up with spots at the mere thought of it.
>>>
>>> On 14/06/2010, at 8:53 PM, "Julian Field"
>>> <MailScanner@ecs.soton.ac.uk>   wrote:
>>>
>>>
>>>        
>>>> I have just uploaded the VMWare disk image of a fully functional
>>>> Dropoff
>>>> system. There are some docs on the Dropoff.me website that will tell
>>>> you
>>>> how to configure it for your site once you've built a VM around it.
>>>>
>>>> Jules.
>>>>
>>>> On 13/06/2010 20:45, Jules Field wrote:
>>>>
>>>>          
>>>>> I'm just about to put up a VMDK (i.e. VMWare virtual disk image) of
>>>>> it, which will save you all a lot of work configuring it and fixing
>>>>> bugs in PHP that prevent large uploads.
>>>>>
>>>>> The documentation text is already written, I've just got to get the
>>>>> VMDK off my vSphere.
>>>>>
>>>>> Jules.
>>>>>
>>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>>
>>>>>            
>>>>>> It looks fantastic Jules, will definitely download it and have a
>>>>>> play.
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>>
>>>>>>              
>>>>>>>                
>>> Brent Addis
>>> Systems Integration Specialist
>>> Mob: +64 21 971 695
>>>
>>> Network Service Providers Ltd.
>>> Unit 32a, 88 Cook St, Auckland 1010
>>> PO Box 90208, Victoria West, Auckland
>>>
>>> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
>>> cs@nsp.co.nz | Web: http://www.nsp.co.nz
>>> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>>>
>>> Disclaimer:
>>> This message contains confidential information and is intended only
>>> for mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>>> . If you are not mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>>>   you should not disseminate, distribute or copy this e-mail. Please
>>> notify brent.addis@nsp.co.nz immediately by e-mail if you have
>>> received this e-mail by mistake and delete this e-mail from your
>>> system. E-mail transmission cannot be guaranteed to be secure or
>>> error-free as information could be intercepted, corrupted, lost,
>>> destroyed, arrive late or incomplete, or contain viruses. Brent
>>> Addis therefore does not accept liability for any errors or
>>> omissions in the contents of this message, which arise as a result
>>> of e-mail transmission. If verification is required please request
>>> a hard-copy version.
>>> Network Service Providers is a limited liability company registered
>>> in New Zealand.
>>>
>>>
>>>        
> Brent Addis
> Systems Integration Specialist
> Mob: +64 21 971 695
>
> Network Service Providers Ltd.
> Unit 32a, 88 Cook St, Auckland 1010
> PO Box 90208, Victoria West, Auckland
>
> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
> cs@nsp.co.nz | Web: http://www.nsp.co.nz
> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>
> Disclaimer:
> This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
> Network Service Providers is a limited liability company registered in New Zealand.
>
> -----Original Message-----
>    
>>>        
>>>>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>>>> [mailto:mailscanner-
>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>>>>>> Sent: 13 June 2010 19:30
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>>
>>>>>>> Thanks for the comment.
>>>>>>>
>>>>>>> As for integrating it, that counts as 'user front-end
>>>>>>> interface' in
>>>>>>> MailScanner, which is an area I have never got involved in. So it
>>>>>>> will
>>>>>>> remain a separate project for the time being, albeit one which
>>>>>>> MailScanner admins might like to install for their users'
>>>>>>> benefit.
>>>>>>>
>>>>>>> Jules.
>>>>>>>
>>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>>
>>>>>>>                
>>>>>>>> Hi jules,
>>>>>>>>
>>>>>>>> Thank you very much for the interesting tool, very much
>>>>>>>> essential for
>>>>>>>> the obvious reasons that you have explained.
>>>>>>>>
>>>>>>>> This is just an idea, how about integrating this tool with
>>>>>>>>
>>>>>>>>                  
>>>>>>> MailScanner
>>>>>>>
>>>>>>>                
>>>>>>>> for quarantine management.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Supun.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>>
>>>>>>>>                  
>>>>>>>>> The Scenario:
>>>>>>>>>
>>>>>>>>> You have installed MailScanner at your site to protect all your
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> users
>>>>>>>
>>>>>>>                
>>>>>>>>> and clients from all sorts of dangerous email content.
>>>>>>>>> Okay so far.
>>>>>>>>> But your users need to be able to send large files,
>>>>>>>>> executables, and
>>>>>>>>> all sorts of other things that they used to try to send by
>>>>>>>>> email.
>>>>>>>>> Some of these are restricted by MailScanner, others (such as
>>>>>>>>> large
>>>>>>>>> files) are restricted by your email system's capacity.
>>>>>>>>> And your users also need to be able to receive files from other
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> sites
>>>>>>>
>>>>>>>                
>>>>>>>>> around the world, without having any username/password access
>>>>>>>>> to
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> your
>>>>>>>
>>>>>>>                
>>>>>>>>> systems.
>>>>>>>>> And it needs to be secure.
>>>>>>>>>
>>>>>>>>> So your users need to be able to send and receive all sort of
>>>>>>>>> files
>>>>>>>>> and email is not the right tool for the job.
>>>>>>>>>
>>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>>
>>>>>>>>> This is a simple web-based system where your users can send and
>>>>>>>>> receive files to and from anyone in the world, and yet it can't
>>>>>>>>> be
>>>>>>>>> used for public warez or porn sharing.
>>>>>>>>>
>>>>>>>>> Anyone in the world can send files to you (but not to the
>>>>>>>>> rest of
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> the
>>>>>>>
>>>>>>>                
>>>>>>>>> world), and your users can send files to anyone in the world.
>>>>>>>>> All
>>>>>>>>> uploaded files are scanned for viruses, so it's safe.
>>>>>>>>> Authentication
>>>>>>>>> of your users can be done via Active Directory, LDAP, IMAP or a
>>>>>>>>> static file. It's small, light-weight, simple and safe. It's
>>>>>>>>> all
>>>>>>>>> written in PHP so you can read the source and add or change
>>>>>>>>> features
>>>>>>>>> as you desire.
>>>>>>>>>
>>>>>>>>> Take a look at
>>>>>>>>>              www.dropoff.me
>>>>>>>>> where you can read about it and download it.
>>>>>>>>>
>>>>>>>>> It's entirely free and open source, of course.
>>>>>>>>>
>>>>>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>>>>>> "Dropbox" package originally written at the University of
>>>>>>>>> Delaware.
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> I
>>>>>>>
>>>>>>>                
>>>>>>>>> have added new features and fixed some bugs. I intend to
>>>>>>>>> continue
>>>>>>>>> developing it as needed.
>>>>>>>>>
>>>>>>>>> Let me know what you think!
>>>>>>>>>
>>>>>>>>> Jules
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>> Jules
>>>>>>>
>>>>>>> --
>>>>>>> Julian Field MEng CITP CEng
>>>>>>> www.MailScanner.info
>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>
>>>>>>> Need help customising MailScanner?
>>>>>>> Contact me!
>>>>>>> Need help fixing or optimising your systems?
>>>>>>> Contact me!
>>>>>>> Need help getting you started solving new requirements from your
>>>>>>> boss?
>>>>>>> Contact me!
>>>>>>>
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>> Follow me at twitter.com/JulesFM
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> This message has been scanned for viruses and
>>>>>>> dangerous content by MailScanner, and is
>>>>>>> believed to be clean.
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>                
>>>>> Jules
>>>>>
>>>>>
>>>>>            
>>>> Jules
>>>>
>>>> --
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new requirements from your
>>>> boss?
>>>> Contact me!
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>          
>> Jules
>>
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jun 15 22:02:46 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Tue Jun 15 22:07:35 2010
Subject: How to edit filetypes rules file with these specific filetypes
In-Reply-To: <815690958.45042.1276612749894.JavaMail.root@mail021.dti>
References: <815690958.45042.1276612749894.JavaMail.root@mail021.dti>
	<4C17EA76.2050906@ecs.soton.ac.uk>
Message-ID: <EMEW3|2ceb7f3e1e9f5dacc43645a91ffda54bm5EM320bMailScanner|ecs.soton.ac.uk|4C17EA76.2050906@ecs.soton.ac.uk>

You don't have to specify both of the "file" and "file -i" output 
substrings in each line, you only need to specify one of them.

But otherwise, your rules look okay to me. Feed some test messages 
through and watch the logs.

Hope that helps,
Jules.

On 15/06/2010 15:39, Peter Ong wrote:
> Hello Everyone,
>
> Another filetype question. But first, thanks to everyone for helping me with my previous ignorances. :-)
>
> Let me show you where I am confused:
>
> [root@gateway005.inf BF43C572C4.AE33A]# ls
> message  msg-19254-23.txt
>
> [root@gateway005.inf BF43C572C4.AE33A]# file message
> message: RFC 822 mail text
>
> [root@gateway005.inf BF43C572C4.AE33A]# file -i msg-19254-23.txt
> msg-19254-23.txt: text/plain; charset=iso-8859-1
>
> Here is an excerpt of our current filetypes rules file:
> allow   text    text    -       -
> allow   text    text/x-mail     -       -
> allow   data    text/x-mail     -       -
> allow   text    text/plain      -       -
> allow   data    text/plain      -       -
> allow   text    message/rfc822  -       -
> allow   text            -                       -
>
> How do I enter this in the filetype rules file?
>
> Do I enter it this way:
> allow<tab>RFC 822 mail text<tab>text/plain; charset=iso-8859-1<tab>-<tab>-
>
> Thank you.
>
> p
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter.ong at hypermediasystems.com  Tue Jun 15 22:30:50 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 15 22:31:00 2010
Subject: How to edit filetypes rules file with these specific filetypes
In-Reply-To: <EMEW3|2ceb7f3e1e9f5dacc43645a91ffda54bm5EM320bMailScanner|ecs.soton.ac.uk|4C17EA76.2050906@ecs.soton.ac.uk>
Message-ID: <782782405.45492.1276637450277.JavaMail.root@mail021.dti>

Not quite. It appears that if I put something in the third field, the second field is a prerequisite. We discovered this from my last problem.

I did it anyway as I had thought, and it appears to be working. So, remove the second field when you have the third at your own risk. :-) Mine is working as suggested.

Thanks.

p

----- Original Message -----

> From: "Jules Field" <MailScanner@ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Tuesday, June 15, 2010 2:02:46 PM
> Subject: Re: How to edit filetypes rules file with these specific filetypes
> 
> You don't have to specify both of the "file" and "file -i" output 
> substrings in each line, you only need to specify one of them.
> 
> But otherwise, your rules look okay to me. Feed some test messages 
> through and watch the logs.
> 
> Hope that helps,
> Jules.
> 
> On 15/06/2010 15:39, Peter Ong wrote:
> > Hello Everyone,
> >
> > Another filetype question. But first, thanks to everyone for helping
> me with my previous ignorances. :-)
> >
> > Let me show you where I am confused:
> >
> > [root@gateway005.inf BF43C572C4.AE33A]# ls
> > message  msg-19254-23.txt
> >
> > [root@gateway005.inf BF43C572C4.AE33A]# file message
> > message: RFC 822 mail text
> >
> > [root@gateway005.inf BF43C572C4.AE33A]# file -i msg-19254-23.txt
> > msg-19254-23.txt: text/plain; charset=iso-8859-1
> >
> > Here is an excerpt of our current filetypes rules file:
> > allow   text    text    -       -
> > allow   text    text/x-mail     -       -
> > allow   data    text/x-mail     -       -
> > allow   text    text/plain      -       -
> > allow   data    text/plain      -       -
> > allow   text    message/rfc822  -       -
> > allow   text            -                       -
> >
> > How do I enter this in the filetype rules file?
> >
> > Do I enter it this way:
> > allow<tab>RFC 822 mail text<tab>text/plain;
> charset=iso-8859-1<tab>-<tab>-
> >
> > Thank you.
> >
> > p
> >    
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From brent.addis at nsp.co.nz  Tue Jun 15 22:32:07 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Tue Jun 15 22:32:18 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net>	<4C1523C4.10604@ecs.soton.ac.uk>
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
	<4C1693A8.9030501@ecs.soton.ac.uk>
	<EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
	<E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz>
	<4C17EAE4.4020603@ecs.soton.ac.uk>
	<EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>
Message-ID: <0AF864B1-6612-409D-9D4F-9AEF2E494F79@nsp.co.nz>

Can do

On 16/06/2010, at 9:12 AM, "Jules Field" <MailScanner@ecs.soton.ac.uk>
wrote:

>
>
> On 15/06/2010 21:29, Brent Addis wrote:
>> Sorry no idea what you mean by no competition. Xenserver eats vmware
>> for Lunch. We have multiple clients with more than 1 rack of
>> xenservers in a pool, often with offsite rdundant mirrors, with fibre
>> sans and multipathing. Probably what you are using too?
>>
>> I'm going to perform a conversion for our own use internally
>>
> If you fancy documenting how to convert it from a VMWare image to a
> Xenserver image, that would be good!
>
> Thanks,
> Jules.
>
>> On 15/06/2010, at 8:48 AM, "Jules Field"<MailScanner@ecs.soton.ac.uk>
>> wrote:
>>
>>
>>> Not right now, thanks. I use VMWare as if you want to run a decent
>>> sized
>>> installation (we currently have about 1 rack full of it) there
>>> doesn't
>>> appear to be much competition.
>>>
>>> I've got a whole load of other things to do right now.
>>>
>>> Thanks for the offer anyway, try me again in a few months.
>>>
>>> Cheers,
>>> Jules.
>>>
>>> On 14/06/2010 20:33, Brent Addis wrote:
>>>
>>>> Would you like a xenserver version? I have an aversion to vmware. I
>>>> come up with spots at the mere thought of it.
>>>>
>>>> On 14/06/2010, at 8:53 PM, "Julian Field"
>>>> <MailScanner@ecs.soton.ac.uk>   wrote:
>>>>
>>>>
>>>>
>>>>> I have just uploaded the VMWare disk image of a fully functional
>>>>> Dropoff
>>>>> system. There are some docs on the Dropoff.me website that will
>>>>> tell
>>>>> you
>>>>> how to configure it for your site once you've built a VM around
>>>>> it.
>>>>>
>>>>> Jules.
>>>>>
>>>>> On 13/06/2010 20:45, Jules Field wrote:
>>>>>
>>>>>
>>>>>> I'm just about to put up a VMDK (i.e. VMWare virtual disk
>>>>>> image) of
>>>>>> it, which will save you all a lot of work configuring it and
>>>>>> fixing
>>>>>> bugs in PHP that prevent large uploads.
>>>>>>
>>>>>> The documentation text is already written, I've just got to get
>>>>>> the
>>>>>> VMDK off my vSphere.
>>>>>>
>>>>>> Jules.
>>>>>>
>>>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>>>
>>>>>>
>>>>>>> It looks fantastic Jules, will definitely download it and have a
>>>>>>> play.
>>>>>>>
>>>>>>> Jason
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>> Brent Addis
>>>> Systems Integration Specialist
>>>> Mob: +64 21 971 695
>>>>
>>>> Network Service Providers Ltd.
>>>> Unit 32a, 88 Cook St, Auckland 1010
>>>> PO Box 90208, Victoria West, Auckland
>>>>
>>>> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
>>>> cs@nsp.co.nz | Web: http://www.nsp.co.nz
>>>> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>>>>
>>>> Disclaimer:
>>>> This message contains confidential information and is intended only
>>>> for mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>>>> . If you are not mailscanner@lists.mailscanner.info, mailscanner@lists.mailscanner.info
>>>>  you should not disseminate, distribute or copy this e-mail. Please
>>>> notify brent.addis@nsp.co.nz immediately by e-mail if you have
>>>> received this e-mail by mistake and delete this e-mail from your
>>>> system. E-mail transmission cannot be guaranteed to be secure or
>>>> error-free as information could be intercepted, corrupted, lost,
>>>> destroyed, arrive late or incomplete, or contain viruses. Brent
>>>> Addis therefore does not accept liability for any errors or
>>>> omissions in the contents of this message, which arise as a result
>>>> of e-mail transmission. If verification is required please request
>>>> a hard-copy version.
>>>> Network Service Providers is a limited liability company registered
>>>> in New Zealand.
>>>>
>>>>
>>>>
>> Brent Addis
>> Systems Integration Specialist
>> Mob: +64 21 971 695
>>
>> Network Service Providers Ltd.
>> Unit 32a, 88 Cook St, Auckland 1010
>> PO Box 90208, Victoria West, Auckland
>>
>> Email: mailto:brent.addis@nsp.co.nz | Customer Service:
>> cs@nsp.co.nz | Web: http://www.nsp.co.nz
>> Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239
>>
>> Disclaimer:
>> This message contains confidential information and is intended only
>> for mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info
>>  you should not disseminate, distribute or copy this e-mail. Please
>> notify brent.addis@nsp.co.nz immediately by e-mail if you have
>> received this e-mail by mistake and delete this e-mail from your
>> system. E-mail transmission cannot be guaranteed to be secure or
>> error-free as information could be intercepted, corrupted, lost,
>> destroyed, arrive late or incomplete, or contain viruses. Brent
>> Addis therefore does not accept liability for any errors or
>> omissions in the contents of this message, which arise as a result
>> of e-mail transmission. If verification is required please request
>> a hard-copy version.
>> Network Service Providers is a limited liability company registered
>> in New Zealand.
>>
>> -----Original Message-----
>>
>>>>
>>>>>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner-
>>>>>>>> bounces@lists.mailscanner.info] On Behalf Of Jules Field
>>>>>>>> Sent: 13 June 2010 19:30
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>>>
>>>>>>>> Thanks for the comment.
>>>>>>>>
>>>>>>>> As for integrating it, that counts as 'user front-end
>>>>>>>> interface' in
>>>>>>>> MailScanner, which is an area I have never got involved in.
>>>>>>>> So it
>>>>>>>> will
>>>>>>>> remain a separate project for the time being, albeit one which
>>>>>>>> MailScanner admins might like to install for their users'
>>>>>>>> benefit.
>>>>>>>>
>>>>>>>> Jules.
>>>>>>>>
>>>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi jules,
>>>>>>>>>
>>>>>>>>> Thank you very much for the interesting tool, very much
>>>>>>>>> essential for
>>>>>>>>> the obvious reasons that you have explained.
>>>>>>>>>
>>>>>>>>> This is just an idea, how about integrating this tool with
>>>>>>>>>
>>>>>>>>>
>>>>>>>> MailScanner
>>>>>>>>
>>>>>>>>
>>>>>>>>> for quarantine management.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Supun.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> The Scenario:
>>>>>>>>>>
>>>>>>>>>> You have installed MailScanner at your site to protect all
>>>>>>>>>> your
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> users
>>>>>>>>
>>>>>>>>
>>>>>>>>>> and clients from all sorts of dangerous email content.
>>>>>>>>>> Okay so far.
>>>>>>>>>> But your users need to be able to send large files,
>>>>>>>>>> executables, and
>>>>>>>>>> all sorts of other things that they used to try to send by
>>>>>>>>>> email.
>>>>>>>>>> Some of these are restricted by MailScanner, others (such as
>>>>>>>>>> large
>>>>>>>>>> files) are restricted by your email system's capacity.
>>>>>>>>>> And your users also need to be able to receive files from
>>>>>>>>>> other
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> sites
>>>>>>>>
>>>>>>>>
>>>>>>>>>> around the world, without having any username/password access
>>>>>>>>>> to
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> your
>>>>>>>>
>>>>>>>>
>>>>>>>>>> systems.
>>>>>>>>>> And it needs to be secure.
>>>>>>>>>>
>>>>>>>>>> So your users need to be able to send and receive all sort of
>>>>>>>>>> files
>>>>>>>>>> and email is not the right tool for the job.
>>>>>>>>>>
>>>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>>>
>>>>>>>>>> This is a simple web-based system where your users can send
>>>>>>>>>> and
>>>>>>>>>> receive files to and from anyone in the world, and yet it
>>>>>>>>>> can't
>>>>>>>>>> be
>>>>>>>>>> used for public warez or porn sharing.
>>>>>>>>>>
>>>>>>>>>> Anyone in the world can send files to you (but not to the
>>>>>>>>>> rest of
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> the
>>>>>>>>
>>>>>>>>
>>>>>>>>>> world), and your users can send files to anyone in the world.
>>>>>>>>>> All
>>>>>>>>>> uploaded files are scanned for viruses, so it's safe.
>>>>>>>>>> Authentication
>>>>>>>>>> of your users can be done via Active Directory, LDAP, IMAP
>>>>>>>>>> or a
>>>>>>>>>> static file. It's small, light-weight, simple and safe. It's
>>>>>>>>>> all
>>>>>>>>>> written in PHP so you can read the source and add or change
>>>>>>>>>> features
>>>>>>>>>> as you desire.
>>>>>>>>>>
>>>>>>>>>> Take a look at
>>>>>>>>>>             www.dropoff.me
>>>>>>>>>> where you can read about it and download it.
>>>>>>>>>>
>>>>>>>>>> It's entirely free and open source, of course.
>>>>>>>>>>
>>>>>>>>>> Note: I did not write all of this. Dropoff is my fork of the
>>>>>>>>>> "Dropbox" package originally written at the University of
>>>>>>>>>> Delaware.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> I
>>>>>>>>
>>>>>>>>
>>>>>>>>>> have added new features and fixed some bugs. I intend to
>>>>>>>>>> continue
>>>>>>>>>> developing it as needed.
>>>>>>>>>>
>>>>>>>>>> Let me know what you think!
>>>>>>>>>>
>>>>>>>>>> Jules
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> Jules
>>>>>>>>
>>>>>>>> --
>>>>>>>> Julian Field MEng CITP CEng
>>>>>>>> www.MailScanner.info
>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>>
>>>>>>>> Need help customising MailScanner?
>>>>>>>> Contact me!
>>>>>>>> Need help fixing or optimising your systems?
>>>>>>>> Contact me!
>>>>>>>> Need help getting you started solving new requirements from
>>>>>>>> your
>>>>>>>> boss?
>>>>>>>> Contact me!
>>>>>>>>
>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
>>>>>>>> B654
>>>>>>>> Follow me at twitter.com/JulesFM
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> This message has been scanned for viruses and
>>>>>>>> dangerous content by MailScanner, and is
>>>>>>>> believed to be clean.
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>>
>>>>>> Jules
>>>>>>
>>>>>>
>>>>>>
>>>>> Jules
>>>>>
>>>>> --
>>>>> Julian Field MEng CITP CEng
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your systems?
>>>>> Contact me!
>>>>> Need help getting you started solving new requirements from your
>>>>> boss?
>>>>> Contact me!
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>> Jules
>>>
>>> --
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your
>>> boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> Follow me at twitter.com/JulesFM
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From bonivart at opencsw.org  Tue Jun 15 22:35:03 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Tue Jun 15 22:35:30 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net> <4C1523C4.10604@ecs.soton.ac.uk> 
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local> 
	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
	<4C1693A8.9030501@ecs.soton.ac.uk> 
	<EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
	<4C17EAE4.4020603@ecs.soton.ac.uk>
	<E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz> 
	<EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>
Message-ID: <AANLkTilmk_B8OLqGPE7dl8PZekeKzRKKK2biuB-7mTQ-@mail.gmail.com>

On Tue, Jun 15, 2010 at 11:04 PM, Jules Field
<MailScanner@ecs.soton.ac.uk> wrote:
> If you fancy documenting how to convert it from a VMWare image to a
> Xenserver image, that would be good!

Why not just export to OVF?

-- 
/peter
From willm at merkens.ca  Tue Jun 15 22:41:49 2010
From: willm at merkens.ca (Will Merkens)
Date: Tue Jun 15 22:42:21 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>
References: <4C14D405.2000502@merkens.ca>
	<B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>
Message-ID: <4C17F39D.9020803@merkens.ca>

On 12:59 PM, Stephen Swaney wrote:
> Will,
>
> some observations are below.
>
> On Jun 13, 2010, at 8:50 AM, Will Merkens wrote:
>
>> System:
>>
>> MailScanner 4.80.1
>> Sendmail 8.14.3
>>
>> I am finding a issue with the /etc/init.d/MailScanner start/stop
>> script as it is not seem to be stopping sendmail.
>>
>>
>
> Is sendmail still being started by the systems default init script?
> The MailScanner script should be used to start sendmail, NOT the
> systems default script.
>
> You can see if this is the porblem:
>
> 1. Stop MailScanner using the MailScanner init script
> 2. Kill any sendmail processes that are still running
> 3. Start MailScanner using the MailScanner init script
>
> If MailScanner starts working, this was the problem.
>
> You don't say what OS you are using but from the location of the
> MailScanner start script, But it looks like it might be Red Hat,
> CentOS od som other similar Linux variant. If so these commands might
> also help.
>
> To see if the systems sendmail init script is configured "on", run:
>
> chkconfig sendmail --list
>
> This should return 
>
> sendmail        0:off 1:off 2:off 3:off 4:off 5:off 6:off
>
> Anything else is a problem.
>
> To turn off the systems sendmail init script run:
>
> chkconfig sendmail off
>
> I hope this helps,
>
> Steve
> -- 
> Steve Swaney
> steve@fsl.com <mailto:steve@fsl.com>
> www.fsl.com
> The most accurate and cost effective anti-spam solutions available
>

Yes I made sure that any service related to MailScanner including
sendmail were in a none startup at any runlevel state.

MailScanner     0:off   1:off   2:on    3:on    4:on    5:on    6:off  
7:off

clamav-milter   0:off   1:off   2:off   3:off   4:off   5:off   6:off  
7:off
clamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off  
7:off
freshclam       0:off   1:off   2:off   3:off   4:off   5:off   6:off  
7:off

sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off  
7:off

spamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off  
7:off


so the ps ax shows this before I issue a stop

[root@gateway ~]# ps ax | grep send
 2251 pts/5    R+     0:00 grep --color send
 2765 ?        Ss     0:05 sendmail: accepting
connections                                                                                                                

 2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue                 
 2775 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue      
[root@gateway ~]# ps ax | grep Mail
 2258 pts/5    R+     0:00 grep --color Mail
 2820 ?        Ss     0:00 MailScanner: starting child
16646 ?        S      0:02 MailScanner: waiting for messages
22250 ?        S      0:02 MailScanner: waiting for messages
23869 ?        S      0:02 MailScanner: waiting for messages
26508 ?        S      0:02 MailScanner: waiting for messages
32443 ?        S      0:02 MailScanner: waiting for messages

Now issue the stop

[root@gateway ~]# service MailScanner stop
Shutting down MailScanner daemons:
        
MailScanner:                                                                   
[  OK  ]
        
incoming                                                                       
[  OK  ]
        
outgoing                                                                       
[  OK  ]

ps ax for sendmail

root@gateway ~]# ps ax | grep send
 2706 pts/5    R+     0:00 grep --color send
 2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue           


still running

issue a start

Starting MailScanner daemons:
        
incoming                                                                  [ 
OK  ]
        
outgoing                                                                  [ 
OK  ]
        
MailScanner:                                                              [ 
OK  ]


ps ax  sendmail and MailScanner

[root@gateway ~]# ps ax | grep send
 2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue                 
 2941 ?        Ss     0:00 sendmail: accepting
connections                                                                                                                

 2945 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue                 
 2951 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue      
 3102 pts/5    R+     0:00 grep --color send
[root@gateway ~]# ps ax | grep Mail
 2973 ?        Ss     0:00 MailScanner: master waiting for children,
sleeping
 2974 ?        S      0:02 MailScanner: waiting for messages
 3030 ?        S      0:02 MailScanner: waiting for messages
 3037 ?        S      0:02 MailScanner: waiting for messages
 3041 ?        S      0:02 MailScanner: waiting for messages
 3045 ?        S      0:02 MailScanner: waiting for messages
 3106 pts/5    R+     0:00 grep --color Mail


we can see that there now is 2 clientmqueue, the old one and the new one.

Now it wont work till I stop MailScanner, kill the sendmail pid's and
restart it all.










-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From brent.addis at nsp.co.nz  Tue Jun 15 23:40:05 2010
From: brent.addis at nsp.co.nz (Brent Addis)
Date: Tue Jun 15 23:40:16 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <AANLkTilmk_B8OLqGPE7dl8PZekeKzRKKK2biuB-7mTQ-@mail.gmail.com>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<EMEW3|bee9c7813b8ef9e47abc6f36b6120ec1m5BGB20bMailScanner|ecs.soton.ac.uk|4C13A385.1020503@ecs.soton.ac.uk>
	<4C145A8A.6070902@lankacom.net> <4C1523C4.10604@ecs.soton.ac.uk>
	<EMEW3|6d3419e8671f3934de274bb1cb5698e7m5CJUX0bMailScanner|ecs.soton.ac.uk|4C1523C4.10604@ecs.soton.ac.uk>
	<1213490F1F316842A544A850422BFA9635CC85C283@BHLSBS.bhl.local>
	<4C153568.3080504@ecs.soton.ac.uk>
	<EMEW3|4f21091514cbfd6993b0ef5ba059c10dm5CKjj0bMailScanner|ecs.soton.ac.uk|4C153568.3080504@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<6A948B1B-EA48-4495-AFDA-712D48802C52@nsp.co.nz>
	<4C1693A8.9030501@ecs.soton.ac.uk>
	<EMEW3|f7420e7dfec8bae867cf3ede8bb38bb1m5DLe90bMailScanner|ecs.soton.ac.uk|4C1693A8.9030501@ecs.soton.ac.uk>
	<4C17EAE4.4020603@ecs.soton.ac.uk>
	<E91AF5EC-668C-4FE5-97C7-2F017DDAC587@nsp.co.nz>
	<EMEW3|9e995c22419f061667f00166be4f7d9em5EM4i0bMailScanner|ecs.soton.ac.uk|4C17EAE4.4020603@ecs.soton.ac.uk>
	<AANLkTilmk_B8OLqGPE7dl8PZekeKzRKKK2biuB-7mTQ-@mail.gmail.com>
Message-ID: <EF88BD23-8AD4-4F31-88BE-AB436E5DA664@nsp.co.nz>

Exactly the conversion I was talking about ;)

On 16/06/2010, at 9:44 AM, "Peter Bonivart" <bonivart@opencsw.org>
wrote:

> On Tue, Jun 15, 2010 at 11:04 PM, Jules Field
> <MailScanner@ecs.soton.ac.uk> wrote:
>> If you fancy documenting how to convert it from a VMWare image to a
>> Xenserver image, that would be good!
>
> Why not just export to OVF?
>
> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


Brent Addis
Systems Integration Specialist
Mob: +64 21 971 695

Network Service Providers Ltd.
Unit 32a, 88 Cook St, Auckland 1010
PO Box 90208, Victoria West, Auckland

Email: mailto:brent.addis@nsp.co.nz | Customer Service:
cs@nsp.co.nz | Web: http://www.nsp.co.nz
Tel: +64-9-306-0230 | Support: +64-9-306-0234 | Fax: +64-9-306-0239

Disclaimer:
This message contains confidential information and is intended only for mailscanner@lists.mailscanner.info. If you are not mailscanner@lists.mailscanner.info you should not disseminate, distribute or copy this e-mail. Please notify brent.addis@nsp.co.nz immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Brent Addis therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Network Service Providers is a limited liability company registered in New Zealand.

From maxsec at gmail.com  Wed Jun 16 08:16:12 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed Jun 16 08:16:23 2010
Subject: spamassassin with mailscanner
In-Reply-To: <AANLkTinOhrLC8A8WJNHKo-Bzp2_Qii_h0KnpVgs1vPsN@mail.gmail.com>
References: <AANLkTin-UbZC7qijQ35qVEU52noNIYkRsClUWnOAIdP4@mail.gmail.com>
	<AANLkTimwI8rE4g0XUUXm1wco_cRQjHeluKgRyXxalj8X@mail.gmail.com>
	<AANLkTin9ZQNa2fqYQc0CZxzRVV48jgJQskKn9Y8V8iNt@mail.gmail.com>
	<AANLkTil7-V7AcYCrJxS8Em6c9uoy5bMsawQb6xIQLY4K@mail.gmail.com>
	<AANLkTinOhrLC8A8WJNHKo-Bzp2_Qii_h0KnpVgs1vPsN@mail.gmail.com>
Message-ID: <AANLkTiko_nJVMYNMthkTttavh-4Y-aQdEiojjr9fIllY@mail.gmail.com>

Hmm

the 'official' deb is ages old still at 4.55

maybe you'd be better off with the generic tar.gz installer as it sounds
like this package is messing with things that could break stuff.

Martin

On 15 June 2010 19:19, Dragon Slayr <dragonslayr@gmail.com> wrote:

>
>
> On Tue, Jun 15, 2010 at 11:03 AM, Martin Hepworth <maxsec@gmail.com>wrote:
>
>>
>>
>>
>> On 15 June 2010 16:38, Dragon Slayr <dragonslayr@gmail.com> wrote:
>>
>>>
>>>
>>> On Tue, Jun 15, 2010 at 3:10 AM, Martin Hepworth <maxsec@gmail.com>wrote:
>>>
>>>>
>>>>
>>>> On 15 June 2010 06:19, Dragon Slayr <dragonslayr@gmail.com> wrote:
>>>>
>>>>> I've just built a box with Ubuntu Lucid. Everything now now going great
>>>>> in testing.
>>>>> However, I attempted to import my old spamassassin database as root
>>>>> with this command.
>>>>> sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore
>>>>> sa_bayes_backup.txt
>>>>>
>>>>> That gave me a nice database in the /root directory. :(
>>>>>
>>>>> So, I thought I'd better ask. Should I run this as the postfix user
>>>>> like this?
>>>>> sa-learn -u postfix -p /etc/MailScanner/spam.assassin.prefs.conf
>>>>> --restore sa_bayes_backup.txt
>>>>>
>>>>> Also, now when I do sudo -u postfix spamassassin --lint -D, I get
>>>>> permission errors attempting to read root..   <Sigh...>
>>>>>
>>>>> As you can see, I'm a bit confused. For a last question, can change
>>>>> things so spamassassin just keeps a global database and forget all this user
>>>>> stuff?  It's a incoming mail server only. There are no local users.
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>> Hi
>>>>
>>>> you need to make sure that the bayes files are pointing at the correct
>>>> place in the mailscanner.conf for the user you are running mailscanner as,
>>>> and also of course make sure the permissions on the bayes dir/files are good
>>>> for the 'run as' user.
>>>>
>>>> Thank You! For googling sake, I'll post what I did.
>>>
>>> Run this line, with every spamassissin command
>>>
>>> -p /etc/MailScanner/spam.assassin.prefs.conf
>>>
>>> Then, after learning, the permissions were messed up on the bayes files
>>> in /var/lib/MailScanner. "As shown my MailScanner --lint
>>> I changed them by doing "chown postfix:www-data bayes*"
>>>
>>> Note, since I had deleted the /root/.spamassassin directory, to keep
>>> spamassassin from barfing, I relearned one spam message as root.
>>>
>>>
>>>
>>>
>>>
>> you shouldn't need the -p anymore. Mailscanner now inserts a
>> mailscanner.cf with a correct sym link back to
>> /etc/MailScanner/spam.assassin.prefs.conf .....unless of course you're
>> running a really really old MS.
>>
>> make sure you do the sa-learns as the postfix account and you'll won't get
>> SA messing with the perms of the bayes.
>>
>>
>
>
> How odd..  I do not seem to have a "mailscanner.cf" on the system. I am
> running version Installed: 4.79.11-2 obtained from here.
> http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.79.11-2_all.deb
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100616/6af2e254/attachment.html
From elec.arun at gmail.com  Wed Jun 16 09:08:47 2010
From: elec.arun at gmail.com (arun gupta)
Date: Wed Jun 16 09:08:55 2010
Subject: mailwatch - issue with spam and ham training
Message-ID: <AANLkTinehIH5NQ2sMzhEkaIuS2PihgRLkfUqr0-HssI4@mail.gmail.com>

Hi,

Recently I have installed mailwatch, it is working fine, but I trained
ham, spam training through mailwatch it gives the following error

"SA Learn: config: path "/root/.spamassassin" is inaccessible:
Permission denied, Forgot tokens from 0 message(s) (1 message(s)
examined)"

please suggest for solving the issue.

Regards,

Arun Kumar Gupta
INDIA
=========================================================================
From maxsec at gmail.com  Wed Jun 16 11:30:56 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed Jun 16 11:31:06 2010
Subject: mailwatch - issue with spam and ham training
In-Reply-To: <AANLkTinehIH5NQ2sMzhEkaIuS2PihgRLkfUqr0-HssI4@mail.gmail.com>
References: <AANLkTinehIH5NQ2sMzhEkaIuS2PihgRLkfUqr0-HssI4@mail.gmail.com>
Message-ID: <AANLkTikAaXHnAWNa0xGU3RJ8i6eJUb4UYgGY_ZZo8_Xy@mail.gmail.com>

On 16 June 2010 09:08, arun gupta <elec.arun@gmail.com> wrote:

> Hi,
>
> Recently I have installed mailwatch, it is working fine, but I trained
> ham, spam training through mailwatch it gives the following error
>
> "SA Learn: config: path "/root/.spamassassin" is inaccessible:
> Permission denied, Forgot tokens from 0 message(s) (1 message(s)
> examined)"
>
> please suggest for solving the issue.
>
> Regards,
>
> Arun Kumar Gupta
> INDIA
> =========================================================================
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Hi

kinda what it says permission issues.

 Move the spamassassin bayes files to a location accessible by the user that
the web user can write to. Modify the bayes_dir setting in mailScanner.cf to
match the new location and restart mailscanner/mailwatch

-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100616/31948b42/attachment.html
From Denis.Beauchemin at USherbrooke.ca  Wed Jun 16 13:36:04 2010
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Wed Jun 16 13:36:27 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C17F39D.9020803@merkens.ca>
References: <4C14D405.2000502@merkens.ca>	<B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>
	<4C17F39D.9020803@merkens.ca>
Message-ID: <4C18C534.40500@USherbrooke.ca>

Will,

Looks like a rogue sendmail. Look at the contents of 
/var/run/sm-client.pid . It should contain 2 lines and the first one 
should be the PID of your current clientmqueue process. If it is not 
then that could explain why MS can't kill it since it looks in that file 
for the PID.

Denis

Le 2010-06-15 17:41, Will Merkens a ?crit :
> On 12:59 PM, Stephen Swaney wrote:
>    
>> Will,
>>
>> some observations are below.
>>
>> On Jun 13, 2010, at 8:50 AM, Will Merkens wrote:
>>
>>      
>>> System:
>>>
>>> MailScanner 4.80.1
>>> Sendmail 8.14.3
>>>
>>> I am finding a issue with the /etc/init.d/MailScanner start/stop
>>> script as it is not seem to be stopping sendmail.
>>>
>>>
>>>        
>> Is sendmail still being started by the systems default init script?
>> The MailScanner script should be used to start sendmail, NOT the
>> systems default script.
>>
>> You can see if this is the porblem:
>>
>> 1. Stop MailScanner using the MailScanner init script
>> 2. Kill any sendmail processes that are still running
>> 3. Start MailScanner using the MailScanner init script
>>
>> If MailScanner starts working, this was the problem.
>>
>> You don't say what OS you are using but from the location of the
>> MailScanner start script, But it looks like it might be Red Hat,
>> CentOS od som other similar Linux variant. If so these commands might
>> also help.
>>
>> To see if the systems sendmail init script is configured "on", run:
>>
>> chkconfig sendmail --list
>>
>> This should return
>>
>> sendmail        0:off 1:off 2:off 3:off 4:off 5:off 6:off
>>
>> Anything else is a problem.
>>
>> To turn off the systems sendmail init script run:
>>
>> chkconfig sendmail off
>>
>> I hope this helps,
>>
>> Steve
>> -- 
>> Steve Swaney
>> steve@fsl.com<mailto:steve@fsl.com>
>> www.fsl.com
>> The most accurate and cost effective anti-spam solutions available
>>
>>      
> Yes I made sure that any service related to MailScanner including
> sendmail were in a none startup at any runlevel state.
>
> MailScanner     0:off   1:off   2:on    3:on    4:on    5:on    6:off
> 7:off
>
> clamav-milter   0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 7:off
> clamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 7:off
> freshclam       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 7:off
>
> sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 7:off
>
> spamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 7:off
>
>
> so the ps ax shows this before I issue a stop
>
> [root@gateway ~]# ps ax | grep send
>   2251 pts/5    R+     0:00 grep --color send
>   2765 ?        Ss     0:05 sendmail: accepting
> connections
>
>   2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/clientmqueue
>   2775 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/mqueue
> [root@gateway ~]# ps ax | grep Mail
>   2258 pts/5    R+     0:00 grep --color Mail
>   2820 ?        Ss     0:00 MailScanner: starting child
> 16646 ?        S      0:02 MailScanner: waiting for messages
> 22250 ?        S      0:02 MailScanner: waiting for messages
> 23869 ?        S      0:02 MailScanner: waiting for messages
> 26508 ?        S      0:02 MailScanner: waiting for messages
> 32443 ?        S      0:02 MailScanner: waiting for messages
>
> Now issue the stop
>
> [root@gateway ~]# service MailScanner stop
> Shutting down MailScanner daemons:
>
> MailScanner:
> [  OK  ]
>
> incoming
> [  OK  ]
>
> outgoing
> [  OK  ]
>
> ps ax for sendmail
>
> root@gateway ~]# ps ax | grep send
>   2706 pts/5    R+     0:00 grep --color send
>   2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/clientmqueue
>
>
> still running
>
> issue a start
>
> Starting MailScanner daemons:
>
> incoming                                                                  [
> OK  ]
>
> outgoing                                                                  [
> OK  ]
>
> MailScanner:                                                              [
> OK  ]
>
>
> ps ax  sendmail and MailScanner
>
> [root@gateway ~]# ps ax | grep send
>   2769 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/clientmqueue
>   2941 ?        Ss     0:00 sendmail: accepting
> connections
>
>   2945 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/clientmqueue
>   2951 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/mqueue
>   3102 pts/5    R+     0:00 grep --color send
> [root@gateway ~]# ps ax | grep Mail
>   2973 ?        Ss     0:00 MailScanner: master waiting for children,
> sleeping
>   2974 ?        S      0:02 MailScanner: waiting for messages
>   3030 ?        S      0:02 MailScanner: waiting for messages
>   3037 ?        S      0:02 MailScanner: waiting for messages
>   3041 ?        S      0:02 MailScanner: waiting for messages
>   3045 ?        S      0:02 MailScanner: waiting for messages
>   3106 pts/5    R+     0:00 grep --color Mail
>
>
> we can see that there now is 2 clientmqueue, the old one and the new one.
>
> Now it wont work till I stop MailScanner, kill the sendmail pid's and
> restart it all.
>
>
>
>
>
>
>
>
>
>
>    

-- 
Denis Beauchemin, analyste
Universit? de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

From nsnidanko at harperpowerproducts.com  Wed Jun 16 16:30:24 2010
From: nsnidanko at harperpowerproducts.com (Naz Snidanko)
Date: Wed Jun 16 16:30:36 2010
Subject: MailScanner ANNOUNCE: Dropoff bug
Message-ID: <9453A32CAC9FFB4D8F59285E34B6A5062DFF@hotc_exch.harperotc.com>

Hi Jules,

 

This exactly what I was looking for to "unload" our mail servers from
attachments, especially with our aging infrastructure (Exchange 2000
Standard 16GB limit). 

 

In preferences.php no matter what do I put for demandHTTPS => false or 0
it always forces https on index page, when I hit it forwards me to
https.

 

Please advice,

 

Naz Snidanko

Desktop & Network Support

Harper Power Products Inc.

(p) 416 201- 7506

nsnidanko@harperpowerproducts.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100616/bdbc8be3/attachment.html
From alex at rtpty.com  Wed Jun 16 16:54:28 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 16 16:58:02 2010
Subject: MailScanner ANNOUNCE: Dropoff bug
In-Reply-To: <9453A32CAC9FFB4D8F59285E34B6A5062DFF@hotc_exch.harperotc.com>
References: <9453A32CAC9FFB4D8F59285E34B6A5062DFF@hotc_exch.harperotc.com>
Message-ID: <364811801-1276703868-cardhu_decombobulator_blackberry.rim.net-1221136350-@bda942.bisx.prod.on.blackberry>

Do you restart the service between changes?
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: "Naz Snidanko" <nsnidanko@harperpowerproducts.com>
Date: Wed, 16 Jun 2010 11:30:24 
To: <mailscanner@lists.mailscanner.info>
Cc: <mailscanner@lists.mailscanner.info>
Subject: Re: MailScanner ANNOUNCE: Dropoff bug

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From maillists at conactive.com  Wed Jun 16 17:39:32 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Wed Jun 16 17:39:42 2010
Subject: attachment missing
Message-ID: <VA.00003b29.063695f1@news.conactive.com>

Cannot remember when I had a problem with MS last time. But now I have 
something curious.
I just got a mail with an attachment and the {filename ?} warning on it. 
There obviously was an attachment (something.info.htm) that got removed 
and replaced by a text warning.

The problem is: this attachment is nowhere.

It's not in Mailwatch and when I look at
/var/spool/MailScanner/quarantine/20100616/nonspam/D7B2AFA073.A4892
it's not there either. Instead it contains the sanitized version without 
the attachment and with the attachment warning. Isn't that file supposed 
to stay "as is"?
Furthermore the attachment-warning text says the message ID is 
"o5GG8p45015809" which would not help to find the message in any way. (I 
don't know what this figure might be, it's nowhere in any log.) The MS 
message ID is D7B2AFA073.A4892.
And on top of this: this mail shows as green/white-listed for spam in 
Mailwatch, but I can't see any reason why that should be the case (it 
doesn't match any entry in spam.whitelist.rules AFAICS).

This is MS 4.80.4 on CentOS 5.

Thanks,

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From maillists at conactive.com  Wed Jun 16 18:09:03 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Wed Jun 16 18:09:17 2010
Subject: attachment missing
In-Reply-To: <VA.00003b29.063695f1@news.conactive.com>
References: <VA.00003b29.063695f1@news.conactive.com>
Message-ID: <VA.00003b2a.06519cc3@news.conactive.com>

Ok, don't laugh :-)

Message got in over one MailScanner server and was forwarded to my 
"personal" one. Thus the whitelisting, the wrong id and the inability to 
release it unhampered. Everything's fine :-)

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From MailScanner at ecs.soton.ac.uk  Wed Jun 16 18:27:21 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 16 18:27:38 2010
Subject: MailScanner ANNOUNCE: Dropoff bug
In-Reply-To: <9453A32CAC9FFB4D8F59285E34B6A5062DFF@hotc_exch.harperotc.com>
References: <9453A32CAC9FFB4D8F59285E34B6A5062DFF@hotc_exch.harperotc.com>
	<4C190979.4050703@ecs.soton.ac.uk>
Message-ID: <EMEW3|2f061313542746495ce3a3b74979bd51m5FIRQ0bMailScanner|ecs.soton.ac.uk|4C190979.4050703@ecs.soton.ac.uk>

Yes, I have seen this too. It appears to be intentional. Note that you 
can get a free server SSL cert from startssl.com.

Please can you move all Dropoff-related mail to Jules@ZendTo.com where I 
will deal with it personally.
I have now renamed Dropoff to be called "ZendTo" (many thanks to Steve 
Swaney at FSL for that one!), and it is now based at www.ZendTo.com.

Jules.

On 16/06/2010 16:30, Naz Snidanko wrote:
>
> Hi Jules,
>
> This exactly what I was looking for to ?unload? our mail servers from 
> attachments, especially with our aging infrastructure (Exchange 2000 
> Standard 16GB limit).
>
> In preferences.php no matter what do I put for demandHTTPS => false or 
> 0 it always forces https on index page, when I hit it forwards me to 
> https.
>
> Please advice,
>
> *Naz Snidanko*
>
> *Desktop & Network Support*
>
> *Harper Power Products Inc.*
>
> *(p) 416 201- 7506*
>
> nsnidanko@harperpowerproducts.com 
> <mailto:nsnidanko@harperpowerproducts.com>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jplorier at montecarlotv.com.uy  Wed Jun 16 21:01:16 2010
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Wed Jun 16 21:01:31 2010
Subject: Sender check and smf-sav
In-Reply-To: <201006161102.o5GB0KET017867@safir.blacknight.ie>
References: <201006161102.o5GB0KET017867@safir.blacknight.ie>
Message-ID: <1276718476.32610.190.camel@localhost>

Hi,

I'm setting a new mailscanner server and to prevent from receiving forged emails I've set smf-sav milter to check sender.
The problem is that it's rejecting valid accounts (i.e. my account from yahoo).
Is there a better way to get smf and sender check?
Regards,




-- Toda la información contenida en este correo electrónico es confidencial y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos comunique inmediatamente si ha recibido este correo por error. En tal caso, evite hacer uso del mismo en forma alguna y elimínelo inmediatamente de su sistema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100616/0de3ab7d/attachment.html
From alex at rtpty.com  Wed Jun 16 21:19:10 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 16 21:19:26 2010
Subject: Sender check and smf-sav
In-Reply-To: <1276718476.32610.190.camel@localhost>
References: <201006161102.o5GB0KET017867@safir.blacknight.ie>
	<1276718476.32610.190.camel@localhost>
Message-ID: <1063459D-80A4-410A-ACF3-7911C7DEF55B@rtpty.com>

I'm sure there is.
Can you be more specific? You should add as much detail of what you did, what you expected, and what you got in order for someone to help.

Also - this is something you might want to check with the smf-sav list. 

MailScanner has an option that tags outgoing e-mails so that replies and DSN's can't be forged.

On Jun 16, 2010, at 3:01 PM, Juan Pablo Lorier wrote:

> Hi,
> 
> I'm setting a new mailscanner server and to prevent from receiving forged emails I've set smf-sav milter to check sender.
> The problem is that it's rejecting valid accounts (i.e. my account from yahoo).
> Is there a better way to get smf and sender check?
> Regards,
> 
> 
> 
> -- Toda la informaci?n contenida en este correo electr?nico es confidencial y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos comunique inmediatamente si ha recibido este correo por error. En tal caso, evite hacer uso del mismo en forma alguna y elim?nelo inmediatamente de su sistema.
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From ecasarero at gmail.com  Thu Jun 17 06:00:00 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Thu Jun 17 06:00:29 2010
Subject: Sender check and smf-sav
In-Reply-To: <1276718476.32610.190.camel@localhost>
References: <201006161102.o5GB0KET017867@safir.blacknight.ie> 
	<1276718476.32610.190.camel@localhost>
Message-ID: <AANLkTin5cN8jKkLafqSX-hNn6oniAoj7Y8PNIyYvP6PA@mail.gmail.com>

El 16 de junio de 2010 17:01, Juan Pablo Lorier <
jplorier@montecarlotv.com.uy> escribi?:

>  Hi,
>
> I'm setting a new mailscanner server and to prevent from receiving forged emails I've set smf-sav milter to check sender.
> The problem is that it's rejecting valid accounts (i.e. my account from yahoo).
> Is there a better way to get smf and sender check?
> Regards,
>
>
smf-sav is useless for inbound traffic, you will suffer more false positives
than spam blocking. smf-sav makes a new connection to the from domain MX's
and tries to validate the address. you will generate a lot of traffic, and
if mx's are slow you will delay incomming connections.

i am from buenos aires (ARG)! feel free to email me at my address in spanish
if you need help!



>
>
> -- Toda la informaci?n contenida en este correo electr?nico es confidencial
> y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos
> comunique inmediatamente si ha recibido este correo por error. En tal caso,
> evite hacer uso del mismo en forma alguna y elim?nelo inmediatamente de su
> sistema.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/a3192eac/attachment.html
From alex at skynet-srl.com  Thu Jun 17 07:23:03 2010
From: alex at skynet-srl.com (Alessandro Bianchi)
Date: Thu Jun 17 07:23:13 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <201006161100.o5GB037e017853@safir.blacknight.ie>
References: <201006161100.o5GB037e017853@safir.blacknight.ie>
Message-ID: <4C19BF47.3080605@skynet-srl.com>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/16b89fb4/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu Jun 17 09:08:45 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun 17 09:08:59 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <4C19BF47.3080605@skynet-srl.com>
References: <201006161100.o5GB037e017853@safir.blacknight.ie>
	<4C19BF47.3080605@skynet-srl.com>
	<4C19D80D.6070109@ecs.soton.ac.uk>
Message-ID: <EMEW3|3b805837a3925e1bac268dd81d055337m5G98n0bMailScanner|ecs.soton.ac.uk|4C19D80D.6070109@ecs.soton.ac.uk>

I would be very interested in the code, yes please!

I am probably going to stick with Ubuntu for the VM distribution, but I 
do have people right here who need to be able to run it on 
RHEL/CentOS/Fedora.

You can address me off-list at Jules@ZendTo.com.

Many thanks,
Jules.

On 17/06/2010 07:23, Alessandro Bianchi wrote:
> Hi everyone
>
> I liked the idea of dropoff but my environment is different.
>
> I use Fedora Linux, hence PHP lacks support for SQLITE, and work in a 
> multiple node cluster enrionment.
>
> So I spent the last two days adding MySQL support for DropOff.
>
> Till now I can authenticate users against a database, and store all 
> the pieces of information in a MySQL database.
>
> Sending and receiving dropoff works, and I still miss the admin part 
> (work in progress).
>
> My Dropoff also works whitl SQLITE without code change, I've added a 
> preference to use MySQL o SQLITE DB backend so no code changes are 
> required.
>
> The only change required is in insertind database access credentials 
> for Dropoff and for the authentication database (for me are two 
> different DBs).
>
> If Jules or anybody else is interested in having this code or merging 
> it with the current branch of DropOff, I'll be pleased to contribute 
> to the project donating my code.
>
> Best regards
>
> Alessandro Bianchi
>
> -- 
>
> SkyNet SRL
>
> Via Maggiate 67 - 28021 Borgomanero (NO) - tel. +39 0322-836487/834765 
> - fax +39 0322-836608
>
> http://www.skynet-srl.com <http://www.skynet-srl.com/>
>
> Autorizzazione Ministeriale n.197
>
> Le informazioni contenute in questo messaggio sono riservate e 
> confidenziali ed ? vietata la diffusione in qualunque modo eseguita.
> Qualora Lei non fosse la persona a cui il presente messaggio ? 
> destinato, La invitiamo ad eliminarlo ed a distruggerlo non 
> divulgandolo, dandocene gentilmente comunicazione.
> Per qualsiasi informazione si prega di contattare info@skynet-srl.com 
> (e-mail dell'azienda). Rif. D.L. 196/2003
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Thu Jun 17 12:00:56 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Thu Jun 17 12:03:42 2010
Subject: attachment missing
In-Reply-To: <VA.00003b2a.06519cc3@news.conactive.com>
References: <VA.00003b29.063695f1@news.conactive.com>
	<VA.00003b2a.06519cc3@news.conactive.com>
Message-ID: <98f02fd3cef8c05f4dbabc11b4029efa@127.0.0.1>


On Wed, 16 Jun 2010 19:09:03 +0200, Kai Schaetzl <maillists@conactive.com>
wrote:
> Message got in over one MailScanner server and was forwarded to my 
> "personal" one. Thus the whitelisting, the wrong id and the inability to

> release it unhampered. Everything's fine :-)
> 

PEBKAC

Hugo.

-- 
hvdkooij@vanderkooij.org   http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From sonidhaval at gmail.com  Thu Jun 17 13:05:57 2010
From: sonidhaval at gmail.com (Dhaval Soni)
Date: Thu Jun 17 13:06:06 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
Message-ID: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>

Dear All,

Is it possible to do filtration per email ID wise from Mail Scanner? I do
not want filtration for whole domain. But I want to filter only couple of
Email IDs for that domain. How to make it possible?

Thank you,

-- 
Kind regards,
Dhaval Soni
Red Hat Certified Architect
ID: 804 007 900 325 939

M: +91-9662029620
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/5620698f/attachment.html
From steve at fsl.com  Thu Jun 17 13:35:10 2010
From: steve at fsl.com (Stephen Swaney)
Date: Thu Jun 17 13:35:20 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
Message-ID: <22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>


On Jun 17, 2010, at 8:05 AM, Dhaval Soni wrote:

> Dear All,
> 
> Is it possible to do filtration per email ID wise from Mail Scanner? I do not want filtration for whole domain. But I want to filter only couple of Email IDs for that domain. How to make it possible?
> 
> Thank you,
> 
> -- 
> Kind regards,
> Dhaval Soni
> Red Hat Certified Architect
> ID: 804 007 900 325 939
> 
> M: +91-9662029620
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

Set up a rule set for "Scan Messages ="

The content of that rule set should be:

To:	scanme1@xyz.com	yes
To:	scanme2@xyz.com	yes
ToOrFrom:		default	no


Best regards,

Steve
-- 
Steve Swaney
steve@fsl.com
www.fsl.com
The most accurate and cost effective anti-spam solutions available

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/05a011fe/attachment.html
From sonidhaval at gmail.com  Thu Jun 17 13:37:41 2010
From: sonidhaval at gmail.com (Dhaval Soni)
Date: Thu Jun 17 13:37:51 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
	<22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>
Message-ID: <AANLkTilfZum3ohDeWgq3fyC0jee2QFs7x8TaVp_LuMow@mail.gmail.com>

Dear Stephen,


On Thu, Jun 17, 2010 at 6:05 PM, Stephen Swaney <steve@fsl.com> wrote:

>
> On Jun 17, 2010, at 8:05 AM, Dhaval Soni wrote:
>
> Dear All,
>
> Is it possible to do filtration per email ID wise from Mail Scanner? I do
> not want filtration for whole domain. But I want to filter only couple of
> Email IDs for that domain. How to make it possible?
>
> Thank you,
>
> --
> Kind regards,
> Dhaval Soni
> Red Hat Certified Architect
> ID: 804 007 900 325 939
>
> M: +91-9662029620
>  --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> Set up a rule set for "Scan Messages ="
>
> The content of that rule set should be:
>
> To: scanme1@xyz.com yes
> To: scanme2@xyz.com yes
> ToOrFrom: default no
>
> Let me test,

Thank you,


>
> Best regards,
>
> Steve
> --
> Steve Swaney
> steve@fsl.com
> www.fsl.com
> The most accurate and cost effective anti-spam solutions available
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Kind regards,
Dhaval Soni
Red Hat Certified Architect
ID: 804 007 900 325 939

M: +91-9662029620
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/5f824f56/attachment.html
From sonidhaval at gmail.com  Thu Jun 17 13:45:31 2010
From: sonidhaval at gmail.com (Dhaval Soni)
Date: Thu Jun 17 13:45:44 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <AANLkTilfZum3ohDeWgq3fyC0jee2QFs7x8TaVp_LuMow@mail.gmail.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
	<22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>
	<AANLkTilfZum3ohDeWgq3fyC0jee2QFs7x8TaVp_LuMow@mail.gmail.com>
Message-ID: <AANLkTinl_a43AUwGCl0GgWGxnxgA4-ZgwsDNFUXOAiT4@mail.gmail.com>

Dear Stephen,

On Thu, Jun 17, 2010 at 6:07 PM, Dhaval Soni <sonidhaval@gmail.com> wrote:

> Dear Stephen,
>
>
> On Thu, Jun 17, 2010 at 6:05 PM, Stephen Swaney <steve@fsl.com> wrote:
>
>>
>> On Jun 17, 2010, at 8:05 AM, Dhaval Soni wrote:
>>
>> Dear All,
>>
>> Is it possible to do filtration per email ID wise from Mail Scanner? I do
>> not want filtration for whole domain. But I want to filter only couple of
>> Email IDs for that domain. How to make it possible?
>>
>> Thank you,
>>
>> --
>> Kind regards,
>> Dhaval Soni
>> Red Hat Certified Architect
>> ID: 804 007 900 325 939
>>
>> M: +91-9662029620
>>  --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>> Set up a rule set for "Scan Messages ="
>>
>> The content of that rule set should be:
>>
>> To: scanme1@xyz.com yes
>> To: scanme2@xyz.com yes
>> ToOrFrom: default no
>>
>
What will happed if other email IDs of xyz.com coming to MailScanner?
Suppose mails are coming to hi@xyz.com but we do not have entry in
MailScanner.conf like above. So will it deliver it to mail.xyz.com or store
it in quarantine ?


>> Let me test,
>
> Thank you,
>
>
>>
>>  Best regards,
>>
>> Steve
>> --
>> Steve Swaney
>> steve@fsl.com
>> www.fsl.com
>> The most accurate and cost effective anti-spam solutions available
>>
>>
>> --
>>
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
>
> --
> Kind regards,
> Dhaval Soni
> Red Hat Certified Architect
> ID: 804 007 900 325 939
>
> M: +91-9662029620
>



-- 
Kind regards,
Dhaval Soni
Red Hat Certified Architect
ID: 804 007 900 325 939

M: +91-9662029620
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/946f1961/attachment.html
From sonidhaval at gmail.com  Thu Jun 17 14:49:18 2010
From: sonidhaval at gmail.com (Dhaval Soni)
Date: Thu Jun 17 14:49:29 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <AANLkTinl_a43AUwGCl0GgWGxnxgA4-ZgwsDNFUXOAiT4@mail.gmail.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
	<22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>
	<AANLkTilfZum3ohDeWgq3fyC0jee2QFs7x8TaVp_LuMow@mail.gmail.com>
	<AANLkTinl_a43AUwGCl0GgWGxnxgA4-ZgwsDNFUXOAiT4@mail.gmail.com>
Message-ID: <AANLkTinek17JoxKRL_HOTD_UnU1I6dJJAi-75MaYEawu@mail.gmail.com>

Dear All,

On Thu, Jun 17, 2010 at 6:15 PM, Dhaval Soni <sonidhaval@gmail.com> wrote:

> Dear Stephen,
>
> On Thu, Jun 17, 2010 at 6:07 PM, Dhaval Soni <sonidhaval@gmail.com> wrote:
>
>> Dear Stephen,
>>
>>
>> On Thu, Jun 17, 2010 at 6:05 PM, Stephen Swaney <steve@fsl.com> wrote:
>>
>>>
>>> On Jun 17, 2010, at 8:05 AM, Dhaval Soni wrote:
>>>
>>> Dear All,
>>>
>>> Is it possible to do filtration per email ID wise from Mail Scanner? I do
>>> not want filtration for whole domain. But I want to filter only couple of
>>> Email IDs for that domain. How to make it possible?
>>>
>>> Thank you,
>>>
>>> --
>>> Kind regards,
>>> Dhaval Soni
>>> Red Hat Certified Architect
>>> ID: 804 007 900 325 939
>>>
>>> M: +91-9662029620
>>>  --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>> Set up a rule set for "Scan Messages ="
>>>
>>> The content of that rule set should be:
>>>
>>> To: scanme1@xyz.com yes
>>> To: scanme2@xyz.com yes
>>> ToOrFrom: default no
>>>
>>
> What will happed if other email IDs of xyz.com coming to MailScanner?
> Suppose mails are coming to hi@xyz.com but we do not have entry in
> MailScanner.conf like above. So will it deliver it to mail.xyz.com or
> store it in quarantine ?
>


Is that possible to block those email IDs who are not mentioned as above in
MailScanner.conf file? So by blocking those email IDs, mails will not be
delivered to mail.xyz.com.

Thank you and waiting for your reply,

>
>
>>> Let me test,
>>
>> Thank you,
>>
>>
>>>
>>>  Best regards,
>>>
>>> Steve
>>> --
>>> Steve Swaney
>>> steve@fsl.com
>>> www.fsl.com
>>> The most accurate and cost effective anti-spam solutions available
>>>
>>>
>>> --
>>>
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>>
>> --
>> Kind regards,
>> Dhaval Soni
>> Red Hat Certified Architect
>> ID: 804 007 900 325 939
>>
>> M: +91-9662029620
>>
>
>
>
> --
> Kind regards,
> Dhaval Soni
> Red Hat Certified Architect
> ID: 804 007 900 325 939
>
> M: +91-9662029620
>



-- 
Kind regards,
Dhaval Soni
Red Hat Certified Architect
ID: 804 007 900 325 939

M: +91-9662029620
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/6b406640/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu Jun 17 14:50:41 2010
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun 17 14:50:56 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
	<4C1A2831.9090705@ecs.soton.ac.uk>
Message-ID: <EMEW3|e13746ab2f0d2bbfc50b8a82c5755c59m5GEoi0bMailScanner|ecs.soton.ac.uk|4C1A2831.9090705@ecs.soton.ac.uk>

Read up about rulesets. There are many examples on the web, in the 
/etc/MailScanner/rules directory and in the book.

Jules.

On 17/06/2010 13:05, Dhaval Soni wrote:
> Dear All,
>
> Is it possible to do filtration per email ID wise from Mail Scanner? I 
> do not want filtration for whole domain. But I want to filter only 
> couple of Email IDs for that domain. How to make it possible?
>
> Thank you,
>
> -- 
> Kind regards,
> Dhaval Soni
> Red Hat Certified Architect
> ID: 804 007 900 325 939
>
> M: +91-9662029620

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Thu Jun 17 15:03:29 2010
From: alex at rtpty.com (Alex Neuman)
Date: Thu Jun 17 15:03:59 2010
Subject: Is per email ID wise filtration from Mail Scanner possible?
In-Reply-To: <AANLkTinek17JoxKRL_HOTD_UnU1I6dJJAi-75MaYEawu@mail.gmail.com>
References: <AANLkTil1KTRDqgfTDEAeSzDTby0hLGLk8E14dsSNW98-@mail.gmail.com>
	<22BBC293-6693-4873-A7AF-87FCF5A95EFA@fsl.com>
	<AANLkTilfZum3ohDeWgq3fyC0jee2QFs7x8TaVp_LuMow@mail.gmail.com>
	<AANLkTinl_a43AUwGCl0GgWGxnxgA4-ZgwsDNFUXOAiT4@mail.gmail.com>
	<AANLkTinek17JoxKRL_HOTD_UnU1I6dJJAi-75MaYEawu@mail.gmail.com>
Message-ID: <A14EEDF9-56EF-4B77-910E-BB87D1D61532@rtpty.com>

That's a function of your MTA.

On Jun 17, 2010, at 8:49 AM, Dhaval Soni wrote:

> Is that possible to block those email IDs who are not mentioned as above in MailScanner.conf file? So by blocking those email IDs, mails will not be delivered to mail.xyz.com.
> 

From willm at merkens.ca  Thu Jun 17 16:00:41 2010
From: willm at merkens.ca (Will Merkens)
Date: Thu Jun 17 16:01:26 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C18C534.40500@USherbrooke.ca>
References: <4C14D405.2000502@merkens.ca>	<B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>	<4C17F39D.9020803@merkens.ca>
	<4C18C534.40500@USherbrooke.ca>
Message-ID: <4C1A3899.3000407@merkens.ca>

On 12:59 PM, Denis Beauchemin wrote:
> Will,
>
> Looks like a rogue sendmail. Look at the contents of
> /var/run/sm-client.pid . It should contain 2 lines and the first one
> should be the PID of your current clientmqueue process. If it is not
> then that could explain why MS can't kill it since it looks in that
> file for the PID.
Ok

first

ps ax | grep send

[root@gateway mail]# ps ax | grep send
 3402 ?        Ss     0:03 sendmail: accepting
connections                                                                                                                

 3406 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/clientmqueue                 
 3414 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
/var/spool/mqueue      
29215 pts/5    S+     0:00 grep --color send

look at the /var/run directory

[root@gateway mail]# ls -lad /var/run/s*
drwxr-xr-x 2 root  root    6 2010-03-11 20:00 /var/run/samba/
-rw------- 1 root  mail  150 2010-06-15 15:39 /var/run/sendmail.in.pid
-rw------- 1 root  mail   66 2010-06-15 15:39 /var/run/sendmail.out.pid
-rw-r--r-- 1 smmsp smmsp   0 2010-06-15 15:39 /var/run/sm-client.pid
-rw------- 1 root  root    5 2010-04-13 12:08 /var/run/sm-notify.pid
-rw-r--r-- 1 root  root    5 2010-04-13 12:08 /var/run/sshd.pid
drwx------ 4 root  root   54 2010-04-17 05:02 /var/run/sudo/
-rw------- 1 root  root    4 2010-04-13 12:08 /var/run/syslogd.pid


I see four pid files related to sendmail.


if I cat them

[root@gateway mail]# cat /var/run/sendmail.in.pid
3402
/usr/sbin/sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
-OQueueDirectory=/var/spool/mqueue.in -OPidFile=/var/run/sendmail.in.pid

[root@gateway mail]# cat /var/run/sendmail.out.pid
3414
/usr/sbin/sendmail -q15m -OPidFile=/var/run/sendmail.out.pid

[root@gateway mail]# cat /var/run/sm-client.pid

[root@gateway mail]# cat /var/run/sm-notify.pid
2422

sm-client is empty and sm-notify contains a pid that does not exist

[root@gateway mail]# ps ax | grep 2422
29384 pts/5    D+     0:00 grep --color 2422

should not the sm-client contain pid 3406 and it looks like it should
what generates this file?

if it's a malfunction start/stop script can it be fixed and where do I
go hunting?











-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Denis.Beauchemin at USherbrooke.ca  Thu Jun 17 16:21:18 2010
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Thu Jun 17 16:21:37 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C1A3899.3000407@merkens.ca>
References: <4C14D405.2000502@merkens.ca>	<B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>	<4C17F39D.9020803@merkens.ca>	<4C18C534.40500@USherbrooke.ca>
	<4C1A3899.3000407@merkens.ca>
Message-ID: <4C1A3D6E.3060506@USherbrooke.ca>

Le 2010-06-17 11:00, Will Merkens a ?crit :
> On 12:59 PM, Denis Beauchemin wrote:
>    
>> Will,
>>
>> Looks like a rogue sendmail. Look at the contents of
>> /var/run/sm-client.pid . It should contain 2 lines and the first one
>> should be the PID of your current clientmqueue process. If it is not
>> then that could explain why MS can't kill it since it looks in that
>> file for the PID.
>>      
> Ok
>
> first
>
> ps ax | grep send
>
> [root@gateway mail]# ps ax | grep send
>   3402 ?        Ss     0:03 sendmail: accepting
> connections
>
>   3406 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/clientmqueue
>   3414 ?        Ss     0:00 sendmail: Queue runner@00:15:00 for
> /var/spool/mqueue
> 29215 pts/5    S+     0:00 grep --color send
>
> look at the /var/run directory
>
> [root@gateway mail]# ls -lad /var/run/s*
> drwxr-xr-x 2 root  root    6 2010-03-11 20:00 /var/run/samba/
> -rw------- 1 root  mail  150 2010-06-15 15:39 /var/run/sendmail.in.pid
> -rw------- 1 root  mail   66 2010-06-15 15:39 /var/run/sendmail.out.pid
> -rw-r--r-- 1 smmsp smmsp   0 2010-06-15 15:39 /var/run/sm-client.pid
> -rw------- 1 root  root    5 2010-04-13 12:08 /var/run/sm-notify.pid
> -rw-r--r-- 1 root  root    5 2010-04-13 12:08 /var/run/sshd.pid
> drwx------ 4 root  root   54 2010-04-17 05:02 /var/run/sudo/
> -rw------- 1 root  root    4 2010-04-13 12:08 /var/run/syslogd.pid
>
>
> I see four pid files related to sendmail.
>
>
> if I cat them
>
> [root@gateway mail]# cat /var/run/sendmail.in.pid
> 3402
> /usr/sbin/sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly
> -OQueueDirectory=/var/spool/mqueue.in -OPidFile=/var/run/sendmail.in.pid
>
> [root@gateway mail]# cat /var/run/sendmail.out.pid
> 3414
> /usr/sbin/sendmail -q15m -OPidFile=/var/run/sendmail.out.pid
>
> [root@gateway mail]# cat /var/run/sm-client.pid
>
> [root@gateway mail]# cat /var/run/sm-notify.pid
> 2422
>
> sm-client is empty and sm-notify contains a pid that does not exist
>
> [root@gateway mail]# ps ax | grep 2422
> 29384 pts/5    D+     0:00 grep --color 2422
>
> should not the sm-client contain pid 3406 and it looks like it should
> what generates this file?
>
> if it's a malfunction start/stop script can it be fixed and where do I
> go hunting?
>
>    

Will,

The folliwing code is executed by "service MailScanner start" to start 
your clientmqueue sendmail process:
         touch /var/run/sm-client.pid
         chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null
         $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null

You can modify the script to get some debugging (modify the lines in 
/etc/init.d/MailScanner):
         touch /var/run/sm-client.pid
         chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid
         $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID

Now do "service MailScanner stop", kill your remaining sendmail process 
and do "service MailScanner start". If there are any error messages when 
starting your sendmail process they should now appear on your terminal.

I am guessing your smmsp user does not have access to your /var/run 
directory.

Denis

-- 
Denis Beauchemin, analyste
Universit? de Sherbrooke, S.T.I.
T: 819.821.8000x62252 F: 819.821.8045

From jplorier at montecarlotv.com.uy  Thu Jun 17 18:10:50 2010
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Thu Jun 17 18:11:24 2010
Subject: Sender check and smf-sav
In-Reply-To: <201006171102.o5HB0OO8005593@safir.blacknight.ie>
References: <201006171102.o5HB0OO8005593@safir.blacknight.ie>
Message-ID: <1276794650.32610.207.camel@localhost>

Thanks Alex and Eduardo.
As Eduardo pointed, smf-sav creates a lot of traffic so I'll try to find
some other way to check if a mail is forged and another milter to do smf
check.
Regards,




-- Toda la información contenida en este correo electrónico es confidencial y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos comunique inmediatamente si ha recibido este correo por error. En tal caso, evite hacer uso del mismo en forma alguna y elimínelo inmediatamente de su sistema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100617/3df73643/attachment.html
From cgoss at gosscomputerprojects.net  Fri Jun 18 02:31:57 2010
From: cgoss at gosscomputerprojects.net (Clay Goss)
Date: Fri Jun 18 02:32:13 2010
Subject: No longer getting any emails through MailScanner...
Message-ID: <E3173EEE1C6B4D43A64141182AC1419C@GCPNB3>

If I start MailScanner, no emails get through.  Using Top, I can see it
running, processing inbound mail, but it is all blocked.

Where should I start to troubleshoot?  

Thanks,
Clay


From hugo at skynap.net  Fri Jun 18 02:40:02 2010
From: hugo at skynap.net (hugo@skynap.net)
Date: Fri Jun 18 02:41:25 2010
Subject: Problem w/ MailScanner 4.79.11 only queueing mail 
Message-ID: <20100618013942.M61960@skynap.net>

Hello

I have a problem with MailScanner that started yesterday around 4:00pm EST.
MailScanner queue's incomming and outgoing mail and it stays there.
When I shut down MailScanner and just run sendmail things are fine.
The only updates to the server are clamav (freshclam) and spamassassin (sa-update)
This instance of MailScanner 4.79.11 has been running fine for the past
several months or so.

Can somebody give me some direction where to look.

Regards

Hugo Olortegui
SkyNAP, Inc.
Tel: 1.866.646.1124
Fax: 954.337.2364
www.skynap.com

From alex at rtpty.com  Fri Jun 18 02:41:36 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Jun 18 02:42:08 2010
Subject: No longer getting any emails through MailScanner...
Message-ID: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry>

I'd start looking at the logs. 
------Original Message------
From: Clay Goss
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: No longer getting any emails through MailScanner...
Sent: Jun 17, 2010 8:31 PM

If I start MailScanner, no emails get through.  Using Top, I can see it
running, processing inbound mail, but it is all blocked.

Where should I start to troubleshoot?  

Thanks,
Clay


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com
From cgoss at gosscomputerprojects.net  Fri Jun 18 03:04:25 2010
From: cgoss at gosscomputerprojects.net (Clay Goss)
Date: Fri Jun 18 03:04:40 2010
Subject: No longer getting any emails through MailScanner...
In-Reply-To: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry>
References: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry>
Message-ID: <B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3>

Alex,

Thank you for the response.  Please excuse my rust at the admin of Linux and
associated processes as I built this system years ago and, for good or
perhaps bad, it has not required much attention.

Here are some "tails" of my maillog:

[root@GCPWS2 log]# tail maillog
Jun 17 21:56:29 GCPWS2 MailScanner[20434]: I have found clamavmodule
scanners installed, and will use them all by default.
Jun 17 21:56:36 GCPWS2 MailScanner[20434]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
Jun 17 21:56:38 GCPWS2 MailScanner[20554]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:56:40 GCPWS2 MailScanner[20554]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:56:45 GCPWS2 MailScanner[20554]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:56:46 GCPWS2 MailScanner[20554]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:56:50 GCPWS2 MailScanner[20554]: Using SpamAssassin results cache
Jun 17 21:56:51 GCPWS2 MailScanner[20554]: Connected to SpamAssassin cache
database
Jun 17 21:56:51 GCPWS2 MailScanner[20554]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:56:52 GCPWS2 MailScanner[20505]: I have found clamavmodule
scanners installed, and will use them all by default.
[root@GCPWS2 log]# tail maillog
Jun 17 21:58:05 GCPWS2 MailScanner[20718]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:08 GCPWS2 MailScanner[20637]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
Jun 17 21:58:10 GCPWS2 MailScanner[20760]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Using SpamAssassin results cache
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Connected to SpamAssassin cache
database
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:58:12 GCPWS2 MailScanner[20760]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:58:17 GCPWS2 MailScanner[20760]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:58:17 GCPWS2 MailScanner[20760]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:22 GCPWS2 MailScanner[20760]: Using SpamAssassin results cache
[root@GCPWS2 log]# tail maillog
Jun 17 21:58:34 GCPWS2 MailScanner[20801]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:58:36 GCPWS2 MailScanner[20801]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:58:42 GCPWS2 MailScanner[20801]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:58:43 GCPWS2 MailScanner[20801]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:43 GCPWS2 sendmail[20802]: o5I1wf88020802:
from=<esozuimais8359@2iij.net>, size=11150, class=0, nrcpts=1, msgid=
<201006180158.o5I1wf88020802@gcpws2.gosscomputerprojects.net>, proto=ESMTP,
daemon=MTA, relay=98.94.214.202.bf.2iij.net [202.
214.94.98]
Jun 17 21:58:44 GCPWS2 MailScanner[20718]: I have found clamavmodule
scanners installed, and will use them all by default.
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Using SpamAssassin results cache
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Connected to SpamAssassin cache
database
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:58:52 GCPWS2 MailScanner[20718]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
[root@GCPWS2 log]#
[root@GCPWS2 log]# tail maillog
Jun 17 21:59:05 GCPWS2 MailScanner[20883]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:59:07 GCPWS2 MailScanner[20883]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Using SpamAssassin results cache
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Connected to SpamAssassin cache
database
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:59:12 GCPWS2 MailScanner[20883]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:59:13 GCPWS2 MailScanner[20883]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Using SpamAssassin results cache
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Connected to SpamAssassin cache
database
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Enabling SpamAssassin
auto-whitelist functionality...
[root@GCPWS2 log]# 

I've noted the "ERROR:: Could not load databases from
/usr/local/share/clamav"

This stuff seems to repeat forever.

Thanks,
Clay

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Thursday, June 17, 2010 9:42 PM
To: MailScanner discussion
Subject: Re: No longer getting any emails through MailScanner...

I'd start looking at the logs. 
------Original Message------
From: Clay Goss
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: No longer getting any emails through MailScanner...
Sent: Jun 17, 2010 8:31 PM

If I start MailScanner, no emails get through.  Using Top, I can see it
running, processing inbound mail, but it is all blocked.

Where should I start to troubleshoot?  

Thanks,
Clay


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From alex at rtpty.com  Fri Jun 18 03:09:44 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Jun 18 03:09:59 2010
Subject: No longer getting any emails through MailScanner...
In-Reply-To: <B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3>
References: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry><B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3>
Message-ID: <1504120386-1276826987-cardhu_decombobulator_blackberry.rim.net-1279430633-@bda942.bisx.prod.on.blackberry>

You seem to be using an outdated ClamAV package which might be making your install "choke". Besides, using clamd is now preferred over clamavmodule. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: "Clay Goss" <cgoss@gosscomputerprojects.net>
Date: Thu, 17 Jun 2010 22:04:25 
To: 'MailScanner discussion'<mailscanner@lists.mailscanner.info>
Subject: RE: No longer getting any emails through MailScanner...

Alex,

Thank you for the response.  Please excuse my rust at the admin of Linux and
associated processes as I built this system years ago and, for good or
perhaps bad, it has not required much attention.

Here are some "tails" of my maillog:

[root@GCPWS2 log]# tail maillog
Jun 17 21:56:29 GCPWS2 MailScanner[20434]: I have found clamavmodule
scanners installed, and will use them all by default.
Jun 17 21:56:36 GCPWS2 MailScanner[20434]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
Jun 17 21:56:38 GCPWS2 MailScanner[20554]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:56:40 GCPWS2 MailScanner[20554]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:56:45 GCPWS2 MailScanner[20554]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:56:46 GCPWS2 MailScanner[20554]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:56:50 GCPWS2 MailScanner[20554]: Using SpamAssassin results cache
Jun 17 21:56:51 GCPWS2 MailScanner[20554]: Connected to SpamAssassin cache
database
Jun 17 21:56:51 GCPWS2 MailScanner[20554]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:56:52 GCPWS2 MailScanner[20505]: I have found clamavmodule
scanners installed, and will use them all by default.
[root@GCPWS2 log]# tail maillog
Jun 17 21:58:05 GCPWS2 MailScanner[20718]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:08 GCPWS2 MailScanner[20637]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
Jun 17 21:58:10 GCPWS2 MailScanner[20760]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Using SpamAssassin results cache
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Connected to SpamAssassin cache
database
Jun 17 21:58:10 GCPWS2 MailScanner[20718]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:58:12 GCPWS2 MailScanner[20760]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:58:17 GCPWS2 MailScanner[20760]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:58:17 GCPWS2 MailScanner[20760]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:22 GCPWS2 MailScanner[20760]: Using SpamAssassin results cache
[root@GCPWS2 log]# tail maillog
Jun 17 21:58:34 GCPWS2 MailScanner[20801]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:58:36 GCPWS2 MailScanner[20801]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:58:42 GCPWS2 MailScanner[20801]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:58:43 GCPWS2 MailScanner[20801]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:58:43 GCPWS2 sendmail[20802]: o5I1wf88020802:
from=<esozuimais8359@2iij.net>, size=11150, class=0, nrcpts=1, msgid=
<201006180158.o5I1wf88020802@gcpws2.gosscomputerprojects.net>, proto=ESMTP,
daemon=MTA, relay=98.94.214.202.bf.2iij.net [202.
214.94.98]
Jun 17 21:58:44 GCPWS2 MailScanner[20718]: I have found clamavmodule
scanners installed, and will use them all by default.
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Using SpamAssassin results cache
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Connected to SpamAssassin cache
database
Jun 17 21:58:47 GCPWS2 MailScanner[20801]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:58:52 GCPWS2 MailScanner[20718]: ClamAV Module ERROR:: Could not
load databases from /usr/local/share/clamav
[root@GCPWS2 log]#
[root@GCPWS2 log]# tail maillog
Jun 17 21:59:05 GCPWS2 MailScanner[20883]: MailScanner E-Mail Virus Scanner
version 4.68.8 starting...
Jun 17 21:59:07 GCPWS2 MailScanner[20883]: Read 868 hostnames from the
phishing whitelist
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Using SpamAssassin results cache
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Connected to SpamAssassin cache
database
Jun 17 21:59:08 GCPWS2 MailScanner[20852]: Enabling SpamAssassin
auto-whitelist functionality...
Jun 17 21:59:12 GCPWS2 MailScanner[20883]: Read 12725 hostnames from the
phishing blacklist
Jun 17 21:59:13 GCPWS2 MailScanner[20883]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAs
sassin-Temp
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Using SpamAssassin results cache
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Connected to SpamAssassin cache
database
Jun 17 21:59:17 GCPWS2 MailScanner[20883]: Enabling SpamAssassin
auto-whitelist functionality...
[root@GCPWS2 log]# 

I've noted the "ERROR:: Could not load databases from
/usr/local/share/clamav"

This stuff seems to repeat forever.

Thanks,
Clay

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman
Sent: Thursday, June 17, 2010 9:42 PM
To: MailScanner discussion
Subject: Re: No longer getting any emails through MailScanner...

I'd start looking at the logs. 
------Original Message------
From: Clay Goss
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: No longer getting any emails through MailScanner...
Sent: Jun 17, 2010 8:31 PM

If I start MailScanner, no emails get through.  Using Top, I can see it
running, processing inbound mail, but it is all blocked.

Where should I start to troubleshoot?  

Thanks,
Clay


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From lhaig at haigmail.com  Fri Jun 18 08:17:54 2010
From: lhaig at haigmail.com (Lance Haig)
Date: Fri Jun 18 08:18:16 2010
Subject: adding signature rules to signed messages
Message-ID: <4C1B1DA2.4020909@haigmail.com>

Hi,

We have noticed that if a message is signed and it comes in or out when 
MS adds the footer it breaks the message signature.

Has anyone seen this and how do you get around it.

Thanks

Lance

--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com

From mogens at fumlersoft.dk  Fri Jun 18 08:21:59 2010
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Fri Jun 18 08:22:14 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.a
	c.uk|4C177BA1.2080705@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<201006150800.45872.dyioulos@firstbhph.com>
	<4C177BA1.2080705@ecs.soton.ac.uk>
	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>
Message-ID: <43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>

Well, i'm all 32-bit, as are my customers. So i guess i'm not
getting to try out this thing anytime soon ;^)

On Tue, June 15, 2010 15:09, Julian Field wrote:
> I'm afraid a 32-bit version is not going to be very high on my priority
> list, when everyone else in the world is adopting 64-bit if they haven't
> already.
>
> What's stopping you running the 64-bit version?
>
> On 15/06/2010 13:00, Dimitri Yioulos wrote:
>> Jules,
>>
>> Thanks so much for this handy new tool!
>>
>> Ours is a 32-bit shop.  I know you're frightfully
>> busy, but Is there any chance you can create a
>> 32-bit virtual machine version?
>>
>> Thanks again.
>>
>> Dimitri
>>
>>
>> On Monday 14 June 2010 4:41:09 am Julian Field
>> wrote:
>>
>>> I have just uploaded the VMWare disk image of a
>>> fully functional Dropoff system. There are some
>>> docs on the Dropoff.me website that will tell
>>> you how to configure it for your site once
>>> you've built a VM around it.
>>>
>>> Jules.
>>>
>>> On 13/06/2010 20:45, Jules Field wrote:
>>>
>>>> I'm just about to put up a VMDK (i.e. VMWare
>>>> virtual disk image) of it, which will save
>>>> you all a lot of work configuring it and
>>>> fixing bugs in PHP that prevent large
>>>> uploads.
>>>>
>>>> The documentation text is already written,
>>>> I've just got to get the VMDK off my vSphere.
>>>>
>>>> Jules.
>>>>
>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>
>>>>> It looks fantastic Jules, will definitely
>>>>> download it and have a play.
>>>>>
>>>>> Jason
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From:
>>>>>> mailscanner-bounces@lists.mailscanner.info
>>>>>> [mailto:mailscanner-
>>>>>> bounces@lists.mailscanner.info] On Behalf
>>>>>> Of Jules Field Sent: 13 June 2010 19:30
>>>>>> To: MailScanner discussion
>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>
>>>>>> Thanks for the comment.
>>>>>>
>>>>>> As for integrating it, that counts as 'user
>>>>>> front-end interface' in MailScanner, which
>>>>>> is an area I have never got involved in. So
>>>>>> it will remain a separate project for the
>>>>>> time being, albeit one which MailScanner
>>>>>> admins might like to install for their
>>>>>> users' benefit.
>>>>>>
>>>>>> Jules.
>>>>>>
>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>
>>>>>>> Hi jules,
>>>>>>>
>>>>>>> Thank you very much for the interesting
>>>>>>> tool, very much essential for the obvious
>>>>>>> reasons that you have explained.
>>>>>>>
>>>>>>> This is just an idea, how about
>>>>>>> integrating this tool with
>>>>>>>
>>>>>> MailScanner
>>>>>>
>>>>>>
>>>>>>> for quarantine management.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Supun.
>>>>>>>
>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>
>>>>>>>> The Scenario:
>>>>>>>>
>>>>>>>> You have installed MailScanner at your
>>>>>>>> site to protect all your
>>>>>>>>
>>>>>> users
>>>>>>
>>>>>>
>>>>>>>> and clients from all sorts of dangerous
>>>>>>>> email content. Okay so far.
>>>>>>>> But your users need to be able to send
>>>>>>>> large files, executables, and all sorts
>>>>>>>> of other things that they used to try to
>>>>>>>> send by email. Some of these are
>>>>>>>> restricted by MailScanner, others (such
>>>>>>>> as large files) are restricted by your
>>>>>>>> email system's capacity. And your users
>>>>>>>> also need to be able to receive files
>>>>>>>> from other
>>>>>>>>
>>>>>> sites
>>>>>>
>>>>>>
>>>>>>>> around the world, without having any
>>>>>>>> username/password access to
>>>>>>>>
>>>>>> your
>>>>>>
>>>>>>
>>>>>>>> systems.
>>>>>>>> And it needs to be secure.
>>>>>>>>
>>>>>>>> So your users need to be able to send and
>>>>>>>> receive all sort of files and email is
>>>>>>>> not the right tool for the job.
>>>>>>>>
>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>
>>>>>>>> This is a simple web-based system where
>>>>>>>> your users can send and receive files to
>>>>>>>> and from anyone in the world, and yet it
>>>>>>>> can't be used for public warez or porn
>>>>>>>> sharing.
>>>>>>>>
>>>>>>>> Anyone in the world can send files to you
>>>>>>>> (but not to the rest of
>>>>>>>>
>>>>>> the
>>>>>>
>>>>>>
>>>>>>>> world), and your users can send files to
>>>>>>>> anyone in the world. All uploaded files
>>>>>>>> are scanned for viruses, so it's safe.
>>>>>>>> Authentication of your users can be done
>>>>>>>> via Active Directory, LDAP, IMAP or a
>>>>>>>> static file. It's small, light-weight,
>>>>>>>> simple and safe. It's all written in PHP
>>>>>>>> so you can read the source and add or
>>>>>>>> change features as you desire.
>>>>>>>>
>>>>>>>> Take a look at
>>>>>>>>               www.dropoff.me
>>>>>>>> where you can read about it and download
>>>>>>>> it.
>>>>>>>>
>>>>>>>> It's entirely free and open source, of
>>>>>>>> course.
>>>>>>>>
>>>>>>>> Note: I did not write all of this.
>>>>>>>> Dropoff is my fork of the "Dropbox"
>>>>>>>> package originally written at the
>>>>>>>> University of Delaware.
>>>>>>>>
>>>>>> I
>>>>>>
>>>>>>
>>>>>>>> have added new features and fixed some
>>>>>>>> bugs. I intend to continue developing it
>>>>>>>> as needed.
>>>>>>>>
>>>>>>>> Let me know what you think!
>>>>>>>>
>>>>>>>> Jules
>>>>>>>>
>>>>>> Jules
>>>>>>
>>>>>> --
>>>>>> Julian Field MEng CITP CEng
>>>>>> www.MailScanner.info
>>>>>> Buy the MailScanner book at
>>>>>> www.MailScanner.info/store
>>>>>>
>>>>>> Need help customising MailScanner?
>>>>>> Contact me!
>>>>>> Need help fixing or optimising your
>>>>>> systems? Contact me!
>>>>>> Need help getting you started solving new
>>>>>> requirements from your boss? Contact me!
>>>>>>
>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
>>>>>> 7222 11F6 5947 1415 B654 Follow me at
>>>>>> twitter.com/JulesFM
>>>>>>
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses
>>>>>> and dangerous content by MailScanner, and
>>>>>> is believed to be clean.
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listi
>>>>>> nfo/mailscanner
>>>>>>
>>>>>> Before posting, read
>>>>>> http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the
>>>>>> book off the website!
>>>>>>
>>>> Jules
>>>>
>>> Jules
>>>
>>> --
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at
>>> www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new
>>> requirements from your boss? Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
>>> 11F6 5947 1415 B654 Follow me at
>>> twitter.com/JulesFM and twitter.com/MailScanner
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/
>>> mailscanner
>>>
>>> Before posting, read
>>> http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book
>>> off the website!
>>>
>>
>>
>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-- 
Later

Mogens Melander



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jkf at ecs.soton.ac.uk  Fri Jun 18 08:36:42 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Fri Jun 18 08:36:54 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<201006150800.45872.dyioulos@firstbhph.com>
	<4C177BA1.2080705@ecs.soton.ac.uk>
	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>
	<43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>
	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
Message-ID: <EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>

I can try building a 32-bit version for you, but you will probably be limited to 2 Gbyte uploads. If that's not a problem for you, then I can do that. I probably won't have time to do it today as I've got a load of other things on right now, but if you're lucky I *might* do it this weekend.

Out of Interest, why are you not moving to 64-bit? Modern CPUs have been able to run 64-bit for quite a long time now. What's the advantage?
-- 
Jules
Sent from my iPad over 3G :-)

On 18 Jun 2010, at 08:21 AM, "Mogens Melander" <mogens@fumlersoft.dk> wrote:

> Well, i'm all 32-bit, as are my customers. So i guess i'm not
> getting to try out this thing anytime soon ;^)
> 
> On Tue, June 15, 2010 15:09, Julian Field wrote:
>> I'm afraid a 32-bit version is not going to be very high on my priority
>> list, when everyone else in the world is adopting 64-bit if they haven't
>> already.
>> 
>> What's stopping you running the 64-bit version?
>> 
>> On 15/06/2010 13:00, Dimitri Yioulos wrote:
>>> Jules,
>>> 
>>> Thanks so much for this handy new tool!
>>> 
>>> Ours is a 32-bit shop.  I know you're frightfully
>>> busy, but Is there any chance you can create a
>>> 32-bit virtual machine version?
>>> 
>>> Thanks again.
>>> 
>>> Dimitri
>>> 
>>> 
>>> On Monday 14 June 2010 4:41:09 am Julian Field
>>> wrote:
>>> 
>>>> I have just uploaded the VMWare disk image of a
>>>> fully functional Dropoff system. There are some
>>>> docs on the Dropoff.me website that will tell
>>>> you how to configure it for your site once
>>>> you've built a VM around it.
>>>> 
>>>> Jules.
>>>> 
>>>> On 13/06/2010 20:45, Jules Field wrote:
>>>> 
>>>>> I'm just about to put up a VMDK (i.e. VMWare
>>>>> virtual disk image) of it, which will save
>>>>> you all a lot of work configuring it and
>>>>> fixing bugs in PHP that prevent large
>>>>> uploads.
>>>>> 
>>>>> The documentation text is already written,
>>>>> I've just got to get the VMDK off my vSphere.
>>>>> 
>>>>> Jules.
>>>>> 
>>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>> 
>>>>>> It looks fantastic Jules, will definitely
>>>>>> download it and have a play.
>>>>>> 
>>>>>> Jason
>>>>>> 
>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From:
>>>>>>> mailscanner-bounces@lists.mailscanner.info
>>>>>>> [mailto:mailscanner-
>>>>>>> bounces@lists.mailscanner.info] On Behalf
>>>>>>> Of Jules Field Sent: 13 June 2010 19:30
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>> 
>>>>>>> Thanks for the comment.
>>>>>>> 
>>>>>>> As for integrating it, that counts as 'user
>>>>>>> front-end interface' in MailScanner, which
>>>>>>> is an area I have never got involved in. So
>>>>>>> it will remain a separate project for the
>>>>>>> time being, albeit one which MailScanner
>>>>>>> admins might like to install for their
>>>>>>> users' benefit.
>>>>>>> 
>>>>>>> Jules.
>>>>>>> 
>>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>> 
>>>>>>>> Hi jules,
>>>>>>>> 
>>>>>>>> Thank you very much for the interesting
>>>>>>>> tool, very much essential for the obvious
>>>>>>>> reasons that you have explained.
>>>>>>>> 
>>>>>>>> This is just an idea, how about
>>>>>>>> integrating this tool with
>>>>>>>> 
>>>>>>> MailScanner
>>>>>>> 
>>>>>>> 
>>>>>>>> for quarantine management.
>>>>>>>> 
>>>>>>>> Thanks,
>>>>>>>> Supun.
>>>>>>>> 
>>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>> 
>>>>>>>>> The Scenario:
>>>>>>>>> 
>>>>>>>>> You have installed MailScanner at your
>>>>>>>>> site to protect all your
>>>>>>>>> 
>>>>>>> users
>>>>>>> 
>>>>>>> 
>>>>>>>>> and clients from all sorts of dangerous
>>>>>>>>> email content. Okay so far.
>>>>>>>>> But your users need to be able to send
>>>>>>>>> large files, executables, and all sorts
>>>>>>>>> of other things that they used to try to
>>>>>>>>> send by email. Some of these are
>>>>>>>>> restricted by MailScanner, others (such
>>>>>>>>> as large files) are restricted by your
>>>>>>>>> email system's capacity. And your users
>>>>>>>>> also need to be able to receive files
>>>>>>>>> from other
>>>>>>>>> 
>>>>>>> sites
>>>>>>> 
>>>>>>> 
>>>>>>>>> around the world, without having any
>>>>>>>>> username/password access to
>>>>>>>>> 
>>>>>>> your
>>>>>>> 
>>>>>>> 
>>>>>>>>> systems.
>>>>>>>>> And it needs to be secure.
>>>>>>>>> 
>>>>>>>>> So your users need to be able to send and
>>>>>>>>> receive all sort of files and email is
>>>>>>>>> not the right tool for the job.
>>>>>>>>> 
>>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>> 
>>>>>>>>> This is a simple web-based system where
>>>>>>>>> your users can send and receive files to
>>>>>>>>> and from anyone in the world, and yet it
>>>>>>>>> can't be used for public warez or porn
>>>>>>>>> sharing.
>>>>>>>>> 
>>>>>>>>> Anyone in the world can send files to you
>>>>>>>>> (but not to the rest of
>>>>>>>>> 
>>>>>>> the
>>>>>>> 
>>>>>>> 
>>>>>>>>> world), and your users can send files to
>>>>>>>>> anyone in the world. All uploaded files
>>>>>>>>> are scanned for viruses, so it's safe.
>>>>>>>>> Authentication of your users can be done
>>>>>>>>> via Active Directory, LDAP, IMAP or a
>>>>>>>>> static file. It's small, light-weight,
>>>>>>>>> simple and safe. It's all written in PHP
>>>>>>>>> so you can read the source and add or
>>>>>>>>> change features as you desire.
>>>>>>>>> 
>>>>>>>>> Take a look at
>>>>>>>>>              www.dropoff.me
>>>>>>>>> where you can read about it and download
>>>>>>>>> it.
>>>>>>>>> 
>>>>>>>>> It's entirely free and open source, of
>>>>>>>>> course.
>>>>>>>>> 
>>>>>>>>> Note: I did not write all of this.
>>>>>>>>> Dropoff is my fork of the "Dropbox"
>>>>>>>>> package originally written at the
>>>>>>>>> University of Delaware.
>>>>>>>>> 
>>>>>>> I
>>>>>>> 
>>>>>>> 
>>>>>>>>> have added new features and fixed some
>>>>>>>>> bugs. I intend to continue developing it
>>>>>>>>> as needed.
>>>>>>>>> 
>>>>>>>>> Let me know what you think!
>>>>>>>>> 
>>>>>>>>> Jules
>>>>>>>>> 
>>>>>>> Jules
>>>>>>> 
>>>>>>> --
>>>>>>> Julian Field MEng CITP CEng
>>>>>>> www.MailScanner.info
>>>>>>> Buy the MailScanner book at
>>>>>>> www.MailScanner.info/store
>>>>>>> 
>>>>>>> Need help customising MailScanner?
>>>>>>> Contact me!
>>>>>>> Need help fixing or optimising your
>>>>>>> systems? Contact me!
>>>>>>> Need help getting you started solving new
>>>>>>> requirements from your boss? Contact me!
>>>>>>> 
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
>>>>>>> 7222 11F6 5947 1415 B654 Follow me at
>>>>>>> twitter.com/JulesFM
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> This message has been scanned for viruses
>>>>>>> and dangerous content by MailScanner, and
>>>>>>> is believed to be clean.
>>>>>>> 
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner@lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listi
>>>>>>> nfo/mailscanner
>>>>>>> 
>>>>>>> Before posting, read
>>>>>>> http://wiki.mailscanner.info/posting
>>>>>>> 
>>>>>>> Support MailScanner development - buy the
>>>>>>> book off the website!
>>>>>>> 
>>>>> Jules
>>>>> 
>>>> Jules
>>>> 
>>>> --
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at
>>>> www.MailScanner.info/store
>>>> 
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new
>>>> requirements from your boss? Contact me!
>>>> 
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
>>>> 11F6 5947 1415 B654 Follow me at
>>>> twitter.com/JulesFM and twitter.com/MailScanner
>>>> 
>>>> 
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>> 
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/
>>>> mailscanner
>>>> 
>>>> Before posting, read
>>>> http://wiki.mailscanner.info/posting
>>>> 
>>>> Support MailScanner development - buy the book
>>>> off the website!
>>>> 
>>> 
>>> 
>>> 
>> 
>> Jules
>> 
>> --
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> 
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>> 
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>> 
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
> 
> 
> -- 
> Later
> 
> Mogens Melander
> 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mogens at fumlersoft.dk  Fri Jun 18 09:12:02 2010
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Fri Jun 18 09:12:17 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD4
	3B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<4C15EB25.7040703@ecs.soton.ac.uk>
	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>
	<201006150800.45872.dyioulos@firstbhph.com>
	<4C177BA1.2080705@ecs.soton.ac.uk>
	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>
	<43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>
	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
Message-ID: <907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>

Jules

I would love to see a 32-bit version at some point. But don't want
to take you away from more important stuff (like MailScanner).

Of the 7 servers i run myself, the latest is 7+ years old. They
would not be able to run 64-bit anything. Another thing. The closest
server is about 7000 miles away.

These servers are adequate for their tasks, and don't generate that
much income. Rack servers aren't that cheap in DK :)

On Fri, June 18, 2010 09:36, Julian Field wrote:
> I can try building a 32-bit version for you, but you will probably be limited to 2 Gbyte uploads.
> If that's not a problem for you, then I can do that. I probably won't have time to do it today as
> I've got a load of other things on right now, but if you're lucky I *might* do it this weekend.
>
> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been able to run 64-bit for
> quite a long time now. What's the advantage?
> --
> Jules
> Sent from my iPad over 3G :-)


-- 
Later

Mogens Melander



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From maillists at conactive.com  Fri Jun 18 12:52:55 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Fri Jun 18 12:53:09 2010
Subject: [Mailwatch-users] Whitelisting IP Ranges
In-Reply-To: <4C1B4F74.4080902@dcdata.co.za>
References: <4C1B4F74.4080902@dcdata.co.za>
Message-ID: <VA.00003b2d.0f7cccc5@news.conactive.com>

Neil Wilson wrote on Fri, 18 Jun 2010 12:50:28 +0200:

> I need to for example to whitelist 41.22.0.0/16 does MailWatch allow 
> this and what is the correct syntax?

You cannot use CIDRE ranges in that plugin. You could try part of the Ip 
number, e.g. "41.22.0." or "41.22.0".
Also, if you have to whitelist a certain range those machines usually have 
all the same domain, so you can whitelist by domain.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From maillists at conactive.com  Fri Jun 18 12:52:54 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Fri Jun 18 12:53:09 2010
Subject: Problem w/ MailScanner 4.79.11 only queueing mail
In-Reply-To: <20100618013942.M61960@skynap.net>
References: <20100618013942.M61960@skynap.net>
Message-ID: <VA.00003b2c.0f7cccc5@news.conactive.com>

-> MailScanner log
-> MailScanner --lint or --debug
-> something wrong with a dnsbl you use in MS?

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From lhaig at haigmail.com  Fri Jun 18 13:21:50 2010
From: lhaig at haigmail.com (Lance Haig)
Date: Fri Jun 18 13:22:19 2010
Subject: adding signature rules to signed messages
In-Reply-To: <4C1B1DA2.4020909@haigmail.com>
References: <4C1B1DA2.4020909@haigmail.com>
Message-ID: <4C1B64DE.9080305@haigmail.com>

I have read the changelog and I have seen that in version 4.14 back in 
2003 Julian added the fix for this.

I an see any docs on making changes to the mailscanner.conf to allow pgp 
messages to be signed without breaking the original pgp signature.

Can someone help or point me in the right direction please.

Lance


On 18/06/2010 08:17, Lance Haig wrote:
> Hi,
>
> We have noticed that if a message is signed and it comes in or out 
> when MS adds the footer it breaks the message signature.
>
> Has anyone seen this and how do you get around it.
>
> Thanks
>
> Lance
>
> -- 
> This message was scanned by Better Hosted and is believed to be clean.
> http://www.betterhosted.com
>


--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com

From Phil.Udel at SalemCorp.com  Fri Jun 18 13:35:03 2010
From: Phil.Udel at SalemCorp.com (Phil Udel)
Date: Fri Jun 18 13:35:34 2010
Subject: Inundated with this Attachment Email Spam
Message-ID: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>

Hi. I am running MS 4.65.3 and lately I have been inundated with this
Attachment Email that has the "Sell Virus Product" worm or worse.

 

Example:

 
<http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunde
red-spammers/>
http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunder
ed-spammers/

 

 
<http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup
-notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification
-zip.aspx>
http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup-
notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification-
zip.aspx

 

I have received over 9k of these puppies in the last 48 hours, and I block
about 99.995% of them, But 2 or 3 are getting thru each day.

 

What can I do to get these few that get by?

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100618/63dfae53/attachment.html
From dyioulos at firstbhph.com  Fri Jun 18 13:54:20 2010
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri Jun 18 13:55:09 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>
	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
Message-ID: <201006180854.20769.dyioulos@firstbhph.com>

Thanks, Julian, that would be great, and greatly 
appreciated!

Dimitri


On Friday 18 June 2010 3:36:42 am Julian Field 
wrote:
> I can try building a 32-bit version for you,
> but you will probably be limited to 2 Gbyte
> uploads. If that's not a problem for you, then
> I can do that. I probably won't have time to do
> it today as I've got a load of other things on
> right now, but if you're lucky I *might* do it
> this weekend.
>
> Out of Interest, why are you not moving to
> 64-bit? Modern CPUs have been able to run
> 64-bit for quite a long time now. What's the
> advantage? --
> Jules
> Sent from my iPad over 3G :-)
>
> On 18 Jun 2010, at 08:21 AM, "Mogens Melander" 
<mogens@fumlersoft.dk> wrote:
> > Well, i'm all 32-bit, as are my customers. So
> > i guess i'm not getting to try out this thing
> > anytime soon ;^)
> >
> > On Tue, June 15, 2010 15:09, Julian Field 
wrote:
> >> I'm afraid a 32-bit version is not going to
> >> be very high on my priority list, when
> >> everyone else in the world is adopting
> >> 64-bit if they haven't already.
> >>
> >> What's stopping you running the 64-bit
> >> version?
> >>
> >> On 15/06/2010 13:00, Dimitri Yioulos wrote:
> >>> Jules,
> >>>
> >>> Thanks so much for this handy new tool!
> >>>
> >>> Ours is a 32-bit shop.  I know you're
> >>> frightfully busy, but Is there any chance
> >>> you can create a 32-bit virtual machine
> >>> version?
> >>>
> >>> Thanks again.
> >>>
> >>> Dimitri
> >>>
> >>>
> >>> On Monday 14 June 2010 4:41:09 am Julian
> >>> Field
> >>>
> >>> wrote:
> >>>> I have just uploaded the VMWare disk image
> >>>> of a fully functional Dropoff system.
> >>>> There are some docs on the Dropoff.me
> >>>> website that will tell you how to
> >>>> configure it for your site once you've
> >>>> built a VM around it.
> >>>>
> >>>> Jules.
> >>>>
> >>>> On 13/06/2010 20:45, Jules Field wrote:
> >>>>> I'm just about to put up a VMDK (i.e.
> >>>>> VMWare virtual disk image) of it, which
> >>>>> will save you all a lot of work
> >>>>> configuring it and fixing bugs in PHP
> >>>>> that prevent large uploads.
> >>>>>
> >>>>> The documentation text is already
> >>>>> written, I've just got to get the VMDK
> >>>>> off my vSphere.
> >>>>>
> >>>>> Jules.
> >>>>>
> >>>>> On 13/06/2010 20:36, Jason Ede wrote:
> >>>>>> It looks fantastic Jules, will
> >>>>>> definitely download it and have a play.
> >>>>>>
> >>>>>> Jason
> >>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From:
> >>>>>>> mailscanner-bounces@lists.mailscanner.i
> >>>>>>>nfo [mailto:mailscanner-
> >>>>>>> bounces@lists.mailscanner.info] On
> >>>>>>> Behalf Of Jules Field Sent: 13 June
> >>>>>>> 2010 19:30 To: MailScanner discussion
> >>>>>>> Subject: Re: MailScanner ANNOUNCE:
> >>>>>>> Dropoff
> >>>>>>>
> >>>>>>> Thanks for the comment.
> >>>>>>>
> >>>>>>> As for integrating it, that counts as
> >>>>>>> 'user front-end interface' in
> >>>>>>> MailScanner, which is an area I have
> >>>>>>> never got involved in. So it will
> >>>>>>> remain a separate project for the time
> >>>>>>> being, albeit one which MailScanner
> >>>>>>> admins might like to install for their
> >>>>>>> users' benefit.
> >>>>>>>
> >>>>>>> Jules.
> >>>>>>>
> >>>>>>> On 13/06/2010 05:11, Supun Rathnayake 
wrote:
> >>>>>>>> Hi jules,
> >>>>>>>>
> >>>>>>>> Thank you very much for the
> >>>>>>>> interesting tool, very much essential
> >>>>>>>> for the obvious reasons that you have
> >>>>>>>> explained.
> >>>>>>>>
> >>>>>>>> This is just an idea, how about
> >>>>>>>> integrating this tool with
> >>>>>>>
> >>>>>>> MailScanner
> >>>>>>>
> >>>>>>>> for quarantine management.
> >>>>>>>>
> >>>>>>>> Thanks,
> >>>>>>>> Supun.
> >>>>>>>>
> >>>>>>>> On 06/12/2010 08:41 PM, Jules Field 
wrote:
> >>>>>>>>> The Scenario:
> >>>>>>>>>
> >>>>>>>>> You have installed MailScanner at
> >>>>>>>>> your site to protect all your
> >>>>>>>
> >>>>>>> users
> >>>>>>>
> >>>>>>>>> and clients from all sorts of
> >>>>>>>>> dangerous email content. Okay so far.
> >>>>>>>>> But your users need to be able to
> >>>>>>>>> send large files, executables, and
> >>>>>>>>> all sorts of other things that they
> >>>>>>>>> used to try to send by email. Some of
> >>>>>>>>> these are restricted by MailScanner,
> >>>>>>>>> others (such as large files) are
> >>>>>>>>> restricted by your email system's
> >>>>>>>>> capacity. And your users also need to
> >>>>>>>>> be able to receive files from other
> >>>>>>>
> >>>>>>> sites
> >>>>>>>
> >>>>>>>>> around the world, without having any
> >>>>>>>>> username/password access to
> >>>>>>>
> >>>>>>> your
> >>>>>>>
> >>>>>>>>> systems.
> >>>>>>>>> And it needs to be secure.
> >>>>>>>>>
> >>>>>>>>> So your users need to be able to send
> >>>>>>>>> and receive all sort of files and
> >>>>>>>>> email is not the right tool for the
> >>>>>>>>> job.
> >>>>>>>>>
> >>>>>>>>> Say "Hello!" to Dropoff.
> >>>>>>>>>
> >>>>>>>>> This is a simple web-based system
> >>>>>>>>> where your users can send and receive
> >>>>>>>>> files to and from anyone in the
> >>>>>>>>> world, and yet it can't be used for
> >>>>>>>>> public warez or porn sharing.
> >>>>>>>>>
> >>>>>>>>> Anyone in the world can send files to
> >>>>>>>>> you (but not to the rest of
> >>>>>>>
> >>>>>>> the
> >>>>>>>
> >>>>>>>>> world), and your users can send files
> >>>>>>>>> to anyone in the world. All uploaded
> >>>>>>>>> files are scanned for viruses, so
> >>>>>>>>> it's safe. Authentication of your
> >>>>>>>>> users can be done via Active
> >>>>>>>>> Directory, LDAP, IMAP or a static
> >>>>>>>>> file. It's small, light-weight,
> >>>>>>>>> simple and safe. It's all written in
> >>>>>>>>> PHP so you can read the source and
> >>>>>>>>> add or change features as you desire.
> >>>>>>>>>
> >>>>>>>>> Take a look at
> >>>>>>>>>              www.dropoff.me
> >>>>>>>>> where you can read about it and
> >>>>>>>>> download it.
> >>>>>>>>>
> >>>>>>>>> It's entirely free and open source,
> >>>>>>>>> of course.
> >>>>>>>>>
> >>>>>>>>> Note: I did not write all of this.
> >>>>>>>>> Dropoff is my fork of the "Dropbox"
> >>>>>>>>> package originally written at the
> >>>>>>>>> University of Delaware.
> >>>>>>>
> >>>>>>> I
> >>>>>>>
> >>>>>>>>> have added new features and fixed
> >>>>>>>>> some bugs. I intend to continue
> >>>>>>>>> developing it as needed.
> >>>>>>>>>
> >>>>>>>>> Let me know what you think!
> >>>>>>>>>
> >>>>>>>>> Jules
> >>>>>>>
> >>>>>>> Jules
> >>>>>>>
> >>>>>>> --
> >>>>>>> Julian Field MEng CITP CEng
> >>>>>>> www.MailScanner.info
> >>>>>>> Buy the MailScanner book at
> >>>>>>> www.MailScanner.info/store
> >>>>>>>
> >>>>>>> Need help customising MailScanner?
> >>>>>>> Contact me!
> >>>>>>> Need help fixing or optimising your
> >>>>>>> systems? Contact me!
> >>>>>>> Need help getting you started solving
> >>>>>>> new requirements from your boss?
> >>>>>>> Contact me!
> >>>>>>>
> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
> >>>>>>> 7222 11F6 5947 1415 B654 Follow me at
> >>>>>>> twitter.com/JulesFM
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> This message has been scanned for
> >>>>>>> viruses and dangerous content by
> >>>>>>> MailScanner, and is believed to be
> >>>>>>> clean.
> >>>>>>>
> >>>>>>> --
> >>>>>>> MailScanner mailing list
> >>>>>>> mailscanner@lists.mailscanner.info
> >>>>>>> http://lists.mailscanner.info/mailman/l
> >>>>>>>isti nfo/mailscanner
> >>>>>>>
> >>>>>>> Before posting, read
> >>>>>>> http://wiki.mailscanner.info/posting
> >>>>>>>
> >>>>>>> Support MailScanner development - buy
> >>>>>>> the book off the website!
> >>>>>
> >>>>> Jules
> >>>>
> >>>> Jules
> >>>>
> >>>> --
> >>>> Julian Field MEng CITP CEng
> >>>> www.MailScanner.info
> >>>> Buy the MailScanner book at
> >>>> www.MailScanner.info/store
> >>>>
> >>>> Need help customising MailScanner?
> >>>> Contact me!
> >>>> Need help fixing or optimising your
> >>>> systems? Contact me!
> >>>> Need help getting you started solving new
> >>>> requirements from your boss? Contact me!
> >>>>
> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
> >>>> 7222 11F6 5947 1415 B654 Follow me at
> >>>> twitter.com/JulesFM and
> >>>> twitter.com/MailScanner
> >>>>
> >>>>
> >>>> --
> >>>> This message has been scanned for viruses
> >>>> and dangerous content by MailScanner, and
> >>>> is believed to be clean.
> >>>>
> >>>> --
> >>>> MailScanner mailing list
> >>>> mailscanner@lists.mailscanner.info
> >>>> http://lists.mailscanner.info/mailman/list
> >>>>info/ mailscanner
> >>>>
> >>>> Before posting, read
> >>>> http://wiki.mailscanner.info/posting
> >>>>
> >>>> Support MailScanner development - buy the
> >>>> book off the website!
> >>
> >> Jules
> >>
> >> --
> >> Julian Field MEng CITP CEng
> >> www.MailScanner.info
> >> Buy the MailScanner book at
> >> www.MailScanner.info/store
> >>
> >> Need help customising MailScanner?
> >> Contact me!
> >> Need help fixing or optimising your systems?
> >> Contact me!
> >> Need help getting you started solving new
> >> requirements from your boss? Contact me!
> >>
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
> >> 11F6 5947 1415 B654 Follow me at
> >> twitter.com/JulesFM and
> >> twitter.com/MailScanner
> >>
> >>
> >> --
> >> This message has been scanned for viruses
> >> and dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listin
> >>fo/mailscanner
> >>
> >> Before posting, read
> >> http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the
> >> book off the website!
> >>
> >> --
> >> This message has been scanned for viruses
> >> and dangerous content by MailScanner, and is
> >> believed to be clean.
> >
> > --
> > Later
> >
> > Mogens Melander
> >
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinf
> >o/mailscanner
> >
> > Before posting, read
> > http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the
> > book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/
>mailscanner
>
> Before posting, read
> http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book
> off the website!



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From willm at merkens.ca  Fri Jun 18 15:22:01 2010
From: willm at merkens.ca (Will Merkens)
Date: Fri Jun 18 15:22:37 2010
Subject: Start/Stop script for mailScanner
In-Reply-To: <4C1A3D6E.3060506@USherbrooke.ca>
References: <4C14D405.2000502@merkens.ca>	<B1C48413-11E7-4172-8C08-E1C17ED72817@fsl.com>	<4C17F39D.9020803@merkens.ca>	<4C18C534.40500@USherbrooke.ca>	<4C1A3899.3000407@merkens.ca>
	<4C1A3D6E.3060506@USherbrooke.ca>
Message-ID: <4C1B8109.7020304@merkens.ca>


> Will,
>
> The folliwing code is executed by "service MailScanner start" to start
> your clientmqueue sendmail process:
>         touch /var/run/sm-client.pid
>         chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid 2>/dev/null
>         $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID 2>/dev/null
>
> You can modify the script to get some debugging (modify the lines in
> /etc/init.d/MailScanner):
>         touch /var/run/sm-client.pid
>         chown $MSPUSER:$MSPGROUP /var/run/sm-client.pid
>         $SENDMAIL -L sm-msp-queue -Ac -q15m -OPidFile=$SMPID
>
> Now do "service MailScanner stop", kill your remaining sendmail
> process and do "service MailScanner start". If there are any error
> messages when starting your sendmail process they should now appear on
> your terminal.
>
> I am guessing your smmsp user does not have access to your /var/run
> directory.
>
> Denis
>
ok this narrowed it down, it was the MSPUSER and MSPGROUP, if I set them
to 'mail' in /etc/sysconfig/MailScanner the pid file was created
correctly and start/stop worked as intended.

Further digging seems to have dug up what I believe to be a Mandriva
2010 bug in the setups up sendmail.

If I look at /etc/passwd and group I can see that the three accounts
created for sendmail are there.

mail:x:8:12:mail:/var/spool/mail:/bin/sh
mailnull:x:75:75:system user for sendmail:/var/spool/mqueue:/dev/null
smmsp:x:76:76:system user for sendmail:/var/spool/mqueue:/dev/null

but is missing a optional 'smmta' user

So when I removed the 2>/dev/null to see debug output, nothing appeared
because the user smmsp exists.

I found this section from the sendmail security doc's

-r-xr-sr-x root  smmsp ... /PATH/TO/sendmail
drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue
drwx------ root  wheel ... /var/spool/mqueue
-r--r--r-- root  wheel ... /etc/mail/sendmail.cf
-r--r--r-- root  wheel ... /etc/mail/submit.cf

[Notice: On some OS "wheel" is not used but "bin" or "root" instead,
however, this is not important here.]

That is, the owner of sendmail is root, the group is smmsp, and the binary
is set-group-ID. The client mail queue is owned by smmsp with group smmsp
and is group writable. The client mail queue directory must be writable by
smmsp, but it must not be accessible for others. That is, do not use world
read or execute permissions. In submit.cf the option UseMSP must be set,
and QueueFileMode must be set to 0660.

I see how they intended the perms and users/groups should go

but in Mandriva 2010

-r-xr-sr-x  1 root   mail 765504 2010-01-12 06:00
/usr/sbin/sendmail.sendmail*
drwxrwx---  2 mail   mail      6 2010-06-18 04:03 clientmqueue/
drwxr-x---  2 root   mail      6 2010-06-18 07:36 mqueue/
-r--r--r--  1 root   mail 65237 2010-04-12 13:48 sendmail.cf
-r--r--r--  1 root   mail 41313 2010-01-12 06:00 submit.cf

and if I grep /etc/mail/*.cf for RunAsUser

sendmail.cf:#O RunAsUser=sendmail
submit.cf:O RunAsUser=mail:mail

It look's to me that Mandriva half did the config, this all looks like
the older way that sendmail use to operate as.

it work's now running as user 'mail', I had a look at correcting the
ownership's of the various files/dirs but there seems to be a lot tied
to the user 'mail' and group 'mail' that I think for the moment will
leave alone.

Thanks for the help.





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Phil.Udel at SalemCorp.com  Fri Jun 18 17:30:32 2010
From: Phil.Udel at SalemCorp.com (Phil Udel)
Date: Fri Jun 18 17:31:28 2010
Subject: Inundated with this Attachment Email Spam
In-Reply-To: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
References: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
Message-ID: <57848AA85E6F4C939CEA5290FCBA60A0@salemcorp.com>

If I install and run the Sophos Virus will that stop the .html virus spam as
<http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirbo.h
tml> JS/Redir-BO ?
 
http://www.sophos.com/blogs/gc/g/2010/06/18/adultfriendfinder-messages-spam-
campaign-hits-hard/

  _____  

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel
Sent: Friday, June 18, 2010 8:35 AM
To: mailscanner@lists.mailscanner.info
Subject: Inundated with this Attachment Email Spam


Hi. I am running MS 4.65.3 and lately I have been inundated with this
Attachment Email that has the "Sell Virus Product" worm or worse.

 

Example:

 
<http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunde
red-spammers/>
http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunder
ed-spammers/

 

 
<http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup
-notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification
-zip.aspx>
http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup-
notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification-
zip.aspx

 

I have received over 9k of these puppies in the last 48 hours, and I block
about 99.995% of them, But 2 or 3 are getting thru each day.

 

What can I do to get these few that get by?

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100618/d2eecd5f/attachment.html
From steve.freegard at fsl.com  Fri Jun 18 18:31:27 2010
From: steve.freegard at fsl.com (Steve Freegard)
Date: Fri Jun 18 18:31:39 2010
Subject: Inundated with this Attachment Email Spam
In-Reply-To: <57848AA85E6F4C939CEA5290FCBA60A0@salemcorp.com>
References: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
	<57848AA85E6F4C939CEA5290FCBA60A0@salemcorp.com>
Message-ID: <4C1BAD6F.1040305@fsl.com>

Seems excessive when you can get these easily using SA rules... note 
*UNTESTED RULES* you'll need to try them and then increase the scores of 
FSL_RTF_SPAM.

header FSL_CTYPE_APP  Content-Type =~ /application\//
describe FSL_CTYPE_APP  Message has a top-level MIME type of application/*
score  FSL_CTYPE_APP  0.01

header __FSL_CTYPE_RTF Content-Type =~ /\.rtf"/

meta FSL_RTF_SPAM  (FSL_CTYPE_APP && __FSL_CTYPE_RTF)
describe FSL_RTF_SPAM Likely RTF spam with application/octet-stream MIME 
type
score FSL_RTF_SPAM 0.01

Regards,
Steve.

On 18/06/10 17:30, Phil Udel wrote:
> If I install and run the Sophos Virus will that stop the .html virus
> spam as JS/Redir-BO
> <http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirbo.html>
> ?
> http://www.sophos.com/blogs/gc/g/2010/06/18/adultfriendfinder-messages-spam-campaign-hits-hard/
>
> ------------------------------------------------------------------------
> *From:* mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Phil Udel
> *Sent:* Friday, June 18, 2010 8:35 AM
> *To:* mailscanner@lists.mailscanner.info
> *Subject:* Inundated with this Attachment Email Spam
>
> Hi. I am running MS 4.65.3 and lately I have been inundated with this
> Attachment Email that has the ?Sell Virus Product? worm or worse.
>
> Example:
>
> http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plundered-spammers/
>
> http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup-notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification-zip.aspx
>
> I have received over 9k of these puppies in the last 48 hours, and I
> block about 99.995% of them, But 2 or 3 are getting thru each day.
>
> What can I do to get these few that get by?
>

From rob at kettle.org.uk  Fri Jun 18 18:54:55 2010
From: rob at kettle.org.uk (Rob Kettle)
Date: Fri Jun 18 18:55:50 2010
Subject: How to send Mail to another server
In-Reply-To: <VA.00003b2c.0f7cccc5@news.conactive.com>
References: <20100618013942.M61960@skynap.net>
	<VA.00003b2c.0f7cccc5@news.conactive.com>
Message-ID: <4C1BB2EF.1080609@kettle.org.uk>

Hi,

apologies if I missed the obvious but is there a way in sendmail and 
mailscanner (running on Centos) to locally deliver mail by default but 
deliver to another mail server for certain addresses. Any suggestions 
appreciated.

ie.  everything@somedomain.co.uk  is delivered to local accounts on the 
server but
       specific_user@somedomain.co.uk is passed off to another server.

many thanks
Rob



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Fri Jun 18 19:14:57 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jun 18 19:15:25 2010
Subject: Sender check and smf-sav
In-Reply-To: <1276718476.32610.190.camel@localhost>
References: <201006161102.o5GB0KET017867@safir.blacknight.ie>
	<1276718476.32610.190.camel@localhost>
Message-ID: <hvgd33$2hu$1@dough.gmane.org>

on 6-16-2010 1:01 PM Juan Pablo Lorier spake the following:
> Hi,
> 
> I'm setting a new mailscanner server and to prevent from receiving forged emails I've set smf-sav milter to check sender.
> The problem is that it's rejecting valid accounts (i.e. my account from yahoo).
> Is there a better way to get smf and sender check?
> Regards,
> 
Just be aware that doing sender callouts can also get you on a blacklist. Be
aware.

From ms-list at alexb.ch  Fri Jun 18 19:15:20 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Jun 18 19:15:34 2010
Subject: Inundated with this Attachment Email Spam
In-Reply-To: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
References: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
Message-ID: <4C1BB7B8.3000805@alexb.ch>

On 2010-06-18 14:35, Phil Udel wrote:
> Hi. I am running MS 4.65.3 and lately I have been inundated with this
> Attachment Email that has the "Sell Virus Product" worm or worse.
> 

the attached ClamAV sig file should take care of them.
just dum in your clamav's signature folder

Please pardon me if I've done something VERY forbidden by posting this 
little file - ClamAV doesn't detect them (yet) and not everybody has Sophos

h2h

Alex

> 
> Example:
> 
>  
> <http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunde
> red-spammers/>
> http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plunder
> ed-spammers/
> 
>  
> 
>  
> <http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup
> -notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification
> -zip.aspx>
> http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup-
> notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification-
> zip.aspx
> 
>  
> 
> I have received over 9k of these puppies in the last 48 hours, and I block
> about 99.995% of them, But 2 or 3 are getting thru each day.
> 
>  
> 
> What can I do to get these few that get by?
> 
>  
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: axb-sig.zip
Type: application/x-zip-compressed
Size: 436 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100618/b04741b3/axb-sig.bin
From alex at rtpty.com  Fri Jun 18 20:09:27 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Jun 18 20:37:14 2010
Subject: How to send Mail to another server
In-Reply-To: <4C1BB2EF.1080609@kettle.org.uk>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>
Message-ID: <861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>

Mailertable if using sendmail. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Rob Kettle <rob@kettle.org.uk>
Date: Fri, 18 Jun 2010 18:54:55 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Subject: How to send Mail to another server

Hi,

apologies if I missed the obvious but is there a way in sendmail and 
mailscanner (running on Centos) to locally deliver mail by default but 
deliver to another mail server for certain addresses. Any suggestions 
appreciated.

ie.  everything@somedomain.co.uk  is delivered to local accounts on the 
server but
       specific_user@somedomain.co.uk is passed off to another server.

many thanks
Rob



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From ssilva at sgvwater.com  Fri Jun 18 21:02:37 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jun 18 21:03:06 2010
Subject: No longer getting any emails through MailScanner...
In-Reply-To: <E3173EEE1C6B4D43A64141182AC1419C@GCPNB3>
References: <E3173EEE1C6B4D43A64141182AC1419C@GCPNB3>
Message-ID: <hvgjcv$o6l$1@dough.gmane.org>

on 6-17-2010 6:31 PM Clay Goss spake the following:
> If I start MailScanner, no emails get through.  Using Top, I can see it
> running, processing inbound mail, but it is all blocked.
> 
> Where should I start to troubleshoot?  
> 
> Thanks,
> Clay
> 
> 
You can start by giving some details. OS... IS this a new installation or has
it been in service.
Did you do anything? Did someone else? Updates... changes...
If it was working, when did it stop?
ETC...

From ssilva at sgvwater.com  Fri Jun 18 21:21:09 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri Jun 18 21:21:41 2010
Subject: No longer getting any emails through MailScanner...
In-Reply-To: <B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3>
References: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry>
	<B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3>
Message-ID: <hvgkfo$tbf$1@dough.gmane.org>

on 6-17-2010 7:04 PM Clay Goss spake the following:
> Alex,
> 
> Thank you for the response.  Please excuse my rust at the admin of Linux and
> associated processes as I built this system years ago and, for good or
> perhaps bad, it has not required much attention.
> 
If you want a robust system, MailScanner is not maintenance free. You have to
keep up with it. It is not hard, but needs a bit of touch up now and again.

From alex at rtpty.com  Fri Jun 18 21:28:20 2010
From: alex at rtpty.com (Alex Neuman)
Date: Fri Jun 18 21:28:41 2010
Subject: No longer getting any emails through MailScanner...
In-Reply-To: <hvgkfo$tbf$1@dough.gmane.org>
References: <1669625154-1276825315-cardhu_decombobulator_blackberry.rim.net-229157305-@bda942.bisx.prod.on.blackberry><B0BB7B3FA48A47D09CDA67B1C2FCD6E7@GCPNB3><hvgkfo$tbf$1@dough.gmane.org>
Message-ID: <620547884-1276892905-cardhu_decombobulator_blackberry.rim.net-1558491745-@bda942.bisx.prod.on.blackberry>

Specially because it depends on components that change/improve/disappear over time. Changes to Clam, SA, RBL's and such can break a neglected system. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Scott Silva <ssilva@sgvwater.com>
Date: Fri, 18 Jun 2010 13:21:09 
To: <mailscanner@lists.mailscanner.info>
Subject: Re: No longer getting any emails through MailScanner...

on 6-17-2010 7:04 PM Clay Goss spake the following:
> Alex,
> 
> Thank you for the response.  Please excuse my rust at the admin of Linux and
> associated processes as I built this system years ago and, for good or
> perhaps bad, it has not required much attention.
> 
If you want a robust system, MailScanner is not maintenance free. You have to
keep up with it. It is not hard, but needs a bit of touch up now and again.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From rcooper at dwford.com  Fri Jun 18 22:16:45 2010
From: rcooper at dwford.com (Rick Cooper)
Date: Fri Jun 18 22:16:57 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk><4C15EB25.7040703@ecs.soton.ac.uk><EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk><201006150800.45872.dyioulos@firstbhph.com><4C177BA1.2080705@ecs.soton.ac.uk><EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk><43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk><DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
Message-ID: <E5CDF649E6DB49EE9FC3E3B91DC68146@SAHOMELT>

----Original Message----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field Sent: Friday, June 18, 2010 3:37 AM To: MailScanner discussion
Subject: Re: MailScanner ANNOUNCE: Dropoff

> I can try building a 32-bit version for you, but you will probably be
> limited to 2 Gbyte uploads. If that's not a problem for you, then I can
> do that. I probably won't have time to do it today as I've got a load of
> other things on right now, but if you're lucky I *might* do it this
> weekend.  

If you do you may want to look at http://bugs.php.net/bug.php?id=48886, IIRC
it can be applied to 5.3.o but I am not sure
If it has been successfully appied to  to later versions or not. I have been
thinking of trying it but haven't gotten
Around to it since I get around the various stat/filesize/etc with a custom
function that handles any size the os can
Handle.


> 
> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been
> able to run 64-bit for quite a long time now. What's the advantage? --
> Jules
> Sent from my iPad over 3G :-)
> 
> On 18 Jun 2010, at 08:21 AM, "Mogens Melander" <mogens@fumlersoft.dk>
> wrote: 
> 
>> Well, i'm all 32-bit, as are my customers. So i guess i'm not
>> getting to try out this thing anytime soon ;^)
>> 
>> On Tue, June 15, 2010 15:09, Julian Field wrote:
>>> I'm afraid a 32-bit version is not going to be very high on my priority
>>> list, when everyone else in the world is adopting 64-bit if they
>>> haven't already. 
>>> 
>>> What's stopping you running the 64-bit version?
>>> 
>>> On 15/06/2010 13:00, Dimitri Yioulos wrote:
>>>> Jules,
>>>> 
>>>> Thanks so much for this handy new tool!
>>>> 
>>>> Ours is a 32-bit shop.  I know you're frightfully
>>>> busy, but Is there any chance you can create a
>>>> 32-bit virtual machine version?
>>>> 
>>>> Thanks again.
>>>> 
>>>> Dimitri
>>>> 
>>>> 
>>>> On Monday 14 June 2010 4:41:09 am Julian Field
>>>> wrote:
>>>> 
>>>>> I have just uploaded the VMWare disk image of a
>>>>> fully functional Dropoff system. There are some
>>>>> docs on the Dropoff.me website that will tell
>>>>> you how to configure it for your site once
>>>>> you've built a VM around it.
>>>>> 
>>>>> Jules.
>>>>> 
>>>>> On 13/06/2010 20:45, Jules Field wrote:
>>>>> 
>>>>>> I'm just about to put up a VMDK (i.e. VMWare
>>>>>> virtual disk image) of it, which will save
>>>>>> you all a lot of work configuring it and
>>>>>> fixing bugs in PHP that prevent large
>>>>>> uploads.
>>>>>> 
>>>>>> The documentation text is already written,
>>>>>> I've just got to get the VMDK off my vSphere.
>>>>>> 
>>>>>> Jules.
>>>>>> 
>>>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>>> 
>>>>>>> It looks fantastic Jules, will definitely
>>>>>>> download it and have a play.
>>>>>>> 
>>>>>>> Jason
>>>>>>> 
>>>>>>> 
>>>>>>>> -----Original Message-----
>>>>>>>> From:
>>>>>>>> mailscanner-bounces@lists.mailscanner.info
>>>>>>>> [mailto:mailscanner-
>>>>>>>> bounces@lists.mailscanner.info] On Behalf
>>>>>>>> Of Jules Field Sent: 13 June 2010 19:30
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>>> 
>>>>>>>> Thanks for the comment.
>>>>>>>> 
>>>>>>>> As for integrating it, that counts as 'user
>>>>>>>> front-end interface' in MailScanner, which
>>>>>>>> is an area I have never got involved in. So
>>>>>>>> it will remain a separate project for the
>>>>>>>> time being, albeit one which MailScanner
>>>>>>>> admins might like to install for their
>>>>>>>> users' benefit.
>>>>>>>> 
>>>>>>>> Jules.
>>>>>>>> 
>>>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>>> 
>>>>>>>>> Hi jules,
>>>>>>>>> 
>>>>>>>>> Thank you very much for the interesting
>>>>>>>>> tool, very much essential for the obvious
>>>>>>>>> reasons that you have explained.
>>>>>>>>> 
>>>>>>>>> This is just an idea, how about
>>>>>>>>> integrating this tool with
>>>>>>>>> 
>>>>>>>> MailScanner
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> for quarantine management.
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> Supun.
>>>>>>>>> 
>>>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>>> 
>>>>>>>>>> The Scenario:
>>>>>>>>>> 
>>>>>>>>>> You have installed MailScanner at your
>>>>>>>>>> site to protect all your
>>>>>>>>>> 
>>>>>>>> users
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>> and clients from all sorts of dangerous
>>>>>>>>>> email content. Okay so far.
>>>>>>>>>> But your users need to be able to send
>>>>>>>>>> large files, executables, and all sorts
>>>>>>>>>> of other things that they used to try to
>>>>>>>>>> send by email. Some of these are
>>>>>>>>>> restricted by MailScanner, others (such
>>>>>>>>>> as large files) are restricted by your
>>>>>>>>>> email system's capacity. And your users
>>>>>>>>>> also need to be able to receive files
>>>>>>>>>> from other
>>>>>>>>>> 
>>>>>>>> sites
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>> around the world, without having any
>>>>>>>>>> username/password access to
>>>>>>>>>> 
>>>>>>>> your
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>> systems.
>>>>>>>>>> And it needs to be secure.
>>>>>>>>>> 
>>>>>>>>>> So your users need to be able to send and
>>>>>>>>>> receive all sort of files and email is
>>>>>>>>>> not the right tool for the job.
>>>>>>>>>> 
>>>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>>> 
>>>>>>>>>> This is a simple web-based system where
>>>>>>>>>> your users can send and receive files to
>>>>>>>>>> and from anyone in the world, and yet it
>>>>>>>>>> can't be used for public warez or porn
>>>>>>>>>> sharing.
>>>>>>>>>> 
>>>>>>>>>> Anyone in the world can send files to you
>>>>>>>>>> (but not to the rest of
>>>>>>>>>> 
>>>>>>>> the
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>> world), and your users can send files to
>>>>>>>>>> anyone in the world. All uploaded files
>>>>>>>>>> are scanned for viruses, so it's safe.
>>>>>>>>>> Authentication of your users can be done
>>>>>>>>>> via Active Directory, LDAP, IMAP or a
>>>>>>>>>> static file. It's small, light-weight,
>>>>>>>>>> simple and safe. It's all written in PHP
>>>>>>>>>> so you can read the source and add or
>>>>>>>>>> change features as you desire.
>>>>>>>>>> 
>>>>>>>>>> Take a look at
>>>>>>>>>>              www.dropoff.me
>>>>>>>>>> where you can read about it and download
>>>>>>>>>> it.
>>>>>>>>>> 
>>>>>>>>>> It's entirely free and open source, of
>>>>>>>>>> course.
>>>>>>>>>> 
>>>>>>>>>> Note: I did not write all of this.
>>>>>>>>>> Dropoff is my fork of the "Dropbox"
>>>>>>>>>> package originally written at the
>>>>>>>>>> University of Delaware.
>>>>>>>>>> 
>>>>>>>> I
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>> have added new features and fixed some
>>>>>>>>>> bugs. I intend to continue developing it
>>>>>>>>>> as needed.
>>>>>>>>>> 
>>>>>>>>>> Let me know what you think!
>>>>>>>>>> 
>>>>>>>>>> Jules
>>>>>>>>>> 
>>>>>>>> Jules
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Julian Field MEng CITP CEng
>>>>>>>> www.MailScanner.info
>>>>>>>> Buy the MailScanner book at
>>>>>>>> www.MailScanner.info/store
>>>>>>>> 
>>>>>>>> Need help customising MailScanner?
>>>>>>>> Contact me!
>>>>>>>> Need help fixing or optimising your
>>>>>>>> systems? Contact me!
>>>>>>>> Need help getting you started solving new
>>>>>>>> requirements from your boss? Contact me!
>>>>>>>> 
>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
>>>>>>>> 7222 11F6 5947 1415 B654 Follow me at
>>>>>>>> twitter.com/JulesFM
>>>>>>>> 
>>>>>>>> 
>>>>>>>> --
>>>>>>>> This message has been scanned for viruses
>>>>>>>> and dangerous content by MailScanner, and
>>>>>>>> is believed to be clean.
>>>>>>>> 
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner@lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listi
>>>>>>>> nfo/mailscanner
>>>>>>>> 
>>>>>>>> Before posting, read
>>>>>>>> http://wiki.mailscanner.info/posting
>>>>>>>> 
>>>>>>>> Support MailScanner development - buy the
>>>>>>>> book off the website!
>>>>>>>> 
>>>>>> Jules
>>>>>> 
>>>>> Jules
>>>>> 
>>>>> --
>>>>> Julian Field MEng CITP CEng
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at
>>>>> www.MailScanner.info/store
>>>>> 
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your systems?
>>>>> Contact me!
>>>>> Need help getting you started solving new
>>>>> requirements from your boss? Contact me!
>>>>> 
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
>>>>> 11F6 5947 1415 B654 Follow me at
>>>>> twitter.com/JulesFM and twitter.com/MailScanner
>>>>> 
>>>>> 
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>> 
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/
>>>>> mailscanner
>>>>> 
>>>>> Before posting, read
>>>>> http://wiki.mailscanner.info/posting
>>>>> 
>>>>> Support MailScanner development - buy the book
>>>>> off the website!
>>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> Jules
>>> 
>>> --
>>> Julian Field MEng CITP CEng
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> 
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your boss?
>>> Contact me! 
>>> 
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>> 
>>> 
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> 
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>>> 
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> 
>> 
>> 
>> --
>> Later
>> 
>> Mogens Melander
>> 
>> 
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From peter at farrows.org  Fri Jun 18 22:56:16 2010
From: peter at farrows.org (Peter Farrow)
Date: Fri Jun 18 22:56:30 2010
Subject: How to send Mail to another server
In-Reply-To: <861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>
	<861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>
Message-ID: <4C1BEB80.8070404@farrows.org>

To pass off  specific_user@somedomain.co.uk, when the server already 
delivers locally will require a sub domain or alternate hidden domain to 
move the mail onto for that specific user.

For example, if sendmail has somedmain.co.uk in its local-host-names 
then all mail for that domain is considered local.

The only way to redirect a mail for a specific user is to either have a 
separate address for that user which is hosted by the other server and 
referenced either by MX or mailertable, or to deliver directly to the 
fully qualified domain name of the other server as follows:

since the server already handles everything@somedomain.co.uk, if you are 
using a virtusertable you can add a line like this:

specific_user@somedomain.co.uk            
specific_user@otherservername.somedomain.co.uk

if you are not using a virtusertable you can add it to /etc/aliases

specific_user:            specific_user@otherservername.somedomain.co.uk

and run newaliases after the change.

you can check delivery with:

sendmail -bv specific_user

Don't forget to make sure the the other server is configured to accept 
mail delivered to its fully qualified hostname,

Regards

Pete




On 18/06/2010 20:09, Alex Neuman wrote:
> Mailertable if using sendmail.
> --
>
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com
>
> -----Original Message-----
> From: Rob Kettle<rob@kettle.org.uk>
> Date: Fri, 18 Jun 2010 18:54:55
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Subject: How to send Mail to another server
>
> Hi,
>
> apologies if I missed the obvious but is there a way in sendmail and
> mailscanner (running on Centos) to locally deliver mail by default but
> deliver to another mail server for certain addresses. Any suggestions
> appreciated.
>
> ie.  everything@somedomain.co.uk  is delivered to local accounts on the
> server but
>         specific_user@somedomain.co.uk is passed off to another server.
>
> many thanks
> Rob
>
>
>
>    


-- 
horizontal ruler

Peter Farrow
avatar 	
______________________
Home: 	01249 654183
Fax: 	01249 461 548
Mobile: 	07799605617
Skype: 	peter_farrow
Web: 	www.peterfarrow.com <http://www.peterfarrow.com>

-------------- next part --------------
Skipped content of type multipart/related
From hugo at skynap.net  Fri Jun 18 23:25:39 2010
From: hugo at skynap.net (hugo@skynap.net)
Date: Fri Jun 18 23:27:05 2010
Subject: Problem w/ MailScanner 4.79.11 only queueing mail
In-Reply-To: <VA.00003b2c.0f7cccc5@news.conactive.com>
References: <20100618013942.M61960@skynap.net>
	<VA.00003b2c.0f7cccc5@news.conactive.com>
Message-ID: <20100618222416.M73437@skynap.net>

Thanks
The problem turned out to be with ClamAv, Will keep an eye on this in the future

Regards

On Fri, 18 Jun 2010 13:52:54 +0200, Kai Schaetzl wrote
> -> MailScanner log
> -> MailScanner --lint or --debug
> -> something wrong with a dnsbl you use in MS?
> 
> Kai
> 
> -- 
> Get your web at Conactive Internet Services: http://www.conactive.com
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


Hugo Olortegui
SkyNAP, Inc.
Tel: 1.866.646.1124
Fax: 954.337.2364
www.skynap.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rob at kettle.org.uk  Sat Jun 19 06:31:49 2010
From: rob at kettle.org.uk (Rob Kettle)
Date: Sat Jun 19 06:32:04 2010
Subject: How to send Mail to another server
In-Reply-To: <4C1BEB80.8070404@farrows.org>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>	<861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>
	<4C1BEB80.8070404@farrows.org>
Message-ID: <4C1C5645.7030702@kettle.org.uk>

Thanks.  The virtusertable route looks good.

much appreciated.

Rob


On 18/06/2010 22:56, Peter Farrow wrote:
> To pass off specific_user@somedomain.co.uk, when the server already 
> delivers locally will require a sub domain or alternate hidden domain 
> to move the mail onto for that specific user.
>
> For example, if sendmail has somedmain.co.uk in its local-host-names 
> then all mail for that domain is considered local.
>
> The only way to redirect a mail for a specific user is to either have 
> a separate address for that user which is hosted by the other server 
> and referenced either by MX or mailertable, or to deliver directly to 
> the fully qualified domain name of the other server as follows:
>
> since the server already handles everything@somedomain.co.uk, if you 
> are using a virtusertable you can add a line like this:
>
> specific_user@somedomain.co.uk 
> specific_user@otherservername.somedomain.co.uk
>
> if you are not using a virtusertable you can add it to /etc/aliases
>
> specific_user: specific_user@otherservername.somedomain.co.uk
>
> and run newaliases after the change.
>
> you can check delivery with:
>
> sendmail -bv specific_user
>
> Don't forget to make sure the the other server is configured to accept 
> mail delivered to its fully qualified hostname,
>
> Regards
>
> Pete
>
>
>
>
> On 18/06/2010 20:09, Alex Neuman wrote:
>> Mailertable if using sendmail.
>> --
>>
>> Alex Neuman
>> BBM 20EA17C5
>> +507 6781-9505
>> Skype:alex@rtpty.com
>>
>> -----Original Message-----
>> From: Rob Kettle<rob@kettle.org.uk>
>> Date: Fri, 18 Jun 2010 18:54:55
>> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
>> Subject: How to send Mail to another server
>>
>> Hi,
>>
>> apologies if I missed the obvious but is there a way in sendmail and
>> mailscanner (running on Centos) to locally deliver mail by default but
>> deliver to another mail server for certain addresses. Any suggestions
>> appreciated.
>>
>> ie.everything@somedomain.co.uk   is delivered to local accounts on the
>> server but
>>         specific_user@somedomain.co.uk  is passed off to another server.
>>
>> many thanks
>> Rob
>>
>>
>>
>>    
>
>
> -- 
> horizontal ruler
>
> Peter Farrow
> avatar 	
> ______________________
> Home: 	01249 654183
> Fax: 	01249 461 548
> Mobile: 	07799605617
> Skype: 	peter_farrow
> Web: 	www.peterfarrow.com <http://www.peterfarrow.com>
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
Skipped content of type multipart/related
From maillists at conactive.com  Sat Jun 19 08:31:18 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Sat Jun 19 08:31:31 2010
Subject: Inundated with this Attachment Email Spam
In-Reply-To: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
References: <B2736570C37F461488B802C9E6C63FDC@salemcorp.com>
Message-ID: <VA.00003b33.13b3a40e@news.conactive.com>

Phil Udel wrote on Fri, 18 Jun 2010 08:35:03 -0400:

> I have received over 9k of these puppies in the last 48 hours, and I block
> about 99.995% of them, But 2 or 3 are getting thru each day.

Use RBLs and block dynamic IP ranges at MTA and you will see those 9k drop 
to <10 (messages).

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From rob at kettle.org.uk  Sat Jun 19 08:32:46 2010
From: rob at kettle.org.uk (Rob Kettle)
Date: Sat Jun 19 08:33:01 2010
Subject: How to send Mail to another server
In-Reply-To: <VA.00003b32.13b3a40e@news.conactive.com>
References: <20100618013942.M61960@skynap.net>
	<VA.00003b2c.0f7cccc5@news.conactive.com>
	<4C1BB2EF.1080609@kettle.org.uk>
	<VA.00003b32.13b3a40e@news.conactive.com>
Message-ID: <4C1C729E.3090903@kettle.org.uk>

apologies for my error and thanks for pointing it out.

On 19/06/2010 08:31, Kai Schaetzl wrote:
> Rob, please do not create seemingly "new" messages by replying. They are
> not "new". Please use "new message", thanks.
>
> Kai
>
>    

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter at farrows.org  Sat Jun 19 09:04:28 2010
From: peter at farrows.org (Peter Farrow)
Date: Sat Jun 19 09:04:38 2010
Subject: How to send Mail to another server
In-Reply-To: <4C1C5645.7030702@kettle.org.uk>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>	<861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>	<4C1BEB80.8070404@farrows.org>
	<4C1C5645.7030702@kettle.org.uk>
Message-ID: <4C1C7A0C.1050603@farrows.org>

One point:

if you don't already have a virtusertable, you will need to add an entry 
for every other user on the system once you put one in...

If you have a large number of users where the relationship of 
username/email address is a direct mapping, you can create one easily 
with a simple perl script parsing /etc/passwd,

Pete


On 19/06/2010 06:31, Rob Kettle wrote:
> Thanks.  The virtusertable route looks good.
>
> much appreciated.
>
> Rob
>
>
> On 18/06/2010 22:56, Peter Farrow wrote:
>> To pass off specific_user@somedomain.co.uk, when the server already 
>> delivers locally will require a sub domain or alternate hidden domain 
>> to move the mail onto for that specific user.
>>
>> For example, if sendmail has somedmain.co.uk in its local-host-names 
>> then all mail for that domain is considered local.
>>
>> The only way to redirect a mail for a specific user is to either have 
>> a separate address for that user which is hosted by the other server 
>> and referenced either by MX or mailertable, or to deliver directly to 
>> the fully qualified domain name of the other server as follows:
>>
>> since the server already handles everything@somedomain.co.uk, if you 
>> are using a virtusertable you can add a line like this:
>>
>> specific_user@somedomain.co.uk 
>> specific_user@otherservername.somedomain.co.uk
>>
>> if you are not using a virtusertable you can add it to /etc/aliases
>>
>> specific_user: specific_user@otherservername.somedomain.co.uk
>>
>> and run newaliases after the change.
>>
>> you can check delivery with:
>>
>> sendmail -bv specific_user
>>
>> Don't forget to make sure the the other server is configured to 
>> accept mail delivered to its fully qualified hostname,
>>
>> Regards
>>
>> Pete
>>
>>
>>
>>
>> On 18/06/2010 20:09, Alex Neuman wrote:
>>> Mailertable if using sendmail.
>>> --
>>>
>>> Alex Neuman
>>> BBM 20EA17C5
>>> +507 6781-9505
>>> Skype:alex@rtpty.com
>>>
>>> -----Original Message-----
>>> From: Rob Kettle<rob@kettle.org.uk>
>>> Date: Fri, 18 Jun 2010 18:54:55
>>> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
>>> Subject: How to send Mail to another server
>>>
>>> Hi,
>>>
>>> apologies if I missed the obvious but is there a way in sendmail and
>>> mailscanner (running on Centos) to locally deliver mail by default but
>>> deliver to another mail server for certain addresses. Any suggestions
>>> appreciated.
>>>
>>> ie.everything@somedomain.co.uk   is delivered to local accounts on the
>>> server but
>>>         specific_user@somedomain.co.uk  is passed off to another server.
>>>
>>> many thanks
>>> Rob
>>>
>>>
>>>
>>>    
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100619/55de2dc1/attachment.html
From jkf at ecs.soton.ac.uk  Sat Jun 19 09:30:49 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Sat Jun 19 09:31:03 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <E5CDF649E6DB49EE9FC3E3B91DC68146@SAHOMELT>
References: <4C13A385.1020503@ecs.soton.ac.uk><4C15EB25.7040703@ecs.soton.ac.uk><EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk><201006150800.45872.dyioulos@firstbhph.com><4C177BA1.2080705@ecs.soton.ac.uk><EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk><43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk><DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<E5CDF649E6DB49EE9FC3E3B91DC68146@SAHOMELT>
	<6DC3A183-7472-4A3C-A1A9-06C8C91B7C32@ecs.soton.ac.uk>
Message-ID: <EMEW3|cc60c1557cb05d5db7091734e9d6399bm5I9Uq03jkf|ecs.soton.ac.uk|6DC3A183-7472-4A3C-A1A9-06C8C91B7C32@ecs.soton.ac.uk>



-- 
Jules
Sent from my iPad over 3G :-)

On 18 Jun 2010, at 10:16 PM, "Rick Cooper" <rcooper@dwford.com> wrote:

> ----Original Message----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field Sent: Friday, June 18, 2010 3:37 AM To: MailScanner discussion
> Subject: Re: MailScanner ANNOUNCE: Dropoff
> 
>> I can try building a 32-bit version for you, but you will probably be
>> limited to 2 Gbyte uploads. If that's not a problem for you, then I can
>> do that. I probably won't have time to do it today as I've got a load of
>> other things on right now, but if you're lucky I *might* do it this
>> weekend.  
> 
> If you do you may want to look at http://bugs.php.net/bug.php?id=48886,

That patch uses floating point numbers to represent integer values, yuck :-(

Jules


> IIRC
> it can be applied to 5.3.o but I am not sure
> If it has been successfully appied to  to later versions or not. I have been
> thinking of trying it but haven't gotten
> Around to it since I get around the various stat/filesize/etc with a custom
> function that handles any size the os can
> Handle.
> 
> 
>> 
>> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been
>> able to run 64-bit for quite a long time now. What's the advantage? --
>> Jules
>> Sent from my iPad over 3G :-)
>> 
>> On 18 Jun 2010, at 08:21 AM, "Mogens Melander" <mogens@fumlersoft.dk>
>> wrote: 
>> 
>>> Well, i'm all 32-bit, as are my customers. So i guess i'm not
>>> getting to try out this thing anytime soon ;^)
>>> 
>>> On Tue, June 15, 2010 15:09, Julian Field wrote:
>>>> I'm afraid a 32-bit version is not going to be very high on my priority
>>>> list, when everyone else in the world is adopting 64-bit if they
>>>> haven't already. 
>>>> 
>>>> What's stopping you running the 64-bit version?
>>>> 
>>>> On 15/06/2010 13:00, Dimitri Yioulos wrote:
>>>>> Jules,
>>>>> 
>>>>> Thanks so much for this handy new tool!
>>>>> 
>>>>> Ours is a 32-bit shop.  I know you're frightfully
>>>>> busy, but Is there any chance you can create a
>>>>> 32-bit virtual machine version?
>>>>> 
>>>>> Thanks again.
>>>>> 
>>>>> Dimitri
>>>>> 
>>>>> 
>>>>> On Monday 14 June 2010 4:41:09 am Julian Field
>>>>> wrote:
>>>>> 
>>>>>> I have just uploaded the VMWare disk image of a
>>>>>> fully functional Dropoff system. There are some
>>>>>> docs on the Dropoff.me website that will tell
>>>>>> you how to configure it for your site once
>>>>>> you've built a VM around it.
>>>>>> 
>>>>>> Jules.
>>>>>> 
>>>>>> On 13/06/2010 20:45, Jules Field wrote:
>>>>>> 
>>>>>>> I'm just about to put up a VMDK (i.e. VMWare
>>>>>>> virtual disk image) of it, which will save
>>>>>>> you all a lot of work configuring it and
>>>>>>> fixing bugs in PHP that prevent large
>>>>>>> uploads.
>>>>>>> 
>>>>>>> The documentation text is already written,
>>>>>>> I've just got to get the VMDK off my vSphere.
>>>>>>> 
>>>>>>> Jules.
>>>>>>> 
>>>>>>> On 13/06/2010 20:36, Jason Ede wrote:
>>>>>>> 
>>>>>>>> It looks fantastic Jules, will definitely
>>>>>>>> download it and have a play.
>>>>>>>> 
>>>>>>>> Jason
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> -----Original Message-----
>>>>>>>>> From:
>>>>>>>>> mailscanner-bounces@lists.mailscanner.info
>>>>>>>>> [mailto:mailscanner-
>>>>>>>>> bounces@lists.mailscanner.info] On Behalf
>>>>>>>>> Of Jules Field Sent: 13 June 2010 19:30
>>>>>>>>> To: MailScanner discussion
>>>>>>>>> Subject: Re: MailScanner ANNOUNCE: Dropoff
>>>>>>>>> 
>>>>>>>>> Thanks for the comment.
>>>>>>>>> 
>>>>>>>>> As for integrating it, that counts as 'user
>>>>>>>>> front-end interface' in MailScanner, which
>>>>>>>>> is an area I have never got involved in. So
>>>>>>>>> it will remain a separate project for the
>>>>>>>>> time being, albeit one which MailScanner
>>>>>>>>> admins might like to install for their
>>>>>>>>> users' benefit.
>>>>>>>>> 
>>>>>>>>> Jules.
>>>>>>>>> 
>>>>>>>>> On 13/06/2010 05:11, Supun Rathnayake wrote:
>>>>>>>>> 
>>>>>>>>>> Hi jules,
>>>>>>>>>> 
>>>>>>>>>> Thank you very much for the interesting
>>>>>>>>>> tool, very much essential for the obvious
>>>>>>>>>> reasons that you have explained.
>>>>>>>>>> 
>>>>>>>>>> This is just an idea, how about
>>>>>>>>>> integrating this tool with
>>>>>>>>>> 
>>>>>>>>> MailScanner
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>> for quarantine management.
>>>>>>>>>> 
>>>>>>>>>> Thanks,
>>>>>>>>>> Supun.
>>>>>>>>>> 
>>>>>>>>>> On 06/12/2010 08:41 PM, Jules Field wrote:
>>>>>>>>>> 
>>>>>>>>>>> The Scenario:
>>>>>>>>>>> 
>>>>>>>>>>> You have installed MailScanner at your
>>>>>>>>>>> site to protect all your
>>>>>>>>>>> 
>>>>>>>>> users
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>>> and clients from all sorts of dangerous
>>>>>>>>>>> email content. Okay so far.
>>>>>>>>>>> But your users need to be able to send
>>>>>>>>>>> large files, executables, and all sorts
>>>>>>>>>>> of other things that they used to try to
>>>>>>>>>>> send by email. Some of these are
>>>>>>>>>>> restricted by MailScanner, others (such
>>>>>>>>>>> as large files) are restricted by your
>>>>>>>>>>> email system's capacity. And your users
>>>>>>>>>>> also need to be able to receive files
>>>>>>>>>>> from other
>>>>>>>>>>> 
>>>>>>>>> sites
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>>> around the world, without having any
>>>>>>>>>>> username/password access to
>>>>>>>>>>> 
>>>>>>>>> your
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>>> systems.
>>>>>>>>>>> And it needs to be secure.
>>>>>>>>>>> 
>>>>>>>>>>> So your users need to be able to send and
>>>>>>>>>>> receive all sort of files and email is
>>>>>>>>>>> not the right tool for the job.
>>>>>>>>>>> 
>>>>>>>>>>> Say "Hello!" to Dropoff.
>>>>>>>>>>> 
>>>>>>>>>>> This is a simple web-based system where
>>>>>>>>>>> your users can send and receive files to
>>>>>>>>>>> and from anyone in the world, and yet it
>>>>>>>>>>> can't be used for public warez or porn
>>>>>>>>>>> sharing.
>>>>>>>>>>> 
>>>>>>>>>>> Anyone in the world can send files to you
>>>>>>>>>>> (but not to the rest of
>>>>>>>>>>> 
>>>>>>>>> the
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>>> world), and your users can send files to
>>>>>>>>>>> anyone in the world. All uploaded files
>>>>>>>>>>> are scanned for viruses, so it's safe.
>>>>>>>>>>> Authentication of your users can be done
>>>>>>>>>>> via Active Directory, LDAP, IMAP or a
>>>>>>>>>>> static file. It's small, light-weight,
>>>>>>>>>>> simple and safe. It's all written in PHP
>>>>>>>>>>> so you can read the source and add or
>>>>>>>>>>> change features as you desire.
>>>>>>>>>>> 
>>>>>>>>>>> Take a look at
>>>>>>>>>>>             www.dropoff.me
>>>>>>>>>>> where you can read about it and download
>>>>>>>>>>> it.
>>>>>>>>>>> 
>>>>>>>>>>> It's entirely free and open source, of
>>>>>>>>>>> course.
>>>>>>>>>>> 
>>>>>>>>>>> Note: I did not write all of this.
>>>>>>>>>>> Dropoff is my fork of the "Dropbox"
>>>>>>>>>>> package originally written at the
>>>>>>>>>>> University of Delaware.
>>>>>>>>>>> 
>>>>>>>>> I
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>>>> have added new features and fixed some
>>>>>>>>>>> bugs. I intend to continue developing it
>>>>>>>>>>> as needed.
>>>>>>>>>>> 
>>>>>>>>>>> Let me know what you think!
>>>>>>>>>>> 
>>>>>>>>>>> Jules
>>>>>>>>>>> 
>>>>>>>>> Jules
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> Julian Field MEng CITP CEng
>>>>>>>>> www.MailScanner.info
>>>>>>>>> Buy the MailScanner book at
>>>>>>>>> www.MailScanner.info/store
>>>>>>>>> 
>>>>>>>>> Need help customising MailScanner?
>>>>>>>>> Contact me!
>>>>>>>>> Need help fixing or optimising your
>>>>>>>>> systems? Contact me!
>>>>>>>>> Need help getting you started solving new
>>>>>>>>> requirements from your boss? Contact me!
>>>>>>>>> 
>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC
>>>>>>>>> 7222 11F6 5947 1415 B654 Follow me at
>>>>>>>>> twitter.com/JulesFM
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> This message has been scanned for viruses
>>>>>>>>> and dangerous content by MailScanner, and
>>>>>>>>> is believed to be clean.
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> mailscanner@lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listi
>>>>>>>>> nfo/mailscanner
>>>>>>>>> 
>>>>>>>>> Before posting, read
>>>>>>>>> http://wiki.mailscanner.info/posting
>>>>>>>>> 
>>>>>>>>> Support MailScanner development - buy the
>>>>>>>>> book off the website!
>>>>>>>>> 
>>>>>>> Jules
>>>>>>> 
>>>>>> Jules
>>>>>> 
>>>>>> --
>>>>>> Julian Field MEng CITP CEng
>>>>>> www.MailScanner.info
>>>>>> Buy the MailScanner book at
>>>>>> www.MailScanner.info/store
>>>>>> 
>>>>>> Need help customising MailScanner?
>>>>>> Contact me!
>>>>>> Need help fixing or optimising your systems?
>>>>>> Contact me!
>>>>>> Need help getting you started solving new
>>>>>> requirements from your boss? Contact me!
>>>>>> 
>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222
>>>>>> 11F6 5947 1415 B654 Follow me at
>>>>>> twitter.com/JulesFM and twitter.com/MailScanner
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>> 
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner@lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/
>>>>>> mailscanner
>>>>>> 
>>>>>> Before posting, read
>>>>>> http://wiki.mailscanner.info/posting
>>>>>> 
>>>>>> Support MailScanner development - buy the book
>>>>>> off the website!
>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> Jules
>>>> 
>>>> --
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>> 
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new requirements from your boss?
>>>> Contact me! 
>>>> 
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>>>> 
>>>> 
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>> 
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>> 
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>> 
>>>> Support MailScanner development - buy the book off the website!
>>>> 
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>> 
>>> 
>>> 
>>> --
>>> Later
>>> 
>>> Mogens Melander
>>> 
>>> 
>>> 
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> 
>>> --
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> 
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> 
>>> Support MailScanner development - buy the book off the website!
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!
> 
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Sat Jun 19 03:56:58 2010
From: alex at rtpty.com (Alex Neuman)
Date: Sat Jun 19 16:30:06 2010
Subject: Problem w/ MailScanner 4.79.11 only queueing mail
In-Reply-To: <20100618222416.M73437@skynap.net>
References: <20100618013942.M61960@skynap.net>
	<VA.00003b2c.0f7cccc5@news.conactive.com>
	<20100618222416.M73437@skynap.net>
Message-ID: <3A822511-8505-4BDA-A7D5-C8F12331BAA6@rtpty.com>

To be more precise, the problem turned out to be (I'm guessing) that Clam "choked" on the new updates that were designed to force people to upgrade. You should keep an eye on the MailScanner list, the Clam list and the SpamAssassin list (or at least the "announcements" lists so you can keep up with any update issues).

If you use RBL's (specially at the MTA level), you should also subscribe to any announcement lists they might have, so that if they go out of business you can disable them.

On Jun 18, 2010, at 5:25 PM, hugo@skynap.net wrote:

> Thanks
> The problem turned out to be with ClamAv, Will keep an eye on this in the future

From MailScanner at ecs.soton.ac.uk  Sat Jun 19 17:27:11 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sat Jun 19 17:27:37 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>	<201006150800.45872.dyioulos@firstbhph.com>	<4C177BA1.2080705@ecs.soton.ac.uk>	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>	<43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>
	<4C1CEFDF.1080400@ecs.soton.ac.uk>
Message-ID: <EMEW3|a74ffe58f102567e0d6c000f5ae117a6m5IHRO0bMailScanner|ecs.soton.ac.uk|4C1CEFDF.1080400@ecs.soton.ac.uk>

There are now 32-bit and 64-bit OVA (Open Virtual Appliance) files of 
the latest released version available on the web site.

Please let me know how you get on!

Jules.

P.S. Please direct all ZendTo-related mail to me at Jules@ZendTo.com, 
not MailScanner.

On 18/06/2010 09:12, Mogens Melander wrote:
> Jules
>
> I would love to see a 32-bit version at some point. But don't want
> to take you away from more important stuff (like MailScanner).
>
> Of the 7 servers i run myself, the latest is 7+ years old. They
> would not be able to run 64-bit anything. Another thing. The closest
> server is about 7000 miles away.
>
> These servers are adequate for their tasks, and don't generate that
> much income. Rack servers aren't that cheap in DK :)
>
> On Fri, June 18, 2010 09:36, Julian Field wrote:
>    
>> I can try building a 32-bit version for you, but you will probably be limited to 2 Gbyte uploads.
>> If that's not a problem for you, then I can do that. I probably won't have time to do it today as
>> I've got a load of other things on right now, but if you're lucky I *might* do it this weekend.
>>
>> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been able to run 64-bit for
>> quite a long time now. What's the advantage?
>> --
>> Jules
>> Sent from my iPad over 3G :-)
>>      
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From micoots at yahoo.com  Sat Jun 19 22:59:04 2010
From: micoots at yahoo.com (Michael Mansour)
Date: Sat Jun 19 22:59:15 2010
Subject: Problems with the latest 4.80.7-1 MS
Message-ID: <572541.85665.qm@web33304.mail.mud.yahoo.com>

Hi,

I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives me hundreds of these errors:

Could not read file /deleted.content.message.example.com.au.txt at /usr/lib/MailScanner/MailScanner/Config.pm line 2851
Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2798

and the ruleset file is simply:

To:     *@example2.com.au        %report-dir%/deleted.content.message.example.com.au.txt

I have multiple reports configured so there hundreds more of these type of errors on the lint.

If I revert back to the older MS 4.79.11, things work fine again.

Any ideas?

Michael.



      
From noel.butler at ausics.net  Sat Jun 19 23:07:55 2010
From: noel.butler at ausics.net (Noel Butler)
Date: Sat Jun 19 23:08:12 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <572541.85665.qm@web33304.mail.mud.yahoo.com>
References: <572541.85665.qm@web33304.mail.mud.yahoo.com>
Message-ID: <1276985275.7602.19.camel@tardis>

On Sat, 2010-06-19 at 14:59 -0700, Michael Mansour wrote:

> Hi,
> 
> I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives me hundreds of these errors:
> 
> Could not read file /deleted.content.message.example.com.au.txt at /usr/lib/MailScanner/MailScanner/Config.pm line 2851
> Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
> 
> and the ruleset file is simply:
> 
> To:     *@example2.com.au        %report-dir%/deleted.content.message.example.com.au.txt
> 
> I have multiple reports configured so there hundreds more of these type of errors on the lint.
> 
> If I revert back to the older MS 4.79.11, things work fine again.
> 
> Any ideas?
> 


Hrm, do you use inline spam warning txt? have you ever found that when
it addresses the recipients on hit messages, it addresses everyone of
them like a large CC in the message (I see this since kernel announce
msgs were tagged.) but in the envelope To header there's only the actual
recipient.

rather strange, oh well... its only been complained about on my private
domain, not the commercial servers (as far as i know) if many more
complain we'll cease to use this feature.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100620/f1a3ed3a/attachment.html
From bonivart at opencsw.org  Sat Jun 19 23:13:27 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Sat Jun 19 23:13:55 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <572541.85665.qm@web33304.mail.mud.yahoo.com>
References: <572541.85665.qm@web33304.mail.mud.yahoo.com>
Message-ID: <AANLkTim2A4IpWIY-7WtcX9Q2KaM_wTfGtgCF9DVQoZF1@mail.gmail.com>

On Sat, Jun 19, 2010 at 11:59 PM, Michael Mansour <micoots@yahoo.com> wrote:
> Hi,
>
> I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives me hundreds of these errors:
>
> Could not read file /deleted.content.message.example.com.au.txt at /usr/lib/MailScanner/MailScanner/Config.pm line 2851
> Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
>
> and the ruleset file is simply:
>
> To: ? ? *@example2.com.au ? ? ? ?%report-dir%/deleted.content.message.example.com.au.txt
>
> I have multiple reports configured so there hundreds more of these type of errors on the lint.
>
> If I revert back to the older MS 4.79.11, things work fine again.
>
> Any ideas?

Is it allowed to use variables in rulesets? It seems like it got
expanded to null by looking at the error.

-- 
/peter
From micoots at yahoo.com  Sat Jun 19 23:55:03 2010
From: micoots at yahoo.com (Michael Mansour)
Date: Sat Jun 19 23:55:15 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <AANLkTim2A4IpWIY-7WtcX9Q2KaM_wTfGtgCF9DVQoZF1@mail.gmail.com>
Message-ID: <65906.72927.qm@web33301.mail.mud.yahoo.com>

Hi Peter,

--- On Sun, 20/6/10, Peter Bonivart <bonivart@opencsw.org> wrote:

> From: Peter Bonivart <bonivart@opencsw.org>
> Subject: Re: Problems with the latest 4.80.7-1 MS
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Received: Sunday, 20 June, 2010, 8:13 AM
> On Sat, Jun 19, 2010 at 11:59 PM,
> Michael Mansour <micoots@yahoo.com>
> wrote:
> > Hi,
> >
> > I've just upgraded one of my mail servers to this
> version, and running a MailScanner --lint gives me hundreds
> of these errors:
> >
> > Could not read file
> /deleted.content.message.example.com.au.txt at
> /usr/lib/MailScanner/MailScanner/Config.pm line 2851
> > Syntax error in line 1 of ruleset file
> /etc/MailScanner/rules/deleted.content.message.report.rules
> at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
> >
> > and the ruleset file is simply:
> >
> > To: ? ? *@example2.com.au ? ? ?
> ?%report-dir%/deleted.content.message.example.com.au.txt
> >
> > I have multiple reports configured so there hundreds
> more of these type of errors on the lint.
> >
> > If I revert back to the older MS 4.79.11, things work
> fine again.
> >
> > Any ideas?
> 
> Is it allowed to use variables in rulesets? It seems like
> it got
> expanded to null by looking at the error.

Hmmm.. I've been using variables in rulesets for years and it's always worked fine.

But you are right, I removed the variable from the ruleset and the error went away.

I'll downgrade back to 4.79.11 as this is a bug in 4.80.7 (it is a beta afterall). 4.80.11 should be able to support variables in rulesets like all previous versions, otherwise admins are changing 10 times more files if things need modification in the future.

How do I report this bug?

Michael.

> -- 
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website!
> 


      
From micoots at yahoo.com  Sat Jun 19 23:57:40 2010
From: micoots at yahoo.com (Michael Mansour)
Date: Sat Jun 19 23:57:50 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <1276985275.7602.19.camel@tardis>
Message-ID: <794297.96246.qm@web33305.mail.mud.yahoo.com>

Hi Noel,

--- On Sun, 20/6/10, Noel Butler <noel.butler@ausics.net> wrote:

From: Noel Butler <noel.butler@ausics.net>
Subject: Re: Problems with the latest 4.80.7-1 MS
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Received: Sunday, 20 June, 2010, 8:07 AM




  
  
On Sat, 2010-06-19 at 14:59 -0700, Michael Mansour wrote:

Hi,

I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives me hundreds of these errors:

Could not read file /deleted.content.message.example.com.au.txt at /usr/lib/MailScanner/MailScanner/Config.pm line 2851
Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2798

and the ruleset file is simply:

To:     *@example2.com.au        %report-dir%/deleted.content.message.example.com.au.txt

I have multiple reports configured so there hundreds more of these type of errors on the lint.

If I revert back to the older MS 4.79.11, things work fine again.

Any ideas?





Hrm, do you use inline spam warning txt? have you ever found that when it addresses the recipients on hit messages, it addresses everyone of them like a large CC in the message (I see this since kernel announce msgs were tagged.) but in the envelope To header there's only the actual recipient.



rather strange, oh well... its only been complained about on my private domain, not the commercial servers (as far as i know) if many more complain we'll cease to use this feature.

 
I don't use the inline spam warning no. I'm not sure what that would have to do with the error above, but it turned out that the variable in the ruleset was the problem.

I'm downgrading back to the earlier version.

Thanks.

Michael.



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100619/2bb75dce/attachment.html
From mogens at fumlersoft.dk  Sun Jun 20 04:40:15 2010
From: mogens at fumlersoft.dk (Mogens Melander)
Date: Sun Jun 20 04:40:32 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <794297.96246.qm@web33305.mail.mud.yahoo.com>
References: <794297.96246.qm@web33305.mail.mud.yahoo.com>
Message-ID: <7b83d4fd8e5a3dedc22a4eea448eab3b.squirrel@mail.fumlersoft.dk>

Hi

The "Could not read file /deleted.content.message" suggest
that your %report-dir% is empty.

On Sun, June 20, 2010 00:57, Michael Mansour wrote:
> Hi Noel,
>
> --- On Sun, 20/6/10, Noel Butler <noel.butler@ausics.net> wrote:
>
> From: Noel Butler <noel.butler@ausics.net>
> Subject: Re: Problems with the latest 4.80.7-1 MS
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Received: Sunday, 20 June, 2010, 8:07 AM
>
>
>
>
>
>
> On Sat, 2010-06-19 at 14:59 -0700, Michael Mansour wrote:
>
> Hi,
>
> I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives
> me hundreds of these errors:
>
> Could not read file /deleted.content.message.example.com.au.txt at
> /usr/lib/MailScanner/MailScanner/Config.pm line 2851
> Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules
> at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
>
> and the ruleset file is simply:
>
> To:     *@example2.com.au        %report-dir%/deleted.content.message.example.com.au.txt
>
> I have multiple reports configured so there hundreds more of these type of errors on the lint.
>
> If I revert back to the older MS 4.79.11, things work fine again.
>
> Any ideas?
>
>
>
>
>
> Hrm, do you use inline spam warning txt? have you ever found that when it addresses the recipients
> on hit messages, it addresses everyone of them like a large CC in the message (I see this since
> kernel announce msgs were tagged.) but in the envelope To header there's only the actual
> recipient.
>
>
>
> rather strange, oh well... its only been complained about on my private domain, not the commercial
> servers (as far as i know) if many more complain we'll cease to use this feature.
>
>
> I don't use the inline spam warning no. I'm not sure what that would have to do with the error
> above, but it turned out that the variable in the ruleset was the problem.
>
> I'm downgrading back to the earlier version.
>
> Thanks.
>
> Michael.
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
Later

Mogens Melander



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From micoots at yahoo.com  Sun Jun 20 06:10:36 2010
From: micoots at yahoo.com (Michael Mansour)
Date: Sun Jun 20 06:10:47 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <7b83d4fd8e5a3dedc22a4eea448eab3b.squirrel@mail.fumlersoft.dk>
Message-ID: <776848.77539.qm@web33303.mail.mud.yahoo.com>

Hi Mogens,

--- On Sun, 20/6/10, Mogens Melander <mogens@fumlersoft.dk> wrote:

> From: Mogens Melander <mogens@fumlersoft.dk>
> Subject: Re: Problems with the latest 4.80.7-1 MS
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Received: Sunday, 20 June, 2010, 1:40 PM
> Hi
> 
> The "Could not read file /deleted.content.message" suggest
> that your %report-dir% is empty.

Agreed, but it's definately not empty. Has all the required files in there MS 4.80.7 just isn't picking them up.

Note that I performed an upgrade from 4.79.11, not a new installation, the reports are picked up fine in 4.79.11 and the rulesets are also read fine with variables. 

I also have about 9 or more MS servers around and did the upgrade on only one of them. When I downgraded back to 4.79.11, all worked fine again.

Regards,

Michael.

> On Sun, June 20, 2010 00:57, Michael Mansour wrote:
> > Hi Noel,
> >
> > --- On Sun, 20/6/10, Noel Butler <noel.butler@ausics.net>
> wrote:
> >
> > From: Noel Butler <noel.butler@ausics.net>
> > Subject: Re: Problems with the latest 4.80.7-1 MS
> > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Received: Sunday, 20 June, 2010, 8:07 AM
> >
> >
> >
> >
> >
> >
> > On Sat, 2010-06-19 at 14:59 -0700, Michael Mansour
> wrote:
> >
> > Hi,
> >
> > I've just upgraded one of my mail servers to this
> version, and running a MailScanner --lint gives
> > me hundreds of these errors:
> >
> > Could not read file
> /deleted.content.message.example.com.au.txt at
> > /usr/lib/MailScanner/MailScanner/Config.pm line 2851
> > Syntax error in line 1 of ruleset file
> /etc/MailScanner/rules/deleted.content.message.report.rules
> > at /usr/lib/MailScanner/MailScanner/Config.pm line
> 2798
> >
> > and the ruleset file is simply:
> >
> > To:? ???*@example2.com.au?
> ? ? ?
> %report-dir%/deleted.content.message.example.com.au.txt
> >
> > I have multiple reports configured so there hundreds
> more of these type of errors on the lint.
> >
> > If I revert back to the older MS 4.79.11, things work
> fine again.
> >
> > Any ideas?
> >
> >
> >
> >
> >
> > Hrm, do you use inline spam warning txt? have you ever
> found that when it addresses the recipients
> > on hit messages, it addresses everyone of them like a
> large CC in the message (I see this since
> > kernel announce msgs were tagged.) but in the envelope
> To header there's only the actual
> > recipient.
> >
> >
> >
> > rather strange, oh well... its only been complained
> about on my private domain, not the commercial
> > servers (as far as i know) if many more complain we'll
> cease to use this feature.
> >
> >
> > I don't use the inline spam warning no. I'm not sure
> what that would have to do with the error
> > above, but it turned out that the variable in the
> ruleset was the problem.
> >
> > I'm downgrading back to the earlier version.
> >
> > Thanks.
> >
> > Michael.
> >
> >
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the
> website!
> >
> 
> 
> -- 
> Later
> 
> Mogens Melander
> 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website! 
> 


      
From jkf at ecs.soton.ac.uk  Sun Jun 20 10:06:11 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Sun Jun 20 10:06:16 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <AANLkTim2A4IpWIY-7WtcX9Q2KaM_wTfGtgCF9DVQoZF1@mail.gmail.com>
References: <572541.85665.qm@web33304.mail.mud.yahoo.com>
	<AANLkTim2A4IpWIY-7WtcX9Q2KaM_wTfGtgCF9DVQoZF1@mail.gmail.com>
	<0AB93FEB-8C21-446A-A4EE-57986DB427DC@ecs.soton.ac.uk>
Message-ID: <EMEW3|8e41b14dbc7cebf05cab79a057b12426m5JA6503jkf|ecs.soton.ac.uk|0AB93FEB-8C21-446A-A4EE-57986DB427DC@ecs.soton.ac.uk>

Yes, that was my guess too. I'll have to check on this, it may have been introduced by a change in the config compiler that had to be introduced in 4.80 to resolve a problem with the DB config code.

I'll take another look and see if I can find it for you.

-- 
Jules
Sent from my iPad over 3G :-)

On 19 Jun 2010, at 11:13 PM, Peter Bonivart <bonivart@opencsw.org> wrote:

> On Sat, Jun 19, 2010 at 11:59 PM, Michael Mansour <micoots@yahoo.com> wrote:
>> Hi,
>> 
>> I've just upgraded one of my mail servers to this version, and running a MailScanner --lint gives me hundreds of these errors:
>> 
>> Could not read file /deleted.content.message.example.com.au.txt at /usr/lib/MailScanner/MailScanner/Config.pm line 2851
>> Syntax error in line 1 of ruleset file /etc/MailScanner/rules/deleted.content.message.report.rules at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
>> 
>> and the ruleset file is simply:
>> 
>> To:     *@example2.com.au        %report-dir%/deleted.content.message.example.com.au.txt
>> 
>> I have multiple reports configured so there hundreds more of these type of errors on the lint.
>> 
>> If I revert back to the older MS 4.79.11, things work fine again.
>> 
>> Any ideas?
> 
> Is it allowed to use variables in rulesets? It seems like it got
> expanded to null by looking at the error.
> 
> -- 
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jkf at ecs.soton.ac.uk  Sun Jun 20 10:06:44 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Sun Jun 20 10:06:52 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <65906.72927.qm@web33301.mail.mud.yahoo.com>
References: <65906.72927.qm@web33301.mail.mud.yahoo.com>
	<7A727776-30B3-4A2B-8402-62997C9548FE@ecs.soton.ac.uk>
Message-ID: <EMEW3|63858944538d91d7e4acc815080711f8m5JA6d03jkf|ecs.soton.ac.uk|7A727776-30B3-4A2B-8402-62997C9548FE@ecs.soton.ac.uk>

You just have!  :-)

-- 
Jules
Sent from my iPad over 3G :-)

On 19 Jun 2010, at 11:55 PM, Michael Mansour <micoots@yahoo.com> wrote:

> Hi Peter,
> 
> --- On Sun, 20/6/10, Peter Bonivart <bonivart@opencsw.org> wrote:
> 
>> From: Peter Bonivart <bonivart@opencsw.org>
>> Subject: Re: Problems with the latest 4.80.7-1 MS
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Received: Sunday, 20 June, 2010, 8:13 AM
>> On Sat, Jun 19, 2010 at 11:59 PM,
>> Michael Mansour <micoots@yahoo.com>
>> wrote:
>>> Hi,
>>> 
>>> I've just upgraded one of my mail servers to this
>> version, and running a MailScanner --lint gives me hundreds
>> of these errors:
>>> 
>>> Could not read file
>> /deleted.content.message.example.com.au.txt at
>> /usr/lib/MailScanner/MailScanner/Config.pm line 2851
>>> Syntax error in line 1 of ruleset file
>> /etc/MailScanner/rules/deleted.content.message.report.rules
>> at /usr/lib/MailScanner/MailScanner/Config.pm line 2798
>>> 
>>> and the ruleset file is simply:
>>> 
>>> To:     *@example2.com.au      
>>  %report-dir%/deleted.content.message.example.com.au.txt
>>> 
>>> I have multiple reports configured so there hundreds
>> more of these type of errors on the lint.
>>> 
>>> If I revert back to the older MS 4.79.11, things work
>> fine again.
>>> 
>>> Any ideas?
>> 
>> Is it allowed to use variables in rulesets? It seems like
>> it got
>> expanded to null by looking at the error.
> 
> Hmmm.. I've been using variables in rulesets for years and it's always worked fine.
> 
> But you are right, I removed the variable from the ruleset and the error went away.
> 
> I'll downgrade back to 4.79.11 as this is a bug in 4.80.7 (it is a beta afterall). 4.80.11 should be able to support variables in rulesets like all previous versions, otherwise admins are changing 10 times more files if things need modification in the future.
> 
> How do I report this bug?
> 
> Michael.
> 
>> -- 
>> /peter
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the
>> website!
>> 
> 
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sun Jun 20 11:05:25 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun Jun 20 11:05:38 2010
Subject: Problems with the latest 4.80.7-1 MS
In-Reply-To: <EMEW3|8e41b14dbc7cebf05cab79a057b12426m5JA6503jkf|ecs.soton.ac.uk|0AB93FEB-8C21-446A-A4EE-57986DB427DC@ecs.soton.ac.uk>
References: <572541.85665.qm@web33304.mail.mud.yahoo.com>	<AANLkTim2A4IpWIY-7WtcX9Q2KaM_wTfGtgCF9DVQoZF1@mail.gmail.com>	<0AB93FEB-8C21-446A-A4EE-57986DB427DC@ecs.soton.ac.uk>
	<EMEW3|8e41b14dbc7cebf05cab79a057b12426m5JA6503jkf|ecs.soton.ac.uk|0AB93FEB-8C21-446A-A4EE-57986DB427DC@ecs.soton.ac.uk>
	<4C1DE7E5.2050802@ecs.soton.ac.uk>
Message-ID: <EMEW3|174624367e1fe73f0165ba59134ea231m5JB5Q0bMailScanner|ecs.soton.ac.uk|4C1DE7E5.2050802@ecs.soton.ac.uk>

All fixed.

Either apply this patch to /usr/lib/MailScanner/MailScanner/Config.pm or 
else download and install the new beta release I'm just about to put out 
(4.80.9).

You can apply the patch by saving the text below into a text file (for 
example /tmp/patch.txt) and then do this:
cd /usr/lib/MailScanner/MailScanner
patch < /tmp/patch.txt

That's it. Then restart MailScanner.

******* PATCH STARTS (remove this line) *******
--- Config.pm    2010-06-02 09:17:22.000000000 +0100
+++ Config.pm.new    2010-06-20 10:58:54.000000000 +0100
@@ -2158,7 +2158,12 @@
        unless ($nodefaults) {
          # Override with values from SQL
          MailScanner::ConfigSQL::ReadConfBasic($filename,\%File);
-        %PercentVars = %MailScanner::ConfigSQL::PercentVars;
+        my($k,$v);
+        # Override existing %vars% with ones from SQL
+        while (($k,$v) = each %MailScanner::ConfigSQL::PercentVars) {
+          $PercentVars{$k} = $v;
+        }
+        # %PercentVars = %MailScanner::ConfigSQL::PercentVars;

          # Setup LDAP Connection
          ($LDAP, $LDAPserver, $LDAPbase, $LDAPsite) = ConnectLDAP();
******* PATCH ENDS (remove this line) *******

On 20/06/2010 10:06, Julian Field wrote:
> Yes, that was my guess too. I'll have to check on this, it may have been introduced by a change in the config compiler that had to be introduced in 4.80 to resolve a problem with the DB config code.
>
> I'll take another look and see if I can find it for you.
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Sun Jun 20 13:52:21 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun Jun 20 13:52:35 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>	<201006150800.45872.dyioulos@firstbhph.com>	<4C177BA1.2080705@ecs.soton.ac.uk>	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>	<43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>
	<4C1E0F05.9060403@ecs.soton.ac.uk>
Message-ID: <EMEW3|1f6c712a5fd425e1c41c1ad08a277801m5JDqO0bMailScanner|ecs.soton.ac.uk|4C1E0F05.9060403@ecs.soton.ac.uk>

It's all on the website for you!

All ZendTo-related mail should be sent to Jules@ZendTo.com.
I plan on setting up mailing lists for ZendTo very shortly.

Jules.

On 18/06/2010 09:12, Mogens Melander wrote:
> Jules
>
> I would love to see a 32-bit version at some point. But don't want
> to take you away from more important stuff (like MailScanner).
>
> Of the 7 servers i run myself, the latest is 7+ years old. They
> would not be able to run 64-bit anything. Another thing. The closest
> server is about 7000 miles away.
>
> These servers are adequate for their tasks, and don't generate that
> much income. Rack servers aren't that cheap in DK :)
>
> On Fri, June 18, 2010 09:36, Julian Field wrote:
>    
>> I can try building a 32-bit version for you, but you will probably be limited to 2 Gbyte uploads.
>> If that's not a problem for you, then I can do that. I probably won't have time to do it today as
>> I've got a load of other things on right now, but if you're lucky I *might* do it this weekend.
>>
>> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been able to run 64-bit for
>> quite a long time now. What's the advantage?
>> --
>> Jules
>> Sent from my iPad over 3G :-)
>>      
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mark at msapiro.net  Sun Jun 20 15:55:05 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Sun Jun 20 15:55:42 2010
Subject: Problem with 4.80.7 rpm install. SOLVED
In-Reply-To: <PC1952010060313173304686449f135@msapiro>
Message-ID: <PC195201006200755050000f0acf445@msapiro>

On Thu Jun  3 21:17:44 2010, Mark Sapiro wrote:

>My system is CentOS 5. I was running MailScanner 4.80.4. In my
>configuration I have
>
>Run As User = postfix
>Run As Group = postfix
>
>I downloaded
><http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
>unpacked it and ran the install.sh script as usual.
>
>MailScanner --lint
>
>ran normally, but when I ran
>
>service MailScanner restartms
>
>children died during initialization with
>
>Jun  3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
>Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
>ownership of /var/spool/MailScanner/incoming correct?
>
>This would then spawn another child which would die the same way.
>
>It seems the install process (run as root) changed the owner of
>/var/spool/MailScanner/incoming from postfix to root.
>
>chown postfix /var/spool/MailScanner/incoming/
>
>fixed the problem, but the owner shouldn't have been changed in the
>first place.


The same thing occurred when I just upgraded from 4.80.7 to 4.80.9.

This time I was able to determine that the change in ownership occurred
when I ran

  service MailScanner restartms

>From that, I was able to determine that the problem is in
/etc/sysconfig/MailScanner. Line 56 is

RANAS=`$CMD -e "print
MailScanner::Config::QuickPeek('$MSCONF','RunAsUser')"`

and should be

RUNAS=`$CMD -e "print
MailScanner::Config::QuickPeek('$MSCONF','RunAsUser')"`

i.e. it sets RANAS, not RUNAS.

In detail what happens is /etc/init.d/MailScanner sets RUNAS=root and
then sources /etc/sysconfig/MailScanner.

/etc/sysconfig/MailScanner erroneously sets RANAS and then later does

if [ "x$RUNAS" = "x" ]; then
  RUNAS=postfix
fi

but RUNAS was previously set to root by /etc/init.d/MailScanner so it
remains set as root.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From MailScanner at ecs.soton.ac.uk  Sun Jun 20 16:13:29 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Sun Jun 20 16:13:42 2010
Subject: Problem with 4.80.7 rpm install. SOLVED
In-Reply-To: <PC195201006200755050000f0acf445@msapiro>
References: <PC195201006200755050000f0acf445@msapiro>
	<4C1E3019.4080905@ecs.soton.ac.uk>
Message-ID: <EMEW3|1e4f60a394cc1a70885f559c4e8b17a7m5JGDV0bMailScanner|ecs.soton.ac.uk|4C1E3019.4080905@ecs.soton.ac.uk>

You are an absolute star! Well found.

I will release 4.80.10 right now to fix this one.

Cheers,
Jules.

On 20/06/2010 15:55, Mark Sapiro wrote:
> On Thu Jun  3 21:17:44 2010, Mark Sapiro wrote:
>
>    
>> My system is CentOS 5. I was running MailScanner 4.80.4. In my
>> configuration I have
>>
>> Run As User = postfix
>> Run As Group = postfix
>>
>> I downloaded
>> <http://www.mailscanner.info/files/4/rpm/MailScanner-4.80.7-1.rpm.tar.gz>,
>> unpacked it and ran the install.sh script as usual.
>>
>> MailScanner --lint
>>
>> ran normally, but when I ran
>>
>> service MailScanner restartms
>>
>> children died during initialization with
>>
>> Jun  3 12:35:56 sbh16 MailScanner[22147]: Cannot create temporary Work
>> Dir /var/spool/MailScanner/incoming/22147. Are the permissions and
>> ownership of /var/spool/MailScanner/incoming correct?
>>
>> This would then spawn another child which would die the same way.
>>
>> It seems the install process (run as root) changed the owner of
>> /var/spool/MailScanner/incoming from postfix to root.
>>
>> chown postfix /var/spool/MailScanner/incoming/
>>
>> fixed the problem, but the owner shouldn't have been changed in the
>> first place.
>>      
>
> The same thing occurred when I just upgraded from 4.80.7 to 4.80.9.
>
> This time I was able to determine that the change in ownership occurred
> when I ran
>
>    service MailScanner restartms
>
> > From that, I was able to determine that the problem is in
> /etc/sysconfig/MailScanner. Line 56 is
>
> RANAS=`$CMD -e "print
> MailScanner::Config::QuickPeek('$MSCONF','RunAsUser')"`
>
> and should be
>
> RUNAS=`$CMD -e "print
> MailScanner::Config::QuickPeek('$MSCONF','RunAsUser')"`
>
> i.e. it sets RANAS, not RUNAS.
>
> In detail what happens is /etc/init.d/MailScanner sets RUNAS=root and
> then sources /etc/sysconfig/MailScanner.
>
> /etc/sysconfig/MailScanner erroneously sets RANAS and then later does
>
> if [ "x$RUNAS" = "x" ]; then
>    RUNAS=postfix
> fi
>
> but RUNAS was previously set to root by /etc/init.d/MailScanner so it
> remains set as root.
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jplorier at montecarlotv.com.uy  Mon Jun 21 11:02:36 2010
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Mon Jun 21 11:03:16 2010
Subject: Sender check and smf-sav
In-Reply-To: <201006182206.o5IM3utd026436@safir.blacknight.ie>
References: <201006182206.o5IM3utd026436@safir.blacknight.ie>
Message-ID: <1277114556.32610.242.camel@localhost>

Thanks Scott, i've already disabled the milter as it was rejecting valid
mails. I'm just setting spf checking to filter some forged mails.
Regards,




-- Toda la información contenida en este correo electrónico es confidencial y para conocimiento exclusivo de su destinatario. Agradeceremos que Ud. nos comunique inmediatamente si ha recibido este correo por error. En tal caso, evite hacer uso del mismo en forma alguna y elimínelo inmediatamente de su sistema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100621/39efb964/attachment.html
From ssilva at sgvwater.com  Mon Jun 21 16:34:44 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jun 21 16:35:07 2010
Subject: How to send Mail to another server
In-Reply-To: <4C1C7A0C.1050603@farrows.org>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>	<861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>	<4C1BEB80.8070404@farrows.org>	<4C1C5645.7030702@kettle.org.uk>
	<4C1C7A0C.1050603@farrows.org>
Message-ID: <hvo0qn$n1v$1@dough.gmane.org>

on 6-19-2010 1:04 AM Peter Farrow spake the following:
> One point:
> 
> if you don't already have a virtusertable, you will need to add an entry
> for every other user on the system once you put one in...
> 
> If you have a large number of users where the relationship of
> username/email address is a direct mapping, you can create one easily
> with a simple perl script parsing /etc/passwd,
> 
> Pete
Not necessarily... I have a small subset of users in our engineering
department on another remote server, and I only have those users in
virtusertable. The local users are handled normally.

From rob at kettle.org.uk  Mon Jun 21 16:49:31 2010
From: rob at kettle.org.uk (rob@kettle.org.uk)
Date: Mon Jun 21 16:49:42 2010
Subject: How to send Mail to another server
In-Reply-To: <hvo0qn$n1v$1@dough.gmane.org>
References: <20100618013942.M61960@skynap.net><VA.00003b2c.0f7cccc5@news.conactive.com><4C1BB2EF.1080609@kettle.org.uk>
	<861413396-1276888168-cardhu_decombobulator_blackberry.rim.net-1479297577-@bda942.bisx.prod.on.blackberry>
	<4C1BEB80.8070404@farrows.org> <4C1C5645.7030702@kettle.org.uk>
	<4C1C7A0C.1050603@farrows.org> <hvo0qn$n1v$1@dough.gmane.org>
Message-ID: <30787.194.176.105.1.1277135371.squirrel@www.kettle.org.uk>

> on 6-19-2010 1:04 AM Peter Farrow spake the following:
>> One point:
>>
>> if you don't already have a virtusertable, you will need to add an entry
>> for every other user on the system once you put one in...
>>
>> If you have a large number of users where the relationship of
>> username/email address is a direct mapping, you can create one easily
>> with a simple perl script parsing /etc/passwd,
>>
>> Pete
> Not necessarily... I have a small subset of users in our engineering
> department on another remote server, and I only have those users in
> virtusertable. The local users are handled normally.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

Thanks fo rthe update. This is something I will be trying later this week
so the additional feedback is useful.

many thanks.

From dyioulos at firstbhph.com  Mon Jun 21 21:37:10 2010
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Mon Jun 21 21:38:27 2010
Subject: MailScanner ANNOUNCE: Dropoff
In-Reply-To: <EMEW3|1f6c712a5fd425e1c41c1ad08a277801m5JDqO0bMailScanner|ecs.soton.ac.uk|4C1E0F05.9060403@ecs.soton.ac.uk>
References: <4C13A385.1020503@ecs.soton.ac.uk>	<4C15EB25.7040703@ecs.soton.ac.uk>	<EMEW3|a9a8379491b315cbb141d0680b41fbedm5D9fB0bMailScanner|ecs.soton.ac.uk|4C15EB25.7040703@ecs.soton.ac.uk>	<201006150800.45872.dyioulos@firstbhph.com>	<4C177BA1.2080705@ecs.soton.ac.uk>	<EMEW3|2f79d93d57a03343e95c3fb736baca23m5EE9y0bMailScanner|ecs.soton.ac.uk|4C177BA1.2080705@ecs.soton.ac.uk>	<43a7dcc242c1ae248d5ceb8dbb2c5501.squirrel@mail.fumlersoft.dk>	<DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>	<EMEW3|b6fffdb69351b04c8b2fffc1e3bda9ffm5H8ai03jkf|ecs.soton.ac.uk|DD43B7B4-3DC4-4B7A-A4F5-0C04F0525B5A@ecs.soton.ac.uk>
	<907d106f5d55809afdda163524d49d5e.squirrel@mail.fumlersoft.dk>
	<4C1E0F05.9060403@ecs.soton.ac.uk>
	<EMEW3|1f6c712a5fd425e1c41c1ad08a277801m5JDqO0bMailScanner|ecs.soton.ac.uk|4C1E0F05.9060403@ecs.soton.ac.uk>
Message-ID: <20100621203647.M85415@firstbhph.com>

Jules,

You're a prince!  I know that ZendTo will benefit us a lot.  Thanks again.  

Dimitri


On Sun, 20 Jun 2010 13:52:21 +0100, Jules Field wrote
> It's all on the website for you!
> 
> All ZendTo-related mail should be sent to Jules@ZendTo.com.
> I plan on setting up mailing lists for ZendTo very shortly.
> 
> Jules.
> 
> On 18/06/2010 09:12, Mogens Melander wrote:
> > Jules
> >
> > I would love to see a 32-bit version at some point. But don't want
> > to take you away from more important stuff (like MailScanner).
> >
> > Of the 7 servers i run myself, the latest is 7+ years old. They
> > would not be able to run 64-bit anything. Another thing. The closest
> > server is about 7000 miles away.
> >
> > These servers are adequate for their tasks, and don't generate that
> > much income. Rack servers aren't that cheap in DK :)
> >
> > On Fri, June 18, 2010 09:36, Julian Field wrote:
> >    
> >> I can try building a 32-bit version for you, but you will probably be limited to 2
Gbyte uploads.
> >> If that's not a problem for you, then I can do that. I probably won't have time to
do it today as
> >> I've got a load of other things on right now, but if you're lucky I *might* do it
this weekend.
> >>
> >> Out of Interest, why are you not moving to 64-bit? Modern CPUs have been able to
run 64-bit for
> >> quite a long time now. What's the advantage?
> >> --
> >> Jules
> >> Sent from my iPad over 3G :-)
> >>      
> >
> >
> 
> Jules
> 
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.


--
Dimitri Yioulos, CIO
First 1 Financial Corporation
600 Cordwainer Dr.
Norwell, MA 02061

781-871-4220 x1007
dyioulos@firstbhph.com


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Kevin_Miller at ci.juneau.ak.us  Mon Jun 21 23:13:25 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jun 21 23:13:42 2010
Subject: Spamassassin 3.3.1
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>

If one installs sa 3.3.0 from Julian's sa/clamav combo package will sa-update bump it up to 3.3.1 or would that need to be installed afterwards on it's own?

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From jkf at ecs.soton.ac.uk  Mon Jun 21 23:41:43 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Mon Jun 21 23:42:01 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>
	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
Message-ID: <EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>

You will need to update that separately. Sa-update doesn't touch the code, only the rules.
Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner without any modifications?
I haven't had a chance to test it myself.

Thanks!

-- 
Jules
Sent from my iPad over 3G :-)

On 21 Jun 2010, at 11:13 PM, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:

> If one installs sa 3.3.0 from Julian's sa/clamav combo package will sa-update bump it up to 3.3.1 or would that need to be installed afterwards on it's own?
> 
> ...Kevin
> --
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500--
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ecasarero at gmail.com  Mon Jun 21 23:49:56 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Mon Jun 21 23:50:10 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07><27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
Message-ID: <425354383-1277160598-cardhu_decombobulator_blackberry.rim.net-219831789-@bda2775.bisx.prod.on.blackberry>

Yes it works, but the install package clam-sa needs a some new libraries of perl.

Regards,


Sent from my BB.

-----Original Message-----
From: Julian Field <jkf@ecs.soton.ac.uk>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Mon, 21 Jun 2010 23:41:43 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: Spamassassin 3.3.1

You will need to update that separately. Sa-update doesn't touch the code, only the rules.
Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner without any modifications?
I haven't had a chance to test it myself.

Thanks!

-- 
Jules
Sent from my iPad over 3G :-)

On 21 Jun 2010, at 11:13 PM, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:

> If one installs sa 3.3.0 from Julian's sa/clamav combo package will sa-update bump it up to 3.3.1 or would that need to be installed afterwards on it's own?
> 
> ...Kevin
> --
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500--
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From Kevin_Miller at ci.juneau.ak.us  Mon Jun 21 23:51:37 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jun 21 23:51:48 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>
	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867D4@city-exchange07>

Julian Field wrote:
> You will need to update that separately. Sa-update doesn't touch the
> code, only the rules. 

That's what I figured.  Thanks.

> Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner
> without any modifications? 
> I haven't had a chance to test it myself.

LOL.  Your combo package has 3.3.0 in it so I presumed it works.  Thanks for the heads up!


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From Kevin_Miller at ci.juneau.ak.us  Tue Jun 22 01:29:05 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Tue Jun 22 01:29:18 2010
Subject: Script in email
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>

I'm having trouble with inbound mail which contains a script.  I tried to post it to pastebin but our IPS put the kiebosh on it so I through it up on our ftp server in ftp://ftp.ci.juneau.ak.us/pub/EmailScript/.

The file is from /var/spool/MailScanner/quarantine/nonspam/...

MailScanner 4.78.17
Allow Script Tags is set to disarm

This only occurs when coming from one person who is external to us.  Other scripts (if any) seem to be disarmed appropriately.

Don't know what's different about this one...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From stef at aoc-uk.com  Tue Jun 22 12:37:04 2010
From: stef at aoc-uk.com (Stef Morrell)
Date: Tue Jun 22 12:37:26 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <FLATULOUSINmsDV29mr00001633@flatulous.aoc-uk.com>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07><27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<FLATULOUSINmsDV29mr00001633@flatulous.aoc-uk.com>
Message-ID: <201006221137.o5MBbIvh023808@safir.blacknight.ie>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Julian Field
> Sent: 21 June 2010 23:42
> To: MailScanner discussion
> Subject: Re: Spamassassin 3.3.1
> 
> You will need to update that separately. Sa-update doesn't 
> touch the code, only the rules.
> Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with 
> MailScanner without any modifications?
> I haven't had a chance to test it myself.

Been running 3.3.1 here live for a while now and had no problems with
it.

Stef
--
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net
From mark at msapiro.net  Tue Jun 22 15:52:38 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Tue Jun 22 15:52:51 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
Message-ID: <4C20CE36.8090904@msapiro.net>

On 11:59 AM, Julian Field wrote:
> Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner
> without any modifications? I haven't had a chance to test it myself.


I installed SA 3.3.1 from source (upgrading 3.3.0) a little over 2
months ago. The only issue is that 3.3.1 doesn't come with rules so you
need to run sa-update immediately after installing. This is documented
in the upgrade notes (see
<http://wiki.apache.org/spamassassin/UpgradeNotes> and links from
there). This may have been true of 3.3.0 as well, but I installed 3.3.0
using <http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz>.

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue Jun 22 16:25:20 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Tue Jun 22 16:25:29 2010
Subject: Script in email
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
Message-ID: <4C20D5E0.2080907@msapiro.net>

On 11:59 AM, Kevin Miller wrote:
> I'm having trouble with inbound mail which contains a script.  I
> tried to post it to pastebin but our IPS put the kiebosh on it so I
> through it up on our ftp server in
> ftp://ftp.ci.juneau.ak.us/pub/EmailScript/.
> 
> The file is from /var/spool/MailScanner/quarantine/nonspam/...
> 
> MailScanner 4.78.17 Allow Script Tags is set to disarm
> 
> This only occurs when coming from one person who is external to us.
> Other scripts (if any) seem to be disarmed appropriately.
> 
> Don't know what's different about this one...


I sent your file through my MailScanner 4.80.10 and the script was
disarmed. The result is in the attached mail.zip.

Here are my non-default /etc/MailScanner/conf.d/local settings. I don't
think there's anything that would affect this.

[mark@sbh16 ~]$ grep -Ev "^#|^ *$" /etc/MailScanner/conf.d/local
%org-name% = GPC
%org-long-name% = Grizzly Peak Cyclists
%web-site% = sbh16.songbird.com
%report-dir% = /etc/MailScanner/reports/local
Max Children = 1
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Sendmail = /usr/sbin/sendmail.postfix
Sendmail2 = /usr/sbin/sendmail.postfix
Quarantine Group = ms_access
Quarantine Permissions = 0640
Scan Messages = %rules-dir%/scan.messages.rules
Add Text Of Doc = %rules-dir%/word_to_text.rules
Antiword = /usr/local/bin/antiword
Virus Scanners = clamd
Virus Names Which Are Spam = *UNOFFICIAL
Clamd Socket = /var/run/clamav/clamd.sock
Clamd Lock File = /var/lock/subsys/clamd
Allow Filenames = %rules-dir%/allow.filename.rules
Archives: Allow Filenames = %rules-dir%/allow.filename.rules
Quarantine Silent Viruses = yes
Quarantine Whole Message = yes
Information Header =
Minimum Stars If On Spam List = 1
Always Include SpamAssassin Report = yes
Multiple Headers = add
Place New Headers At Top Of Message = %rules-dir%/headers_on_top.rules
Hostname = the %org-name% MailScanner
Sign Clean Messages = no
Notify Senders = no
Notices To = %rules-dir%/notices_to.rules
Local Postmaster = postmaster@sbh16.songbird.com
Max Spam Check Size = 400k
Max SpamAssassin Size = 200k continue 200k
Required SpamAssassin Score = 5
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 330
Spam Actions = %rules-dir%/spam_action.rules
High Scoring Spam Actions = %rules-dir%/high_spam_action.rules
SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Local State Dir = /var/lib/spamassassin
[mark@sbh16 ~]$

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail.zip
Type: application/zip
Size: 2718 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100622/d5d70f85/mail.zip
From stef at aoc-uk.com  Tue Jun 22 16:25:10 2010
From: stef at aoc-uk.com (Stef Morrell)
Date: Tue Jun 22 16:25:31 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>
Message-ID: <201006221525.o5MFPJue000957@safir.blacknight.ie>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Mark Sapiro
> Sent: 22 June 2010 15:53
> To: MailScanner discussion
> Cc: Julian Field
> Subject: Re: Re: Spamassassin 3.3.1
> 
> On 11:59 AM, Julian Field wrote:
> > Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner 
> > without any modifications? I haven't had a chance to test it myself.
> 
> from there). This may have been true of 3.3.0 as well, but I 
> installed 3.3.0 using 
> <http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz>.

I installed 3.3.1 using the same (version adjusted) script and it worked
out of the box, as it does indeed run sa-update at the end of the
script.

Stef
--
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net
From luis.silva at dreamware.pt  Wed Jun 23 12:59:41 2010
From: luis.silva at dreamware.pt (Luis Silva)
Date: Wed Jun 23 12:59:40 2010
Subject: Stituation in users receiving mail
Message-ID: <059101cb12cb$903bcb90$b0b362b0$@silva@dreamware.pt>

Hi, 

 

Some of my users are receiving some of the mail not "decoded".  The message
is received with all the smtp commands that are used in DATA section, like

Return-Path: <XXXX> 
X-Original-To: XXX@XXXX 
Delivered-To: XXX@XXXX

...

 

This is occasional and if the message is resend again by the source, is
received ok.

Can this be a mailscanner issue?

Because of adding,

X-dreamware-MailScanner-Information: Please contact the ISP for more
information 
X-dreamware-MailScanner-ID: 36C2DB0449.A843D 
X-dreamware-MailScanner:

Etc,

in the message. Can this break the smtp formatting?

Is there a way to debug this or see something in the logs?

 

Regards,

Luis Silva  

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100623/98c02ed1/attachment.html
From hvdkooij at vanderkooij.org  Wed Jun 23 13:04:03 2010
From: hvdkooij at vanderkooij.org (hvdkooij)
Date: Wed Jun 23 13:06:59 2010
Subject: Stituation in users receiving mail
In-Reply-To: <059101cb12cb$903bcb90$b0b362b0$@silva@dreamware.pt>
References: <059101cb12cb$903bcb90$b0b362b0$@silva@dreamware.pt>
Message-ID: <605b094867f0a5c324e4fffc7eb3f738@127.0.0.1>


On Wed, 23 Jun 2010 12:59:41 +0100, Luis Silva  wrote:    

Hi,  

Some of my users are receiving some of the mail not "decoded". The message
is received with all the smtp commands that are used in DATA section, like


Return-Path:  
X-Original-To: XXX@XXXX 
Delivered-To: XXX@XXXX 

?.. 

This is occasional and if the message is resend again by the source, is
received ok. 

Can this be a mailscanner issue? 

I think it is unlikely. I have seen this behaviour before with an
application that is not using CRLF correctly for line endings. In order to
find out the cause I would start with dumping the SMTP connections and see
if the SMTP messages are using CRLF in the right way. I guess WireShark is
your friend here.

Hugo.

-- 
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
From MailScanner at ecs.soton.ac.uk  Wed Jun 23 13:21:43 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 13:22:03 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <201006221525.o5MFPJue000957@safir.blacknight.ie>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>	<FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>
	<201006221525.o5MFPJue000957@safir.blacknight.ie>
	<4C21FC57.6050004@ecs.soton.ac.uk>
Message-ID: <EMEW3|9cd5c946fb2fbaeeda63e893a5353d35m5MDLl0bMailScanner|ecs.soton.ac.uk|4C21FC57.6050004@ecs.soton.ac.uk>

I have just updated the ClamAV+SpamAssassin package to SpamAssassin 3.3.1.

Jules.

On 22/06/2010 16:25, Stef Morrell wrote:
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Mark Sapiro
>> Sent: 22 June 2010 15:53
>> To: MailScanner discussion
>> Cc: Julian Field
>> Subject: Re: Re: Spamassassin 3.3.1
>>
>> On 11:59 AM, Julian Field wrote:
>>      
>>> Can anyone confirm if SA 3.3.0 or 3.3.1 works okay with MailScanner
>>> without any modifications? I haven't had a chance to test it myself.
>>>        
>> from there). This may have been true of 3.3.0 as well, but I
>> installed 3.3.0 using
>> <http://www.mailscanner.info/files/4/install-Clam-SA-latest.tar.gz>.
>>      
> I installed 3.3.1 using the same (version adjusted) script and it worked
> out of the box, as it does indeed run sa-update at the end of the
> script.
>
> Stef
> --
> Stefan Morrell          | Operations Director
> Tel: 0845 3452820       | Alpha Omega Computers Ltd
> Fax: 0845 3452830       | Incorporating Level 5 Internet
> stef@aoc-uk.com         | stef@l5net.net
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed Jun 23 13:23:43 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 13:23:54 2010
Subject: Stituation in users receiving mail
In-Reply-To: <605b094867f0a5c324e4fffc7eb3f738@127.0.0.1>
References: <059101cb12cb$903bcb90$b0b362b0$@silva@dreamware.pt>
	<605b094867f0a5c324e4fffc7eb3f738@127.0.0.1>
	<4C21FCCF.6000104@ecs.soton.ac.uk>
Message-ID: <EMEW3|d7d8079183f37897e6cbe52012a2ee08m5MDNi0bMailScanner|ecs.soton.ac.uk|4C21FCCF.6000104@ecs.soton.ac.uk>

Make sure you haven't got any spaces in the setting of %org-name% in 
your MailScanner.conf file. The docs there clearly state that you aren't 
allowed any spaces.

I suspect there is a space in a header name, with the result it is 
treating that as the start of the body and so the following headers are 
being shown in the body of the message in your users' email applications.

Jules.

On 23/06/2010 13:04, hvdkooij wrote:
> On Wed, 23 Jun 2010 12:59:41 +0100, Luis Silva  wrote:
>
> Hi,
>
> Some of my users are receiving some of the mail not "decoded". The message
> is received with all the smtp commands that are used in DATA section, like
>
>
> Return-Path:
> X-Original-To: XXX@XXXX
> Delivered-To: XXX@XXXX
>
> ?..
>
> This is occasional and if the message is resend again by the source, is
> received ok.
>
> Can this be a mailscanner issue?
>
> I think it is unlikely. I have seen this behaviour before with an
> application that is not using CRLF correctly for line endings. In order to
> find out the cause I would start with dumping the SMTP connections and see
> if the SMTP messages are using CRLF in the right way. I guess WireShark is
> your friend here.
>
> Hugo.
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter.ong at hypermediasystems.com  Wed Jun 23 15:36:26 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun 23 15:36:39 2010
Subject: How do I beat this spam?
In-Reply-To: <1407052975.49542.1277303746473.JavaMail.root@mail021.dti>
Message-ID: <776787295.49544.1277303786753.JavaMail.root@mail021.dti>

Hello Everyone,

How do I beat an email that arrives this way? The email is pasted underneath here.

You see, because the email comes this way, when it shows in the mail reader, none of the form tags and other tags I have specified to be disallowed are disarmed by MailScanner. Also, I don't know if spamassassin is scanning the email in this form or in the html rendered form; I think it scans it in this form. Anyway, I have sa-learned this message previously but it still got through a second time. Does anyone have a solution or a suggestion on how to effectively filter this message?

p



=== BEGIN EMAIL ===
Return-Path: sunao-i@hot.dog.cx
Received: from mail021.dti (LHLO mail021.dti) (10.5.4.195) by mail021.dti
 with LMTP; Wed, 23 Jun 2010 05:51:33 -0700 (PDT)
Received: from gateway005.inf (gateway005.inf [10.5.4.196])
	by mail021.dti (Postfix) with ESMTP id 2C46658200E2
	for <peter@changed.this>; Wed, 23 Jun 2010 05:51:32 -0700 (PDT)
X-Spam-Status: No
X-DTi-MailScanner-From: sunao-i@hot.dog.cx
X-DTi-MailScanner-SpamScore: ssss
X-DTi-MailScanner: Found to be clean
X-DTi-MailScanner-ID: B65485731B.A97E0
X-DTi-MailScanner-Information: Please contact the ISP for more information
Received: from hot.dog.cx (unknown [208.92.232.69])
	by gateway005.inf (Postfix) with ESMTP id B65485731B
	for <peter@changed.this>; Wed, 23 Jun 2010 05:51:22 -0700 (PDT)
Subject: =?ISO-2022-JP?B?GyRCQihGfEgvQXdDVxsoQg==?=
	=?ISO-2022-JP?B?GyRCJDckXiQ5ISMjMRsoQg==?=
	=?ISO-2022-JP?B?GyRCS2cjMiMwIzAxXxsoQg==?=
	=?ISO-2022-JP?B?GyRCJE5MNT0kQDUjRBsoQg==?=
	=?ISO-2022-JP?B?GyRCI1YjRBsoQg==?=
From: =?ISO-2022-JP?B?GyRCQ2YkQCQ3ISZHKBsoQg==?=
	=?ISO-2022-JP?B?GyRCJGwkXiRzNF04KxsoQg==?=
	=?ISO-2022-JP?B?GyRCJCgbKEI=?= <sunao-i@hot.dog.cx>
To: <maintenance@dtiserv2.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="7cbbc409ec990f19c78c75bd1e06f215_31691a2a5700b5f0d5507eac0e17ab95"
X-Message-Info: <luXiyt1ZAOmucvSctVMIo2aB9Us81_pDrZ6DytfPL*UFv_ISPkalanZpanO~Auh56S-I-JR5mcRS_7GU>
Message-Id: <20100623125123.B65485731B@gateway005.inf>
Date: Wed, 23 Jun 2010 05:51:22 -0700 (PDT)


--7cbbc409ec990f19c78c75bd1e06f215_31691a2a5700b5f0d5507eac0e17ab95
Content-Type: text/html;
Content-Transfer-Encoding: base64

PGJvZHkgYmdjb2xvcj0iI0ZGRkYwMCI+DQo8QlI+PE1haWxTY2FubmVyRm9y
bTI3NjE1IGZvcm0gbWV0aG9kPSJnZXQiIG5hbWU9IklrczQ1dkJnNyIgdGFy
Z2V0PSJfYmxhbmsiIGFjdGlvbj0iaHR0cDovL3d3dy5uZXRtYWdhc2FwLmNv
bS9kdmQvIj4NCjwvTWFpbFNjYW5uZXJGb3JtMjc2MTU+PE1haWxTY2FubmVy
U2NyaXB0Mjc2MTUgc2NyaXB0PmRvY3VtZW50LklrczQ1dkJnNy5zdWJtaXQo
dHJ1ZSk7PC9NYWlsU2Nhbm5lclNjcmlwdDI3NjE1Pg0KPGRpdiBhbGlnbj0i
Y2VudGVyIj4NCjxjZW50ZXI+DQo8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXItY29sbGFw
c2U6IGNvbGxhcHNlIiB3aWR0aD0iNTAwIj4NCjx0cj4NCjx0ZCB3aWR0aD0i
MTAwJSI+DQo8cCBhbGlnbj0iY2VudGVyIj48Yj48Zm9udCBzaXplPSI1Ij6S
ToLggqqUW5O+greC6YFJMZaHMjAwiX6Ws49DkLNEVkQ8L2ZvbnQ+PC9iPjwv
dGQ+DQo8L3RyPg0KPC90YWJsZT4NCjx0YWJsZSBib3JkZXI9IjAiIGNlbGxw
YWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9ImJvcmRlci1jb2xs
YXBzZTogY29sbGFwc2UiIHdpZHRoPSI1MDAiPg0KPHRyPg0KPHRkIHdpZHRo
PSIxMDAlIj4NCjx0YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIzIiBj
ZWxsc3BhY2luZz0iMCIgc3R5bGU9ImJvcmRlci1jb2xsYXBzZTogY29sbGFw
c2UiIHdpZHRoPSIxMDAlIj4NCjx0cj4NCjx0ZCB3aWR0aD0iMTAwJSI+PGlt
ZyBib3JkZXI9IjAiIHNyYz0iaHR0cDovL3d3dy5uZXRtYWdhc2FwLmNvbS9k
dmQvaW1hZ2VzL2Nvcm5lci5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwv
dGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4N
Cjx0YWJsZSBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2lu
Zz0iMCIgc3R5bGU9ImJvcmRlci1jb2xsYXBzZTogY29sbGFwc2UiIHdpZHRo
PSI1MDAiPg0KPHRyPg0KPHRkIHdpZHRoPSIxMDAlIj4NCjxkaXYgYWxpZ249
ImNlbnRlciI+DQo8Y2VudGVyPg0KPHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBzdHlsZT0iYm9yZGVyLWNvbGxh
cHNlOiBjb2xsYXBzZSIgd2lkdGg9IjI1MCI+DQo8dHI+DQo8dGQgd2lkdGg9
IjEzNiI+DQo8cCBhbGlnbj0ibGVmdCI+PGZvbnQgc2l6ZT0iNCIgY29sb3I9
IiNGRjAwRkYiPjxiPpHjiPiCq09LPC9iPjwvZm9udD48L3RkPg0KPHRkIHdp
ZHRoPSIxMTQiPg0KPHAgYWxpZ249ImxlZnQiPjxmb250IHNpemU9IjQiIGNv
bG9yPSIjRkYwMEZGIj48Yj6Lx5evgt9PSzwvYj48L2ZvbnQ+PC90ZD4NCjwv
dHI+DQo8dHI+DQo8dGQgd2lkdGg9IjEzNiI+DQo8cCBhbGlnbj0ibGVmdCI+
PGZvbnQgc2l6ZT0iNCIgY29sb3I9IiNGRjAwRkYiPjxiPpTplqeMtY7ngUk8
L2I+PC9mb250PjwvdGQ+DQo8dGQgd2lkdGg9IjExNCI+DQo8cCBhbGlnbj0i
bGVmdCI+PGZvbnQgc2l6ZT0iNCIgY29sb3I9IiNGRjAwRkYiPjxiPpGmk/qU
rZGXPC9iPjwvZm9udD48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCB3aWR0aD0i
MjUwIiBjb2xzcGFuPSIyIj4NCjxwIGFsaWduPSJsZWZ0Ij48Zm9udCBzaXpl
PSI0IiBjb2xvcj0iI0ZGMDAwMCI+PGI+UEOXcJVpgsWUrZGXgUk8L2I+PC9m
b250PjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvY2VudGVyPg0KPC9kaXY+
DQo8L3RkPg0KPC90cj4NCjwvdGFibGU+DQo8dGFibGUgYm9yZGVyPSIwIiBj
ZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXIt
Y29sbGFwc2U6IGNvbGxhcHNlIiB3aWR0aD0iNTAwIj4NCjx0cj4NCjx0ZCB3
aWR0aD0iMTAwJSI+DQo8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0i
MyIgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXItY29sbGFwc2U6IGNv
bGxhcHNlIiB3aWR0aD0iMTAwJSI+DQo8dHI+DQo8dGQgd2lkdGg9IjEwMCUi
PjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cubmV0bWFnYXNhcC5j
b20vZHZkL2ltYWdlcy9jb3JuZXIuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PSIx
Ij48L3RkPg0KPC90cj4NCjwvdGFibGU+DQo8L3RkPg0KPC90cj4NCjwvdGFi
bGU+DQo8L2NlbnRlcj4NCjwvZGl2Pg0KPGRpdiBhbGlnbj0iY2VudGVyIj4N
CjxjZW50ZXI+DQo8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIg
Y2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJib3JkZXItY29sbGFwc2U6IGNvbGxh
cHNlIiB3aWR0aD0iNDAwIj4NCjx0cj4NCjx0ZCB3aWR0aD0iNTAlIj4NCjxh
IGhyZWY9Imh0dHA6Ly93d3cubmV0bWFnYXNhcC5jb20vZHZkLyI+DQo8aW1n
IGJvcmRlcj0iMCIgc3JjPSJodHRwOi8vd3d3Lm5ldG1hZ2FzYXAuY29tL2R2
ZC9pbWFnZXMvMDAyLmpwZyIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIyMjgiPjwv
YT48L3RkPg0KPHRkIHdpZHRoPSI1MCUiPg0KPGEgaHJlZj0iaHR0cDovL3d3
dy5uZXRtYWdhc2FwLmNvbS9kdmQvIj4NCjxpbWcgYm9yZGVyPSIwIiBzcmM9
Imh0dHA6Ly93d3cubmV0bWFnYXNhcC5jb20vZHZkL2ltYWdlcy8wMDEuanBn
IiB3aWR0aD0iMjAwIiBoZWlnaHQ9IjIyOCI+PC9hPjwvdGQ+DQo8L3RyPg0K
PHRyPg0KPHRkIHdpZHRoPSI1MCUiPg0KPGEgaHJlZj0iaHR0cDovL3d3dy5u
ZXRtYWdhc2FwLmNvbS9kdmQvIj4NCjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0
dHA6Ly93d3cubmV0bWFnYXNhcC5jb20vZHZkL2ltYWdlcy8wMDMuanBnIiB3
aWR0aD0iMjAwIiBoZWlnaHQ9IjIyOCI+PC9hPjwvdGQ+DQo8dGQgd2lkdGg9
IjUwJSI+DQo8YSBocmVmPSJodHRwOi8vd3d3Lm5ldG1hZ2FzYXAuY29tL2R2
ZC8iPg0KPGltZyBib3JkZXI9IjAiIHNyYz0iaHR0cDovL3d3dy5uZXRtYWdh
c2FwLmNvbS9kdmQvaW1hZ2VzLzAwNC5qcGciIHdpZHRoPSIyMDAiIGhlaWdo
dD0iMjI4Ij48L2E+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPHRhYmxlIGJv
cmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBzdHls
ZT0iYm9yZGVyLWNvbGxhcHNlOiBjb2xsYXBzZSIgd2lkdGg9IjUwMCI+DQo8
dHI+DQo8dGQgd2lkdGg9IjEwMCUiPg0KPHRhYmxlIGJvcmRlcj0iMCIgY2Vs
bHBhZGRpbmc9IjMiIGNlbGxzcGFjaW5nPSIwIiBzdHlsZT0iYm9yZGVyLWNv
bGxhcHNlOiBjb2xsYXBzZSIgd2lkdGg9IjEwMCUiPg0KPHRyPg0KPHRkIHdp
ZHRoPSIxMDAlIj48aW1nIGJvcmRlcj0iMCIgc3JjPSJodHRwOi8vd3d3Lm5l
dG1hZ2FzYXAuY29tL2R2ZC9pbWFnZXMvY29ybmVyLmdpZiIgd2lkdGg9IjEi
IGhlaWdodD0iMSI+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KPC90ZD4NCjwv
dHI+DQo8dHI+DQo8dGQgd2lkdGg9IjEwMCUiPg0KPHAgYWxpZ249ImNlbnRl
ciI+PGEgaHJlZj0iaHR0cDovL3d3dy5uZXRtYWdhc2FwLmNvbS9kdmQvIj4N
CjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cubmV0bWFnYXNhcC5j
b20vZHZkL2ltYWdlcy8wMDEuZ2lmIiB3aWR0aD0iMzAwIiBoZWlnaHQ9IjEw
MCI+PC9hPjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjwvY2VudGVyPg0KPC9k
aXY+DQoNCjwvYm9keT4NCg==

--7cbbc409ec990f19c78c75bd1e06f215_31691a2a5700b5f0d5507eac0e17ab95--

From ms-list at alexb.ch  Wed Jun 23 15:55:15 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Wed Jun 23 15:55:29 2010
Subject: How do I beat this spam?
In-Reply-To: <776787295.49544.1277303786753.JavaMail.root@mail021.dti>
References: <776787295.49544.1277303786753.JavaMail.root@mail021.dti>
Message-ID: <4C222053.8040102@alexb.ch>

On 2010-06-23 16:36, Peter Ong wrote:
> Hello Everyone,
> 
> How do I beat an email that arrives this way? The email is pasted
> underneath here.
> 
> You see, because the email comes this way, when it shows in the mail
> reader, none of the form tags and other tags I have specified to be
> disallowed are disarmed by MailScanner. Also, I don't know if
> spamassassin is scanning the email in this form or in the html
> rendered form; I think it scans it in this form. Anyway, I have
> sa-learned this message previously but it still got through a second
> time. Does anyone have a solution or a suggestion on how to
> effectively filter this message?
> 
> p
> 
> 
> 
> === BEGIN EMAIL === Return-Path: sunao-i@hot.dog.cx Received: from
> mail021.dti (LHLO mail021.dti) (10.5.4.195) by mail021.dti with LMTP;
> Wed, 23 Jun 2010 05:51:33 -0700 (PDT) Received: from gateway005.inf
> (gateway005.inf [10.5.4.196]) by mail021.dti (Postfix) with ESMTP id
> 2C46658200E2 for <peter@changed.this>; Wed, 23 Jun 2010 05:51:32
> -0700 (PDT) X-Spam-Status: No X-DTi-MailScanner-From:
> sunao-i@hot.dog.cx X-DTi-MailScanner-SpamScore: ssss 
> X-DTi-MailScanner: Found to be clean X-DTi-MailScanner-ID:
> B65485731B.A97E0 X-DTi-MailScanner-Information: Please contact the
> ISP for more information Received: from hot.dog.cx (unknown
> [208.92.232.69]) by gateway005.inf (Postfix) with ESMTP id B65485731B
>  for <peter@changed.this>; Wed, 23 Jun 2010 05:51:22 -0700 (PDT) 
> Subject: =?ISO-2022-JP?B?GyRCQihGfEgvQXdDVxsoQg==?= 
> =?ISO-2022-JP?B?GyRCJDckXiQ5ISMjMRsoQg==?= 
> =?ISO-2022-JP?B?GyRCS2cjMiMwIzAxXxsoQg==?= 
> =?ISO-2022-JP?B?GyRCJE5MNT0kQDUjRBsoQg==?= 
> =?ISO-2022-JP?B?GyRCI1YjRBsoQg==?= From:
> =?ISO-2022-JP?B?GyRCQ2YkQCQ3ISZHKBsoQg==?= 
> =?ISO-2022-JP?B?GyRCJGwkXiRzNF04KxsoQg==?= 
> =?ISO-2022-JP?B?GyRCJCgbKEI=?= <sunao-i@hot.dog.cx> To:
> <maintenance@dtiserv2.com> MIME-Version: 1.0 Content-Type:
> multipart/alternative; 
> boundary="7cbbc409ec990f19c78c75bd1e06f215_31691a2a5700b5f0d5507eac0e17ab95"
>  X-Message-Info:
> <luXiyt1ZAOmucvSctVMIo2aB9Us81_pDrZ6DytfPL*UFv_ISPkalanZpanO~Auh56S-I-JR5mcRS_7GU>
>  Message-Id: <20100623125123.B65485731B@gateway005.inf> Date: Wed, 23
> Jun 2010 05:51:22 -0700 (PDT)
> 
> 
> --7cbbc409ec990f19c78c75bd1e06f215_31691a2a5700b5f0d5507eac0e17ab95 
> Content-Type: text/html; Content-Transfer-Encoding: base64

Please do not post spams to the list.
Posting a Base64 encoded spam and hope somebody opens it is a bit of
wishful thinking.

Please use http://pastebin.com and post the decoded body (you MUA should
be able to decode it) including headers and send the pastebin link to 
the list

Without a readable body its anybody guess what its all about.

Alex
From raubvogel at gmail.com  Wed Jun 23 16:22:19 2010
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Wed Jun 23 16:22:27 2010
Subject: Making bayesian filter detect some new spam
Message-ID: <AANLkTik6IuzJkbGVjyp01AQn0d9DfdjKt_3Yfq_qNE9Y@mail.gmail.com>

I have been getting some spam that has not been triggering the
bayesian filter. At least it seems that no matter how many times I
feed them (sa-learn), I still get nothing on bayesian. So, let's take
a look at the header of one of the latest offending emails (the full
email is hiding at http://pastebin.com/S8Hfid2V):

Return-Path: <errores@energysistemonline.com>
Delivered-To: rt@domain.com
Received: from correo.energysistemonline.com
(correo.energysistemonline.com [94.127.190.73])
	by mail.domain.com (Postfix) with ESMTP id 1D50A84402F
	for <support@domain.com>; Tue, 22 Jun 2010 21:46:30 -0400 (EDT)
From: =?iso-8859-1?Q?Beatriz_G=F3mez_Esparza_-_Energy_Sis?=
	=?iso-8859-1?Q?tem?= <beatriz.gomez.esparza@energysistemonline.com>
To: =?iso-8859-1?Q?Canal_de_distribuci?=
	=?iso-8859-1?Q?=F3n?= <support@domain.com>
Subject: =?iso-8859-1?Q?Nuevo_T5850_HDTV_-_Canales_de_televisi=F3n_en_alta_definic?=
	=?iso-8859-1?Q?i=F3n?=
Sender: =?iso-8859-1?Q?Beatriz_G=F3mez_Esparza_-_Energy_Sis?=
	=?iso-8859-1?Q?tem?= <beatriz.gomez.esparza@energysistemonline.com>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 23 Jun 2010 03:46:28 +0200
Message-ID: <20100623014628zzz.4668292A2AF307E8@sionemailing>
X-Mailer: ICS SMTP Component V2.53
X-domain-com-MailScanner-Information: Please contact the ISP for more
information
X-domain-com-MailScanner-ID: 1D50A84402F.AFF1A
X-domain-com-MailScanner: Found to be clean
X-domain-com-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=4.658, required 4.7, BAYES_50 0.00, FUZZY_AMBIEN 2.30,
	HTML_MESSAGE 0.90, MIME_HTML_ONLY 1.46)
X-domain-com-MailScanner-SpamScore: ****
X-domain-com-MailScanner-From: errores@energysistemonline.com
X-Spam-Status: No

As you can see, BAYES completely ignored it. Since this is not the
first time we received an email like this, and I do run sa-learn every
night on the spam folders (I do move these emails to the said
directories), I feel like I must be missing something. Suggestions?
From peter.ong at hypermediasystems.com  Wed Jun 23 16:48:07 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Wed Jun 23 16:48:17 2010
Subject: How do I beat this spam?
In-Reply-To: <1668971220.49588.1277307969457.JavaMail.root@mail021.dti>
Message-ID: <102918091.49590.1277308087310.JavaMail.root@mail021.dti>

Hey Alex,

Sorry about that. I didn't know about pastebin.

Here's the original message with headers:
http://pastebin.com/NpZnVU2T

Here's the original as rendered by my mua:
http://pastebin.com/xRNU7h34

So, how do I beat this spam when it comes in as the original email? Does MailScanner scan the message too in the form my mua reads it?

p
From alex at rtpty.com  Wed Jun 23 17:38:53 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 23 17:49:08 2010
Subject: Mailwatchy kind of question but not really OT
Message-ID: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>

I've got a user who got his laptop stolen and used POP for his email. The default action for nonspam being "store", his emails can be "released" so he can receive them again. 
If I wanted to do a little script-fu to release everything "to or from him", what would I have to find/grep/formail to just send everything out in one swoop? Any ideas? Thanks in advance. 
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com
From ecasarero at gmail.com  Wed Jun 23 18:09:38 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Wed Jun 23 18:10:07 2010
Subject: Mailwatchy kind of question but not really OT
In-Reply-To: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>
References: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>
Message-ID: <AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com>

2010/6/23 Alex Neuman <alex@rtpty.com>

> I've got a user who got his laptop stolen and used POP for his email. The
> default action for nonspam being "store", his emails can be "released" so he
> can receive them again.
> If I wanted to do a little script-fu to release everything "to or from
> him", what would I have to find/grep/formail to just send everything out in
> one swoop? Any ideas? Thanks in advance.
> --
>

In the past i wrote this "script" to release a lot (over 10000) emails from
quarantine because of a wrong blacklist entry. I havent run it in a while so
take it with extreme care. also you have to modify the "release order"
according to your mailwatch installation.

you have to customize the sql select to match your from/to/etc.

hope it helps you!

massive_releasery.py

#! /usr/bin/env python

# Masive Releaser
# Desc: Este script ejecuta un query SQL para obtener el set de ids para
hacer el release de cuarentena
# Writed by Eduardo Casarero eduardo.casarero@informaticaavanzada.com.ar -
Ene 2008
# v0.01 - Version Inicial

import datetime
import MySQLdb
import os
import time

MYSQL_IP='localhost'
MYSQL_USER='root'
MYSQL_PASS='myrootpassword'
SQL_LOW_LIMIT=0
SQL_HIGH_LIMIT=500
LOG_FILE='/tmp/masive_releaser.log'
counter= SQL_LOW_LIMIT

#Genero la conexion a la base de datos
dbcontroller=MySQLdb.connect(host=MYSQL_IP,user=MYSQL_USER,passwd=MYSQL_PASS,db='mailwatch')
cursorcontroller=dbcontroller.cursor()

#Contadores de tiempo para control
t0=time.time()
#Calculando la fecha
fecha = datetime.datetime.now()

sql='SELECT id,hostname FROM maillog WHERE date > "2009-04-31" and
from_domain="amadeus.net" and to_domain="domain.com" and isspam="1";'

#print sql
cursorcontroller.execute(sql)
id_mails=cursorcontroller.fetchall()
counter_time=0

for id_mail in id_mails:
    if (counter_time==15):
 time.sleep(60)
counter_time=0
    os.system('echo "Releasing this '+str(id_mail[0])+' nro:'+str(counter)+'
de '+str(SQL_HIGH_LIMIT)+'" >>'+LOG_FILE)
    release_order = 'php release_msg.php '+str(id_mail[1])+' 80
'+str(id_mail[0])+' >>'+LOG_FILE+' 2>>1'
    os.system(release_order)
    #print release_order
    counter=counter+1
    counter_time=counter_time+1
    print str(id_mail[0])+" Released nro:"+str(counter)+' de
'+str(SQL_HIGH_LIMIT)

#closing db connection
dbcontroller.close()

# END



>
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com <Skype%3Aalex@rtpty.com>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100623/d9cd5a71/attachment.html
From alex at rtpty.com  Wed Jun 23 18:15:32 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 23 18:16:01 2010
Subject: Mailwatchy kind of question but not really OT
In-Reply-To: <AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com>
References: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry><AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com>
Message-ID: <1513016389-1277313335-cardhu_decombobulator_blackberry.rim.net-1836810372-@bda942.bisx.prod.on.blackberry>

Thanks! How could one modify the "select" so that only one record is sent, as a test?
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Eduardo Casarero <ecasarero@gmail.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 23 Jun 2010 14:09:38 
To: MailScanner discussion<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: Mailwatchy kind of question but not really OT

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From ecasarero at gmail.com  Wed Jun 23 18:25:36 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Wed Jun 23 18:26:06 2010
Subject: Mailwatchy kind of question but not really OT
In-Reply-To: <1513016389-1277313335-cardhu_decombobulator_blackberry.rim.net-1836810372-@bda942.bisx.prod.on.blackberry>
References: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>
	<AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com> 
	<1513016389-1277313335-cardhu_decombobulator_blackberry.rim.net-1836810372-@bda942.bisx.prod.on.blackberry>
Message-ID: <AANLkTintkDELpDbSOQONh0mXqP4zcJbzcSO3atndRt78@mail.gmail.com>

2010/6/23 Alex Neuman <alex@rtpty.com>

> Thanks! How could one modify the "select" so that only one record is sent,
> as a test?
>

you can try this sentence:

select id,hostname from maillog_table WHERE quarantined='1' limit 1;
+----------------+----------+
| id             | hostname |
+----------------+----------+
| o4A1jN4L015623 | server-1  |
+----------------+----------+

this will bring you the first quarantined email in the table.

some tips:

locate the file "release_msg.php" in your system and first try this:
(server-1 must be findable in /etc/hosts) this command will send to "
youremail@yourdomain.com" the quarantined email also if the original
destination wasnt that address.

"php /path_to/release_msg.php server-1 80 o4A1jN4L015623
youremail@yourdomain.com"

 after you get this release part working you can edit it in the script and
try it with the sql (with limit 1).

the script also adds a random delay bewteen releases so you dont kill your
server.



> --
>
> Alex Neuman
> BBM 20EA17C5
> +507 6781-9505
> Skype:alex@rtpty.com <Skype%3Aalex@rtpty.com>
>
> -----Original Message-----
> From: Eduardo Casarero <ecasarero@gmail.com>
> Sender: mailscanner-bounces@lists.mailscanner.info
> Date: Wed, 23 Jun 2010 14:09:38
> To: MailScanner discussion<mailscanner@lists.mailscanner.info>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: Mailwatchy kind of question but not really OT
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100623/61ad1396/attachment.html
From Kevin_Miller at ci.juneau.ak.us  Wed Jun 23 20:52:58 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 23 20:53:17 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <EMEW3|9cd5c946fb2fbaeeda63e893a5353d35m5MDLl0bMailScanner|ecs.soton.ac.uk|4C21FC57.6050004@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>
	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>
	<201006221525.o5MFPJue000957@safir.blacknight.ie>
	<4C21FC57.6050004@ecs.soton.ac.uk>
	<EMEW3|9cd5c946fb2fbaeeda63e893a5353d35m5MDLl0bMailScanner|ecs.soton.ac.uk|4C21FC57.6050004@ecs.soton.ac.uk>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867EA@city-exchange07>

Jules Field wrote:
> I have just updated the ClamAV+SpamAssassin package to SpamAssassin
> 3.3.1. 

Thank you Jules.  Are the additional perl modules included or we need to get those from cpan or repositories? (If available - SUSE seems to be missing some perl niceties.)

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From Kevin_Miller at ci.juneau.ak.us  Wed Jun 23 21:06:38 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 23 21:06:48 2010
Subject: Script in email
In-Reply-To: <4C20D5E0.2080907@msapiro.net>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
	<4C20D5E0.2080907@msapiro.net>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>

Mark Sapiro wrote:
> On 11:59 AM, Kevin Miller wrote:
snip
> 
> I sent your file through my MailScanner 4.80.10 and the script was
> disarmed. The result is in the attached mail.zip. 

Hmmm.  I just grepped my /var/spool/MailScanner/quarantine/ folder recursely and none of the messages with <SCRIPT in there are being rewritten as they are in yours.

Mark's example:
  <MailScannerScript30358 SCRIPT class=3Dxnet_script>
  snip
  </MailScannerScript30358>

What perl modules are responsible for that?  For example, in the optional modules section of "MailScaner -v" I don't have Encode::Detect.  So I'm thinking maybe it's an optional module and the script disarm parameter is just being ignored?

Thanks...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From alex at rtpty.com  Wed Jun 23 21:33:20 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 23 21:33:35 2010
Subject: Mailwatchy kind of question but not really OT
In-Reply-To: <AANLkTintkDELpDbSOQONh0mXqP4zcJbzcSO3atndRt78@mail.gmail.com>
References: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>
	<AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com>
	<1513016389-1277313335-cardhu_decombobulator_blackberry.rim.net-1836810372-@bda942.bisx.prod.on.blackberry>
	<AANLkTintkDELpDbSOQONh0mXqP4zcJbzcSO3atndRt78@mail.gmail.com>
Message-ID: <1D56910A-ED0C-48ED-98D6-6B60BCBAE2BD@rtpty.com>

What about "Headers contains 'jqpublic'" and is Spam (>0 = TRUE) is equal to '0'?
That would give me a full listing of anything that even mentioned jqpublic in the header, except for obvious spam.

On Jun 23, 2010, at 12:25 PM, Eduardo Casarero wrote:

> select id,hostname from maillog_table WHERE quarantined='1' limit 1;
> 

From alex at rtpty.com  Wed Jun 23 21:34:08 2010
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jun 23 21:34:19 2010
Subject: Mailwatchy kind of question but not really OT
In-Reply-To: <AANLkTintkDELpDbSOQONh0mXqP4zcJbzcSO3atndRt78@mail.gmail.com>
References: <920799042-1277311734-cardhu_decombobulator_blackberry.rim.net-200795471-@bda942.bisx.prod.on.blackberry>
	<AANLkTimTSUm1Gaa8UCRttZzsKXaLIGOVO7paVerI8Zgn@mail.gmail.com>
	<1513016389-1277313335-cardhu_decombobulator_blackberry.rim.net-1836810372-@bda942.bisx.prod.on.blackberry>
	<AANLkTintkDELpDbSOQONh0mXqP4zcJbzcSO3atndRt78@mail.gmail.com>
Message-ID: <32F1B727-E5B1-4B8D-B210-B1E88FB0218A@rtpty.com>

BTW I can't find "release_msg.php" anywhere. What package is it part of?

On Jun 23, 2010, at 12:25 PM, Eduardo Casarero wrote:

> locate the file "release_msg.php" in your system and first try this: (server-1 must be findable in /etc/hosts) this command will send to "youremail@yourdomain.com" the quarantined email also if the original destination wasnt that address.
> 

From MailScanner at ecs.soton.ac.uk  Wed Jun 23 22:05:37 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 22:05:57 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867EA@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>	<FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>	<201006221525.o5MFPJue000957@safir.blacknight.ie>	<4C21FC57.6050004@ecs.soton.ac.uk>	<EMEW3|9cd5c946fb2fbaeeda63e893a5353d35m5MDLl0bMailScanner|ecs.soton.ac.uk|4C21FC57.6050004@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867EA@city-exchange07>
	<4C227721.6090004@ecs.soton.ac.uk>
Message-ID: <EMEW3|c3ea10d3496c839328d06a6665c8f53cm5MM5g0bMailScanner|ecs.soton.ac.uk|4C227721.6090004@ecs.soton.ac.uk>



On 23/06/2010 20:52, Kevin Miller wrote:
> Jules Field wrote:
>    
>> I have just updated the ClamAV+SpamAssassin package to SpamAssassin
>> 3.3.1.
>>      
> Thank you Jules.  Are the additional perl modules included or we need to get those from cpan or repositories? (If available - SUSE seems to be missing some perl niceties.)
>    
Did the pre-requisites change between 3.3.0 and 3.3.1?
All the modules required by 3.3.0 are in there, in the correct order.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed Jun 23 22:06:57 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 22:07:08 2010
Subject: Script in email
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>	<4C20D5E0.2080907@msapiro.net>
	<4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>
	<4C227771.6000508@ecs.soton.ac.uk>
Message-ID: <EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>



On 23/06/2010 21:06, Kevin Miller wrote:
> Mark Sapiro wrote:
>    
>> On 11:59 AM, Kevin Miller wrote:
>>      
> snip
>    
>> I sent your file through my MailScanner 4.80.10 and the script was
>> disarmed. The result is in the attached mail.zip.
>>      
> Hmmm.  I just grepped my /var/spool/MailScanner/quarantine/ folder recursely and none of the messages with<SCRIPT in there are being rewritten as they are in yours.
>
> Mark's example:
>    <MailScannerScript30358 SCRIPT class=3Dxnet_script>
>    snip
>    </MailScannerScript30358>
>
> What perl modules are responsible for that?  For example, in the optional modules section of "MailScaner -v" I don't have Encode::Detect.  So I'm thinking maybe it's an optional module and the script disarm parameter is just being ignored?
>    
As long as you've HTML::Parser you should get this feature. It's all 
part of the HTML disarming code that I wrote.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Kevin_Miller at ci.juneau.ak.us  Wed Jun 23 22:12:42 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 23 22:12:54 2010
Subject: Spamassassin 3.3.1
In-Reply-To: <EMEW3|c3ea10d3496c839328d06a6665c8f53cm5MM5g0bMailScanner|ecs.soton.ac.uk|4C227721.6090004@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D1@city-exchange07>
	<27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk><EMEW3|bedc03a735cf7a0ae421c929f815de86m5KNfk03jkf|ecs.soton.ac.uk|27F9223A-A865-4DFF-80A4-77A380342CB2@ecs.soton.ac.uk>
	<FLATULOUSnXIPWaWL3v0000171c@flatulous.aoc-uk.com>
	<201006221525.o5MFPJue000957@safir.blacknight.ie>
	<4C21FC57.6050004@ecs.soton.ac.uk>
	<EMEW3|9cd5c946fb2fbaeeda63e893a5353d35m5MDLl0bMailScanner|ecs.soton.ac.uk|4C21FC57.6050004@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867EA@city-exchange07>
	<4C227721.6090004@ecs.soton.ac.uk>
	<EMEW3|c3ea10d3496c839328d06a6665c8f53cm5MM5g0bMailScanner|ecs.soton.ac.uk|4C227721.6090004@ecs.soton.ac.uk>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867ED@city-exchange07>

Jules Field wrote:
> On 23/06/2010 20:52, Kevin Miller wrote:
>> Jules Field wrote:
>> 
>>> I have just updated the ClamAV+SpamAssassin package to SpamAssassin
>>> 3.3.1.
>>> 
>> Thank you Jules.  Are the additional perl modules included or we need
>> to get those from cpan or repositories? (If available - SUSE seems to
>> be missing some perl niceties.)
>> 
> Did the pre-requisites change between 3.3.0 and 3.3.1?
> All the modules required by 3.3.0 are in there, in the correct order.

Sorry - yes, I believe they're the same.  I'm still on 3.2.5.  I'm sure I'll be all set then when I run your package.

Much appreciated...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From Kevin_Miller at ci.juneau.ak.us  Wed Jun 23 22:19:58 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 23 22:20:08 2010
Subject: Script in email
In-Reply-To: <EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
	<4C20D5E0.2080907@msapiro.net>
	<4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>
	<4C227771.6000508@ecs.soton.ac.uk>
	<EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867EE@city-exchange07>

Jules Field wrote:

>> What perl modules are responsible for that?  For example, in the
>> optional modules section of "MailScaner -v" I don't have
>> Encode::Detect.  So I'm thinking maybe it's an optional module and
>> the script disarm parameter is just being ignored?   
>> 
> As long as you've HTML::Parser you should get this feature. It's all
> part of the HTML disarming code that I wrote. 

Weird.  HTML::Parser is there.  But these are Outlook messages coming in. Would it be affected by the missing Convert::TNEF?


mxg:/var/spool/MailScanner/quarantine # MailScanner -v
Running on
Linux mxg 2.6.16.60-0.66.1-smp #1 SMP Fri May 28 12:10:21 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
This is SUSE Linux Enterprise Server 10 (x86_64)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.78.17
Module versions are:
1.00    AnyDBM_File
1.16    Archive::Zip
0.23    bignum
1.04    Carp
1.41    Compress::Zlib
1.119   Convert::BinHex
missing Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.20    File::Temp
0.90    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.89    Math::BigInt
0.22    Math::BigRat
3.07    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.07    MIME::QuotedPrint
5.427   MIME::Tools
0.13    Net::CIDR
1.25    Net::IP
0.16    OLE::Storage_Lite
1.04    Pod::Escapes
3.05    Pod::Simple
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
2.16    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.26    Test::Pod
0.86    Test::Simple
1.9707  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.29    Archive::Tar
0.23    bignum
1.82    Business::ISBN
1.10    Business::ISBN::Data
1.08    Data::Dump
1.814   DB_File
1.25    DBD::SQLite
1.607   DBI
1.15    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
missing Encode::Detect
0.17008 Error
0.18    ExtUtils::CBuilder
2.18    ExtUtils::ParseXS
2.38    Getopt::Long
0.44    Inline
1.08    IO::String
1.04    IO::Zlib
2.21    IP::Country
missing Mail::ClamAV
3.002005        Mail::SpamAssassin
v2.004  Mail::SPF
1.999001        Mail::SPF::Query
0.2808  Module::Build
0.20    Net::CIDR::Lite
0.65    Net::DNS
0.002.2 Net::DNS::Resolver::Programmable
0.33    Net::LDAP
 4.004  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
2.64    Test::Harness
0.95    Test::Manifest
1.98    Text::Balanced
1.35    URI
0.7203  version
0.62    YAML

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From bbecken at aafp.org  Wed Jun 23 22:31:52 2010
From: bbecken at aafp.org (Brad Beckenhauer)
Date: Wed Jun 23 22:32:19 2010
Subject: MailScanner and Sendmail on Centos 5.5
Message-ID: <4C2236F80200006800054F50@smtp.aafp.org>

I'm building a new MailScanner system on Centos 5.5-64bit and this time I'm wanting to use Sendmail instead of Postfix.  My experience base has been with Postfix, so I've been doing abit of reading for the archives.
 
I read the "Configure Sendmail" notes on http://mailscanner.info/other.html and looked at the sendmail startup script.   I could insert the recommended sendmail start lines into the script, but I'm not so sure about how it will effect the "sm-msp-queue" code just below it.
 
Since I'm a newbie at Sendmail, I wanted to ask for input for those of you who have more sendmail experience. 
 
Here are the recommend start lines from the mailscanner.info website and the "start" code section from the sendmail start script.
 
How are you sendmail folks configuring your systems?
 
- thank you
 
Brad
 
 
    sendmail -bd -q15m
 
You should change this to the following two lines:
 
    sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in
    sendmail -q15m
 
 
start() {
        # Start daemons.
 
        echo -n $"Starting $prog: "
        if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
          make all -C /etc/mail -s > /dev/null
        else
          for i in virtusertable access domaintable mailertable ; do
            if [ -f /etc/mail/$i ] ; then
                makemap hash /etc/mail/$i < /etc/mail/$i
            fi
          done
        fi
        /usr/bin/newaliases > /dev/null 2>&1
        daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
                        $([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
 
        if ! test -f /var/run/sm-client.pid ; then
        echo -n $"Starting sm-client: "
        touch /var/run/sm-client.pid
        chown smmsp:smmsp /var/run/sm-client.pid
        if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
            /sbin/restorecon /var/run/sm-client.pid
        fi
        daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \
                        -q$SMQUEUE $SENDMAIL_OPTARG
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client
        fi
 
        return $RETVAL
}
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100623/12c28a59/attachment-0001.html
From ecasarero at gmail.com  Wed Jun 23 22:56:07 2010
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Wed Jun 23 22:56:22 2010
Subject: MailScanner and Sendmail on Centos 5.5
In-Reply-To: <4C2236F80200006800054F50@smtp.aafp.org>
References: <4C2236F80200006800054F50@smtp.aafp.org>
Message-ID: <1013575576-1277330167-cardhu_decombobulator_blackberry.rim.net-263123399-@bda2775.bisx.prod.on.blackberry>

Why are you moving from postfix to sendmail?

Afaik most of people move from sendmail to postfix.

Sent from my BB.

-----Original Message-----
From: "Brad Beckenhauer" <bbecken@aafp.org>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Wed, 23 Jun 2010 16:31:52 
To: <mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: MailScanner and Sendmail on Centos 5.5

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From MailScanner at ecs.soton.ac.uk  Wed Jun 23 22:58:07 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 22:58:22 2010
Subject: Script in email
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867EE@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>	<4C20D5E0.2080907@msapiro.net>	<4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>	<4C227771.6000508@ecs.soton.ac.uk>	<EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867EE@city-exchange07>
	<4C22836F.8030400@ecs.soton.ac.uk>
Message-ID: <EMEW3|88afa8f96bf0c0d322c4706498b60634m5MMwA0bMailScanner|ecs.soton.ac.uk|4C22836F.8030400@ecs.soton.ac.uk>



On 23/06/2010 22:19, Kevin Miller wrote:
> Jules Field wrote:
>
>    
>>> What perl modules are responsible for that?  For example, in the
>>> optional modules section of "MailScaner -v" I don't have
>>> Encode::Detect.  So I'm thinking maybe it's an optional module and
>>> the script disarm parameter is just being ignored?
>>>
>>>        
>> As long as you've HTML::Parser you should get this feature. It's all
>> part of the HTML disarming code that I wrote.
>>      
> Weird.  HTML::Parser is there.  But these are Outlook messages coming in. Would it be affected by the missing Convert::TNEF?
>    
Nothing to do with TNEF at all.
>
> mxg:/var/spool/MailScanner/quarantine # MailScanner -v
> Running on
> Linux mxg 2.6.16.60-0.66.1-smp #1 SMP Fri May 28 12:10:21 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
> This is SUSE Linux Enterprise Server 10 (x86_64)
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.78.17
> Module versions are:
> 1.00    AnyDBM_File
> 1.16    Archive::Zip
> 0.23    bignum
> 1.04    Carp
> 1.41    Compress::Zlib
> 1.119   Convert::BinHex
> missing Convert::TNEF
> 2.121_08        Data::Dumper
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 1.08    File::Path
> 0.20    File::Temp
> 0.90    Filesys::Df
> 1.35    HTML::Entities
> 3.56    HTML::Parser
> 2.37    HTML::TokeParser
> 1.23    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.04    Mail::Header
> 1.89    Math::BigInt
> 0.22    Math::BigRat
> 3.07    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.07    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.13    Net::CIDR
> 1.25    Net::IP
> 0.16    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.05    Pod::Simple
> 1.09    POSIX
> 1.19    Scalar::Util
> 1.78    Socket
> 2.16    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> 1.26    Test::Pod
> 0.86    Test::Simple
> 1.9707  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.29    Archive::Tar
> 0.23    bignum
> 1.82    Business::ISBN
> 1.10    Business::ISBN::Data
> 1.08    Data::Dump
> 1.814   DB_File
> 1.25    DBD::SQLite
> 1.607   DBI
> 1.15    Digest
> 1.01    Digest::HMAC
> 2.36    Digest::MD5
> 2.11    Digest::SHA1
> missing Encode::Detect
> 0.17008 Error
> 0.18    ExtUtils::CBuilder
> 2.18    ExtUtils::ParseXS
> 2.38    Getopt::Long
> 0.44    Inline
> 1.08    IO::String
> 1.04    IO::Zlib
> 2.21    IP::Country
> missing Mail::ClamAV
> 3.002005        Mail::SpamAssassin
> v2.004  Mail::SPF
> 1.999001        Mail::SPF::Query
> 0.2808  Module::Build
> 0.20    Net::CIDR::Lite
> 0.65    Net::DNS
> 0.002.2 Net::DNS::Resolver::Programmable
> 0.33    Net::LDAP
>   4.004  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 2.64    Test::Harness
> 0.95    Test::Manifest
> 1.98    Text::Balanced
> 1.35    URI
> 0.7203  version
> 0.62    YAML
>
> ...Kevin
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed Jun 23 22:59:37 2010
From: MailScanner at ecs.soton.ac.uk (Jules Field)
Date: Wed Jun 23 22:59:53 2010
Subject: MailScanner and Sendmail on Centos 5.5
In-Reply-To: <4C2236F80200006800054F50@smtp.aafp.org>
References: <4C2236F80200006800054F50@smtp.aafp.org>
	<4C2283C9.6030700@ecs.soton.ac.uk>
Message-ID: <EMEW3|15740d01204c46e5e7e348f585763bf6m5MMxe0bMailScanner|ecs.soton.ac.uk|4C2283C9.6030700@ecs.soton.ac.uk>

CentOS == RedHat for all intents and purposes.

So don't install the "Other" distribution at all. Just install the 
RedHat distribution and this will do everything for you. Don't hack or 
tweak anything, just run the installer and do what it says.

Jules.

On 23/06/2010 22:31, Brad Beckenhauer wrote:
> I'm building a new MailScanner system on Centos 5.5-64bit and this 
> time I'm wanting to use Sendmail instead of Postfix.  My experience 
> base has been with Postfix, so I've been doing abit of reading for the 
> archives.
> I read the "Configure Sendmail" notes on 
> http://mailscanner.info/other.html and looked at the sendmail startup 
> script.   I could insert the recommended sendmail start lines into the 
> script, but I'm not so sure about how it will effect 
> the "sm-msp-queue" code just below it.
> Since I'm a newbie at Sendmail, I wanted to ask for input for those of 
> you who have more sendmail experience.
> Here are the recommend start lines from the mailscanner.info website 
> and the "start" code section from the sendmail start script.
> How are you sendmail folks configuring your systems?
> - thank you
> Brad
>     sendmail -bd -q15m
> You should change this to the following two lines:
>     sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly 
> -OQueueDirectory=/var/spool/mqueue.in
>     sendmail -q15m
> start() {
>         # Start daemons.
>         echo -n $"Starting $prog: "
>         if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
>           make all -C /etc/mail -s > /dev/null
>         else
>           for i in virtusertable access domaintable mailertable ; do
>             if [ -f /etc/mail/$i ] ; then
>                 makemap hash /etc/mail/$i < /etc/mail/$i
>             fi
>           done
>         fi
>         /usr/bin/newaliases > /dev/null 2>&1
>         daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \
>                         $([ -n "$QUEUE" ] && echo -q$QUEUE) 
> $SENDMAIL_OPTARG
>         RETVAL=$?
>         echo
>         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
>         if ! test -f /var/run/sm-client.pid ; then
>         echo -n $"Starting sm-client: "
>         touch /var/run/sm-client.pid
>         chown smmsp:smmsp /var/run/sm-client.pid
>         if [ -x /usr/sbin/selinuxenabled ] && 
> /usr/sbin/selinuxenabled; then
>             /sbin/restorecon /var/run/sm-client.pid
>         fi
>         daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \
>                         -q$SMQUEUE $SENDMAIL_OPTARG
>         RETVAL=$?
>         echo
>         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client
>         fi
>         return $RETVAL
> }

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Kevin_Miller at ci.juneau.ak.us  Wed Jun 23 23:06:30 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 23 23:06:43 2010
Subject: Script in email
In-Reply-To: <EMEW3|88afa8f96bf0c0d322c4706498b60634m5MMwA0bMailScanner|ecs.soton.ac.uk|4C22836F.8030400@ecs.soton.ac.uk>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
	<4C20D5E0.2080907@msapiro.net>
	<4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>
	<4C227771.6000508@ecs.soton.ac.uk>
	<EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867EE@city-exchange07>
	<4C22836F.8030400@ecs.soton.ac.uk>
	<EMEW3|88afa8f96bf0c0d322c4706498b60634m5MMwA0bMailScanner|ecs.soton.ac.uk|4C22836F.8030400@ecs.soton.ac.uk>
Message-ID: <4A09477D575C2C4B86497161427DD94C14A6C867F0@city-exchange07>

Jules Field wrote:
>> Weird.  HTML::Parser is there.  But these are Outlook messages
>> coming in. Would it be affected by the missing Convert::TNEF? 
>> 
> Nothing to do with TNEF at all.

OK.  I installed it anyway.   Probably silently fix something else I didn't even know was broken! <g>


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From mark at msapiro.net  Thu Jun 24 02:33:43 2010
From: mark at msapiro.net (Mark Sapiro)
Date: Thu Jun 24 02:33:55 2010
Subject: New problem with ScamNailer updates.
Message-ID: <PC1952010062318334300009e8f8beb@msapiro>

It seems that starting some time Wednesday evening (23 June) GMT, all
attempts to HTTP GET anything like

 http://www.mailscanner.tv/emails.2010-254.1

return a 501 Not Implemented status and the document

<h1>Method Not Implemented</h1>

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jkf at ecs.soton.ac.uk  Thu Jun 24 08:32:26 2010
From: jkf at ecs.soton.ac.uk (Julian Field)
Date: Thu Jun 24 08:32:13 2010
Subject: Script in email
In-Reply-To: <4A09477D575C2C4B86497161427DD94C14A6C867F0@city-exchange07>
References: <4A09477D575C2C4B86497161427DD94C14A6C867D5@city-exchange07>
	<4C20D5E0.2080907@msapiro.net>
	<4A09477D575C2C4B86497161427DD94C14A6C867EB@city-exchange07>
	<4C227771.6000508@ecs.soton.ac.uk>
	<EMEW3|fb0665a900e392ad393beea8db45b00dm5MM6w0bMailScanner|ecs.soton.ac.uk|4C227771.6000508@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867EE@city-exchange07>
	<4C22836F.8030400@ecs.soton.ac.uk>
	<EMEW3|88afa8f96bf0c0d322c4706498b60634m5MMwA0bMailScanner|ecs.soton.ac.uk|4C22836F.8030400@ecs.soton.ac.uk>
	<4A09477D575C2C4B86497161427DD94C14A6C867F0@city-exchange07>
	<35C9D368-FBCA-4B66-A7F5-8FA4ABD8E27E@ecs.soton.ac.uk>
Message-ID: <EMEW3|3a858e74add9c4c73f0b19171b3aa53am5N8W103jkf|ecs.soton.ac.uk|35C9D368-FBCA-4B66-A7F5-8FA4ABD8E27E@ecs.soton.ac.uk>

Yes, it will give you TNEF handling which is necessary if people with badly-configured Exchange systems email you.

-- 
Jules
Sent from my iPad over 3G :-)

On 23 Jun 2010, at 11:06 PM, Kevin Miller <Kevin_Miller@ci.juneau.ak.us> wrote:

> Jules Field wrote:
>>> Weird.  HTML::Parser is there.  But these are Outlook messages
>>> coming in. Would it be affected by the missing Convert::TNEF? 
>>> 
>> Nothing to do with TNEF at all.
> 
> OK.  I installed it anyway.   Probably silently fix something else I didn't even know was broken! <g>
> 
> 
> ...Kevin
> -- 
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500--
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From spamlists at coders.co.uk  Thu Jun 24 08:50:39 2010
From: spamlists at coders.co.uk (Matt)
Date: Thu Jun 24 08:50:50 2010
Subject: New problem with ScamNailer updates.
In-Reply-To: <PC1952010062318334300009e8f8beb@msapiro>
References: <PC1952010062318334300009e8f8beb@msapiro>
Message-ID: <4C230E4F.3050701@coders.co.uk>

On 24/06/2010 02:33, Mark Sapiro wrote:
> It seems that starting some time Wednesday evening (23 June) GMT, all
> attempts to HTTP GET anything like
>
>  http://www.mailscanner.tv/emails.2010-254.1
>
> return a 501 Not Implemented status and the document
>
> <h1>Method Not Implemented</h1>
>
>   
There was a typo in the CDN config - missed a trailing slash.  It is now
working.

matt
From J.Ede at birchenallhowden.co.uk  Thu Jun 24 12:57:59 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Thu Jun 24 12:58:36 2010
Subject: Slightly OT: Postfix smtpd restrictions
Message-ID: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>

This is purely MTA based, but since a lot of users here run postfix...

How have others found reject_unknown_reverse_client_hostname and the more harsh reject_unknown_client_hostname  in postfix? I'm debating implementing them here and wonder if others have found them problematic or useful? I thinking they should be good for weeding out spam emails and I can't see that they should catch legitimate senders, but want to be sure.

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100624/77d68fd3/attachment.html
From zaeem.arshad at gmail.com  Thu Jun 24 13:28:25 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Thu Jun 24 13:28:36 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
Message-ID: <AANLkTimrWpVMdR2-d452MMkbpXPWeAWlZPfJ_rFzbVJ3@mail.gmail.com>

On Thu, Jun 24, 2010 at 4:57 PM, Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:
> This is purely MTA based, but since a lot of users here run postfix...
>
>
>
> How have others found reject_unknown_reverse_client_hostname and the more
> harsh reject_unknown_client_hostname ?in postfix? I?m debating implementing
> them here and wonder if others have found them problematic or useful? I
> thinking they should be good for weeding out spam emails and I can?t see
> that they should catch legitimate senders, but want to be sure.
>
>

I had implemented these but had to remove them because many of our
customers were receiving emails from misconfigured servers. Try
prefixing it with warning_if_reject and see how many hits you get. You
can analyze those and then decide for yourself.


--
Zaeem
From ram at netcore.co.in  Thu Jun 24 13:50:50 2010
From: ram at netcore.co.in (Ram)
Date: Thu Jun 24 13:51:59 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
Message-ID: <1277383851.29165.37.camel@darkstar.netcore.co.in>

On Thu, 2010-06-24 at 12:57 +0100, Jason Ede wrote:
> This is purely MTA based, but since a lot of users here run postfix...
> 
>  
> 
> How have others found reject_unknown_reverse_client_hostnameand the
> more harsh reject_unknown_client_hostname in postfix? I?m debating
> implementing them here and wonder if others have found them
> problematic or useful? I thinking they should be good for weeding out
> spam emails and I can?t see that they should catch legitimate senders,
> but want to be sure.
> 

That sure catches a lot of mails sent directly from BOTs.  If you have
multiple MX servers use them only on the lowest MX, If any legitimate
mail is rejected then they would retry on the higher MX 

This is what I do , but I am not sure I can say it has helped for sure,
because BOTs too can retry 




From john at tradoc.fr  Thu Jun 24 13:51:46 2010
From: john at tradoc.fr (John Wilcock)
Date: Thu Jun 24 13:52:07 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
Message-ID: <4C2354E2.1080808@tradoc.fr>

Le 24/06/2010 13:57, Jason Ede a ?crit :
> This is purely MTA based, but since a lot of users here run postfix...
>
> How have others found *reject_unknown_reverse_client_hostname** *and the
> more harsh *reject_unknown_client_hostname** * in postfix? I?m debating
> implementing them here and wonder if others have found them problematic
> or useful? I thinking they should be good for weeding out spam emails
> and I can?t see that they should catch legitimate senders, but want to
> be sure.

In theory they *shouldn't* catch legit senders, but in practice not 
everyone has well-configured rDNS.

Quickly grepping through my recent logs for 'unknown\[' and counting 
either 'hold:' or 'reject:' shows that almost exactly 99% of those with 
unknown reverse DNS are rejected by other restrictions (primarily 
reject_non_fqdn_helo_hostname, reject_unlisted_recipient, 
reject_rbl_client zen.spamhaus.org). Of the 1% that aren't rejected, 
about a quarter are genuine regular correspondents. It would be possible 
to whitelist those regulars, of course, but IMO it wouldn't be worth the 
hassle.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From peter.ong at hypermediasystems.com  Thu Jun 24 14:59:29 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun 24 14:59:40 2010
Subject: How do I beat this spam?
In-Reply-To: <102918091.49590.1277308087310.JavaMail.root@mail021.dti>
Message-ID: <120248062.50100.1277387969339.JavaMail.root@mail021.dti>

Does anyone have any suggestions? I got the same message again. Thank you in advance.

p

----- Original Message -----

> From: "Peter Ong" <peter.ong@hypermediasystems.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Wednesday, June 23, 2010 8:48:07 AM
> Subject: Re: How do I beat this spam?
> 
> Hey Alex,
> 
> Sorry about that. I didn't know about pastebin.
> 
> Here's the original message with headers:
> http://pastebin.com/NpZnVU2T
> 
> Here's the original as rendered by my mua:
> http://pastebin.com/xRNU7h34
> 
> So, how do I beat this spam when it comes in as the original email?
> Does MailScanner scan the message too in the form my mua reads it?
> 
> p
From ms-list at alexb.ch  Thu Jun 24 15:15:37 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Thu Jun 24 15:15:52 2010
Subject: How do I beat this spam?
In-Reply-To: <120248062.50100.1277387969339.JavaMail.root@mail021.dti>
References: <120248062.50100.1277387969339.JavaMail.root@mail021.dti>
Message-ID: <4C236889.3080001@alexb.ch>

On 2010-06-24 15:59, Peter Ong wrote:
> Does anyone have any suggestions? I got the same message again. Thank you in advance.

you do realize that http://pastebin.com/xRNU7h34 is the webmail's HTML 
source and not the the *decoded* msg, right?

by MUA we normally mean a "mail program" or "mail client" which runs on 
a PC of some sort and not a webmail.



> ----- Original Message -----
> 
>> From: "Peter Ong" <peter.ong@hypermediasystems.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Wednesday, June 23, 2010 8:48:07 AM
>> Subject: Re: How do I beat this spam?
>>
>> Hey Alex,
>>
>> Sorry about that. I didn't know about pastebin.
>>
>> Here's the original message with headers:
>> http://pastebin.com/NpZnVU2T
>>
>> Here's the original as rendered by my mua:
>> http://pastebin.com/xRNU7h34
>>
>> So, how do I beat this spam when it comes in as the original email?
>> Does MailScanner scan the message too in the form my mua reads it?
>>
>> p
From peter.ong at hypermediasystems.com  Thu Jun 24 15:28:32 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Thu Jun 24 15:28:43 2010
Subject: How do I beat this spam?
In-Reply-To: <4C236889.3080001@alexb.ch>
Message-ID: <1284961724.50138.1277389712333.JavaMail.root@mail021.dti>

Bonjour Alex,

> by MUA we normally mean a "mail program" or "mail client" which runs
> on 
> a PC of some sort and not a webmail.

I know what MUA means.

> you do realize that http://pastebin.com/xRNU7h34 is the webmail's HTML
> 
> source and not the the *decoded* msg, right?

I pasted two: one is the base64 and the other is as seen by my mua. Is that not it?

In any case, I have discovered that the client ip is unknown so I added to postfix "reject_unknown_client_hostname". Although, I was hoping to be able to reject this email based on its contents in case it gets past this hurdle. Thanks in advance.

p


----- Original Message -----

> From: "Alex Broens" <ms-list@alexb.ch>
> To: mailscanner@lists.mailscanner.info
> Sent: Thursday, June 24, 2010 7:15:37 AM
> Subject: Re: How do I beat this spam?
> 
> On 2010-06-24 15:59, Peter Ong wrote:
> > Does anyone have any suggestions? I got the same message again.
> Thank you in advance.
> 
> you do realize that http://pastebin.com/xRNU7h34 is the webmail's HTML
> 
> source and not the the *decoded* msg, right?
> 
> by MUA we normally mean a "mail program" or "mail client" which runs
> on 
> a PC of some sort and not a webmail.
> 
> 
> 
> > ----- Original Message -----
> > 
> >> From: "Peter Ong" <peter.ong@hypermediasystems.com>
> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> >> Sent: Wednesday, June 23, 2010 8:48:07 AM
> >> Subject: Re: How do I beat this spam?
> >>
> >> Hey Alex,
> >>
> >> Sorry about that. I didn't know about pastebin.
> >>
> >> Here's the original message with headers:
> >> http://pastebin.com/NpZnVU2T
> >>
> >> Here's the original as rendered by my mua:
> >> http://pastebin.com/xRNU7h34
> >>
> >> So, how do I beat this spam when it comes in as the original
> email?
> >> Does MailScanner scan the message too in the form my mua reads it?
> >>
> >> p
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From john at tradoc.fr  Thu Jun 24 15:32:10 2010
From: john at tradoc.fr (John Wilcock)
Date: Thu Jun 24 15:32:28 2010
Subject: How do I beat this spam?
In-Reply-To: <102918091.49590.1277308087310.JavaMail.root@mail021.dti>
References: <102918091.49590.1277308087310.JavaMail.root@mail021.dti>
Message-ID: <4C236C6A.10307@tradoc.fr>

Le 23/06/2010 17:48, Peter Ong a ?crit :
> Here's the original message with headers:
> http://pastebin.com/NpZnVU2T

That scores pretty high here (see below). Admittedly most of the points 
are from Bayes and network checks, but even if the sender wasn't 
blacklisted at the time you received the mail there should have been 
enough fodder to score as spam.

> Content analysis details:   (15.2 points, 5.0 required)
>
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
>                             https://senderscore.org/blacklistlookup/
>                             [208.92.232.69 listed in bl.score.senderscore.com]
>  1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
>                             [208.92.232.69 listed in bb.barracudacentral.org]
>  1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                             [URIs: netmagasap.com]
>  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>                             [score: 1.0000]
>  0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
>  0.4 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  0.8 MPART_ALT_DIFF         BODY: HTML and text parts are different
>  0.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>  0.0 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
>  1.5 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>  0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
>  1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>                             above 50%
>                             [cf: 100]
>  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>                             [cf: 100]
>  0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
>  0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
>  0.0 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
>  0.0 T_REMOTE_IMAGE         Message contains an external image

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From ssilva at sgvwater.com  Thu Jun 24 15:45:14 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jun 24 15:45:40 2010
Subject: Making bayesian filter detect some new spam
In-Reply-To: <AANLkTik6IuzJkbGVjyp01AQn0d9DfdjKt_3Yfq_qNE9Y@mail.gmail.com>
References: <AANLkTik6IuzJkbGVjyp01AQn0d9DfdjKt_3Yfq_qNE9Y@mail.gmail.com>
Message-ID: <hvvr1s$5na$1@dough.gmane.org>

on 6-23-2010 8:22 AM Mauricio Tavares spake the following:
> I have been getting some spam that has not been triggering the
> bayesian filter. At least it seems that no matter how many times I
> feed them (sa-learn), I still get nothing on bayesian. So, let's take
> a look at the header of one of the latest offending emails (the full
> email is hiding at http://pastebin.com/S8Hfid2V):
> 
> Return-Path: <errores@energysistemonline.com>
> Delivered-To: rt@domain.com
> Received: from correo.energysistemonline.com
> (correo.energysistemonline.com [94.127.190.73])
> 	by mail.domain.com (Postfix) with ESMTP id 1D50A84402F
> 	for <support@domain.com>; Tue, 22 Jun 2010 21:46:30 -0400 (EDT)
> From: =?iso-8859-1?Q?Beatriz_G=F3mez_Esparza_-_Energy_Sis?=
> 	=?iso-8859-1?Q?tem?= <beatriz.gomez.esparza@energysistemonline.com>
> To: =?iso-8859-1?Q?Canal_de_distribuci?=
> 	=?iso-8859-1?Q?=F3n?= <support@domain.com>
> Subject: =?iso-8859-1?Q?Nuevo_T5850_HDTV_-_Canales_de_televisi=F3n_en_alta_definic?=
> 	=?iso-8859-1?Q?i=F3n?=
> Sender: =?iso-8859-1?Q?Beatriz_G=F3mez_Esparza_-_Energy_Sis?=
> 	=?iso-8859-1?Q?tem?= <beatriz.gomez.esparza@energysistemonline.com>
> Mime-Version: 1.0
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Date: Wed, 23 Jun 2010 03:46:28 +0200
> Message-ID: <20100623014628zzz.4668292A2AF307E8@sionemailing>
> X-Mailer: ICS SMTP Component V2.53
> X-domain-com-MailScanner-Information: Please contact the ISP for more
> information
> X-domain-com-MailScanner-ID: 1D50A84402F.AFF1A
> X-domain-com-MailScanner: Found to be clean
> X-domain-com-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> 	score=4.658, required 4.7, BAYES_50 0.00, FUZZY_AMBIEN 2.30,
> 	HTML_MESSAGE 0.90, MIME_HTML_ONLY 1.46)
> X-domain-com-MailScanner-SpamScore: ****
> X-domain-com-MailScanner-From: errores@energysistemonline.com
> X-Spam-Status: No
> 
> As you can see, BAYES completely ignored it. Since this is not the
> first time we received an email like this, and I do run sa-learn every
> night on the spam folders (I do move these emails to the said
> directories), I feel like I must be missing something. Suggestions?
It hit on bayes_50. Your system has that score set to 0.00

From bonivart at opencsw.org  Thu Jun 24 16:13:37 2010
From: bonivart at opencsw.org (Peter Bonivart)
Date: Thu Jun 24 16:14:06 2010
Subject: Making bayesian filter detect some new spam
In-Reply-To: <hvvr1s$5na$1@dough.gmane.org>
References: <AANLkTik6IuzJkbGVjyp01AQn0d9DfdjKt_3Yfq_qNE9Y@mail.gmail.com> 
	<hvvr1s$5na$1@dough.gmane.org>
Message-ID: <AANLkTilJA4v_xogwWI1pCKx89VwLe45MOumZCbYjXSf6@mail.gmail.com>

On Thu, Jun 24, 2010 at 4:45 PM, Scott Silva <ssilva@sgvwater.com> wrote:
> It hit on bayes_50. Your system has that score set to 0.00

Isn't it reasonable to score that as zero? Bayes thinks it's 50%
chance it's spam (or 50% chance it's ham). To me that's worth 0.00.

-- 
/peter
From ssilva at sgvwater.com  Thu Jun 24 16:23:02 2010
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jun 24 16:23:24 2010
Subject: Making bayesian filter detect some new spam
In-Reply-To: <AANLkTilJA4v_xogwWI1pCKx89VwLe45MOumZCbYjXSf6@mail.gmail.com>
References: <AANLkTik6IuzJkbGVjyp01AQn0d9DfdjKt_3Yfq_qNE9Y@mail.gmail.com>
	<hvvr1s$5na$1@dough.gmane.org>
	<AANLkTilJA4v_xogwWI1pCKx89VwLe45MOumZCbYjXSf6@mail.gmail.com>
Message-ID: <hvvt8n$fn8$1@dough.gmane.org>

on 6-24-2010 8:13 AM Peter Bonivart spake the following:
> On Thu, Jun 24, 2010 at 4:45 PM, Scott Silva <ssilva@sgvwater.com> wrote:
>> It hit on bayes_50. Your system has that score set to 0.00
> 
> Isn't it reasonable to score that as zero? Bayes thinks it's 50%
> chance it's spam (or 50% chance it's ham). To me that's worth 0.00.
> 
I was just saying that it did hit bayes. He needs to spend more time training his.

From luis.silva at dreamware.pt  Thu Jun 24 17:40:01 2010
From: luis.silva at dreamware.pt (Luis Silva)
Date: Thu Jun 24 17:39:57 2010
Subject: Stituation in users receiving mail
In-Reply-To: <201006232140.o5NLbGZP014831@safir.blacknight.ie>
References: <201006232140.o5NLbGZP014831@safir.blacknight.ie>
Message-ID: <001801cb13bb$e4075910$ac160b30$@silva@dreamware.pt>

Hi Jules,

I think that you are right.
In the conf I had %org-name% = myname, replace issues... the conf.orig is
%org-name% = yoursite, didn't read with the reading glasses...
Now is %org-name%=myname
  
I will restart the service and check this out.

Many thanks!
Luis Silva

Date: Wed, 23 Jun 2010 13:23:43 +0100
From: Jules Field <MailScanner@ecs.soton.ac.uk>
Subject: Re: Stituation in users receiving mail
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID:
 
<EMEW3|d7d8079183f37897e6cbe52012a2ee08m5MDNi0bMailScanner|ecs.soton.ac.uk|4
C21FCCF.6000104@ecs.soton.ac.uk>

Content-Type: text/plain; charset=UTF-8; format=flowed

Make sure you haven't got any spaces in the setting of %org-name% in
your MailScanner.conf file. The docs there clearly state that you aren't
allowed any spaces.

I suspect there is a space in a header name, with the result it is
treating that as the start of the body and so the following headers are
being shown in the body of the message in your users' email applications.

Jules.

On 23/06/2010 13:04, hvdkooij wrote:
> On Wed, 23 Jun 2010 12:59:41 +0100, Luis Silva  wrote:
>
> Hi,
>
> Some of my users are receiving some of the mail not "decoded". The message
> is received with all the smtp commands that are used in DATA section, like
>
>
> Return-Path:
> X-Original-To: XXX@XXXX
> Delivered-To: XXX@XXXX
>
> ???..
>
> This is occasional and if the message is resend again by the source, is
> received ok.
>
> Can this be a mailscanner issue?
>
> I think it is unlikely. I have seen this behaviour before with an
> application that is not using CRLF correctly for line endings. In order to
> find out the cause I would start with dumping the SMTP connections and see
> if the SMTP messages are using CRLF in the right way. I guess WireShark is
> your friend here.
>
> Hugo.
>
>

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

From elec.arun at gmail.com  Fri Jun 25 06:51:08 2010
From: elec.arun at gmail.com (arun gupta)
Date: Fri Jun 25 06:51:17 2010
Subject: configure different-2 rulesets for incoming and outgoing mails
Message-ID: <AANLkTikGEsGmRPsw8aTTqqkWYIzI9zUXsN9vW1vpE4JD@mail.gmail.com>

Dear Sir,

I have configured 2 MailScanner server, one for incoming and other
for

outgoing. For incoming I have defined strict rule-set (and also we are
not

using notification to senders)and for outgoing defined soft
rulsets(here

we are using notification to senders if any virus found), but i want
to

configure these rule-set on one MailScanner server, with
same

functionality as defined above.

-- 
    With Regards,
    Arun Kumar Gupta
    INDIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100625/92c7a7d3/attachment.html
From seven at seven.dorksville.net  Fri Jun 25 07:50:10 2010
From: seven at seven.dorksville.net (Anthony Giggins)
Date: Fri Jun 25 07:50:31 2010
Subject: MailScanner and Sendmail on Centos 5.5
In-Reply-To: <EMEW3|15740d01204c46e5e7e348f585763bf6m5MMxe0bMailScanner|ecs.soton.a
	c.uk|4C2283C9.6030700@ecs.soton.ac.uk>
References: <4C2236F80200006800054F50@smtp.aafp.org>
	<4C2283C9.6030700@ecs.soton.ac.uk>
	<EMEW3|15740d01204c46e5e7e348f585763bf6m5MMxe0bMailScanner|ecs.soton.ac.uk|4C2283C9.6030700@ecs.soton.ac.uk>
Message-ID: <61647.125.168.254.15.1277448610.squirrel@seven.dorksville.net>

> CentOS == RedHat for all intents and purposes.
>
> So don't install the "Other" distribution at all. Just install the
> RedHat distribution and this will do everything for you. Don't hack or
> tweak anything, just run the installer and do what it says.
>
> Jules.

Just remember by default sendmail only runs on localhost you need to edit
the sendmail.mc to and then regenerate the sendmail.cf

Cheers,

Anthony



From maxsec at gmail.com  Fri Jun 25 08:36:16 2010
From: maxsec at gmail.com (Martin Hepworth)
Date: Fri Jun 25 08:36:30 2010
Subject: configure different-2 rulesets for incoming and outgoing mails
In-Reply-To: <AANLkTikGEsGmRPsw8aTTqqkWYIzI9zUXsN9vW1vpE4JD@mail.gmail.com>
References: <AANLkTikGEsGmRPsw8aTTqqkWYIzI9zUXsN9vW1vpE4JD@mail.gmail.com>
Message-ID: <AANLkTimvnUjtKrzC9Nvz2G3nq0zoxjTzQJZdVHfuHes9@mail.gmail.com>

Hi

you can overload rulesets to achieve this depending on the ip-address the
email's coming from. But you'll need to do this all the rulesets. (see the
wiki)

On 25 June 2010 06:51, arun gupta <elec.arun@gmail.com> wrote:

> Dear Sir,
>
> I have configured 2 MailScanner server, one for incoming and other
> for
>
> outgoing. For incoming I have defined strict rule-set (and also we are
> not
>
> using notification to senders)and for outgoing defined soft
> rulsets(here
>
> we are using notification to senders if any virus found), but i want
> to
>
> configure these rule-set on one MailScanner server, with
> same
>
> functionality as defined above.
>
> --
>     With Regards,
>     Arun Kumar Gupta
>     INDIA
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100625/8f0f14a4/attachment.html
From drew.marshall at trunknetworks.com  Fri Jun 25 09:01:47 2010
From: drew.marshall at trunknetworks.com (Drew Marshall)
Date: Fri Jun 25 09:02:13 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
Message-ID: <D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>


On 24 Jun 2010, at 12:57, Jason Ede wrote:

> This is purely MTA based, but since a lot of users here run postfix...
>
> How have others found reject_unknown_reverse_client_hostname and the  
> more harsh reject_unknown_client_hostname  in postfix? I?m debating  
> implementing them here and wonder if others have found them  
> problematic or useful? I thinking they should be good for weeding  
> out spam emails and I can?t see that they should catch legitimate  
> senders, but want to be sure

I have to be honest, I ran this for a short while in warn mode and  
found that the number of people with mis-configured PTR records is  
huge (In the UK). For example, BT won't let anyone change their PTR,  
so EHLO/ HELO is always going to be a mismatch for these. Most people  
running Exchange 'naked' to the Internet end up having a EHLO as  
<name>.local or some such other non existent TLD so that ends up not  
matching either and so it goes on.

As ever YMMV but for me, I found other ways to combat spam coming from  
these sorts of connections such as RBLs etc.

Drew

-- 
In line with our policy, this message has been scanned for viruses and dangerous content.
Our email policy can be found at www.trunknetworks.com/policy

Trunk Networks Limited is registered in Scotland with registration number: SC351063
Registered Office 55-57 West High Street Inverurie AB51 3QQ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100625/2be21d00/attachment.html
From J.Ede at birchenallhowden.co.uk  Fri Jun 25 10:06:47 2010
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Fri Jun 25 10:07:15 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
	<D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
Message-ID: <1213490F1F316842A544A850422BFA963649D097C8@BHLSBS.bhl.local>

I was thinking of sticking with just the unknown_reverse_client_hostname rather than the stricter one. As far as I can gather from the docs only if the IP doesn't resolve to a hostname will the email be rejected.

Jason


From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew Marshall
Sent: 25 June 2010 09:02
To: MailScanner discussion
Subject: Re: Slightly OT: Postfix smtpd restrictions


On 24 Jun 2010, at 12:57, Jason Ede wrote:


This is purely MTA based, but since a lot of users here run postfix...

How have others found reject_unknown_reverse_client_hostname and the more harsh reject_unknown_client_hostname  in postfix? I'm debating implementing them here and wonder if others have found them problematic or useful? I thinking they should be good for weeding out spam emails and I can't see that they should catch legitimate senders, but want to be sure

I have to be honest, I ran this for a short while in warn mode and found that the number of people with mis-configured PTR records is huge (In the UK). For example, BT won't let anyone change their PTR, so EHLO/ HELO is always going to be a mismatch for these. Most people running Exchange 'naked' to the Internet end up having a EHLO as <name>.local or some such other non existent TLD so that ends up not matching either and so it goes on.

As ever YMMV but for me, I found other ways to combat spam coming from these sorts of connections such as RBLs etc.

Drew

--
In line with our policy, this message has been scanned for viruses and dangerous content.
Our email policy can be found at www.trunknetworks.com/policy<http://www.trunknetworks.com/policy>

Trunk Networks Limited is registered in Scotland with registration number: SC351063
Registered Office 55-57 West High Street Inverurie AB51 3QQ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100625/15551ab5/attachment.html
From ms-list at alexb.ch  Fri Jun 25 10:27:14 2010
From: ms-list at alexb.ch (Alex Broens)
Date: Fri Jun 25 10:27:28 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <1213490F1F316842A544A850422BFA963649D097C8@BHLSBS.bhl.local>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>	<D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
	<1213490F1F316842A544A850422BFA963649D097C8@BHLSBS.bhl.local>
Message-ID: <4C247672.9020601@alexb.ch>

On 2010-06-25 11:06, Jason Ede wrote:
> I was thinking of sticking with just the
> unknown_reverse_client_hostname rather than the stricter one. As far
> as I can gather from the docs only if the IP doesn't resolve to a
> hostname will the email be rejected.

iirc, this wil only generate a 450, as temporarily unresolvalble (as 
when your DNS has hickup)

bots may not come back, but misconfigured legit servers (mostly Exchange 
  boxes)  will hammer you with connections, possibly for days, and will 
probably cause support cases.


> 
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew
> Marshall Sent: 25 June 2010 09:02 To: MailScanner discussion Subject:
> Re: Slightly OT: Postfix smtpd restrictions
> 
> 
> On 24 Jun 2010, at 12:57, Jason Ede wrote:
> 
> 
> This is purely MTA based, but since a lot of users here run
> postfix...
> 
> How have others found reject_unknown_reverse_client_hostname and the
> more harsh reject_unknown_client_hostname  in postfix? I'm debating
> implementing them here and wonder if others have found them
> problematic or useful? I thinking they should be good for weeding out
> spam emails and I can't see that they should catch legitimate
> senders, but want to be sure
> 
> I have to be honest, I ran this for a short while in warn mode and
> found that the number of people with mis-configured PTR records is
> huge (In the UK).. For example, BT won't let anyone change their PTR,
> so EHLO/ HELO is always going to be a mismatch for these. Most people
> running Exchange 'naked' to the Internet end up having a EHLO as
> <name>.local or some such other non existent TLD so that ends up not
> matching either and so it goes on.
> 
> As ever YMMV but for me, I found other ways to combat spam coming
> from these sorts of connections such as RBLs etc.
> 
> Drew
> 
> -- In line with our policy, this message has been scanned for viruses
> and dangerous content. Our email policy can be found at
> www.trunknetworks.com/policy<http://www.trunknetworks.com/policy>
> 
> Trunk Networks Limited is registered in Scotland with registration
> number: SC351063 Registered Office 55-57 West High Street Inverurie
> AB51 3QQ
> 
From uxbod at splatnix.net  Fri Jun 25 14:05:08 2010
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Fri Jun 25 14:07:23 2010
Subject: How do I beat this spam?
In-Reply-To: <4C236C6A.10307@tradoc.fr>
Message-ID: <1806755627.288.1277471108752.JavaMail.root@office.splatnix.net>

----- Original Message -----
> Le 23/06/2010 17:48, Peter Ong a ?crit :
> > Here's the original message with headers:
> > http://pastebin.com/NpZnVU2T
> 
> That scores pretty high here (see below). Admittedly most of the
> points
> are from Bayes and network checks, but even if the sender wasn't
> blacklisted at the time you received the mail there should have been
> enough fodder to score as spam.
> 
> > Content analysis details: (15.2 points, 5.0 required)
> >
> >  pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> >  1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
> >                             https://senderscore.org/blacklistlookup/
> >                             [208.92.232.69 listed in
> >                             bl.score.senderscore.com]
> >  1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
> >                             [208.92.232.69 listed in
> >                             bb.barracudacentral.org]
> >  1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> >                             [URIs: netmagasap.com]
> >  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> >                             [score: 1.0000]
> >  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
> >  lines
> >  0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
> >  area
> >  0.0 HTML_MESSAGE BODY: HTML included in message
> >  0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
> >  0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> >  0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64
> >  encoding
> >  1.5 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
> >  0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> >  1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
> >  level
> >                             above 50%
> >                             [cf: 100]
> >  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> >                             [cf: 100]
> >  0.3 DIGEST_MULTIPLE Message hits more than one network digest check
> >  0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
> >  tag
> >  0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
> >  parts
> >  0.0 T_REMOTE_IMAGE Message contains an external image
> 
> John.
> 

Ya, I get a similar result to John:

Content analysis details:   (27.6 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.0 RCVD_IN_BRBL           RBL: Received via relay listed in Barracuda RBL
                            [208.92.232.69 listed in b.barracudacentral.org]
 1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: netmagasap.com]
 4.0 URIBL_IVMURI           Contains a URL listed on ivmURI found at invaluement.com
                            [URIs: netmagasap.com]
 1.5 RCVD_IN_JMF_BL         RBL: Sender listed in JMF-BLACK
                       [208.92.232.69 listed in hostkarma.junkemailfilter.com]
 1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
                            [208.92.232.69 listed in bb.barracudacentral.org]
 5.0 RCVD_IN_IVMSIP         RBL: listed on ivmSIP found at invaluement.com
                            [208.92.232.69 listed in sip.invaluement.com]
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay lines
 0.4 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                            [score: 0.4997]
 0.8 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.7 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 1.7 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
 1.1 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 1.4 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
 0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
 0.4 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
 0.0 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
 0.0 T_REMOTE_IMAGE         Message contains an external image

-- 
Thanks, Phil
From zaeem.arshad at gmail.com  Fri Jun 25 15:50:30 2010
From: zaeem.arshad at gmail.com (Zaeem Arshad)
Date: Fri Jun 25 15:50:39 2010
Subject: How do I beat this spam?
In-Reply-To: <1806755627.288.1277471108752.JavaMail.root@office.splatnix.net>
References: <4C236C6A.10307@tradoc.fr>
	<1806755627.288.1277471108752.JavaMail.root@office.splatnix.net>
Message-ID: <AANLkTinFpxJtxgljmiVkQmbihcTKYmr8kQFltl9bqhYd@mail.gmail.com>

On Fri, Jun 25, 2010 at 6:05 PM, --[ UxBoD ]-- <uxbod@splatnix.net> wrote:
> ----- Original Message -----
>> Le 23/06/2010 17:48, Peter Ong a ?crit :
>> > Here's the original message with headers:
>> > http://pastebin.com/NpZnVU2T
>>
>> That scores pretty high here (see below). Admittedly most of the
>> points
>> are from Bayes and network checks, but even if the sender wasn't
>> blacklisted at the time you received the mail there should have been
>> enough fodder to score as spam.
>>
>> > Content analysis details: (15.2 points, 5.0 required)
>> >
>> > ?pts rule name description
>> > ---- ----------------------
>> > --------------------------------------------------
>> > ?1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? https://senderscore.org/blacklistlookup/
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? bl.score.senderscore.com]
>> > ?1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? bb.barracudacentral.org]
>> > ?1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [URIs: netmagasap.com]
>> > ?3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [score: 1.0000]
>> > ?0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
>> > ?lines
>> > ?0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
>> > ?area
>> > ?0.0 HTML_MESSAGE BODY: HTML included in message
>> > ?0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
>> > ?0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>> > ?0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64
>> > ?encoding
>> > ?1.5 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>> > ?0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> > ?1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
>> > ?level
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? above 50%
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [cf: 100]
>> > ?0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [cf: 100]
>> > ?0.3 DIGEST_MULTIPLE Message hits more than one network digest check
>> > ?0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
>> > ?tag
>> > ?0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
>> > ?parts
>> > ?0.0 T_REMOTE_IMAGE Message contains an external image
>>
>> John.
>>
>
> Ya, I get a similar result to John:
>
> Content analysis details: ? (27.6 points, 5.0 required)
>
> ?pts rule name ? ? ? ? ? ? ?description
> ---- ---------------------- --------------------------------------------------
> ?3.0 RCVD_IN_BRBL ? ? ? ? ? RBL: Received via relay listed in Barracuda RBL
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in b.barracudacentral.org]
> ?1.7 URIBL_BLACK ? ? ? ? ? ?Contains an URL listed in the URIBL blacklist
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[URIs: netmagasap.com]
> ?4.0 URIBL_IVMURI ? ? ? ? ? Contains a URL listed on ivmURI found at invaluement.com
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[URIs: netmagasap.com]
> ?1.5 RCVD_IN_JMF_BL ? ? ? ? RBL: Sender listed in JMF-BLACK
> ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in hostkarma.junkemailfilter.com]
> ?1.4 RCVD_IN_BRBL_LASTEXT ? RBL: RCVD_IN_BRBL_LASTEXT
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in bb.barracudacentral.org]
> ?5.0 RCVD_IN_IVMSIP ? ? ? ? RBL: listed on ivmSIP found at invaluement.com
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in sip.invaluement.com]
> ?0.0 UNPARSEABLE_RELAY ? ? ?Informational: message has unparseable relay lines
> ?0.4 HTML_IMAGE_RATIO_02 ? ?BODY: HTML has a low ratio of text to image area
> ?0.0 HTML_MESSAGE ? ? ? ? ? BODY: HTML included in message
> ?0.8 BAYES_50 ? ? ? ? ? ? ? BODY: Bayes spam probability is 40 to 60%
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[score: 0.4997]
> ?0.8 MPART_ALT_DIFF ? ? ? ? BODY: HTML and text parts are different
> ?0.7 MIME_HTML_ONLY ? ? ? ? BODY: Message only has text/html MIME parts
> ?1.7 MIME_BASE64_TEXT ? ? ? RAW: Message text disguised using base64 encoding
> ?1.1 DCC_CHECK ? ? ? ? ? ? ?Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
> ?0.9 RAZOR2_CHECK ? ? ? ? ? Listed in Razor2 (http://razor.sf.net/)
> ?1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?above 50%
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[cf: 100]
> ?0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> ? ? ? ? ? ? ? ? ? ? ? ? ? ?[cf: 100]
> ?1.4 PYZOR_CHECK ? ? ? ? ? ?Listed in Pyzor (http://pyzor.sf.net/)
> ?0.3 DIGEST_MULTIPLE ? ? ? ?Message hits more than one network digest check
> ?0.4 HTML_MIME_NO_HTML_TAG ?HTML-only message, but there is no HTML tag
> ?0.0 MIME_HTML_ONLY_MULTI ? Multipart message only has text/html MIME parts
> ?0.0 T_REMOTE_IMAGE ? ? ? ? Message contains an external image
>
> --

I got a similar result as these guys. In addition to that, you can
block the specific character set in your MTA before it's even passed
to MailScanner. I do something like this in postfix header_checks to
get rid of unwanted character sets.

/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/   REJECT Not
these charactersets



--
Zaeem
From peter.ong at hypermediasystems.com  Fri Jun 25 16:26:50 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun 25 16:27:00 2010
Subject: How do I beat this spam?
In-Reply-To: <AANLkTinFpxJtxgljmiVkQmbihcTKYmr8kQFltl9bqhYd@mail.gmail.com>
Message-ID: <890629877.50867.1277479610825.JavaMail.root@mail021.dti>

Thanks everyone. I am not using pyzor or razor. I could, but there's so much I have to do just to get the plumbing open, I'm discouraged. Let me do a little more analysis. Thanks again.

p

----- Original Message -----

> From: "Zaeem Arshad" <zaeem.arshad@gmail.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 25, 2010 7:50:30 AM
> Subject: Re: How do I beat this spam?
> 
> On Fri, Jun 25, 2010 at 6:05 PM, --[ UxBoD ]-- <uxbod@splatnix.net>
> wrote:
> > ----- Original Message -----
> >> Le 23/06/2010 17:48, Peter Ong a ?crit :
> >> > Here's the original message with headers:
> >> > http://pastebin.com/NpZnVU2T
> >>
> >> That scores pretty high here (see below). Admittedly most of the
> >> points
> >> are from Bayes and network checks, but even if the sender wasn't
> >> blacklisted at the time you received the mail there should have
> been
> >> enough fodder to score as spam.
> >>
> >> > Content analysis details: (15.2 points, 5.0 required)
> >> >
> >> > ?pts rule name description
> >> > ---- ----------------------
> >> > --------------------------------------------------
> >> > ?1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?
> https://senderscore.org/blacklistlookup/
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? bl.score.senderscore.com]
> >> > ?1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? bb.barracudacentral.org]
> >> > ?1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [URIs: netmagasap.com]
> >> > ?3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [score: 1.0000]
> >> > ?0.0 UNPARSEABLE_RELAY Informational: message has unparseable
> relay
> >> > ?lines
> >> > ?0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to
> image
> >> > ?area
> >> > ?0.0 HTML_MESSAGE BODY: HTML included in message
> >> > ?0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
> >> > ?0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> >> > ?0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64
> >> > ?encoding
> >> > ?1.5 DCC_CHECK Listed in DCC
> (http://rhyolite.com/anti-spam/dcc/)
> >> > ?0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> >> > ?1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
> >> > ?level
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? above 50%
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [cf: 100]
> >> > ?0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above
> 50%
> >> > ? ? ? ? ? ? ? ? ? ? ? ? ? ? [cf: 100]
> >> > ?0.3 DIGEST_MULTIPLE Message hits more than one network digest
> check
> >> > ?0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no
> HTML
> >> > ?tag
> >> > ?0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html
> MIME
> >> > ?parts
> >> > ?0.0 T_REMOTE_IMAGE Message contains an external image
> >>
> >> John.
> >>
> >
> > Ya, I get a similar result to John:
> >
> > Content analysis details: ? (27.6 points, 5.0 required)
> >
> > ?pts rule name ? ? ? ? ? ? ?description
> > ---- ----------------------
> --------------------------------------------------
> > ?3.0 RCVD_IN_BRBL ? ? ? ? ? RBL: Received via relay listed in
> Barracuda RBL
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in
> b.barracudacentral.org]
> > ?1.7 URIBL_BLACK ? ? ? ? ? ?Contains an URL listed in the URIBL
> blacklist
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[URIs: netmagasap.com]
> > ?4.0 URIBL_IVMURI ? ? ? ? ? Contains a URL listed on ivmURI found at
> invaluement.com
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[URIs: netmagasap.com]
> > ?1.5 RCVD_IN_JMF_BL ? ? ? ? RBL: Sender listed in JMF-BLACK
> > ? ? ? ? ? ? ? ? ? ? ? [208.92.232.69 listed in
> hostkarma.junkemailfilter.com]
> > ?1.4 RCVD_IN_BRBL_LASTEXT ? RBL: RCVD_IN_BRBL_LASTEXT
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in
> bb.barracudacentral.org]
> > ?5.0 RCVD_IN_IVMSIP ? ? ? ? RBL: listed on ivmSIP found at
> invaluement.com
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[208.92.232.69 listed in
> sip.invaluement.com]
> > ?0.0 UNPARSEABLE_RELAY ? ? ?Informational: message has unparseable
> relay lines
> > ?0.4 HTML_IMAGE_RATIO_02 ? ?BODY: HTML has a low ratio of text to
> image area
> > ?0.0 HTML_MESSAGE ? ? ? ? ? BODY: HTML included in message
> > ?0.8 BAYES_50 ? ? ? ? ? ? ? BODY: Bayes spam probability is 40 to
> 60%
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[score: 0.4997]
> > ?0.8 MPART_ALT_DIFF ? ? ? ? BODY: HTML and text parts are different
> > ?0.7 MIME_HTML_ONLY ? ? ? ? BODY: Message only has text/html MIME
> parts
> > ?1.7 MIME_BASE64_TEXT ? ? ? RAW: Message text disguised using base64
> encoding
> > ?1.1 DCC_CHECK ? ? ? ? ? ? ?Listed in DCC
> (http://rhyolite.com/anti-spam/dcc/)
> > ?0.9 RAZOR2_CHECK ? ? ? ? ? Listed in Razor2 (http://razor.sf.net/)
> > ?1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
> level
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?above 50%
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[cf: 100]
> > ?0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> > ? ? ? ? ? ? ? ? ? ? ? ? ? ?[cf: 100]
> > ?1.4 PYZOR_CHECK ? ? ? ? ? ?Listed in Pyzor (http://pyzor.sf.net/)
> > ?0.3 DIGEST_MULTIPLE ? ? ? ?Message hits more than one network
> digest check
> > ?0.4 HTML_MIME_NO_HTML_TAG ?HTML-only message, but there is no HTML
> tag
> > ?0.0 MIME_HTML_ONLY_MULTI ? Multipart message only has text/html
> MIME parts
> > ?0.0 T_REMOTE_IMAGE ? ? ? ? Message contains an external image
> >
> > --
> 
> I got a similar result as these guys. In addition to that, you can
> block the specific character set in your MTA before it's even passed
> to MailScanner. I do something like this in postfix header_checks to
> get rid of unwanted character sets.
> 
> /^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/   REJECT Not
> these charactersets
> 
> 
> 
> --
> Zaeem
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From john at tradoc.fr  Fri Jun 25 16:46:51 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri Jun 25 16:47:24 2010
Subject: How do I beat this spam?
In-Reply-To: <AANLkTinFpxJtxgljmiVkQmbihcTKYmr8kQFltl9bqhYd@mail.gmail.com>
References: <4C236C6A.10307@tradoc.fr>	<1806755627.288.1277471108752.JavaMail.root@office.splatnix.net>
	<AANLkTinFpxJtxgljmiVkQmbihcTKYmr8kQFltl9bqhYd@mail.gmail.com>
Message-ID: <4C24CF6B.2000600@tradoc.fr>

Le 25/06/2010 16:50, Zaeem Arshad a ?crit :
> I got a similar result as these guys. In addition to that, you can
> block the specific character set in your MTA before it's even passed
> to MailScanner. I do something like this in postfix header_checks to
> get rid of unwanted character sets.
>
> /^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/   REJECT Not
> these charactersets

Even if you don't have any Chinese or Korean correspondents, you may 
well get false positives on this sort of rejection, for example on 
international mailing lists - like this one :-)

-- 
John
From peter.ong at hypermediasystems.com  Fri Jun 25 17:06:09 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun 25 17:06:18 2010
Subject: How do I beat this spam?
In-Reply-To: <4C236C6A.10307@tradoc.fr>
Message-ID: <772394451.50911.1277481969115.JavaMail.root@mail021.dti>

Hello Everyone,

Pardon my ignorance. How do I run this message through spamassassin to return those results? I did it before, but for some reason, it's not working for me now.

spamassassin -D --lint < spam.txt 2>&1 | less 

What am I doing wrong? Thank you so much.

p
From john at tradoc.fr  Fri Jun 25 18:24:20 2010
From: john at tradoc.fr (John Wilcock)
Date: Fri Jun 25 18:24:48 2010
Subject: How do I beat this spam?
In-Reply-To: <772394451.50911.1277481969115.JavaMail.root@mail021.dti>
References: <772394451.50911.1277481969115.JavaMail.root@mail021.dti>
Message-ID: <4C24E644.4090906@tradoc.fr>

Le 25/06/2010 18:06, Peter Ong a ?crit :
> Pardon my ignorance. How do I run this message through spamassassin
> to return those results? I did it before, but for some reason, it's
> not working for me now.
>
> spamassassin -D --lint < spam.txt 2>&1 | less

You should either use --lint (to check SA config/syntax) or < spam.txt, 
but not both at the same time.

-- 
John
From peter.ong at hypermediasystems.com  Fri Jun 25 19:25:42 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Fri Jun 25 19:25:52 2010
Subject: How do I beat this spam?
In-Reply-To: <1982324701.51144.1277490256708.JavaMail.root@mail021.dti>
Message-ID: <2008191299.51156.1277490342545.JavaMail.root@mail021.dti>

Infuriating. I'm not getting results.

spamassassin < spam.txt 2>&1 | less
postcat raw_spam | spamassassin 2>&1 | less

It appears to run through but gives me no scores.

p

----- Original Message -----

> From: "John Wilcock" <john@tradoc.fr>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 25, 2010 10:24:20 AM
> Subject: Re: How do I beat this spam?
> 
> Le 25/06/2010 18:06, Peter Ong a ?crit :
> > Pardon my ignorance. How do I run this message through spamassassin
> > to return those results? I did it before, but for some reason, it's
> > not working for me now.
> >
> > spamassassin -D --lint < spam.txt 2>&1 | less
> 
> You should either use --lint (to check SA config/syntax) or <
> spam.txt, 
> but not both at the same time.
> 
> -- 
> John
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From doc at maddoc.net  Fri Jun 25 19:41:51 2010
From: doc at maddoc.net (Doc Schneider)
Date: Fri Jun 25 19:42:04 2010
Subject: How do I beat this spam?
In-Reply-To: <2008191299.51156.1277490342545.JavaMail.root@mail021.dti>
References: <2008191299.51156.1277490342545.JavaMail.root@mail021.dti>
Message-ID: <4C24F86F.7050106@maddoc.net>

Peter Ong wrote:
> Infuriating. I'm not getting results.
> 
> spamassassin < spam.txt 2>&1 | less
> postcat raw_spam | spamassassin 2>&1 | less
> 
> It appears to run through but gives me no scores.
> 
> p
> 

I just do
spamassassin -t < spam.txt
This will spit out the scores at the end.

-- 
-Doc
Lincoln, NE.
http://www.fsl.com/
http://www.genealogyforyou.com/
http://www.cairnproductions.com/

From nsnidanko at harperpowerproducts.com  Mon Jun 28 21:19:52 2010
From: nsnidanko at harperpowerproducts.com (Naz Snidanko)
Date: Mon Jun 28 21:20:06 2010
Subject: custom spamassassin rules
Message-ID: <9453A32CAC9FFB4D8F59285E34B6A5062E25@hotc_exch.harperotc.com>

Hi,

 

Lately I was getting a lot of spam from "DirectBuy" (it is within
subject), and I need to stop it. Spamassassin custom rules seem like
great option to complete this. I read mailscanner wiki but still kind of
confused:

in which file should I put them?

 

/etc/spamassassin/local.cf 

/etc/spamassassin/65_debian.cf

/etc/MailScanner/spam.assassin.prefs.conf

 

Thank you,

Naz Snidanko

Desktop & Network Support

Harper Power Products Inc.

(p) 416 201- 7506

nsnidanko@harperpowerproducts.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100628/ef913b14/attachment.html
From maillists at conactive.com  Mon Jun 28 21:31:17 2010
From: maillists at conactive.com (Kai Schaetzl)
Date: Mon Jun 28 21:31:26 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
	<D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
Message-ID: <VA.00003b3d.14cbad15@news.conactive.com>

Drew Marshall wrote on Fri, 25 Jun 2010 09:01:47 +0100:

> For example, BT won't let anyone change their PTR,  
> so EHLO/ HELO is always going to be a mismatch for these.

No, it won't. These restrictions don't ceck for matches, they check for 
existence.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com



From alex at rtpty.com  Mon Jun 28 22:01:23 2010
From: alex at rtpty.com (Alex Neuman)
Date: Mon Jun 28 22:01:39 2010
Subject: custom spamassassin rules
In-Reply-To: <9453A32CAC9FFB4D8F59285E34B6A5062E25@hotc_exch.harperotc.com>
References: <9453A32CAC9FFB4D8F59285E34B6A5062E25@hotc_exch.harperotc.com>
Message-ID: <BE7B6300-429A-4E3B-8F15-64D5CF543B52@rtpty.com>

/etc/mail/spamassassin/local.cf (or your equivalent) is usually recommended because it's supposed to survive updates that way - although YMMV.

On Jun 28, 2010, at 3:19 PM, Naz Snidanko wrote:

> Hi,
>  
> Lately I was getting a lot of spam from ?DirectBuy? (it is within subject), and I need to stop it. Spamassassin custom rules seem like great option to complete this. I read mailscanner wiki but still kind of confused:
> in which file should I put them?
>  
> /etc/spamassassin/local.cf
> /etc/spamassassin/65_debian.cf
> /etc/MailScanner/spam.assassin.prefs.conf
>  
> Thank you,
> Naz Snidanko
> Desktop & Network Support
> Harper Power Products Inc.
> (p) 416 201- 7506
> nsnidanko@harperpowerproducts.com
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From jethro.binks at strath.ac.uk  Mon Jun 28 22:26:01 2010
From: jethro.binks at strath.ac.uk (Jethro R Binks)
Date: Mon Jun 28 22:26:10 2010
Subject: Slightly OT: Postfix smtpd restrictions
In-Reply-To: <D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
References: <1213490F1F316842A544A850422BFA9635CC85C74F@BHLSBS.bhl.local>
	<D3662CE8-A427-4117-B8C4-DE269B9480B0@trunknetworks.com>
Message-ID: <alpine.BSF.2.00.1006282207410.11983@qrswnz.pp.fgengu.np.hx>

On Fri, 25 Jun 2010, Drew Marshall wrote:

> For example, BT won't let anyone change their PTR, so EHLO/ HELO is
> always going to be a mismatch for these.

So fix the problem the other way around: change the HELO name to use the 
PTR name.  Might be trickier if the sending IP is dynamic and so the PTR 
is different.  Might also be trickier in a natted environment where 
internal sending box doesn't know the external PTR.  But in either case 
you should probably use the ISP mail relay because you probably aren't 
paying for a suitable business-class service to run a mail server from.

> Most people running Exchange 'naked' to the Internet end up having a 
> EHLO as <name>.local or some such other non existent TLD so that ends up 
> not matching either and so it goes on.

That's purely a configuration issue of the send connector, for the last 
few versions of Exchange I think.  Fixable.

> As ever YMMV but for me, I found other ways to combat spam coming from 
> these sorts of connections such as RBLs etc.

That's true enough; rejecting on mismatch between HELO and PTR can be a 
dangerous business (you might be better off using a mismatch as a scoring 
criteria for SpamAssassin).  However, many of those mismatches are 
trivially fixable by the sending sites, should they be encouraged to do so 
to better guarantee the chances of their mail getting through, and so 
ultimately increase the value of checks for HELO matching PTR.

That's not to say that some spambots don't make efforts to make their HELO 
names match the PTRs of their IP; but while checks on mismatch are 
perceived to be worthless because of the above perceived problems, there 
isn't much incentive for spambots to be much cleverer.  That will change, 
as more receiving servers demand more strictness of their sending peer.

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
From sandrews at andrewscompanies.com  Tue Jun 29 14:32:03 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jun 29 14:33:29 2010
Subject: OT: SA rule to catch multiple subject lines
Message-ID: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>

I'm probably doing this the hard way.  I have a client that likes to block by subject lines.  So far, I've been writing a new rule for each subject line they want to block or putting a "|" in the match for multiple subjects.  I found out that there's a limit to how many times you can use that before the rule doesn't fire anymore...probably on the length of the line.

I'd like to find a better way to write the rule, something along the lines:

Header                 junksubject        Subject =~ /junk subject 1/i
Header                 junksubject        Subject =~ /junk subject 2/i
Score                     junksubject        20.0
Describe              junksubject        blocked subject lines

Although writing the rule this way doesn't seem to work...it catches nothing.

Should I be making this more like a meta rule or is there a smarter way to do it?

Thanks for any direction you can provide.

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100629/30df6ed4/attachment.html
From jethro.binks at strath.ac.uk  Tue Jun 29 14:47:00 2010
From: jethro.binks at strath.ac.uk (Jethro R Binks)
Date: Tue Jun 29 14:47:10 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
Message-ID: <alpine.BSF.2.00.1006291446310.28203@qrswnz.pp.fgengu.np.hx>

On Tue, 29 Jun 2010, Steven Andrews wrote:

> I'm probably doing this the hard way.  I have a client that likes to 
> block by subject lines.

> Should I be making this more like a meta rule or is there a smarter way 
> to do it?

Do it in your MTA instead of leaving it to MailScanner.

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
From alex at rtpty.com  Tue Jun 29 14:53:09 2010
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jun 29 14:53:25 2010
Subject: OT: SA rule to catch multiple subject lines
Message-ID: <58192584-1277819591-cardhu_decombobulator_blackberry.rim.net-1419744703-@bda942.bisx.prod.on.blackberry>

I think postfix can do that, but sendmail might need a milter. 
------Original Message------
From: Jethro R Binks
Sender: mailscanner-bounces@lists.mailscanner.info
To: MailScanner discussion
ReplyTo: MailScanner discussion
Subject: Re: OT: SA rule to catch multiple subject lines
Sent: Jun 29, 2010 8:47 AM

On Tue, 29 Jun 2010, Steven Andrews wrote:

> I'm probably doing this the hard way.  I have a client that likes to 
> block by subject lines.

> Should I be making this more like a meta rule or is there a smarter way 
> to do it?

Do it in your MTA instead of leaving it to MailScanner.

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com
From campbell at cnpapers.com  Tue Jun 29 14:59:26 2010
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue Jun 29 15:00:23 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
Message-ID: <4C29FC3E.80407@cnpapers.com>



On 6/29/2010 9:32 AM, Steven Andrews wrote:
>
> I'm probably doing this the hard way.  I have a client that likes to 
> block by subject lines.  So far, I've been writing a new rule for each 
> subject line they want to block or putting a "|" in the match for 
> multiple subjects.  I found out that there's a limit to how many times 
> you can use that before the rule doesn't fire anymore...probably on 
> the length of the line.
>
> I'd like to find a better way to write the rule, something along the 
> lines:
>
> Header                 junksubject        Subject =~ /junk subject 1/i
>
> Header                 junksubject        Subject =~ /junk subject 2/i
>
> Score                     junksubject        20.0
>
> Describe              junksubject        blocked subject lines
>
> Although writing the rule this way doesn't seem to work...it catches 
> nothing.
>
> Should I be making this more like a meta rule or is there a smarter 
> way to do it?
>
> Thanks for any direction you can provide.
>
> Steve
>

Try something like this:

Header                __ junksubject1        Subject =~ /junk subject 1/i

Header                __ junksubject2        Subject =~ /junk subject 2/i

meta                     junksubject    (__junksubject1 && __junksubject2)
Score                     junksubject        20.0

Describe              junksubject        blocked subject lines

Steve Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100629/d1e3ee8b/attachment.html
From peter.ong at hypermediasystems.com  Tue Jun 29 15:19:58 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 29 15:20:08 2010
Subject: How do I beat this spam?
In-Reply-To: <4C24F86F.7050106@maddoc.net>
Message-ID: <1374191479.52575.1277821198154.JavaMail.root@mail021.dti>

Hey guys,

I don't mean to keep beating a dead horse, but did you scan my sample as base64 or as the rendered html?

I'm running spamassassin on it as base64 and get nothing. I haven't tried the html version yet.

p

----- Original Message -----

> From: "Doc Schneider" <doc@maddoc.net>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 25, 2010 11:41:51 AM
> Subject: Re: How do I beat this spam?
> 
> Peter Ong wrote:
> > Infuriating. I'm not getting results.
> > 
> > spamassassin < spam.txt 2>&1 | less
> > postcat raw_spam | spamassassin 2>&1 | less
> > 
> > It appears to run through but gives me no scores.
> > 
> > p
> > 
> 
> I just do
> spamassassin -t < spam.txt
> This will spit out the scores at the end.
> 
> -- 
> -Doc
> Lincoln, NE.
> http://www.fsl.com/
> http://www.genealogyforyou.com/
> http://www.cairnproductions.com/
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From uxbod at splatnix.net  Tue Jun 29 15:50:34 2010
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Tue Jun 29 15:50:51 2010
Subject: How do I beat this spam?
In-Reply-To: <1374191479.52575.1277821198154.JavaMail.root@mail021.dti>
Message-ID: <120292270.392.1277823034790.JavaMail.root@office.splatnix.net>

----- Original Message -----
> Hey guys,
> 
> I don't mean to keep beating a dead horse, but did you scan my sample
> as base64 or as the rendered html?
> 
> I'm running spamassassin on it as base64 and get nothing. I haven't
> tried the html version yet.
> 
> p
> 
> ----- Original Message -----
> 
> > From: "Doc Schneider" <doc@maddoc.net>
> > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > Sent: Friday, June 25, 2010 11:41:51 AM
> > Subject: Re: How do I beat this spam?
> >
> > Peter Ong wrote:
> > > Infuriating. I'm not getting results.
> > >
> > > spamassassin < spam.txt 2>&1 | less
> > > postcat raw_spam | spamassassin 2>&1 | less
> > >
> > > It appears to run through but gives me no scores.
> > >
> > > p
> > >
> >
> > I just do
> > spamassassin -t < spam.txt
> > This will spit out the scores at the end.
> >

base64; exactly how it was posted.
-- 
Thanks, Phil
From peter.ong at hypermediasystems.com  Tue Jun 29 16:21:13 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 29 16:21:23 2010
Subject: How do I beat this spam?
In-Reply-To: <120292270.392.1277823034790.JavaMail.root@office.splatnix.net>
Message-ID: <68049620.52620.1277824873333.JavaMail.root@mail021.dti>

Thanks. Weird. I have to research this.
From peter.ong at hypermediasystems.com  Tue Jun 29 16:32:38 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 29 16:32:49 2010
Subject: How do I beat this spam?
In-Reply-To: <120292270.392.1277823034790.JavaMail.root@office.splatnix.net>
Message-ID: <2140645963.52624.1277825558654.JavaMail.root@mail021.dti>

Hi Phil,

Can I ask a favor? Can you email me the output of spamassin when you scan my message? I don't know what could be wrong that I'm unable to get these scores.

p

----- Original Message -----

> From: "--[ UxBoD ]--" <uxbod@splatnix.net>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Tuesday, June 29, 2010 7:50:34 AM
> Subject: Re: How do I beat this spam?
> 
> ----- Original Message -----
> > Hey guys,
> > 
> > I don't mean to keep beating a dead horse, but did you scan my
> sample
> > as base64 or as the rendered html?
> > 
> > I'm running spamassassin on it as base64 and get nothing. I haven't
> > tried the html version yet.
> > 
> > p
> > 
> > ----- Original Message -----
> > 
> > > From: "Doc Schneider" <doc@maddoc.net>
> > > To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> > > Sent: Friday, June 25, 2010 11:41:51 AM
> > > Subject: Re: How do I beat this spam?
> > >
> > > Peter Ong wrote:
> > > > Infuriating. I'm not getting results.
> > > >
> > > > spamassassin < spam.txt 2>&1 | less
> > > > postcat raw_spam | spamassassin 2>&1 | less
> > > >
> > > > It appears to run through but gives me no scores.
> > > >
> > > > p
> > > >
> > >
> > > I just do
> > > spamassassin -t < spam.txt
> > > This will spit out the scores at the end.
> > >
> 
> base64; exactly how it was posted.
> -- 
> Thanks, Phil
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From john at tradoc.fr  Tue Jun 29 16:41:05 2010
From: john at tradoc.fr (John Wilcock)
Date: Tue Jun 29 16:41:22 2010
Subject: How do I beat this spam?
In-Reply-To: <2008191299.51156.1277490342545.JavaMail.root@mail021.dti>
References: <2008191299.51156.1277490342545.JavaMail.root@mail021.dti>
Message-ID: <4C2A1411.1080306@tradoc.fr>

Le 25/06/2010 20:25, Peter Ong a ?crit :
> Infuriating. I'm not getting results.
>
> spamassassin < spam.txt 2>&1 | less

You're missing the -t flag

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From peter.ong at hypermediasystems.com  Tue Jun 29 21:34:51 2010
From: peter.ong at hypermediasystems.com (Peter Ong)
Date: Tue Jun 29 21:35:02 2010
Subject: How do I beat this spam?
In-Reply-To: <4C2A1411.1080306@tradoc.fr>
Message-ID: <81306210.52967.1277843691894.JavaMail.root@mail021.dti>

Just an update. Spamassassin was working just fine all along. It was a report format that I was missing. It's fixed now. Thank you so much to everyone and everyone's help.

p

----- Original Message -----

> From: "John Wilcock" <john@tradoc.fr>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Tuesday, June 29, 2010 8:41:05 AM
> Subject: Re: How do I beat this spam?
> 
> Le 25/06/2010 20:25, Peter Ong a ?crit :
> > Infuriating. I'm not getting results.
> >
> > spamassassin < spam.txt 2>&1 | less
> 
> You're missing the -t flag
> 
> John.
> 
> -- 
> -- Over 4000 webcams from ski resorts around the world -
> www.snoweye.com
> -- Translate your technical documents and web pages    -
> www.tradoc.fr
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
From sandrews at andrewscompanies.com  Tue Jun 29 22:34:31 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jun 29 22:34:42 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <4C29FC3E.80407@cnpapers.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
	<4C29FC3E.80407@cnpapers.com>
Message-ID: <F91088CB5AB4A248B91422AAD82A223728F255845E@SERVER.andrewscompanies.com>

This is probably what I was looking for.  Thanks.

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Tuesday, June 29, 2010 9:59 AM
To: MailScanner discussion
Subject: Re: OT: SA rule to catch multiple subject lines



On 6/29/2010 9:32 AM, Steven Andrews wrote:
I'm probably doing this the hard way.  I have a client that likes to block by subject lines.  So far, I've been writing a new rule for each subject line they want to block or putting a "|" in the match for multiple subjects.  I found out that there's a limit to how many times you can use that before the rule doesn't fire anymore...probably on the length of the line.

I'd like to find a better way to write the rule, something along the lines:

Header                 junksubject        Subject =~ /junk subject 1/i
Header                 junksubject        Subject =~ /junk subject 2/i
Score                     junksubject        20.0
Describe              junksubject        blocked subject lines

Although writing the rule this way doesn't seem to work...it catches nothing.

Should I be making this more like a meta rule or is there a smarter way to do it?

Thanks for any direction you can provide.

Steve

Try something like this:
Header                __ junksubject1        Subject =~ /junk subject 1/i
Header                __ junksubject2        Subject =~ /junk subject 2/i

meta                     junksubject    (__junksubject1 && __junksubject2)
Score                     junksubject        20.0
Describe              junksubject        blocked subject lines

Steve Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100629/96265509/attachment.html
From sandrews at andrewscompanies.com  Tue Jun 29 22:53:57 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jun 29 22:58:55 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <4C29FC3E.80407@cnpapers.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
	<4C29FC3E.80407@cnpapers.com>
Message-ID: <F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>

Hmmmm....actually, wont the && test for both to be true?  I think I need some kind of OR statement, or would a + do?

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Tuesday, June 29, 2010 9:59 AM
To: MailScanner discussion
Subject: Re: OT: SA rule to catch multiple subject lines



On 6/29/2010 9:32 AM, Steven Andrews wrote:
I'm probably doing this the hard way.  I have a client that likes to block by subject lines.  So far, I've been writing a new rule for each subject line they want to block or putting a "|" in the match for multiple subjects.  I found out that there's a limit to how many times you can use that before the rule doesn't fire anymore...probably on the length of the line.

I'd like to find a better way to write the rule, something along the lines:

Header                 junksubject        Subject =~ /junk subject 1/i
Header                 junksubject        Subject =~ /junk subject 2/i
Score                     junksubject        20.0
Describe              junksubject        blocked subject lines

Although writing the rule this way doesn't seem to work...it catches nothing.

Should I be making this more like a meta rule or is there a smarter way to do it?

Thanks for any direction you can provide.

Steve

Try something like this:
Header                __ junksubject1        Subject =~ /junk subject 1/i
Header                __ junksubject2        Subject =~ /junk subject 2/i

meta                     junksubject    (__junksubject1 && __junksubject2)
Score                     junksubject        20.0
Describe              junksubject        blocked subject lines

Steve Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100629/18cf961a/attachment.html
From alex at rtpty.com  Tue Jun 29 23:13:15 2010
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jun 29 23:13:32 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com><4C29FC3E.80407@cnpapers.com><F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
Message-ID: <1895476711-1277849597-cardhu_decombobulator_blackberry.rim.net-535941936-@bda942.bisx.prod.on.blackberry>

Isn't && "or"?
--

Alex Neuman
BBM 20EA17C5
+507 6781-9505
Skype:alex@rtpty.com

-----Original Message-----
From: Steven Andrews <sandrews@andrewscompanies.com>
Sender: mailscanner-bounces@lists.mailscanner.info
Date: Tue, 29 Jun 2010 17:53:57 
To: 'MailScanner discussion'<mailscanner@lists.mailscanner.info>
Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: RE: OT: SA rule to catch multiple subject lines

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From john at tradoc.fr  Wed Jun 30 07:14:42 2010
From: john at tradoc.fr (John Wilcock)
Date: Wed Jun 30 07:14:58 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <1895476711-1277849597-cardhu_decombobulator_blackberry.rim.net-535941936-@bda942.bisx.prod.on.blackberry>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com><4C29FC3E.80407@cnpapers.com><F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
	<1895476711-1277849597-cardhu_decombobulator_blackberry.rim.net-535941936-@bda942.bisx.prod.on.blackberry>
Message-ID: <4C2AE0D2.2090608@tradoc.fr>

Le 30/06/2010 00:13, Alex Neuman a ?crit :
> Isn't&&  "or"?

No, && is and. || is or.

John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From campbell at cnpapers.com  Wed Jun 30 12:31:15 2010
From: campbell at cnpapers.com (Steve Campbell)
Date: Wed Jun 30 12:31:48 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>	<4C29FC3E.80407@cnpapers.com>
	<F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
Message-ID: <4C2B2B03.3050009@cnpapers.com>

I thought you wanted a combined rule. Make both separate rules with 
separate names, then. KISS

steve

Header                 junksubject1        Subject =~ /junk subject 1/i

Header                 junksubject2        Subject =~ /junk subject 2/i

Score                     junksubject1        20.0

Describe              junksubject1        blocked subject lines

Score               junksubject2        20.0

Describe              junksubject2        blocked subject lines


On 6/29/2010 5:53 PM, Steven Andrews wrote:
>
> Hmmmm....actually, wont the && test for both to be true?  I think I 
> need some kind of OR statement, or would a + do?
>
> *From:* mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of 
> *Steve Campbell
> *Sent:* Tuesday, June 29, 2010 9:59 AM
> *To:* MailScanner discussion
> *Subject:* Re: OT: SA rule to catch multiple subject lines
>
>
>
> On 6/29/2010 9:32 AM, Steven Andrews wrote:
>
> I'm probably doing this the hard way.  I have a client that likes to 
> block by subject lines.  So far, I've been writing a new rule for each 
> subject line they want to block or putting a "|" in the match for 
> multiple subjects.  I found out that there's a limit to how many times 
> you can use that before the rule doesn't fire anymore...probably on 
> the length of the line.
>
> I'd like to find a better way to write the rule, something along the 
> lines:
>
> Header                 junksubject        Subject =~ /junk subject 1/i
>
> Header                 junksubject        Subject =~ /junk subject 2/i
>
> Score                     junksubject        20.0
>
> Describe              junksubject        blocked subject lines
>
> Although writing the rule this way doesn't seem to work...it catches 
> nothing.
>
> Should I be making this more like a meta rule or is there a smarter 
> way to do it?
>
> Thanks for any direction you can provide.
>
> Steve
>
>
> Try something like this:
>
> Header                __ junksubject1        Subject =~ /junk subject 1/i
>
> Header                __ junksubject2        Subject =~ /junk subject 2/i
>
> meta                     junksubject    (__junksubject1 && __junksubject2)
> Score                     junksubject        20.0
>
> Describe              junksubject        blocked subject lines
>
> Steve Campbell
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100630/6b5b96eb/attachment.html
From corg at gmx.net  Wed Jun 30 13:56:37 2010
From: corg at gmx.net (corg@gmx.net)
Date: Wed Jun 30 13:56:47 2010
Subject: Right mixture for notifications
In-Reply-To: <201006301100.o5UB0NmQ005929@safir.blacknight.ie>
References: <201006301100.o5UB0NmQ005929@safir.blacknight.ie>
Message-ID: <20100630125637.129840@gmx.net>

Hello all,

i need to create an config for the following tasks:

	- Deliver Spam, only tag header.
	- Not deliver Virus, inform (notify) to receiver if send from internet or inform sender if send from inside to the internet.
	- Not deliver bad-content, inform receiver if send from internet or inform sender if send from inside to the internet.
	- Not deliver encrypt archives from the internet, inform receiver.
	- Deliver encrypt archives send to the internet.

After hours of testing i didn't find the right mixture between "Silent Viruses", "Still Deliver Silent Viruses" and "Non-Forging Viruses" in Mailscanner.conf

Greetings Corg
-- 
GMX DSL: Internet-, Telefon- und Handy-Flat ab 19,99 EUR/mtl.  
Bis zu 150 EUR Startguthaben inklusive! http://portal.gmx.net/de/go/dsl
From Kevin_Miller at ci.juneau.ak.us  Wed Jun 30 17:37:30 2010
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jun 30 17:37:45 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
	<4C29FC3E.80407@cnpapers.com>
	<F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
Message-ID: <4A09477D575C2C4B86497161427DD94C15B0D1857E@city-exchange07>

Just replace the && with || and you'll be golden:
 
I.e.
    meta   junksubject    (__junksubject1 && __junksubject2) 
becomes
    meta   junksubject    (__junksubject1 || __junksubject2)

HTH...
 
...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews
Sent: Tuesday, June 29, 2010 1:54 PM
To: 'MailScanner discussion'
Subject: RE: OT: SA rule to catch multiple subject lines



Hmmmm....actually, wont the && test for both to be true?  I think I need some kind of OR statement, or would a + do?

 

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Tuesday, June 29, 2010 9:59 AM
To: MailScanner discussion
Subject: Re: OT: SA rule to catch multiple subject lines

 



On 6/29/2010 9:32 AM, Steven Andrews wrote: 

I'm probably doing this the hard way.  I have a client that likes to block by subject lines.  So far, I've been writing a new rule for each subject line they want to block or putting a "|" in the match for multiple subjects.  I found out that there's a limit to how many times you can use that before the rule doesn't fire anymore...probably on the length of the line.

 

I'd like to find a better way to write the rule, something along the lines:

 

Header                 junksubject        Subject =~ /junk subject 1/i

Header                 junksubject        Subject =~ /junk subject 2/i

Score                     junksubject        20.0

Describe              junksubject        blocked subject lines

 

Although writing the rule this way doesn't seem to work...it catches nothing.

 

Should I be making this more like a meta rule or is there a smarter way to do it?

 

Thanks for any direction you can provide.

 

Steve


Try something like this:

Header                __ junksubject1        Subject =~ /junk subject 1/i

Header                __ junksubject2        Subject =~ /junk subject 2/i



meta                     junksubject    (__junksubject1 && __junksubject2)
Score                     junksubject        20.0

Describe              junksubject        blocked subject lines

Steve Campbell

From sandrews at andrewscompanies.com  Wed Jun 30 22:03:34 2010
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Wed Jun 30 22:03:46 2010
Subject: OT: SA rule to catch multiple subject lines
In-Reply-To: <4A09477D575C2C4B86497161427DD94C15B0D1857E@city-exchange07>
References: <F91088CB5AB4A248B91422AAD82A223728F2558443@SERVER.andrewscompanies.com>
	<4C29FC3E.80407@cnpapers.com>
	<F91088CB5AB4A248B91422AAD82A223728F255845F@SERVER.andrewscompanies.com>
	<4A09477D575C2C4B86497161427DD94C15B0D1857E@city-exchange07>
Message-ID: <F91088CB5AB4A248B91422AAD82A223728F2558480@SERVER.andrewscompanies.com>

Many thanks.  I cheated and did a + on the meta.  It's not proper form I suppose since you can only have one subject line but it did work.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, June 30, 2010 12:38 PM
To: 'MailScanner discussion'
Subject: RE: OT: SA rule to catch multiple subject lines

Just replace the && with || and you'll be golden:

I.e.
    meta   junksubject    (__junksubject1 && __junksubject2)
becomes
    meta   junksubject    (__junksubject1 || __junksubject2)

HTH...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500


________________________________

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews
Sent: Tuesday, June 29, 2010 1:54 PM
To: 'MailScanner discussion'
Subject: RE: OT: SA rule to catch multiple subject lines



Hmmmm....actually, wont the && test for both to be true?  I think I need some kind of OR statement, or would a + do?



From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell
Sent: Tuesday, June 29, 2010 9:59 AM
To: MailScanner discussion
Subject: Re: OT: SA rule to catch multiple subject lines





On 6/29/2010 9:32 AM, Steven Andrews wrote:

I'm probably doing this the hard way.  I have a client that likes to block by subject lines.  So far, I've been writing a new rule for each subject line they want to block or putting a "|" in the match for multiple subjects.  I found out that there's a limit to how many times you can use that before the rule doesn't fire anymore...probably on the length of the line.



I'd like to find a better way to write the rule, something along the lines:



Header                 junksubject        Subject =~ /junk subject 1/i

Header                 junksubject        Subject =~ /junk subject 2/i

Score                     junksubject        20.0

Describe              junksubject        blocked subject lines



Although writing the rule this way doesn't seem to work...it catches nothing.



Should I be making this more like a meta rule or is there a smarter way to do it?



Thanks for any direction you can provide.



Steve


Try something like this:

Header                __ junksubject1        Subject =~ /junk subject 1/i

Header                __ junksubject2        Subject =~ /junk subject 2/i



meta                     junksubject    (__junksubject1 && __junksubject2)
Score                     junksubject        20.0

Describe              junksubject        blocked subject lines

Steve Campbell

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!