From Amelein at dantumadiel.eu Mon Mar 1 14:25:28 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Mon Mar 1 14:25:48 2010 Subject: Problems with office files being wrongfully blocked Message-ID: <4B8BDC680200008E0001338D@10.1.0.206> I have a problem where every now and then word files are being tagged as being an executable or even as AVI file. When manually checking the file with 'file -i' it tells me 'application/msword; charset=binary' which leaves me in the dark as to why it blocked it to begin with. I'm not sure how to go about debugging this, it does not do it with every file but it is consistent with blocking whatever file got initially blocked, so it's not just a glitch. The files in question are office 2002 (XP) and 2003, 2007 does not seem to be affected, MS is at version 4.78.17 on Fedora 11. Anyone have any suggestions on where to look ? - Arjan From MailScanner at ecs.soton.ac.uk Mon Mar 1 15:10:05 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 1 15:10:26 2010 Subject: Problems with office files being wrongfully blocked In-Reply-To: <4B8BDC680200008E0001338D@10.1.0.206> References: <4B8BDC680200008E0001338D@10.1.0.206> <4B8BD8CD.8000609@ecs.soton.ac.uk> Message-ID: On 01/03/2010 14:25, Arjan Melein wrote: > I have a problem where every now and then word files are being tagged as being an executable or even as AVI file. > When manually checking the file with 'file -i' it tells me 'application/msword; charset=binary' which leaves me in the dark as to why it blocked it to begin with. > And what does the "file" command say (without the "-i") ? MailScanner can and will use both, and you probably have rules that use both of them (in different rules) too. > I'm not sure how to go about debugging this, it does not do it with every file but it is consistent with blocking whatever file got initially blocked, so it's not just a glitch. > The files in question are office 2002 (XP) and 2003, 2007 does not seem to be affected, MS is at version 4.78.17 on Fedora 11. > > Anyone have any suggestions on where to look ? > > - > Arjan > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Amelein at dantumadiel.eu Mon Mar 1 16:02:23 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Mon Mar 1 16:02:37 2010 Subject: Betr.: Re: Problems with office files being wrongfully blocked In-Reply-To: References: <4B8BDC680200008E0001338D@10.1.0.206> <4B8BD8CD.8000609@ecs.soton.ac.uk> Message-ID: <4B8BF31F0200008E000133AC@10.1.0.206> >>> Op 1-3-2010 om 16:10 is door Julian Field geschreven: > And what does the "file" command say (without the "-i") ? > Replaced characters with x and numbers with # for confidentiality reasons as it contained personal info. xxxxx##.x## xxxxxxxxxxx xxxxxxx ## xxx.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: xxxxxxxxxxx xxx xxxxx xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Subject: xxxxxxxxxxx xxx xxxxx xxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx, Author: x. xxxxxxxx, Keywords: NL, Comments: xxxxxxxxxxx, Template: Brief.dot, Last Saved By: x. xxxxxxxx, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Total Editing Time: 15:00, Last Printed: Mon Sep 24 10:53:00 2001, Create Time/Date: Sun Jan 31 13:23:00 2010, Last Saved Time/Date: Sun Jan 31 13:39:00 2010, Number of Pages: 1, Number of Words: 993, Number of Characters: 6172, Security: 0 > MailScanner can and will use both, and you probably have rules that use > both of them (in different rules) too. >> I'm not sure how to go about debugging this, it does not do it with every > file but it is consistent with blocking whatever file got initially blocked, > so it's not just a glitch. > Jules I'm basically using the default rules that came with it with only a minor adjustment so it would reject media files as well(which it does). - Arjan From MailScanner at ecs.soton.ac.uk Mon Mar 1 16:21:11 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 1 16:21:27 2010 Subject: Betr.: Re: Problems with office files being wrongfully blocked In-Reply-To: <4B8BF31F0200008E000133AC@10.1.0.206> References: <4B8BDC680200008E0001338D@10.1.0.206> <4B8BD8CD.8000609@ecs.soton.ac.uk> <4B8BF31F0200008E000133AC@10.1.0.206> <4B8BE977.3020001@ecs.soton.ac.uk> Message-ID: On 01/03/2010 16:02, Arjan Melein wrote: >>>> Op 1-3-2010 om 16:10 is door Julian Field >>>> > geschreven: > > >> And what does the "file" command say (without the "-i") ? >> >> > Replaced characters with x and numbers with # for confidentiality reasons as it contained personal info. > > xxxxx##.x## xxxxxxxxxxx xxxxxxx ## xxx.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: xxxxxxxxxxx xxx xxxxx xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Subject: xxxxxxxxxxx xxx xxxxx xxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx, Author: x. xxxxxxxx, Keywords: NL, Comments: xxxxxxxxxxx, Template: Brief.dot, Last Saved By: x. xxxxxxxx, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Total Editing Time: 15:00, Last Printed: Mon Sep 24 10:53:00 2001, Create Time/Date: Sun Jan 31 13:23:00 2010, Last Saved Time/Date: Sun Jan 31 13:39:00 2010, Number of Pages: 1, Number of Words: 993, Number of Characters: 6172, Security: 0 > > >> MailScanner can and will use both, and you probably have rules that use >> both of them (in different rules) too. >> >>> I'm not sure how to go about debugging this, it does not do it with every >>> >> file but it is consistent with blocking whatever file got initially blocked, >> so it's not just a glitch. >> Jules >> > I'm basically using the default rules that came with it with only a minor adjustment so it would reject media files as well(which it does). In which case pretty much all your rules will use the output of "file" and not "file -i". The logs will tell you more about what rule(s) it matched. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lmachite at dir.iai.int Mon Mar 1 19:17:34 2010 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Mon Mar 1 19:17:55 2010 Subject: Strange situation when trying to use rules Message-ID: <4B8C12CE.7070003@dir.iai.int> Hi, I have set to use scan.messages.rules files in MailScanner.conf, but when I try to restart mailscanner I get the following error message: "... Starting MailScanner... Cannot open ruleset file /opt/MailScanner/etc/rules/scan.messages.rules, No such file or directory at /opt/MailScanner/lib/MailScanner/Config.pm line 2551 ... " scan_m_rules is located under /opt/MailScanner/etc/rules, the file is chmod 0755 and I dont understand why it is saying that the file can not be located. Config.pm is looking for that file in line 2551. Do you know why is this happening? Thanks for any information. Regards. Marcelo PS: I want to exclude a email from being scanned by Mailscanner and it belongs to a list (Mailman) and I dont want to receive warnings about spam on this address -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Mon Mar 1 19:44:06 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Mar 1 19:44:15 2010 Subject: Strange situation when trying to use rules In-Reply-To: <4B8C12CE.7070003@dir.iai.int> References: <4B8C12CE.7070003@dir.iai.int> Message-ID: <72cf361e1003011144q22dfaf05vcce5cfc24b0ab23d@mail.gmail.com> try renaming it scan_messages.rules (and of course the call to it in MailScanner.conf). Martin On 1 March 2010 19:17, Luis Marcelo Achite wrote: > Hi, > > I have set to use scan.messages.rules files in MailScanner.conf, but > when I try to restart mailscanner I get the following error message: > > "... > Starting MailScanner... > > Cannot open ruleset file /opt/MailScanner/etc/rules/scan.messages.rules, > No such file or directory at /opt/MailScanner/lib/MailScanner/Config.pm > line 2551 > ... > " > > scan_m_rules is located under /opt/MailScanner/etc/rules, the file is > chmod 0755 and I dont understand why it is saying that the file can not > be located. Config.pm is looking for that file in line 2551. > > Do you know why is this happening? > > Thanks for any information. > > Regards. > > Marcelo > > PS: I want to exclude a email from being scanned by Mailscanner and it > belongs to a list (Mailman) and I dont want to receive warnings about > spam on this address > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100301/9639dae1/attachment.html From cfisk at qwicnet.com Mon Mar 1 20:02:22 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 1 20:02:43 2010 Subject: Strange situation when trying to use rules In-Reply-To: <4B8C12CE.7070003@dir.iai.int> Message-ID: > Hi, > I have set to use scan.messages.rules files in > MailScanner.conf, but > when I try to restart mailscanner I get the following > error message: > "... > Starting MailScanner... > Cannot open ruleset file > /opt/MailScanner/etc/rules/scan.messages.rules, > No such file or directory at > /opt/MailScanner/lib/MailScanner/Config.pm > line 2551 > ... > " > scan_m_rules is located under /opt/MailScanner/etc/rules, > the file is > chmod 0755 and I dont understand why it is saying that > the file can not > be located. Config.pm is looking for that file in line > 2551. > Do you know why is this happening? Seems very much like a typo somewhere. You have scan.message.rules listed in one paragraph but list scan_m_rules listed in another. Which is it? Is there a comma in the filename? Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lmachite at dir.iai.int Mon Mar 1 20:15:17 2010 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Mon Mar 1 20:16:28 2010 Subject: Strange situation when trying to use rules In-Reply-To: <72cf361e1003011144q22dfaf05vcce5cfc24b0ab23d@mail.gmail.com> References: <4B8C12CE.7070003@dir.iai.int> <72cf361e1003011144q22dfaf05vcce5cfc24b0ab23d@mail.gmail.com> Message-ID: <4B8C2055.6070201@dir.iai.int> On 03/01/2010 04:44 PM, Martin Hepworth wrote: > try renaming it scan_messages.rules (and of course the call to it in > MailScanner.conf). > Hi Martin, Solved! After renaming the file everything is working. Do you know why the difference in names caused that? Regards and THANK YOU VERY MUCH for your comment. Marcelo ############################################################### Luis Marcelo Achite, MSc Information Technology Manager Inter-American Institute for Global Change Research - IAI Avenida dos Astronautas, 1758, Jardim da Granja 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil Phone: (55-12) 3945-6868 Fax: (55-12) 3941-4410 e-mail : lmachite@dir.iai.int Skype: lmachite ############################################################### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lmachite at dir.iai.int Mon Mar 1 20:17:31 2010 From: lmachite at dir.iai.int (Luis Marcelo Achite) Date: Mon Mar 1 20:17:55 2010 Subject: Strange situation when trying to use rules In-Reply-To: References: Message-ID: <4B8C20DB.7000602@dir.iai.int> On 03/01/2010 05:02 PM, Christopher Fisk wrote: > Seems very much like a typo somewhere. > You have scan.message.rules listed in one paragraph but list scan_m_rules listed in another. Which is it? > Yes, thats my typo. The correct name I used was the one suggested in the MailScanner.conf file (scan.message.rules). The issue was solved by applying Martin Hepworth?s suggestion (changing the name to "scan_message.rules"). Regards. Marcelo ############################################################### Luis Marcelo Achite, MSc Information Technology Manager Inter-American Institute for Global Change Research - IAI Avenida dos Astronautas, 1758, Jardim da Granja 12227-010 Sao Jose dos Campos - Sao Paulo - Brazil Phone: (55-12) 3945-6868 Fax: (55-12) 3941-4410 e-mail : lmachite@dir.iai.int Skype: lmachite ############################################################### -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From phaleintx at gmail.com Mon Mar 1 22:28:10 2010 From: phaleintx at gmail.com (Phil Hale) Date: Mon Mar 1 22:26:22 2010 Subject: MailScanner gateway integration with PGP Univesal Server Message-ID: <1267482490.3275.5.camel@localhost> Hello fellow MailScanner folks, I've been tasked with researching a method to make our MailScanner SMTP gateways work with a set of PGP Universal Servers in "out of stream" mode. Basically this would entail the MailScanner servers finding some header flag in the outbound/inbound mail messages and ,based on that header, passing them on to the PGP Universal servers for encryption/decryption. I was wondering if anyone has set up a similar configuration. I'm running a pair of MailScanner 4.79.11-1 servers on top of CentOS 4.8 in round-robin mode. Any assistance or ideas would be greatly appreciated. Phil Hale Systems Programmer II - Linux Systems Administrator Information Technology Services - Systems Group Texas A&M University-Corpus Christi From MailScanner at ecs.soton.ac.uk Tue Mar 2 09:46:16 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 2 09:46:32 2010 Subject: MailScanner gateway integration with PGP Univesal Server In-Reply-To: <1267482490.3275.5.camel@localhost> References: <1267482490.3275.5.camel@localhost> <4B8CDE68.4080608@ecs.soton.ac.uk> Message-ID: On 01/03/2010 22:28, Phil Hale wrote: > Hello fellow MailScanner folks, > > I've been tasked with researching a method to make our MailScanner SMTP > gateways work with a set of PGP Universal Servers in "out of stream" > mode. Basically this would entail the MailScanner servers finding some > header flag in the outbound/inbound mail messages and ,based on that > header, passing them on to the PGP Universal servers for > encryption/decryption. You could do something with a SpamAssassin rule to find the header, then a "SpamAssassin Rule Actions" setting to trigger on that rule and store it in a directory. You then have a background daemon that lifts the message files out of that directory and passes them to your PGP servers. You can use quite a few "tokens" in the "store" action to put different emails into different directories automatically, if that helps. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Carl.Andrews at crackerbarrel.com Tue Mar 2 15:25:31 2010 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 448) Date: Tue Mar 2 15:25:52 2010 Subject: Spam Rule Help Message-ID: <73BF1D6676C4E04E9675A08BA0C9825A07CB82D4@exchsrvr01.CBOCS.com> Anyone else getting this spam? What rule(s) do you use to stop it? Thanks, Carl ________________________________ From: Loudyn [mailto:Loudyn@one-net.org.cn] Sent: Sun 2/28/2010 9:32 PM To: Fast Mail Recipients Subject: Fw: crackerbarrel (to CEO ) Dear President&CEO, We are a professional organization mainly engaged in Internet intellectual property management in Asia. Currently, we have a pretty important issue needing to confirm with your company. On February .26. 2010, we received an application formally. One company named " Shebe Co., Ltd."wanted to applied for the Internet Keyword" crackerbarrel" and some domain names from our organization. After our initial examination, we found that the keywords and domain names applied for registration are as same as your company's name and trademark. These days we are dealing with it. If you do not know this company, we doubt that they have other aims to buy these domain names. Now we have not finished the registration of Shebe yet, in order to deal with this issue better, Please contact us by telephone or email as soon as possible. Thanks & Regards, Loudyn Auditing Department--Engineer Tel: +852-95660-103 +852-95660-489 Fax: +852-30696-940 Mail:Loudyn@chinaonenet.hk.cn & Loudyn@one-net.org.cn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100302/17a45fd7/attachment.html From Amelein at dantumadiel.eu Tue Mar 2 15:28:30 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Tue Mar 2 15:28:45 2010 Subject: Betr.: Re: Problems with office files being wrongfully blocked In-Reply-To: References: <4B8BDC680200008E0001338D@10.1.0.206> <4B8BD8CD.8000609@ecs.soton.ac.uk> <4B8BF31F0200008E000133AC@10.1.0.206> <4B8BE977.3020001@ecs.soton.ac.uk> Message-ID: <4B8D3CAE0200008E000133FA@10.1.0.206> >>> >> I'm basically using the default rules that came with it with only a minor > adjustment so it would reject media files as well(which it does). > In which case pretty much all your rules will use the output of "file" > and not "file -i". The logs will tell you more about what rule(s) it > matched. > > Jules It matches on one of the following: from maillog: Filetype Checks: No executables grep in the rules: archives.filetype.rules.conf:deny executable No executables No programs allowed archives.filetype.rules.conf:deny ELF No executables No programs allowed filetype.rules.conf:deny executable No executables No programs allowed filetype.rules.conf:deny ELF No executables No programs allowed That does not make it any clearer for me why it nabs word files unfortunately. - Arjan From rlopezcnm at gmail.com Tue Mar 2 18:56:43 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Tue Mar 2 18:56:53 2010 Subject: subject matching spam.assassin.prefs.conf Message-ID: In preparing for a mass email to faculty I am trying to force Spamassassin to compensate for a high score from certain phishing rules. This does not work (never matches subject of exact string in test email): header CGC_S1 Subject =~ /^American Community College Survey For 2010/ score CGC_S1 -4.0 -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From rlopezcnm at gmail.com Tue Mar 2 19:15:16 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Tue Mar 2 19:15:26 2010 Subject: subject matching spam.assassin.prefs.conf (try two) Message-ID: [Sorry, the first email was accidentally sent when I attempted to insert a space between =~ and /^ ] In preparing for a mass email to faculty I am trying to force Spamassassin to compensate for a high score from certain phishing rules. This does not work (never matches subject of exact string in test email): header CGC_S1 Subject =~ /^American Community College Survey For 2010/ score CGC_S1 -4.0 I find a lot of similar lines in /usr/share/spamassassin/ files. So I am assuming this should work. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From phaleintx at gmail.com Tue Mar 2 19:19:37 2010 From: phaleintx at gmail.com (Phil Hale) Date: Tue Mar 2 19:20:01 2010 Subject: MailScanner gateway integration with PGP Univesal Server In-Reply-To: References: <1267482490.3275.5.camel@localhost> <4B8CDE68.4080608@ecs.soton.ac.uk> Message-ID: <1267557577.2624.3.camel@zues> Thanks for the information Mr. Field. I believe I found a similar suggestion in the discussion list archives regarding using a similar method with a product called Voltage. I'm was hoping someone on the list might have already put something like this into production. I didn't see anything posted on the Wiki, so I decided to post and hope for a response. Phil Phil Hale Systems Programmer II - Linux Systems Administrator Texas A&M University-Corpus Christi On Tue, 2010-03-02 at 09:46 +0000, Julian Field wrote: > > On 01/03/2010 22:28, Phil Hale wrote: > > Hello fellow MailScanner folks, > > > > I've been tasked with researching a method to make our MailScanner SMTP > > gateways work with a set of PGP Universal Servers in "out of stream" > > mode. Basically this would entail the MailScanner servers finding some > > header flag in the outbound/inbound mail messages and ,based on that > > header, passing them on to the PGP Universal servers for > > encryption/decryption. > You could do something with a SpamAssassin rule to find the header, then > a "SpamAssassin Rule Actions" setting to trigger on that rule and store > it in a directory. You then have a background daemon that lifts the > message files out of that directory and passes them to your PGP servers. > > You can use quite a few "tokens" in the "store" action to put different > emails into different directories automatically, if that helps. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From maillists at conactive.com Tue Mar 2 22:31:16 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Mar 2 22:31:29 2010 Subject: subject matching spam.assassin.prefs.conf In-Reply-To: References: Message-ID: Robert Lopez wrote on Tue, 2 Mar 2010 11:56:43 -0700: > This does not work (never matches subject of exact string in test email): it's good practice to include that ;-) > header CGC_S1 Subject =~ /^American Community College Survey For 2010/ remove the "^". If that doesn't help, make it shorter, this looks rather long for a single line subject. I would appreciate if people could direct their questions to the correct list, e.g. this one should go to the SA list. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ajos1 at onion.demon.co.uk Wed Mar 3 15:31:56 2010 From: ajos1 at onion.demon.co.uk (ajos1 at onion) Date: Wed Mar 3 15:32:08 2010 Subject: No programs allowed - Word Documents Message-ID: - In the last few weeks we have seen a few "No programs allowed" for Word attachments... Would it be the "Little Endian" entry making it think it is an executable? This is on 4.79.4-1 ( I am about to change to 4.80.1-1 ). Ta's aloto Ajos1. We have seen a few of these: ---------------------------- Report: MailScanner: No programs allowed (ABCDEF - Precis Guidance on ABC completion Aug 2009.doc) file "ABCDEF - Precis Guidance on ABC completion Aug 2009.doc" -------------------------------------------------------------- CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: The new self evaluation form, Author: David Hamster, Template: Normal, Last Saved By: WJP, Revision Number: 2, Name of Creating Application: Microsoft Word 8.0, Create Time/Date: Fri Feb 26 10:18:00 2010, Last Saved Time/Date: Fri Feb 26 10:18:00 2010, Number of Pages: 1, Number of Words: 263, Number of Characters: 1503, Security: 0 2 From rlopezcnm at gmail.com Wed Mar 3 17:55:27 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Wed Mar 3 17:55:41 2010 Subject: subject matching spam.assassin.prefs.conf In-Reply-To: References: Message-ID: On Tue, Mar 2, 2010 at 3:31 PM, Kai Schaetzl wrote: > Robert Lopez wrote on Tue, 2 Mar 2010 11:56:43 -0700: > >> This does not work (never matches subject of exact string in test email): > > it's good practice to include that ;-) It was. :-) It is "American Community College Survey For 2010" > >> header ?CGC_S1 ? Subject =~ /^American Community College Survey For 2010/ > > remove the "^". That did not make any difference. >If that doesn't help, make it shorter, this looks rather > long for a single line subject. I would like it to be the exact same subject the sender will use for the project. However, I did try matching on each word separately (each with own header record) and tests showed non of the rules matched. > I would appreciate if people could direct their questions to the correct > list, e.g. this one should go to the SA list. This is appropriate to this list because these patterns apparently work in SA rules in SA files because grep shows identical (except for the words) rules all over SA rule files. They do not work when in the /etc/MailScanner/spam.assassin.prefs.conf file. I do not want to have to start modifying SA directly and thus spread customizations to other file locations. A primary advantage (to me) of MailScanner is the centralization of customizations. So, at this point I may rewrite my question to be: Does MailScanner support the use of the "header" type rule in spam.assassin.prefs.conf file or more generally does MailScanner support all of the rule types supported by Spamassassin within the spam.assassin.prefs.conf file? > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From maillists at conactive.com Wed Mar 3 18:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 3 18:31:26 2010 Subject: No programs allowed - Word Documents In-Reply-To: References: Message-ID: what about reading the list/archives? See thread of two days ago. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Mar 3 22:32:00 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 3 22:32:15 2010 Subject: subject matching spam.assassin.prefs.conf In-Reply-To: References: Message-ID: Robert Lopez wrote on Wed, 3 Mar 2010 10:55:27 -0700: > It was. :-) It is "American Community College Survey For 2010" No, that was what you think it is. > That did not make any difference. If that is so that means either - the subject is different - the message is not scanned - your SA does not use the file you put that rule in - there's some other misconfiguration If this was an SA list I would certainly explain to you now how to check directly with SA to eliminate no 1, 3 and 4. > Does MailScanner support the use of the "header" type rule in > spam.assassin.prefs.conf file > or more generally does MailScanner support all of the rule types > supported by Spamassassin > within the spam.assassin.prefs.conf file? No, MS doesn't support it. This is an SA file. SA supports it. SA is used by MS. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jancarel.putter at gmail.com Thu Mar 4 12:47:03 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Thu Mar 4 12:47:12 2010 Subject: Ubuntu Support Message-ID: Hi Everyone, how well does mailscanner work on ubuntu, i see alot of outdated packages available for debian/ubuntu. Will MailScanner provide better support for ubuntu in the future? which is currently the best package to use, the standard tar.gz or must i search the apt repos for mailscanner packages. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/a00acebb/attachment.html From support-lists at petdoctors.co.uk Thu Mar 4 13:00:00 2010 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 4 13:00:34 2010 Subject: html/htm attachments vs html-formatted messages Message-ID: <003001cabb9a$9a46f660$ced4e320$@co.uk> I was hoping to ban .htm/html attachments to drop emails that include an attached web page with a clickable link that goes to somewhere nasty, but this seems to also snip html formatted emails (yeah, I know...). Is there any way to differentiate the two so that people using Outlook can have their colourful emails but the unwanted attachments are blocked/removed? Thanks Nigel Kendrick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/c3d389ba/attachment.html From uxbod at splatnix.net Thu Mar 4 13:06:58 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 4 13:07:10 2010 Subject: OT: URIBL_DBL Message-ID: <30195121.180.1267708018846.JavaMail.root@office.splatnix.net> If you are running SA 3.3.0 and have hit the following today: [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6363 [2] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335 remember to update your SA rules ASAP, shutdown MailScanner, remove the SpamAssassin cache files, and then start MailScanner ... or you may end up with quite a few FPs! -- Thanks, Phil From maxsec at gmail.com Thu Mar 4 13:24:58 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 4 13:25:07 2010 Subject: Ubuntu Support In-Reply-To: References: Message-ID: <72cf361e1003040524i690886a7va1c52cb04dc40db0@mail.gmail.com> On 4 March 2010 12:47, JC Putter wrote: > Hi Everyone, > > how well does mailscanner work on ubuntu, i see alot of outdated packages > available for debian/ubuntu. Will MailScanner provide better support for > ubuntu in the future? > > which is currently the best package to use, the standard tar.gz or must i > search the apt repos for mailscanner packages. > > Thank you. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > use the generic tar.gz, the unstall/upgrade tools are great...I even think there's a 10 line 'how to upgrade' on the wiki. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/fc95af63/attachment.html From support at pbcomp.com.au Thu Mar 4 13:35:19 2010 From: support at pbcomp.com.au (Peter W Bowey) Date: Thu Mar 4 13:34:23 2010 Subject: ASSP->>SPAM?<< [MessageLimit][testmode] Ubuntu Support References: Message-ID: <80B78951D632460CBB8F1BF5AEA573A4@Pbcsolutions> Mailscanner takes some 'extra' work to update and compile correctly for Ubuntu. I succeeded at doing all this with the latest Mailscanner source release some 5 months ago. The best way I found was to get the old 'out-of-date' Mailscanner Ubuntu packages, then use that for a new build [template] with the latest source - direct from mailscanner. This means editing the Ubuntu defaults - then merging the new mailscanner parts. I think that took me about 2 hours to research and 'debug. However, it all worked well! The thing to watch out for is the mailscanner preference to use the default /opt directory - which is not meant for Ubuntu. Peter - Computer Engineer Peter Bowey Computer Solutions 69 Sutherland Ave, Hayborough, Victor Harbor, SA, Australia, 5211 Ph: (08) 8552 8630 Fax: (08) 8552 9185 Mobile: 0414 440 575 EMAIL: support@pbcomp.com.au WebSite: www.pbcomp.com.au ABN: 22 145 153 678 Your Partner in Today's Computer Technology! ----- Original Message ----- From: JC Putter To: mailscanner@lists.mailscanner.info Sent: Thursday, March 04, 2010 11:17 PM Subject: ASSP->>SPAM?<< [MessageLimit][testmode] Ubuntu Support Hi Everyone, how well does mailscanner work on ubuntu, i see alot of outdated packages available for debian/ubuntu. Will MailScanner provide better support for ubuntu in the future? which is currently the best package to use, the standard tar.gz or must i search the apt repos for mailscanner packages. Thank you. ------------------------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100305/d7683534/attachment.html From Garrod.Alwood at lorodoes.com Thu Mar 4 13:56:39 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Thu Mar 4 14:03:12 2010 Subject: Ubuntu Support Message-ID: <0upe2meaej3i6ku9f84vwsag.1267711365346@email.android.com> What do you need help with I have it running on 9.10 ubuntu? JC Putter wrote: Hi Everyone, how well does mailscanner work on ubuntu, i see alot of outdated packages available for debian/ubuntu. Will MailScanner provide better support for ubuntu in the future? which is currently the best package to use, the standard tar.gz or must i search the apt repos for mailscanner packages. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/bebc3731/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 4 14:26:09 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 4 14:26:28 2010 Subject: OT: URIBL_DBL In-Reply-To: <30195121.180.1267708018846.JavaMail.root@office.splatnix.net> References: <30195121.180.1267708018846.JavaMail.root@office.splatnix.net> <4B8FC301.2010707@ecs.soton.ac.uk> Message-ID: Can you give us some more details please? Preferably instructions on what we need to do and where to find the SA cache files and so on? Those two threads are very long 'rambling' discussions with umpteen bits of code buried in them. Some simple step-by-step instructions would be greatly appreciated. Thanks! Jules. On 04/03/2010 13:06, --[ UxBoD ]-- wrote: > If you are running SA 3.3.0 and have hit the following today: > > [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6363 > [2] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335 > > remember to update your SA rules ASAP, shutdown MailScanner, remove the SpamAssassin cache files, and then start MailScanner ... or you may end up with quite a few FPs! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Thu Mar 4 14:27:05 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Thu Mar 4 14:27:16 2010 Subject: Ubuntu Support In-Reply-To: <0upe2meaej3i6ku9f84vwsag.1267711365346@email.android.com> References: <0upe2meaej3i6ku9f84vwsag.1267711365346@email.android.com> Message-ID: <2c6cf52a1003040627x7e07bbe2ta3c5f2f1aac15a10@mail.gmail.com> I too am running it on 9.04 (waiting on 10.X and bypassing 9.10. I have some strong opinions about Canonic's release policy). Because of how things are done at work, I had to use the ubuntu packages instead of donwloading the latest version. Even with that handicap, it has been working quite happily since I deployed it about an year ago. On Thu, Mar 4, 2010 at 8:56 AM, Garrod M. Alwood wrote: > What do you need help with I have it running on 9.10 ubuntu? > > JC Putter wrote: > > Hi Everyone, > > how well does mailscanner work on ubuntu, i see alot of outdated packages > available for debian/ubuntu. Will MailScanner provide better support for > ubuntu in the future? > > which is currently the best package to use, the standard tar.gz or must i > search the apt repos for mailscanner packages. > > Thank you. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From maillists at conactive.com Thu Mar 4 14:31:16 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 4 14:31:29 2010 Subject: html/htm attachments vs html-formatted messages In-Reply-To: <003001cabb9a$9a46f660$ced4e320$@co.uk> References: <003001cabb9a$9a46f660$ced4e320$@co.uk> Message-ID: Nigel Kendrick wrote on Thu, 4 Mar 2010 13:00:00 -0000: > I was hoping to ban .htm/html attachments it might be helpful to tell how you did that. I definitely don't see a connection between an HTML email and blocking attachments with .htm(l). As you have just wonderfully demonstrated with your own email there's no filename included, thus no chance of matching an extension. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From uxbod at splatnix.net Thu Mar 4 14:40:53 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 4 14:41:20 2010 Subject: OT: URIBL_DBL In-Reply-To: Message-ID: <525683.182.1267713653577.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: > Can you give us some more details please? Preferably instructions on > what we need to do and where to find the SA cache files and so on? > > Those two threads are very long 'rambling' discussions with umpteen > bits > of code buried in them. > > Some simple step-by-step instructions would be greatly appreciated. > > Thanks! > Jules. > > On 04/03/2010 13:06, --[ UxBoD ]-- wrote: > > If you are running SA 3.3.0 and have hit the following today: > > > > [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6363 > > [2] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335 > > > > remember to update your SA rules ASAP, shutdown MailScanner, remove > the SpamAssassin cache files, and then start MailScanner ... or you > may end up with quite a few FPs! > > > > > > Jules > Hi Jules, the SA cache file is the one you specify in MailScanner.conf using: Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Even when I had updated my SA rulesets I saw that messages were being tagged with URIBL_DL=1.38 so I shutdown MailScanner, removed the above file, and started MailScanner. No more FPs :) -- Thanks, Phil From maillists at conactive.com Thu Mar 4 14:44:03 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 4 14:44:12 2010 Subject: OT: URIBL_DBL In-Reply-To: References: <30195121.180.1267708018846.JavaMail.root@office.splatnix.net> <4B8FC301.2010707@ecs.soton.ac.uk> Message-ID: Just set score URIBL_DBL 0 until tomorrow (e.g. until sa-update gets the correct values). Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From Amelein at dantumadiel.eu Thu Mar 4 14:54:36 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Thu Mar 4 14:54:55 2010 Subject: Betr.: No programs allowed - Word Documents In-Reply-To: References: Message-ID: <4B8FD7BC0200008E000134A9@10.1.0.206> > In the last few weeks we have seen a few "No programs allowed" for Word > attachments... > > Would it be the "Little Endian" entry making it think it is an executable? > > This is on 4.79.4-1 ( I am about to change to 4.80.1-1 ). > > Ta's aloto Ajos1. What OS are you running MS on and can you pinpoint when this started happening for you ? For me it started the moment I brought up a shiny new server with FC11, it did not occur on the old server running FC7. - Arjan From support-lists at petdoctors.co.uk Thu Mar 4 15:03:45 2010 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Mar 4 15:05:09 2010 Subject: html/htm attachments vs html-formatted messages In-Reply-To: References: <003001cabb9a$9a46f660$ced4e320$@co.uk> Message-ID: <009c01cabbab$ea6b6930$bf423b90$@co.uk> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: 04 March 2010 14:31 To: mailscanner@lists.mailscanner.info Subject: Re: html/htm attachments vs html-formatted messages Nigel Kendrick wrote on Thu, 4 Mar 2010 13:00:00 -0000: > I was hoping to ban .htm/html attachments it might be helpful to tell how you did that. I definitely don't see a connection between an HTML email and blocking attachments with .htm(l). As you have just wonderfully demonstrated with your own email there's no filename included, thus no chance of matching an extension. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com Hi, Exactly, that's why I am not sure what's happening. I added .htm and .html to filename.rules.conf deny \.htm$ HTML attachments (.htm) no longer allowed due to phishing attacks HTML attachment deny \.html$ HTML attachments (.html) no longer allowed due to phishing attacks HTML attachment Nigel From uxbod at splatnix.net Thu Mar 4 15:05:58 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 4 15:06:30 2010 Subject: OT: URIBL_DBL In-Reply-To: Message-ID: <24687567.184.1267715158298.JavaMail.root@office.splatnix.net> ----- "Kai Schaetzl" wrote: > Just set > > score URIBL_DBL 0 > > until tomorrow (e.g. until sa-update gets the correct values). > > > Kai > Correct Kai, I missed that bit! :( The cache will still need to be cleared if you are using it though. -- Thanks - Phil From MailScanner at ecs.soton.ac.uk Thu Mar 4 15:12:44 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 4 15:12:57 2010 Subject: OT: URIBL_DBL In-Reply-To: References: <30195121.180.1267708018846.JavaMail.root@office.splatnix.net> <4B8FC301.2010707@ecs.soton.ac.uk> <4B8FCDEC.6020602@ecs.soton.ac.uk> Message-ID: Yes, that's what I've done. Sounds a darned site easier to me :-) On 04/03/2010 14:44, Kai Schaetzl wrote: > Just set > > score URIBL_DBL 0 > > until tomorrow (e.g. until sa-update gets the correct values). > > > Kai > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rlopezcnm at gmail.com Thu Mar 4 15:39:14 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Thu Mar 4 15:39:23 2010 Subject: subject matching spam.assassin.prefs.conf In-Reply-To: References: Message-ID: On Wed, Mar 3, 2010 at 3:32 PM, Kai Schaetzl wrote: > Robert Lopez wrote on Wed, 3 Mar 2010 10:55:27 -0700: > >> It was. :-) ?It is "American Community College Survey For 2010" > > No, that was what you think it is. The company who will do the survey guarantees the subject will be exactly as they stated. To test, I have been sending email from my gmail account to my college account using that exact subject. This postfix log file line says what I think it is and what it "was" are the same. I do not understand why you believe there may be a difference. Here is the evidence they were the same: Mar 1 11:07:53 mgxx postfix/cleanup[2689]: B288620F14: warning: header Subject: American Community College Survey For 2010 from qw-out-1920.google.com[74.125.92.144]; from= to= proto=ESMTP helo= > >> That did not make any difference. > > If that is so that means either > - the subject is different See above. It was not different > - the message is not scanned Is is the evidence it was scanned: Mar 1 11:07:53 mgxx MailScanner[1353]: Message B288620F14.135F0 from 74.125.92.144 (xxxxxxxxxx@gmail.com) to mgxx.cnm.edu is not spam, SpamAssassin (not cached, score=-6.501, required 6, autolearn=disabled, CGC_1 -5.00, CGC_2 -5.00, CNM_NAME 0.50, CNM_PH1 3.00, SPF_PASS -0.00) The rules for matching the subject did not get listed. > - your SA does not use the file you put that rule in The above evidence shows me it uses the /etc/MailScanner/spam.assassin.prefs.conf file because other rules I put in it were used to calculate the score. > - there's some other misconfiguration Such as? > > If this was an SA list I would certainly explain to you now how to check > directly with SA to eliminate no 1, 3 and 4. > Thank you for trying to help. However this is not a SA list. And you have your standards for reasons I do not understand. I already explained my questions are MailScanner questions and not Spamassassin questions. The distinguishing point being my rules are inserted into a MailScanner file. >> Does MailScanner support the use of the "header" type rule in >> spam.assassin.prefs.conf file >> or more generally does MailScanner support all of the rule types >> supported by Spamassassin >> within the spam.assassin.prefs.conf file? > > No, MS doesn't support it. You failed to make clear to what "it" refers. >This is an SA file. No /etc/MailScanner/spam.assassin.prefs.conf is not a SA file. It is read by SA but the file is a part of the MailScanner as evidenced by this from Julian's book, page 156: "SpamAssassion Prefs File = %etc-dir%/spam.assassin.prefs.conf" >SA supports it. SA is used by MS. I take your word for it. I have not read all the code for MailScanner so I do not know how the information from the file is accessed by SA. I guess I am just going to have to modify a SpamAssassin file to add my header rule there and see what happens. Thank you for trying to help. > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From uxbod at splatnix.net Thu Mar 4 15:52:47 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 4 15:53:10 2010 Subject: OT: URIBL_DBL In-Reply-To: Message-ID: <7831211.186.1267717967083.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: > Yes, that's what I've done. Sounds a darned site easier to me :-) > > On 04/03/2010 14:44, Kai Schaetzl wrote: > > Just set > > > > score URIBL_DBL 0 > > > > until tomorrow (e.g. until sa-update gets the correct values). > > > > > > Kai > > > > > > Jules > Well from what I saw even if a email does hit the cache then it will score it *with* URIBL_DL. You take your chances ;) -- Thanks - Phil From ismail at ismailozatay.net Thu Mar 4 16:40:05 2010 From: ismail at ismailozatay.net (=?iso-8859-9?Q?=DDsmail_=D6ZATAY?=) Date: Thu Mar 4 16:40:18 2010 Subject: mailscanner on smtp level Message-ID: <160A91E73E5148589B8241B1B653408D@pc> Hi everyone, Any possibility to block spam,unwanted things etc... at smtp level with mailscanner ? or think about never ? :( ismail From rlopezcnm at gmail.com Thu Mar 4 16:54:46 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Thu Mar 4 16:54:55 2010 Subject: Ubuntu Support In-Reply-To: References: Message-ID: "Canonical does not provide updates for mailscanner. Some updates may be provided by the Ubuntu community." It works very well on Ubuntu using the default release. I also work in an environment where policies set by others demand only package upgrades on long term stable releases. At this site, MailScanner on Ubuntu may be ancient by MailScanner standards (due to Debian and Ubuntu support by the way, not due to MailScanner support for Ubuntu) but we are all very happy with it. We do do one thing different. We use postfix instead of exim. So we had to install MailScanner, remove Exim, then install Postfix. That may need to be repeated if there is ever an upgrade for MailScanner available. From MailScanner at ecs.soton.ac.uk Thu Mar 4 17:09:31 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 4 17:09:44 2010 Subject: Ubuntu Support In-Reply-To: References: <4B8FE94B.1080301@ecs.soton.ac.uk> Message-ID: People have got a long way with rpmtodeb (or rpm2deb or whatever the tool is actually called). Just a thought. On 04/03/2010 16:54, Robert Lopez wrote: > "Canonical does not provide updates for mailscanner. Some updates may > be provided by the Ubuntu community." > > It works very well on Ubuntu using the default release. > > I also work in an environment where policies set by others demand only > package upgrades on long term stable releases. > At this site, MailScanner on Ubuntu may be ancient by MailScanner > standards (due to Debian and Ubuntu support by the way, not due to > MailScanner support for Ubuntu) but we are all very happy with it. > > We do do one thing different. We use postfix instead of exim. So we > had to install MailScanner, remove Exim, then install Postfix. That > may need to be repeated if there is ever an upgrade for MailScanner > available. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at medicine.wisc.edu Thu Mar 4 17:17:29 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Thu Mar 4 17:17:56 2010 Subject: Whitelisting a partner Message-ID: <4B8F96C90200003E00003ECB@gwmail.medicine.wisc.edu> Is there any way MailScanner can detect if an incoming email is being forwarded or not? We currently have to whitelist a specific partner's email system and that's perfectly fine. Email originating from their server gets checked for viruses and filetype violations, but not spam which is exactly what we want. The problem we are experiencing is that some of that partner's users have come on board with us and are now using our email system for their account. They have the other system automatically forwarding email from their old account to the new. Their old spam detection is less than par and doesn't catch much, so any email sent to their old account gets forwarded to their new account on our system. Since we whitelist their system, any email coming from their server gets whitelisted including email that's being forwarded which could be coming from anywhere and or anyone. My preference is to tell them to stop forwarding mail and set up a bounce reply with their current email address, but is there any way I can have MailScanner detect if the other system is actually originating the email or if it's forwarding, and if it's forwarding stop the whitelist? -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/2cc27c9d/attachment.html From maillists at conactive.com Thu Mar 4 17:42:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 4 17:42:33 2010 Subject: subject matching spam.assassin.prefs.conf In-Reply-To: References: Message-ID: Robert Lopez wrote on Thu, 4 Mar 2010 08:39:14 -0700: > I do not understand why you believe there may be a difference. I do not believe that, but you didn't provide any proof for the opposite yet. The minimum would have been to copy and paste the complete Subject line from the copy-to-self and the received mail. As you are using such strict rules it is obvious that a tiny mismatch (for instance a space that looks like a space but isn't) would make it fail. Try \s instead of a space. A much easier approach would be to whitelist the sending server in MS. > Mar 1 11:07:53 mgxx MailScanner[1353]: Message B288620F14.135F0 from > 74.125.92.144 (xxxxxxxxxx@gmail.com) to mgxx.cnm.edu is not spam, > SpamAssassin (not cached, score=-6.501, required 6, > autolearn=disabled, CGC_1 -5.00, CGC_2 -5.00, CNM_NAME 0.50, CNM_PH1 > 3.00, SPF_PASS -0.00) I see there are other rules of your own and they are probably in the same file and are working. Did you restart MailScanner since adding the rules? > > - there's some other misconfiguration > > Such as? I do not know your setup, but it's obvious that you don't know much about SA. I'm really not in querying all about your setup ;-) > questions. The distinguishing point being my rules are inserted into a > MailScanner file. Which is not the case. This file came with MailScanner. That's all. MS does *not* use it. SA uses it if there is a symlink from /etc/mail/spamassassin to it. Commands for debugging SA: spamassassin --lint spamassassin < yourmessage.file MailScanner --debug --debug-sa I suggest you use them in this order. Unless restarting MS fixes your problem, anyway. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jscott at infoconex.com Thu Mar 4 18:19:36 2010 From: jscott at infoconex.com (Jim Scott) Date: Thu Mar 4 18:19:29 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: References: Message-ID: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> Just upgraded to latest beta version 4.80.1-1 Headers used to look like this before upgrade X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.411, required 5, BAYES_00 -2.60, FH_DATE_PAST_20XX 3.19, RCVD_IN_DNSWL_LOW -1.00) now they look like this X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=0, required 5, autolearn=not spam) Did not change my MailScanner.config and the settings that should apply are shown below from my config. I also have 2 machines upgraded and both are doing the same thing so I know it is not specific to the machine. Here is my MailScanner.conf settings applicable. # Do you want the full spam report, or just a simple "spam / not spam" report? Detailed Spam Report = yes # Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = yes From maxsec at gmail.com Thu Mar 4 20:07:15 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 4 20:07:24 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> References: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> Message-ID: <72cf361e1003041207t5c0c023y16d7f8523a958e15@mail.gmail.com> run the upgrade mailscanner conf script to make sure you've not missed any new settings in the conf file... Martin On 4 March 2010 18:19, Jim Scott wrote: > Just upgraded to latest beta version 4.80.1-1 > > Headers used to look like this before upgrade > > X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=-0.411, required 5, BAYES_00 -2.60, > FH_DATE_PAST_20XX 3.19, RCVD_IN_DNSWL_LOW -1.00) > > > now they look like this > > X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=0, required 5, autolearn=not spam) > > > Did not change my MailScanner.config and the settings that should apply are > shown below from my config. I also have 2 machines upgraded and both are > doing the same thing so I know it is not specific to the machine. > > Here is my MailScanner.conf settings applicable. > > # Do you want the full spam report, or just a simple "spam / not spam" > report? > Detailed Spam Report = yes > > # Do you want to include the numerical scores in the detailed SpamAssassin > # report, or just list the names of the scores > Include Scores In SpamAssassin Report = yes > > # Do you want to always include the Spam Report in the SpamCheck > # header, even if the message wasn't spam? > # This can also be the filename of a ruleset. > Always Include SpamAssassin Report = yes > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100304/6fef7012/attachment.html From cfisk at qwicnet.com Thu Mar 4 20:26:29 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Thu Mar 4 20:26:45 2010 Subject: Whitelisting a partner In-Reply-To: <4B8F96C90200003E00003ECB@gwmail.medicine.wisc.edu> Message-ID: > Is there any way MailScanner can detect if an incoming > email is being forwarded or not? Not as such, BUT, you can setup a ruleset for whitelisting. Messages to specific email addresses get a separate whitelist than ones from the domain in general. Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Thu Mar 4 21:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 4 21:31:32 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> References: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> Message-ID: Please do not hijack threads! Use "new message", not "reply"! Thanks. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From rpotter at rpcs.net Fri Mar 5 01:12:02 2010 From: rpotter at rpcs.net (Richard Potter) Date: Fri Mar 5 01:12:12 2010 Subject: Ubuntu Support In-Reply-To: References: Message-ID: <51117.192.168.1.108.1267751522.squirrel@webmail.rpcs.net> On Thu, March 4, 2010 11:54 am, Robert Lopez wrote: > "Canonical does not provide updates for mailscanner. Some updates may > be provided by the Ubuntu community." > > It works very well on Ubuntu using the default release. > > I also work in an environment where policies set by others demand only > package upgrades on long term stable releases. > At this site, MailScanner on Ubuntu may be ancient by MailScanner > standards (due to Debian and Ubuntu support by the way, not due to > MailScanner support for Ubuntu) but we are all very happy with it. > > We do do one thing different. We use postfix instead of exim. So we > had to install MailScanner, remove Exim, then install Postfix. That > may need to be repeated if there is ever an upgrade for MailScanner > available. If long term stable releases are important, and MailScanner is important your enviroment, why not run RHEL, Centos or Oracle Enterprise linux? MailScanner is built/designed around those. I am a Ubuntu fan, running it on my desktop and file/nfs servers where up to date hardware support is important. But for good old fashioned uptime important mail servers, I run Centos. Richard From jscott at infoconex.com Fri Mar 5 04:44:45 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 04:45:00 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <72cf361e1003041207t5c0c023y16d7f8523a958e15@mail.gmail.com> References: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> <72cf361e1003041207t5c0c023y16d7f8523a958e15@mail.gmail.com> Message-ID: <4B908C3D.9050007@infoconex.com> Martin Hepworth wrote: > run the upgrade mailscanner conf script to make sure you've not missed > any new settings in the conf file... > > Martin I did run the upgrade script and the new settings were not related to anything spam score related that I could see. From jscott at infoconex.com Fri Mar 5 04:46:30 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 04:46:40 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages Message-ID: <4B908CA6.1060503@infoconex.com> Posting again as I guess I accidentally replied to a previous thread. Just upgraded to latest beta version 4.80.1-1 Headers used to look like this before upgrade X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.411, required 5, BAYES_00 -2.60, FH_DATE_PAST_20XX 3.19, RCVD_IN_DNSWL_LOW -1.00) now they look like this X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=0, required 5, autolearn=not spam) Did not change my MailScanner.config and the settings that should apply are shown below from my config. I also have 2 machines upgraded and both are doing the same thing so I know it is not specific to the machine. Here is my MailScanner.conf settings applicable. # Do you want the full spam report, or just a simple "spam / not spam" report? Detailed Spam Report = yes # Do you want to include the numerical scores in the detailed SpamAssassin # report, or just list the names of the scores Include Scores In SpamAssassin Report = yes # Do you want to always include the Spam Report in the SpamCheck # header, even if the message wasn't spam? # This can also be the filename of a ruleset. Always Include SpamAssassin Report = yes From jscott at infoconex.com Fri Mar 5 05:26:02 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 05:26:11 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B908C3D.9050007@infoconex.com> References: <6A5582462FDF4707A09CB8D07C7BB075@jscottPC> <72cf361e1003041207t5c0c023y16d7f8523a958e15@mail.gmail.com> <4B908C3D.9050007@infoconex.com> Message-ID: <4B9095EA.1070301@infoconex.com> > > > Martin Hepworth wrote: >> run the upgrade mailscanner conf script to make sure you've not >> missed any new settings in the conf file... >> >> Martin > > > I did run the upgrade script and the new settings were not related to > anything spam score related that I could see. Here is the diff between my old config and the new one. Notice other than a comment difference the only other difference is the version number. diff MailScanner.old MailScanner.conf 473a474 > # This can also be the filename of a ruleset. 2845c2846 < MailScanner Version Number = 4.78.17 --- > MailScanner Version Number = 4.80.1 From jscott at infoconex.com Fri Mar 5 06:53:39 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 06:53:56 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B908CA6.1060503@infoconex.com> References: <4B908CA6.1060503@infoconex.com> Message-ID: <4B90AA73.6020704@infoconex.com> Just noticed that my maillogs also no longer include the spam report. used to log Mar 1 08:18:33 smtpgw1 MailScanner[15758]: Message o21GIK4Q016164 from 69.90.40.100 (cimuhatila5125@virginmedia.com) to infoconex.com is spam, SpamAssassin (not cached, score=39.562, required 5, autolearn=spam, BAYES_50 0.00, CTYME_IXHASH 2.00, FH_DATE_PAST_20XX 3.19, GENERIC_IXHASH 2.00, HTML_IMAGE_ONLY_16 1.53, HTML_IMAGE_RATIO_02 0.38, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_2 0.00, MIME_HTML_ONLY 1.46, NIXSPAM_IXHASH 2.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 3.00, RCVD_IN_PBL 0.91, RDNS_DYNAMIC 0.10, URIBL_AB_SURBL 6.50, URIBL_BLACK 5.50, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 4.50) Now nothing You can see the setting is still set to YES # Do you want all spam to be logged? Useful if you want to gather # spam statistics from your logs, but can increase the system load quite # a bit if you get a lot of spam. Log Spam = yes From MailScanner at ecs.soton.ac.uk Fri Mar 5 09:29:23 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 5 09:29:37 2010 Subject: Whitelisting a partner In-Reply-To: <4B8F96C90200003E00003ECB@gwmail.medicine.wisc.edu> References: <4B8F96C90200003E00003ECB@gwmail.medicine.wisc.edu> <4B90CEF3.6020002@ecs.soton.ac.uk> Message-ID: Good question. I am thinking about a SpamAssassin rule that would detect if their system forwarded it, by looking for a Received: header that was their MX server, which would tell you that the mail did not originate in their system. If that Received: header text is present, then add a spam score to it? I'm not quite sure how to do the "stop the whitelist" bit. Of course if you wrote a Custom Function that looked for this Received: header text, that Custom Function could be used instead of (or in addition to) the ruleset for "Is Definitely Not Spam" so it would return 0 (i.e. no) if it found the Received: header. You should see a header, where in this example their MX server is at mx.yourpartner.com that looks something like Received: from blah blah blah by mx.yourpartner.com blah blah blah Does that help get you started? Jules. On 04/03/2010 17:17, Michael Masse wrote: > Is there any way MailScanner can detect if an incoming email is being > forwarded or not? > We currently have to whitelist a specific partner's email system and > that's perfectly fine. Email originating from their server gets > checked for viruses and filetype violations, but not spam which is > exactly what we want. The problem we are experiencing is that some > of that partner's users have come on board with us and are now using > our email system for their account. They have the other system > automatically forwarding email from their old account to the new. > Their old spam detection is less than par and doesn't catch much, so > any email sent to their old account gets forwarded to their new > account on our system. Since we whitelist their system, any email > coming from their server gets whitelisted including email that's being > forwarded which could be coming from anywhere and or anyone. My > preference is to tell them to stop forwarding mail and set up a bounce > reply with their current email address, but is there any way I can > have MailScanner detect if the other system is actually originating > the email or if it's forwarding, and if it's forwarding stop the > whitelist? > -Mike Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 5 09:33:01 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 5 09:33:17 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B908CA6.1060503@infoconex.com> References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> Message-ID: Looks to me like the SpamAssassin checks are failing for some reason. Run a "MailScanner --lint" for starters, delete MailScanner's SpamAssassin cache db file, and run a "spamassassin --lint" to ensure that SA is happy too. Jules. On 05/03/2010 04:46, Jim Scott wrote: > Posting again as I guess I accidentally replied to a previous thread. > > > Just upgraded to latest beta version 4.80.1-1 > > Headers used to look like this before upgrade > > X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=-0.411, required 5, BAYES_00 -2.60, > FH_DATE_PAST_20XX 3.19, RCVD_IN_DNSWL_LOW -1.00) > > > now they look like this > > X-Infoconex-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (not cached, score=0, required 5, autolearn=not spam) > > > Did not change my MailScanner.config and the settings that should > apply are shown below from my config. I also have 2 machines upgraded > and both are doing the same thing so I know it is not specific to the > machine. > > Here is my MailScanner.conf settings applicable. > > # Do you want the full spam report, or just a simple "spam / not spam" > report? > Detailed Spam Report = yes > > # Do you want to include the numerical scores in the detailed > SpamAssassin > # report, or just list the names of the scores > Include Scores In SpamAssassin Report = yes > > # Do you want to always include the Spam Report in the SpamCheck > # header, even if the message wasn't spam? > # This can also be the filename of a ruleset. > Always Include SpamAssassin Report = yes > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From fmgre-liste01 at yahoo.fr Fri Mar 5 09:41:34 2010 From: fmgre-liste01 at yahoo.fr (gnafou) Date: Fri Mar 5 09:41:43 2010 Subject: Tr : Problems with office files being wrongfully blocked Message-ID: <633294.90207.qm@web23101.mail.ird.yahoo.com> We 've been haviing the same problem. For some senders, sending a word document file ( .doc ) ; the attached docuemnts are blocked stating ' No executables ' ---- file output -> /tmp/aaa.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Author: xx, Template: Normal, Last Saved By: xx, Revision Number: 4, Name of Creating Application: Microsoft Word 10.0, Total Editing Time: 40:00, Last Printed: Sun Jan 31 13:18:00 2010, Create Time/Date: Sun Jan 31 12:51:00 2010, Last Saved Time/Date: Sun Jan 31 13:31:00 2010, Number of Pages: 1, Number of Words: 318, Number of Characters: 1755, Security: 0 --- file -i output -> /tmp/aaa.doc: application/msword; charset=binary --- MailScanner version 4.74.16 From lyndonl at mexcom.co.za Fri Mar 5 10:15:13 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Fri Mar 5 10:15:46 2010 Subject: Tr : Problems with office files being wrongfully blocked In-Reply-To: <633294.90207.qm@web23101.mail.ird.yahoo.com> References: <633294.90207.qm@web23101.mail.ird.yahoo.com> Message-ID: <01743D38-A89C-4AF5-9154-AB1FAD70C262@mexcom.co.za> On 05 Mar 2010, at 11:41 AM, gnafou wrote: > > I have seen something similar it only happened once that I know of it was a docx file from a beta release of Office 2010 when the file was sent again it was sent as a normal .doc file and all worked fine it was over a month ago and I dont keep logs for that long, > > We 've been haviing the same problem. > > For some senders, sending a word document file ( .doc ) ; the attached docuemnts are blocked stating ' No executables ' > > > ---- > file output -> > /tmp/aaa.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Author: xx, Template: Normal, Last Saved By: xx, Revision Number: 4, Name of Creating Application: Microsoft Word 10.0, Total Editing Time: 40:00, Last Printed: Sun Jan 31 13:18:00 2010, Create Time/Date: Sun Jan 31 12:51:00 2010, Last Saved Time/Date: Sun Jan 31 13:31:00 2010, Number of Pages: 1, Number of Words: 318, Number of Characters: 1755, Security: 0 > > --- > > file -i output -> > /tmp/aaa.doc: application/msword; charset=binary > > > --- > > MailScanner version 4.74.16 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za > > -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za From Amelein at dantumadiel.eu Fri Mar 5 10:20:37 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Fri Mar 5 10:20:52 2010 Subject: Betr.: Tr : Problems with office files being wrongfully blocked In-Reply-To: <633294.90207.qm@web23101.mail.ird.yahoo.com> References: <633294.90207.qm@web23101.mail.ird.yahoo.com> Message-ID: <4B90E9050200008E00013513@10.1.0.206> >>> Op 5-3-2010 om 10:41 is door gnafou geschreven: > > > We 've been haviing the same problem. > > For some senders, sending a word document file ( .doc ) ; the attached > docuemnts are blocked stating ' No executables ' > I changed our rules a little so I could differentiate between the 'executable' rule and the 'ELF' rule, and it seems to think the office files are ELF files. No ideas on a cause or solution though, other then blanket allowing anything .doc which might not be a good idea. - Arjan From MailScanner at ecs.soton.ac.uk Fri Mar 5 10:36:57 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 5 10:37:13 2010 Subject: Tr : Problems with office files being wrongfully blocked In-Reply-To: <633294.90207.qm@web23101.mail.ird.yahoo.com> References: <633294.90207.qm@web23101.mail.ird.yahoo.com> <4B90DEC9.8080103@ecs.soton.ac.uk> Message-ID: Try just commenting out the "ELF" line in filetype.rules.conf, then do a "service MailScanner reload". On 05/03/2010 09:41, gnafou wrote: > > > We 've been haviing the same problem. > > For some senders, sending a word document file ( .doc ) ; the attached docuemnts are blocked stating ' No executables ' > > > ---- > file output -> > /tmp/aaa.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Author: xx, Template: Normal, Last Saved By: xx, Revision Number: 4, Name of Creating Application: Microsoft Word 10.0, Total Editing Time: 40:00, Last Printed: Sun Jan 31 13:18:00 2010, Create Time/Date: Sun Jan 31 12:51:00 2010, Last Saved Time/Date: Sun Jan 31 13:31:00 2010, Number of Pages: 1, Number of Words: 318, Number of Characters: 1755, Security: 0 > > --- > > file -i output -> > /tmp/aaa.doc: application/msword; charset=binary > > > --- > > MailScanner version 4.74.16 > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Amelein at dantumadiel.eu Fri Mar 5 14:19:27 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Fri Mar 5 14:19:43 2010 Subject: Betr.: Re: Tr : Problems with office files being wrongfully blocked In-Reply-To: References: <633294.90207.qm@web23101.mail.ird.yahoo.com> <4B90DEC9.8080103@ecs.soton.ac.uk> Message-ID: <4B9120FF0200008E00013525@10.1.0.206> >>> Op 5-3-2010 om 11:36 is door Julian Field geschreven: > Try just commenting out the "ELF" line in filetype.rules.conf, then do a > "service MailScanner reload". > doh ... time for weekend here .... Commented it out and waiting to see what's going to happen. - Arjan From rlopezcnm at gmail.com Fri Mar 5 15:59:41 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri Mar 5 15:59:52 2010 Subject: Ubuntu Support In-Reply-To: <51117.192.168.1.108.1267751522.squirrel@webmail.rpcs.net> References: <51117.192.168.1.108.1267751522.squirrel@webmail.rpcs.net> Message-ID: On Thu, Mar 4, 2010 at 6:12 PM, Richard Potter wrote: > On Thu, March 4, 2010 11:54 am, Robert Lopez wrote: > >> "Canonical does not provide updates for mailscanner. Some updates may >> be provided by the Ubuntu community." >> >> It works very well on Ubuntu using the default release. >> >> I also work in an environment where policies set by others demand only >> package upgrades on long term stable releases. >> At this site, MailScanner on Ubuntu may be ancient by MailScanner >> standards (due to Debian and Ubuntu support by the way, not due to >> MailScanner support for Ubuntu) but we are all very happy with it. >> >> We do do one thing different. We use postfix instead of exim. So we >> had to install MailScanner, remove Exim, then install Postfix. That >> may need to be repeated if there is ever an upgrade for MailScanner >> available. > > If long term stable releases are important, and MailScanner is important > your enviroment, why not run RHEL, Centos or Oracle Enterprise linux? > > MailScanner is built/designed around those. > > I am a Ubuntu fan, running it on my desktop and file/nfs servers where up > to date hardware support is important. But for good old fashioned uptime > important mail servers, I run Centos. I absolutely agree with you! In my situation I do not make all decisions. I am not a Ubuntu fan. Yes you are correct, however JC Putter (the original poster) should know a reliable MailScanner system is possible if they choose (or must) use Ubuntu. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From Dstraka at caspercollege.edu Fri Mar 5 16:00:36 2010 From: Dstraka at caspercollege.edu (Daniel Straka) Date: Fri Mar 5 16:01:13 2010 Subject: How to detect forged From and Reply-to addresses from your own domain Message-ID: <4B90C83402000000000F1974@gw.caspercollege.edu> We are receiving a ton of SPAM where the From and/or Reply-to addresses have been forged so they appear to have come from users in our own domain. Of course, these BC several users at a time. Is there any way to detect these with MailScanner? Thanks, -- Dan Straka Systems Coordinator Casper College 307.268.2399 http://www.caspercollege.edu From jscott at infoconex.com Fri Mar 5 16:24:36 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 16:24:50 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> Message-ID: <4B913044.2090008@infoconex.com> Julian Field wrote: > Looks to me like the SpamAssassin checks are failing for some reason. > Run a "MailScanner --lint" for starters, delete MailScanner's > SpamAssassin cache db file, and run a "spamassassin --lint" to ensure > that SA is happy too. > > Jules. Here is the results [root@smtpgw1 ~]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 867 hostnames from the phishing whitelist Read 6145 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.80.1) is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamavmodule f-prot" Found these virus scanners installed: clamavmodule, f-prot =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com Virus Scanning: ClamAVModule found 1 infections Virus Scanning: F-Prot found virus EICAR_Test_File /var/spool/MailScanner/incoming/18463/1/eicar.com Infection: EICAR_Test_File Virus Scanning: F-Prot found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== If any of your virus scanners (clamavmodule,f-prot) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function MailWatchLogging and Spamassassin did not return anything From MailScanner at ecs.soton.ac.uk Fri Mar 5 16:25:34 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 5 16:25:45 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B90C83402000000000F1974@gw.caspercollege.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> Message-ID: All you can check for is that they come from hosts outside your domain, and have a sender address that includes your domain. You can mark those as spam. From: host:yourdomain.com and From: yourdomain.com no From: yourdomain.com yes FromOrTo: default no and put that as a ruleset for "Is Definitely Spam =". The "host:yourdomain.com" means "IP addresses which resolve to hostnames ending in yourdomain.com". It's the same as the old "10.3." way of specifying IP addresses, but uses DNS so you don't have to put in silly numbers. The "yourdomain.com" means "email messages whose sender address ends in yourdomain.com". On 05/03/2010 16:00, Daniel Straka wrote: > We are receiving a ton of SPAM where the From and/or Reply-to addresses have been forged so they appear to have come from users in our own domain. Of course, these BC several users at a time. Is there any way to detect these with MailScanner? > > Thanks, > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrm at medicine.wisc.edu Fri Mar 5 16:35:26 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Mar 5 16:35:53 2010 Subject: Whitelisting a partner In-Reply-To: References: <4B8F96C90200003E00003ECB@gwmail.medicine.wisc.edu> <4B90CEF3.6020002@ecs.soton.ac.uk> Message-ID: <4B90DE6E0200003E00003FE4@gwmail.medicine.wisc.edu> On 04/03/2010 17:17, Michael Masse wrote: > Is there any way MailScanner can detect if an incoming email is being > forwarded or not? Thanks for the responses. I got to thinking some more about this, and I think I have it resolved in a way that's much simpler. I was whitelisting the server IP, but if I simply look for the server IP AND the sender address being their domain I should be able to tell email originated from them vs forwarded. It won't help with forwarded email that has a spoofed sender address being theirs but that's a tiny percentage and worth the risk IMO. -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100305/c4863b41/attachment.html From mrm at medicine.wisc.edu Fri Mar 5 16:47:01 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Mar 5 16:47:22 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B90C83402000000000F1974@gw.caspercollege.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> Message-ID: <4B90E1250200003E00003FE9@gwmail.medicine.wisc.edu> >>> "Daniel Straka" 3/5/2010 10:00 AM >>> We are receiving a ton of SPAM where the From and/or Reply-to addresses have been forged so they appear to have come from users in our own domain. Of course, these BC several users at a time. Is there any way to detect these with MailScanner? There are many potential solutions provided in the archive of this list because this question has been asked numerous times. The consensus is that you should utilize SPF on your MTA to block most of these that have your domain from address in the reply-to address or envelope stage, and a custom spamassassin rule to take care of the ones that use your domain in the message body portion FROM: address. I also use a milter called mailfromd in addition to spf which gives much finer control. -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100305/883663c4/attachment.html From lists at openenterprise.ca Fri Mar 5 17:05:22 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Fri Mar 5 17:05:39 2010 Subject: Broken Perl modules, apache wont start now Message-ID: <4B9139D2.8090000@openenterprise.ca> I know this is an issue with the fsl-beta and their repo, but I am at a critical state now since the hosting running mailscanner is also a web hosting server and I have many sites down now due to a perl problem following an upgrade of mailscanner using the fsl-beta repo. If anyone can help or make any suggestions which might be able to get apache back up I would be greatful. After this upgrade, apache fails to start now? This is a system running virtualmin as well and from the looks of the bug report below, something to do with missmatched perl repos. https://www.virtualmin.com/node/12313 Nobody ever responded to my earlier questions and issues with the fsl repo so I am hoping I will have more luck this time. I have a bunch of hosts down now so this is very critical and will have to wipe the fsl beta and perl clean to try and get my system up again. Unfortunately this is where I did not get any help or responses, how to remove the fsl rep and all perl changes and revert back to the standard setup The error in /var/log/http/error_log is... /usr/sbin/httpd: symbol lookup error: /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache2/ServerUtil/ServerUtil.so: undefined symbol: ap_get_server_banner Bug report on error: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503375 From steve.freegard at fsl.com Fri Mar 5 17:30:11 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 5 17:30:22 2010 Subject: Broken Perl modules, apache wont start now In-Reply-To: <4B9139D2.8090000@openenterprise.ca> References: <4B9139D2.8090000@openenterprise.ca> Message-ID: <4B913FA3.1050503@fsl.com> On 05/03/10 17:05, Johnny Stork wrote: > I know this is an issue with the fsl-beta and their repo Actually - it isn't anything to do with using the fsl-beta repo at all: > > /usr/sbin/httpd: symbol lookup error: > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache2/ServerUtil/ServerUtil.so: > undefined symbol: ap_get_server_banner > The beta repo does not contain mod_perl or any Perl based Apache utilities at all. Nor does it install any modules in /usr/lib/perl5. I suspect you have added additional yum repositories (as per the ticket you quote) that have provided a newer mod_perl that has caused your issue. Regards, Steve. From maillists at conactive.com Fri Mar 5 17:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 5 17:31:35 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B90C83402000000000F1974@gw.caspercollege.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> Message-ID: Daniel Straka wrote on Fri, 05 Mar 2010 09:00:36 -0700: > We are receiving a ton of SPAM where the From and/or Reply-to addresses > have been forged so they appear to have come from users in our own > domain. Of course, these BC several users at a time. Is there any > way to detect these with MailScanner? This is getting asked frequently. Please peruse the archives. There are basically two solutions and they are done at MTA, not MailScanner: - SPF - reject your own domains as sender if not coming from your network or not authenticated, this can easily be done with postfix, I assume with other MTAs as well. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jscott at infoconex.com Fri Mar 5 18:35:59 2010 From: jscott at infoconex.com (Jim Scott) Date: Fri Mar 5 18:36:15 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B913044.2090008@infoconex.com> References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> <4B913044.2090008@infoconex.com> Message-ID: <4B914F0F.4050600@infoconex.com> Looks like the issue has something to do with SpamAssassin. I went back to 3.2.5 and now things are working as they used to. Not sure if it is an issue with MailScanner interacting with spamassassin or that spamassasin was not working properly. From Dstraka at caspercollege.edu Fri Mar 5 20:24:04 2010 From: Dstraka at caspercollege.edu (Daniel Straka) Date: Fri Mar 5 20:24:36 2010 Subject: How to detect forged From and Reply-to addresses from your owndomain In-Reply-To: References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> Message-ID: <4B9105F402000000000F19E3@gw.caspercollege.edu> Jules, This is working quite well on the MailScanner server that only receives messages. What might be the drawbacks to leaving this rule in place? I haven't seen any FP's yet and it's marked a thousand messages as spam already. If there's not really any drawbacks...would there be a similar rule for a MailScanner server that receives and sends mail for our domain? Thanks so much...Dan >>> On 3/5/2010 at 9:25 AM, in message , Julian Field wrote: > All you can check for is that they come from hosts outside your domain, > and have a sender address that includes your domain. > > You can mark those as spam. > > From: host:yourdomain.com and From: yourdomain.com no > From: yourdomain.com yes > FromOrTo: default no > > and put that as a ruleset for "Is Definitely Spam =". > > The "host:yourdomain.com" means "IP addresses which resolve to hostnames > ending in yourdomain.com". It's the same as the old "10.3." way of > specifying IP addresses, but uses DNS so you don't have to put in silly > numbers. > The "yourdomain.com" means "email messages whose sender address ends in > yourdomain.com". > > On 05/03/2010 16:00, Daniel Straka wrote: >> We are receiving a ton of SPAM where the From and/or Reply-to addresses have > been forged so they appear to have come from users in our own domain. Of > course, these BC several users at a time. Is there any way to detect these > with MailScanner? >> >> Thanks, >> >> > > Jules From maillists at conactive.com Fri Mar 5 21:31:14 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 5 21:31:28 2010 Subject: Broken Perl modules, apache wont start now In-Reply-To: <4B9139D2.8090000@openenterprise.ca> References: <4B9139D2.8090000@openenterprise.ca> Message-ID: Johnny Stork wrote on Fri, 05 Mar 2010 09:05:22 -0800: > /usr/sbin/httpd: symbol lookup error: > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache2/ServerUtil/ServerUtil.so: > undefined symbol: ap_get_server_banner Stop using that ServerUtil thingy and you are up again. httpd has no need for perl at all. > Nobody ever responded to my earlier questions and issues with the fsl > repo Well, I think you should hire someone who can handle these and other issues. Looking at your site I sure expect you to handle these simple issues by yourself instead of relying on a mailing list. If I were your customer I'd be surprised about your mails. To say it mildly. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From micoots at yahoo.com Fri Mar 5 23:06:51 2010 From: micoots at yahoo.com (Michael Mansour) Date: Fri Mar 5 23:07:01 2010 Subject: Spamscore rule for between numbers Message-ID: <424001.20831.qm@web33305.mail.mud.yahoo.com> Hi, I'm looking at writing a spamassassin.rule.actions rule to say: "if the score is between 10 and 20 do ... " Looking at the instructions: # You can also trigger actions on the spam score of the message. You can # compare the spam score with a number and cause this to trigger an action. # For example, instead of a SA_RULENAME you can specify # SpamScore>number or SpamScore>=number or SpamScore==number or # SpamScore25=>delete I'm not sure I can actually do this, since I want something like: To: *@* SpamScore<20 and SpamScore>10=>store, forward ... Any ideas on how I can write a rule to say between 10 and 20 ? Thanks. Michael. From micoots at yahoo.com Sat Mar 6 01:24:09 2010 From: micoots at yahoo.com (Michael Mansour) Date: Sat Mar 6 01:24:18 2010 Subject: SpamAssassin Rule Actions Message-ID: <161695.21554.qm@web33301.mail.mud.yahoo.com> Hi, I'm currently in the process of testing this and it doesn't seem to be working for me. This is the rule I put in place: To: *@* SpamScore>20=>store,not-deliver,forward some@email.address.com In my file: spamassassin.rule.actions.rules Referenced from: SpamAssassin Rule Actions = %rules-dir%/spamassassin.rule.actions.rules But when I get spam greater than a score of 20, some@email.address.com doesn't get the email? Any ideas how I could trouble-shoot this? Thanks. Michael. From lists at openenterprise.ca Sat Mar 6 05:26:05 2010 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Mar 6 05:26:19 2010 Subject: Broken Perl modules, apache wont start now In-Reply-To: References: <4B9139D2.8090000@openenterprise.ca> Message-ID: <4B91E76D.30003@openenterprise.ca> On 10-03-05 01:31 PM, Kai Schaetzl wrote: > Johnny Stork wrote on Fri, 05 Mar 2010 09:05:22 -0800: > > >> /usr/sbin/httpd: symbol lookup error: >> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache2/ServerUtil/ServerUtil.so: >> undefined symbol: ap_get_server_banner >> > Stop using that ServerUtil thingy and you are up again. httpd has no need for > perl at all. > > >> Nobody ever responded to my earlier questions and issues with the fsl >> repo >> > Well, I think you should hire someone who can handle these and other issues. > Looking at your site I sure expect you to handle these simple issues by yourself > instead of relying on a mailing list. If I were your customer I'd be surprised > about your mails. To say it mildly. > > Kai > > Or maybe someone was overloaded with other work/projects/responsibilites and was trying to find the quickest solution possible without having to get pulled away from the other work. Possibly the mailing list would avoid having to debug and lose time on the other, more important tasks? Nah, I am just an idiot and a clueless moron pretending to have Linux or open-source skills. When you make assumptions.....well I am sure you know the rest -- Johnny Stork Child of the Universe Home: www.johnnystork.ca Facebook: www.facebook.com/johnnystork Twitter: www.twitter.com/johnnystork.ca From maillists at conactive.com Sat Mar 6 10:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Mar 6 10:31:34 2010 Subject: Broken Perl modules, apache wont start now In-Reply-To: <4B91E76D.30003@openenterprise.ca> References: <4B9139D2.8090000@openenterprise.ca> <4B91E76D.30003@openenterprise.ca> Message-ID: Johnny Stork wrote on Fri, 05 Mar 2010 21:26:05 -0800: > Or maybe someone was overloaded with other work/projects/responsibilites > and was trying to find the quickest solution possible without having to > get pulled away from the other work. Oh, my, don't make it worse. Your customers deserve better. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Sat Mar 6 17:19:51 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sat Mar 6 17:20:11 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B9105F402000000000F19E3@gw.caspercollege.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> Message-ID: <4B928EB7.1030206@msapiro.net> On 11:59 AM, Daniel Straka wrote: > Jules, > > This is working quite well on the MailScanner server that only > receives messages. What might be the drawbacks to leaving this rule > in place? I haven't seen any FP's yet and it's marked a thousand > messages as spam already. If there's not really any drawbacks...would > there be a similar rule for a MailScanner server that receives and > sends mail for our domain? For drawbacks to Jules' suggestion (possibly to the whole idea), consider the following: You are my employer. I set up a pop3 or imap account on my MUA at home to access my work mail. My ISP redirects all port 25 connects to its own servers so even if I know what I'm doing, I can't use your MTA for my outgoing mail for this account. Now, all my replies from home to my co-workers will be seen as spam because they are From: my work address, but the sending MTA is my home ISP. The same problem exists if SPF is used. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mogens at fumlersoft.dk Sat Mar 6 18:07:38 2010 From: mogens at fumlersoft.dk (Mogens Melander) Date: Sat Mar 6 18:07:52 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B928EB7.1030206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: On Sat, March 6, 2010 18:19, Mark Sapiro wrote: > On 11:59 AM, Daniel Straka wrote: >> Jules, >> >> This is working quite well on the MailScanner server that only >> receives messages. What might be the drawbacks to leaving this rule >> in place? I haven't seen any FP's yet and it's marked a thousand >> messages as spam already. If there's not really any drawbacks...would >> there be a similar rule for a MailScanner server that receives and >> sends mail for our domain? > > > For drawbacks to Jules' suggestion (possibly to the whole idea), > consider the following: > > You are my employer. > > I set up a pop3 or imap account on my MUA at home to access my work mail. > > My ISP redirects all port 25 connects to its own servers so even if I > know what I'm doing, I can't use your MTA for my outgoing mail for this > account. > > Now, all my replies from home to my co-workers will be seen as spam > because they are From: my work address, but the sending MTA is my home ISP. > > The same problem exists if SPF is used. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan In that case, either bitch at your ISP, or set up a web-mail. I've been using squirrelmail for years for the same reasons. -- Later Mogens Melander -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sat Mar 6 19:17:46 2010 From: alex at rtpty.com (Alex Neuman) Date: Sat Mar 6 19:18:05 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B928EB7.1030206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: That would be why I always enable 587 (MSA) with auth, or 465 (SMTPS) on my MTA's. On Mar 6, 2010, at 12:19 PM, Mark Sapiro wrote: > My ISP redirects all port 25 connects to its own servers so even if I > know what I'm doing, I can't use your MTA for my outgoing mail for this > account. > > Now, all my replies from home to my co-workers will be seen as spam > because they are From: my work address, but the sending MTA is my home ISP. > > The same problem exists if SPF is used. From mark at msapiro.net Sun Mar 7 18:03:08 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sun Mar 7 18:03:27 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: <4B93EA5C.5020206@msapiro.net> On 11:59 AM, Mogens Melander wrote: > > On Sat, March 6, 2010 18:19, Mark Sapiro wrote: [...] >> >> For drawbacks to Jules' suggestion (possibly to the whole idea), >> consider the following: >> >> You are my employer. >> >> I set up a pop3 or imap account on my MUA at home to access my work mail. >> >> My ISP redirects all port 25 connects to its own servers so even if I >> know what I'm doing, I can't use your MTA for my outgoing mail for this >> account. >> >> Now, all my replies from home to my co-workers will be seen as spam >> because they are From: my work address, but the sending MTA is my home ISP. >> >> The same problem exists if SPF is used. > > In that case, either bitch at your ISP, or set up a web-mail. > > I've been using squirrelmail for years for the same reasons. And Alex Neuman wrote: > > That would be why I always enable 587 (MSA) with auth, or 465 (SMTPS) > on my MTA's. I understand all those things, but that is not my point. I am not a typical user. Typical users in most environments don't understand those things. What do you say when the PHB is on the phone and wants to know why *his* boss is saying he didn't receive the monthly status report that the PHB knows he emailed from home the evening before it was due. And yes, even this can possibly be avoided with sufficient documentation, training and support, but this is a cost that should be factored in. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From maxsec at gmail.com Sun Mar 7 19:50:32 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Sun Mar 7 19:50:40 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B914F0F.4050600@infoconex.com> References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> <4B913044.2090008@infoconex.com> <4B914F0F.4050600@infoconex.com> Message-ID: <72cf361e1003071150w5bd5b623x40b02c0e8ba57364@mail.gmail.com> On 5 March 2010 18:35, Jim Scott wrote: > Looks like the issue has something to do with SpamAssassin. I went back to > 3.2.5 and now things are working as they used to. Not sure if it is an issue > with MailScanner interacting with spamassassin or that spamassasin was not > working properly. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jim did you read the SA 3.3 install/upgrade instructions carefully? you need to run an 'sa-update' after installing 3.3 as it comes with no/zero/nada rules in that installer. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100307/c9363855/attachment.html From ajcartmell at fonant.com Mon Mar 8 09:01:32 2010 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Mar 8 09:01:53 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B928EB7.1030206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: > My ISP redirects all port 25 connects to its own servers so even if I > know what I'm doing, I can't use your MTA for my outgoing mail for this > account. I always instruct that they use the proper message submission port, 587, for sending mail. This requires authentication so can be used from anywhere on the internet without needing to change the outgoing servername, and also works around any ISP that hijacks port 25. Anthony -- www.fonant.com - Quality web sites Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Grafton Lodge, 15 Grafton Road, Worthing, West Sussex, BN11 1QR From ajcartmell at fonant.com Mon Mar 8 09:04:33 2010 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Mar 8 09:04:53 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B93EA5C.5020206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B93EA5C.5020206@msapiro.net> Message-ID: >> That would be why I always enable 587 (MSA) with auth, or 465 (SMTPS) >> on my MTA's. +1 > I understand all those things, but that is not my point. I am not a > typical user. Typical users in most environments don't understand those > things. I just instruct them to change "25" to "587" in the advanced mail sending settings, and it'll work however they connect to the internet :) Only one more instruction, no more complicated than getting them to type the mail server name in correctly, in my experience. HTH, Anthony -- www.fonant.com - Quality web sites Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Grafton Lodge, 15 Grafton Road, Worthing, West Sussex, BN11 1QR From MailScanner at ecs.soton.ac.uk Mon Mar 8 09:11:05 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 09:11:21 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <4B914F0F.4050600@infoconex.com> References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> <4B913044.2090008@infoconex.com> <4B914F0F.4050600@infoconex.com> <4B94BF29.7040206@ecs.soton.ac.uk> Message-ID: In that case, have you got all of SpamAssassin's pre-requisites installed properly? On 05/03/2010 18:35, Jim Scott wrote: > Looks like the issue has something to do with SpamAssassin. I went > back to 3.2.5 and now things are working as they used to. Not sure if > it is an issue with MailScanner interacting with spamassassin or that > spamassasin was not working properly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 8 09:23:22 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 09:23:39 2010 Subject: Spamscore rule for between numbers In-Reply-To: <424001.20831.qm@web33305.mail.mud.yahoo.com> References: <424001.20831.qm@web33305.mail.mud.yahoo.com> <4B94C20A.5060401@ecs.soton.ac.uk> Message-ID: On 05/03/2010 23:06, Michael Mansour wrote: > Hi, > > I'm looking at writing a spamassassin.rule.actions rule to say: > > "if the score is between 10 and 20 do ..." > > Looking at the instructions: > > # You can also trigger actions on the spam score of the message. You can > # compare the spam score with a number and cause this to trigger an action. > # For example, instead of a SA_RULENAME you can specify > # SpamScore>number or SpamScore>=number or SpamScore==number or > # SpamScore # where "number" is the threshold value you are comparing it against. > # So you could have a rule/action pair that looks like > # SpamScore>25=>delete > > I'm not sure I can actually do this, since I want something like: > > To: *@* SpamScore<20 and SpamScore>10=>store, forward ... > > Any ideas on how I can write a rule to say between 10 and 20 ? > Do it in 2 rules. To: default SpamScore>=10=>store,forward user@domain.com SpamScore>20=>not-store, not-forward user@domain.com So 1 set of actions at 10 and above, and a different set above 20 which cancel out the set at 10 and above. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 8 09:24:17 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 09:24:32 2010 Subject: SpamAssassin Rule Actions In-Reply-To: <161695.21554.qm@web33301.mail.mud.yahoo.com> References: <161695.21554.qm@web33301.mail.mud.yahoo.com> <4B94C241.1000109@ecs.soton.ac.uk> Message-ID: Start by looking in your /var/log/maillog. That will tell you what actions it thinks it is trying to do. On 06/03/2010 01:24, Michael Mansour wrote: > Hi, > > I'm currently in the process of testing this and it doesn't seem to be working for me. > > This is the rule I put in place: > > To: *@* SpamScore>20=>store,not-deliver,forward some@email.address.com > > In my file: > > spamassassin.rule.actions.rules > > Referenced from: > > SpamAssassin Rule Actions = %rules-dir%/spamassassin.rule.actions.rules > > But when I get spam greater than a score of 20, some@email.address.com doesn't get the email? > > Any ideas how I could trouble-shoot this? > > Thanks. > > Michael. > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 8 09:27:47 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 09:28:03 2010 Subject: MailScanner no longer logging spamassassin score in header for clean messages In-Reply-To: <72cf361e1003071150w5bd5b623x40b02c0e8ba57364@mail.gmail.com> References: <4B908CA6.1060503@infoconex.com> <4B90CFCD.9010204@ecs.soton.ac.uk> <4B913044.2090008@infoconex.com> <4B914F0F.4050600@infoconex.com> <72cf361e1003071150w5bd5b623x40b02c0e8ba57364@mail.gmail.com> <4B94C313.7030404@ecs.soton.ac.uk> Message-ID: On 07/03/2010 19:50, Martin Hepworth wrote: > > > On 5 March 2010 18:35, Jim Scott > wrote: > > Looks like the issue has something to do with SpamAssassin. I went > back to 3.2.5 and now things are working as they used to. Not sure > if it is an issue with MailScanner interacting with spamassassin > or that spamassasin was not working properly. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Jim > > did you read the SA 3.3 install/upgrade instructions carefully? you > need to run an 'sa-update' after installing 3.3 as it comes with > no/zero/nada rules in that installer. If you ran my install.sh for the ClamAV+SA bundle, then you'll be okay as my installer does that for you. But if you did it on your own then Jim is probably right on the nail! :) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 8 09:49:33 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 09:49:47 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B94C82D.3080101@ecs.soton.ac.uk> Message-ID: On 08/03/2010 09:01, Anthony Cartmell wrote: >> My ISP redirects all port 25 connects to its own servers so even if I >> know what I'm doing, I can't use your MTA for my outgoing mail for this >> account. > > I always instruct that they use the proper message submission port, > 587, for sending mail. This requires authentication so can be used > from anywhere on the internet without needing to change the outgoing > servername, and also works around any ISP that hijacks port 25. I have found (through extensive travelling on the part of other staff here) that some hotel networks block everything except 80 (which they proxy) and 443. So I also provide SMTPS on 443 on our SMTP server, and IMAPS on 443 on our IMAP server. That way they can always reach their mail, I've never found anywhere (recently) that blocks 443. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Mon Mar 8 11:12:47 2010 From: micoots at yahoo.com (Michael Mansour) Date: Mon Mar 8 11:12:57 2010 Subject: Spamscore rule for between numbers In-Reply-To: Message-ID: <291135.15012.qm@web33303.mail.mud.yahoo.com> Hi Jules, --- On Mon, 8/3/10, Julian Field wrote: > From: Julian Field > Subject: Re: Spamscore rule for between numbers > To: "MailScanner discussion" > Received: Monday, 8 March, 2010, 8:23 PM > > On 05/03/2010 23:06, Michael Mansour wrote: > > Hi, > > > > I'm looking at writing a spamassassin.rule.actions > rule to say: > > > > "if the score is between 10 and 20 do ..." > > > > Looking at the instructions: > > > > # You can also trigger actions on the spam score of > the message. You can > > # compare the spam score with a number and cause this > to trigger an action. > > # For example, instead of a SA_RULENAME you can > specify > > # SpamScore>number or SpamScore>=number or > SpamScore==number or > > # SpamScore > # where "number" is the threshold value you are > comparing it against. > > # So you could have a rule/action pair that looks > like > > #? ? ? ? ? ? ? > ? ? SpamScore>25=>delete > > > > I'm not sure I can actually do this, since I want > something like: > > > > To: *@* SpamScore<20 and SpamScore>10=>store, > forward ... > > > > Any ideas on how I can write a rule to say between 10 > and 20 ? > >? ? > Do it in 2 rules. > To: default SpamScore>=10=>store,forward user@domain.com > SpamScore>20=>not-store, not-forward user@domain.com > So 1 set of actions at 10 and above, and a different set > above 20 which > cancel out the set at 10 and above. Ok, I've added this rule: To: default SpamScore>10=>store,not-deliver,forward normalspam@domain.com SpamScore>20=>store,not-deliver,forward highspam@domain.com So that says anything above 10 (up to 20) goes to normalspam@domain.com while anything above 20 goes to highspam@domain.com All on the one line. Does that look ok? Thanks. Michael. > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from > your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From sonidhaval at gmail.com Mon Mar 8 11:27:36 2010 From: sonidhaval at gmail.com (Dhaval Soni) Date: Mon Mar 8 11:27:47 2010 Subject: Zen.spamhous.org score for spam assassin... Message-ID: <5e7ce1ac1003080327y97a6f8k9765c6e29a02be1e@mail.gmail.com> Dear All, I want to use Zen.spamhous.org for rlbcheck or for spam checking. But how to give score for it? Do we have to mention score for it? Thanks in advance, -- Kind regards, Dhaval Soni Red Hat Certified Architect RHCE No: 804007900325939 Cell: +91-966 20 29 620 ***************************** Wiki: https://fedoraproject.org/wiki/User:Sonidhaval -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100308/392c9189/attachment.html From MailScanner at ecs.soton.ac.uk Mon Mar 8 11:50:24 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 8 11:50:39 2010 Subject: Spamscore rule for between numbers In-Reply-To: <291135.15012.qm@web33303.mail.mud.yahoo.com> References: <291135.15012.qm@web33303.mail.mud.yahoo.com> <4B94E480.5030705@ecs.soton.ac.uk> Message-ID: On 08/03/2010 11:12, Michael Mansour wrote: > Hi Jules, > > --- On Mon, 8/3/10, Julian Field wrote: > > >> From: Julian Field >> Subject: Re: Spamscore rule for between numbers >> To: "MailScanner discussion" >> Received: Monday, 8 March, 2010, 8:23 PM >> >> On 05/03/2010 23:06, Michael Mansour wrote: >> >>> Hi, >>> >>> I'm looking at writing a spamassassin.rule.actions >>> >> rule to say: >> >>> "if the score is between 10 and 20 do ..." >>> >>> Looking at the instructions: >>> >>> # You can also trigger actions on the spam score of >>> >> the message. You can >> >>> # compare the spam score with a number and cause this >>> >> to trigger an action. >> >>> # For example, instead of a SA_RULENAME you can >>> >> specify >> >>> # SpamScore>number or SpamScore>=number or >>> >> SpamScore==number or >> >>> # SpamScore>> # where "number" is the threshold value you are >>> >> comparing it against. >> >>> # So you could have a rule/action pair that looks >>> >> like >> >>> # >>> >> SpamScore>25=>delete >> >>> I'm not sure I can actually do this, since I want >>> >> something like: >> >>> To: *@* SpamScore<20 and SpamScore>10=>store, >>> >> forward ... >> >>> Any ideas on how I can write a rule to say between 10 >>> >> and 20 ? >> >>> >>> >> Do it in 2 rules. >> To: default SpamScore>=10=>store,forward user@domain.com >> SpamScore>20=>not-store, not-forward user@domain.com >> So 1 set of actions at 10 and above, and a different set >> above 20 which >> cancel out the set at 10 and above. >> > Ok, I've added this rule: > > To: default SpamScore>10=>store,not-deliver,forward normalspam@domain.com SpamScore>20=>store,not-deliver,forward highspam@domain.com > > So that says anything above 10 (up to 20) goes to normalspam@domain.com while anything above 20 goes to highspam@domain.com > > All on the one line. Does that look ok? > You probably need to add a "not-forward normalspam@domain.com" to the end of the >20 bit of the rule, or else it will send high spam to that address as well. > Thanks. > > Michael. > > >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from >> your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >> B654 >> Follow me at twitter.com/JulesFM and >> twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Mon Mar 8 12:13:17 2010 From: micoots at yahoo.com (Michael Mansour) Date: Mon Mar 8 12:13:27 2010 Subject: SpamAssassin Rule Actions In-Reply-To: Message-ID: <718618.65151.qm@web33301.mail.mud.yahoo.com> Hi Jules, --- On Mon, 8/3/10, Julian Field wrote: > From: Julian Field > Subject: Re: SpamAssassin Rule Actions > To: "MailScanner discussion" > Received: Monday, 8 March, 2010, 8:24 PM > Start by looking in your > /var/log/maillog. That will tell you what > actions it thinks it is trying to do. Looking in there, when a spam is detected I see: Mar 8 23:03:48 server MailScanner[29709]: Message o28C3XnG031821 from 119.155.14.213 (vicky41@yahoo.com) to example.net.au is spam, SpamAssassin (cached, score=26.672, required 5, autolearn=spam, BAYES_99 3.50, BOTNET 2.00, CRM114_UNSURE 0.00, FORGED_YAHOO_RCVD 2.30, FREEMAIL_EXTRA 1.50, FREEMAIL_FROM 0.50, MS_FOUND_SPAMVIRUS 3.00, NIXSPAM_IXHASH 3.00, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, RDNS_NONE 0.10, RELAY_RU 2.00, TVD_SPACE_RATIO 2.22, URIBL_SBL 1.50) Mar 8 23:03:48 server MailScanner[29709]: Spam Actions: message o28C3XnG031821 actions are delete,header,store-spam That Spam Action of "delete,header,store-spam" is from my high.scoring.spam.actions.rules file. So even with this line: To: default SpamScore>10=>store,not-deliver,forward normalspam@domain.com SpamScore>18=>store,not-deliver,forward highspam@domain.com in the spamassassin.rule.actions.rules file, it doesn't seem to trigger the SpamScore forward on the spam message? Any ideas why? Thanks. Michael. > On 06/03/2010 01:24, Michael Mansour wrote: > > Hi, > > > > I'm currently in the process of testing this and it > doesn't seem to be working for me. > > > > This is the rule I put in place: > > > > To: *@* SpamScore>20=>store,not-deliver,forward > some@email.address.com > > > > In my file: > > > > spamassassin.rule.actions.rules > > > > Referenced from: > > > > SpamAssassin Rule Actions = > %rules-dir%/spamassassin.rule.actions.rules > > > > But when I get spam greater than a score of 20, some@email.address.com > doesn't get the email? > > > > Any ideas how I could trouble-shoot this? > > > > Thanks. > > > > Michael. > > > > > > > > > >? ? > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from > your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From campbell at cnpapers.com Mon Mar 8 14:53:17 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Mar 8 14:53:45 2010 Subject: OT: Outlook oddities Message-ID: <4B950F5D.20904@cnpapers.com> Just wondering if anyone ever experiences email sent by Outlook senders that have no "From" in the envelop? The headers seem to have the proper "From" entry. These get caught quite often by MS (actually SA) with a "no watermark or sender address". They are sent from our users, which normally get whitelisted by IP address. The problem doesn't always happen even from the same sender. Thanks and sorry for the OT Steve Campbell From glenn.steen at gmail.com Mon Mar 8 15:52:05 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 8 15:52:13 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B93EA5C.5020206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B93EA5C.5020206@msapiro.net> Message-ID: <223f97701003080752q30cca2dbw79c40d598078ed78@mail.gmail.com> On 7 March 2010 19:03, Mark Sapiro wrote: > On 11:59 AM, Mogens Melander wrote: >> >> On Sat, March 6, 2010 18:19, Mark Sapiro wrote: > [...] >>> >>> For drawbacks to Jules' suggestion (possibly to the whole idea), >>> consider the following: >>> >>> You are my employer. >>> >>> I set up a pop3 or imap account on my MUA at home to access my work mail. >>> >>> My ISP redirects all port 25 connects to its own servers so even if I >>> know what I'm doing, I can't use your MTA for my outgoing mail for this >>> account. >>> >>> Now, all my replies from home to my co-workers will be seen as spam >>> because they are From: my work address, but the sending MTA is my home ISP. >>> >>> The same problem exists if SPF is used. >> >> In that case, either bitch at your ISP, or set up a web-mail. >> >> I've been using squirrelmail for years for the same reasons. > > And Alex Neuman wrote: >> >> That would be why I always enable 587 (MSA) with auth, or 465 (SMTPS) >> on my MTA's. > > > I understand all those things, but that is not my point. I am not a > typical user. Typical users in most environments don't understand those > things. > > What do you say when the PHB is on the phone and wants to know why *his* > boss is saying he didn't receive the monthly status report that the PHB > knows he emailed from home the evening before it was due. > > And yes, even this can possibly be avoided with sufficient > documentation, training and support, but this is a cost that should be > factored in. > Your situation may differ much from mine, but ... most PHBs actually can take well-built technical argumentation.... If you say "don't do stupid things" in the right way, there simply is no issue;-). Getting (company) control over who sends what as whom is something a PHB would find attractive, in my experience (even when it "backfires":-), and especially if there are simple countermeasures (like providing authenticated SMTP services, as suggested by Alex... Or a VPN and/or webmail solution that circumvents the entire problem). The argument that joe-dough-email-admin *may* do a bad setup/design simply will not bear scrutiny... *We* can't take responsibility for bad email management by users of neither MTAs nor MailScanner... Never have, never will;-). I certainly will not take responsibility for any errors you make, nor would I expect you to shoulder my shortcomings...;). >From the ISP perspective... I suspect one simply cannot employ something like this, other than for customers that actually buy that type of service from you. A simple question of responsibilities:). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 8 16:16:34 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 8 16:16:44 2010 Subject: mailscanner on smtp level In-Reply-To: <160A91E73E5148589B8241B1B653408D@pc> References: <160A91E73E5148589B8241B1B653408D@pc> Message-ID: <223f97701003080816i5942b61bo81e7c1459b5f4d4c@mail.gmail.com> 2010/3/4 ?smail ?ZATAY : > Hi everyone, > > Any possibility to block spam,unwanted things etc... at smtp level with > mailscanner ? or think about never ? > :( > No, no possibility. No, never will... since it simply can't. When MailScanner gats involved, the SMTP phase is all done... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 8 16:26:50 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 8 16:26:59 2010 Subject: Betr.: Re: Tr : Problems with office files being wrongfully blocked In-Reply-To: <4B9120FF0200008E00013525@10.1.0.206> References: <633294.90207.qm@web23101.mail.ird.yahoo.com> <4B90DEC9.8080103@ecs.soton.ac.uk> <4B9120FF0200008E00013525@10.1.0.206> Message-ID: <223f97701003080826t505dec14udeacf3c27a27043b@mail.gmail.com> On 5 March 2010 15:19, Arjan Melein wrote: >>>> Op 5-3-2010 om 11:36 is door Julian Field > geschreven: >> Try just commenting out the "ELF" line in filetype.rules.conf, then do a >> "service MailScanner reload". >> > doh ... time for weekend here .... > Commented it out and waiting to see what's going to happen. > ... Some of you have shared some edited file output... Since the output is ... altered... it is impossible to use for some RE testing. My guess would be that the .docx files would include the string "elf" in some non-obvious way... I suppose one could do some simple testing along that line...? Probably would be in the Author string, or similar...:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 8 16:42:06 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 8 16:42:15 2010 Subject: OT: Outlook oddities In-Reply-To: <4B950F5D.20904@cnpapers.com> References: <4B950F5D.20904@cnpapers.com> Message-ID: <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> On 8 March 2010 15:53, Steve Campbell wrote: > Just wondering if anyone ever experiences email sent by Outlook senders that > have no "From" in the envelop? The headers seem to have the proper "From" > entry. These get caught quite often by MS (actually SA) with a "no watermark > or sender address". They are sent from our users, which normally get > whitelisted by IP address. The problem doesn't always happen even from the > same sender. > > Thanks and sorry for the OT > > Steve Campbell > The empty sender (MAIL FROM:<>) is a valid sender reserved for the mail system itself. Typically used for delivery reports (or rather "non-delivery":-). Since all mail coming into your system having an empty sender need be in response to a mail sent from you, MailScanner (not SA) adds a watermark header... The "returning MTA" is supposed to preserve that in the reply/DSN/NDN, so MailScanner checks for that and stamps any mail lacking a watermark, or having a forged one, as spam. So you need look a bit harder on from where you get these, and in what situations;-). It's probably doing just the thing it should:-);-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Mon Mar 8 17:10:40 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Mon Mar 8 17:11:06 2010 Subject: OT: Outlook oddities In-Reply-To: <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> References: <4B950F5D.20904@cnpapers.com> <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> Message-ID: <4B952F90.8030202@cnpapers.com> Glenn Steen wrote: > On 8 March 2010 15:53, Steve Campbell wrote: > >> Just wondering if anyone ever experiences email sent by Outlook senders that >> have no "From" in the envelop? The headers seem to have the proper "From" >> entry. These get caught quite often by MS (actually SA) with a "no watermark >> or sender address". They are sent from our users, which normally get >> whitelisted by IP address. The problem doesn't always happen even from the >> same sender. >> >> Thanks and sorry for the OT >> >> Steve Campbell >> >> > The empty sender (MAIL FROM:<>) is a valid sender reserved for the > mail system itself. Typically used for delivery reports (or rather > "non-delivery":-). Since all mail coming into your system having an > empty sender need be in response to a mail sent from you, MailScanner > (not SA) adds a watermark header... The "returning MTA" is supposed to > preserve that in the reply/DSN/NDN, so MailScanner checks for that and > stamps any mail lacking a watermark, or having a forged one, as spam. > > So you need look a bit harder on from where you get these, and in what > situations;-). It's probably doing just the thing it should:-);-) > > Cheers > Yep, I agree it looks like valid mail and all and that the headers and envelop are probably valid for certain types of email. But... All of our users are NATted to one IP address from our internal network to the outgoing mailserver. These emails show that they have arrived properly from that internal network. These are real emails sent from our users. They just don't have the "From" in them and, as you stated, they don't have the proper Return-Path (it's blank). They show only one hop to the mailserver and it's from the proper NATted IP. So I guess the question is: Why, if all email from our users takes the same path, do only Outlook users exhibit this problem and only occasionally? It never shows up from Thunderbird, OE, or any other mail client. I'll dig a little deeper, but was just hoping some of you had run across this before. Thanks for the reply. steve From mrm at medicine.wisc.edu Mon Mar 8 17:17:04 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Mon Mar 8 17:17:28 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B928EB7.1030206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: <4B94DCB20200003E00004134@gwmail.medicine.wisc.edu> >>> Mark Sapiro mark@msapiro.net> 3/6/2010 11:19 AM >> ( mailto:mark@msapiro.net ) My ISP redirects all port 25 connects to its own servers so even if I know what I'm doing, I can't use your MTA for my outgoing mail for this account. I've heard of ISP's doing this with port 25, but not 587 which is a standard alternative port for smtp submittal. Are there ISP's redirecting 587 as well? -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100308/3f99a18f/attachment.html From alex at rtpty.com Mon Mar 8 17:48:08 2010 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 8 17:48:45 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B94DCB20200003E00004134@gwmail.medicine.wisc.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B94DCB20200003E00004134@gwmail.medicine.wisc.edu> Message-ID: <74EBEA99-C38B-40C6-9A4F-C29AC4605853@rtpty.com> They'd better not be or they'll stand to lose a lot of business. Unless you're being silly enough to run an unauthenticated smtp server on 587, there's no reason to block it. If you know you can use 587, you usually know enough to set it up as an "authenticated *only*" server and not a regular "send me whatever and I'll deal with it" smtp server like you usually get on port 25's. On Mar 8, 2010, at 12:17 PM, Michael Masse wrote: > I've heard of ISP's doing this with port 25, but not 587 which is a standard alternative port for smtp submittal. Are there ISP's redirecting 587 as well? > From Kevin_Miller at ci.juneau.ak.us Mon Mar 8 17:58:40 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Mar 8 17:58:53 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B93EA5C.5020206@msapiro.net> Message-ID: <4A09477D575C2C4B86497161427DD94C149F86865E@city-exchange07> Anthony Cartmell wrote: > > I just instruct them to change "25" to "587" in the advanced mail > sending settings, and it'll work however they connect to the internet > :) Only one more instruction, no more complicated than getting them > to type the mail server name in correctly, in my experience. Heck, I just tell them to use their home email address if they're sending from home and everything works just fine w/o changing anything. Or use our webmail (as another poster suggested)... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Mon Mar 8 18:02:57 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Mar 8 18:03:13 2010 Subject: Spamscore rule for between numbers In-Reply-To: References: <424001.20831.qm@web33305.mail.mud.yahoo.com> <4B94C20A.5060401@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C149F86865F@city-exchange07> Julian Field wrote: > Do it in 2 rules. > To: default SpamScore>=10=>store,forward user@domain.com > SpamScore>20=>not-store, not-forward user@domain.com > So 1 set of actions at 10 and above, and a different set above 20 > which cancel out the set at 10 and above. Do the rules trigger on a 'first match' basis or is the entire rule file parsed and then applied? If the former, wouldn't you want the +20 to fire first, since a score of 20 will always match the great than 10 rule? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From micoots at yahoo.com Mon Mar 8 23:40:58 2010 From: micoots at yahoo.com (Michael Mansour) Date: Mon Mar 8 23:41:09 2010 Subject: SpamAssassin Rule Actions In-Reply-To: <718618.65151.qm@web33301.mail.mud.yahoo.com> Message-ID: <401822.68579.qm@web33302.mail.mud.yahoo.com> Hi, --- On Mon, 8/3/10, Michael Mansour wrote: > From: Michael Mansour > Subject: Re: SpamAssassin Rule Actions > To: "MailScanner discussion" > Received: Monday, 8 March, 2010, 11:13 PM > Hi Jules, > > --- On Mon, 8/3/10, Julian Field > wrote: > > > From: Julian Field > > Subject: Re: SpamAssassin Rule Actions > > To: "MailScanner discussion" > > Received: Monday, 8 March, 2010, 8:24 PM > > Start by looking in your > > /var/log/maillog. That will tell you what > > actions it thinks it is trying to do. > > Looking in there, when a spam is detected I see: > > Mar? 8 23:03:48 server MailScanner[29709]: Message > o28C3XnG031821 from 119.155.14.213 (vicky41@yahoo.com) > to example.net.au is spam, SpamAssassin (cached, > score=26.672, required 5, autolearn=spam, BAYES_99 3.50, > BOTNET 2.00, CRM114_UNSURE 0.00, FORGED_YAHOO_RCVD 2.30, > FREEMAIL_EXTRA 1.50, FREEMAIL_FROM 0.50, MS_FOUND_SPAMVIRUS > 3.00, NIXSPAM_IXHASH 3.00, RAZOR2_CHECK 0.50, RCVD_IN_PBL > 0.91, RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, RDNS_NONE > 0.10, RELAY_RU 2.00, TVD_SPACE_RATIO 2.22, URIBL_SBL 1.50) > > Mar? 8 23:03:48 server MailScanner[29709]: Spam > Actions: message o28C3XnG031821 actions are > delete,header,store-spam > > That Spam Action of "delete,header,store-spam" is from my > high.scoring.spam.actions.rules file. > > So even with this line: > > To: default SpamScore>10=>store,not-deliver,forward > normalspam@domain.com > SpamScore>18=>store,not-deliver,forward highspam@domain.com > > in the spamassassin.rule.actions.rules file, it doesn't > seem to trigger the SpamScore forward on the spam message? > > Any ideas why? Since I don't believe my /etc/MailScanner/rules/spamassassin.rule.actions.rules file is even being read, I decided to change the MailScanner.conf and add: SpamAssassin Rule Actions = SpamScore>10=>store,not-deliver,forward normalspam@domain.com SpamScore>18=>store,not-deliver,not-forward normalspam@domain.com,forward highspam@domain.com The result was, for a 10.34 spam message: Mar 9 09:16:56 server sendmail[25330]: o28MGQlI024857: to=, delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118, relay=mail.domain.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (o28MGu3F007739 Message accepted for delivery) Mar 9 09:16:56 server sendmail[25330]: o28MGQlI024857: to=18=>store>, delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118, relay=domain.com.spamscore, dsn=5.1.2, stat=Host unknown (Name server: domain.com.spamscore: host not found) So the rule produced a weird result (even though a MailScanner --lint didn't detect problems). In the first instance it reported the 10.34 scored message to the highspam@domain.com account, in the second instance it tries to find a "domain.com.spamscore" hostname. At least I know MailScanner does somehow have the facility working, although I can't seem to use it in a .rules file. The version I'm using BTW is mailscanner-4.79.11-1.noarch I'm going to change the rule now to: SpamAssassin Rule Actions = SpamScore>18=>store,not-deliver,forward highspam@domain.com and see what happens. Regards, Michael. > Thanks. > > Michael. > > > On 06/03/2010 01:24, Michael Mansour wrote: > > > Hi, > > > > > > I'm currently in the process of testing this and > it > > doesn't seem to be working for me. > > > > > > This is the rule I put in place: > > > > > > To: *@* > SpamScore>20=>store,not-deliver,forward > > some@email.address.com > > > > > > In my file: > > > > > > spamassassin.rule.actions.rules > > > > > > Referenced from: > > > > > > SpamAssassin Rule Actions = > > %rules-dir%/spamassassin.rule.actions.rules > > > > > > But when I get spam greater than a score of 20, > some@email.address.com > > doesn't get the email? > > > > > > Any ideas how I could trouble-shoot this? > > > > > > Thanks. > > > > > > Michael. > > > > > > > > > > > > > > >? ? > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at > www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements > from > > your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 > 1415 > > B654 > > Follow me at twitter.com/JulesFM and > > twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the > > website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From micoots at yahoo.com Tue Mar 9 03:33:20 2010 From: micoots at yahoo.com (Michael Mansour) Date: Tue Mar 9 03:33:31 2010 Subject: SpamAssassin Rule Actions In-Reply-To: <401822.68579.qm@web33302.mail.mud.yahoo.com> Message-ID: <366950.44140.qm@web33306.mail.mud.yahoo.com> Hi, > > From: Michael Mansour > > Subject: Re: SpamAssassin Rule Actions > > To: "MailScanner discussion" > > Received: Monday, 8 March, 2010, 11:13 PM > > Hi Jules, > > > > --- On Mon, 8/3/10, Julian Field > > wrote: > > > > > From: Julian Field > > > Subject: Re: SpamAssassin Rule Actions > > > To: "MailScanner discussion" > > > Received: Monday, 8 March, 2010, 8:24 PM > > > Start by looking in your > > > /var/log/maillog. That will tell you what > > > actions it thinks it is trying to do. > > > > Looking in there, when a spam is detected I see: > > > > Mar? 8 23:03:48 server MailScanner[29709]: Message > > o28C3XnG031821 from 119.155.14.213 (vicky41@yahoo.com) > > to example.net.au is spam, SpamAssassin (cached, > > score=26.672, required 5, autolearn=spam, BAYES_99 > 3.50, > > BOTNET 2.00, CRM114_UNSURE 0.00, FORGED_YAHOO_RCVD > 2.30, > > FREEMAIL_EXTRA 1.50, FREEMAIL_FROM 0.50, > MS_FOUND_SPAMVIRUS > > 3.00, NIXSPAM_IXHASH 3.00, RAZOR2_CHECK 0.50, > RCVD_IN_PBL > > 0.91, RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, > RDNS_NONE > > 0.10, RELAY_RU 2.00, TVD_SPACE_RATIO 2.22, URIBL_SBL > 1.50) > > > > Mar? 8 23:03:48 server MailScanner[29709]: Spam > > Actions: message o28C3XnG031821 actions are > > delete,header,store-spam > > > > That Spam Action of "delete,header,store-spam" is from > my > > high.scoring.spam.actions.rules file. > > > > So even with this line: > > > > To: default > SpamScore>10=>store,not-deliver,forward > > normalspam@domain.com > > SpamScore>18=>store,not-deliver,forward highspam@domain.com > > > > in the spamassassin.rule.actions.rules file, it > doesn't > > seem to trigger the SpamScore forward on the spam > message? > > > > Any ideas why? > > Since I don't believe my > /etc/MailScanner/rules/spamassassin.rule.actions.rules file > is even being read, I decided to change the MailScanner.conf > and add: > > SpamAssassin Rule Actions = > SpamScore>10=>store,not-deliver,forward normalspam@domain.com > SpamScore>18=>store,not-deliver,not-forward normalspam@domain.com,forward > highspam@domain.com > > The result was, for a 10.34 spam message: > > Mar? 9 09:16:56 server sendmail[25330]: > o28MGQlI024857: to=, > delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118, > relay=mail.domain.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, > stat=Sent (o28MGu3F007739 Message accepted for delivery) > > Mar? 9 09:16:56 server sendmail[25330]: > o28MGQlI024857: to= SpamScore>18=>store>, delay=00:00:26, > xdelay=00:00:00, mailer=esmtp, pri=127118, > relay=domain.com.spamscore, dsn=5.1.2, stat=Host unknown > (Name server: domain.com.spamscore: host not found) > > So the rule produced a weird result (even though a > MailScanner --lint didn't detect problems). In the first > instance it reported the 10.34 scored message to the highspam@domain.com > account, in the second instance it tries to find a > "domain.com.spamscore" hostname. > > At least I know MailScanner does somehow have the facility > working, although I can't seem to use it in a .rules file. > > The version I'm using BTW is mailscanner-4.79.11-1.noarch > > I'm going to change the rule now to: > > SpamAssassin Rule Actions = > SpamScore>18=>store,not-deliver,forward highspam@domain.com > > and see what happens. Just to let you know, the above rule works as shown: Mar 9 13:56:52 server MailScanner[30075]: Message o292uDeP008415 from 128.175.1.14 (robertmueller@fbi.gov) to example.com is spam, SpamAssassin (not cached, score=18.448, required 5, autolearn=spam, BAYES_99 3.50, CRM114_SPAM 3.00, DATE_IN_PAST_12_24 0.99, FAKE_REPLY_C 2.01, FORGED_MUA_OUTLOOK 3.12, JM_SOUGHT_FRAUD_3 3.00, KAM_LOTTO1 0.50, KAM_LOTTO2 1.00, MSOE_MID_WRONG_CASE 0.82, MS_FOUND_SPAMVIRUS 3.00, PYZOR_CHECK 3.70, RCVD_IN_DNSWL_MED -10.00, SUBJ_ALL_CAPS 2.08, TVD_APPROVED 1.73) Mar 9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action store in message o292uDeP008415 Mar 9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action not-deliver in message o292uDeP008415 Mar 9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action forward highspam@domain.com in message o292uDeP008415 Mar 9 13:56:52 server MailScanner[30075]: Spam Actions: message o292uDeP008415 actions are store,forward,delete,header,store-spam It would be good if I could meet my original requirement, to sent SAcore > 10 to normalspam@domain.com and SAscore > 18 to highspam@domain.com Also not sure why it doesn't work through the .rules file. Regards, Michael. > Regards, > > Michael. From glenn.steen at gmail.com Tue Mar 9 08:13:14 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 9 08:13:23 2010 Subject: OT: Outlook oddities In-Reply-To: <4B952F90.8030202@cnpapers.com> References: <4B950F5D.20904@cnpapers.com> <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> <4B952F90.8030202@cnpapers.com> Message-ID: <223f97701003090013u62292d0bv48a445459a4070bc@mail.gmail.com> On 8 March 2010 18:10, Steve Campbell wrote: > > > Glenn Steen wrote: >> >> On 8 March 2010 15:53, Steve Campbell wrote: >> >>> >>> Just wondering if anyone ever experiences email sent by Outlook senders >>> that >>> have no "From" in the envelop? The headers seem to have the proper "From" >>> entry. These get caught quite often by MS (actually SA) with a "no >>> watermark >>> or sender address". They are sent from our users, which normally get >>> whitelisted by IP address. The problem doesn't always happen even from >>> the >>> same sender. >>> >>> Thanks and sorry for the OT >>> >>> Steve Campbell >>> >>> >> >> The empty sender (MAIL FROM:<>) is a valid sender reserved for the >> mail system itself. Typically used for delivery reports (or rather >> "non-delivery":-). Since all mail coming into your system having an >> empty sender need be in response to a mail sent from you, MailScanner >> (not SA) adds a watermark header... The "returning MTA" is supposed to >> preserve that in the reply/DSN/NDN, so MailScanner checks for that and >> stamps any mail lacking a watermark, or having a forged one, as spam. >> >> So you need look a bit harder on from where you get these, and in what >> situations;-). It's probably doing just the thing it should:-);-) >> >> Cheers >> > > Yep, I agree it looks like valid mail and all and that the headers and > envelop are probably valid for certain types of email. But... > > All of our users are NATted to one IP address from our internal network to > the outgoing mailserver. These emails show that they have arrived properly > from that internal network. These are real emails sent from our users. They > just don't have the "From" in them and, as you stated, they don't have the > proper Return-Path (it's blank). They show only one hop to the mailserver > and it's from the proper NATted IP. > > So I guess the question is: Why, if all email from our users takes the same > path, do only Outlook users exhibit this problem and only occasionally? It > never shows up from Thunderbird, OE, or any other mail client. > > I'll dig a little deeper, but was just hoping some of you had run across > this before. > > Thanks for the reply. > > steve > It could be some "automatic" thing ... some of the software we use internally use a "mapisend" utility to send mail via OutLook (The MAPI interface, of course)... And that software might be ... either through flawed programming/knowledge or perhaps some type of misconfig, abusing the "empty sender" feature of SMTP. But I'd look at capturing some of them and scrutinizing the actual content. It might be either "out of office" or "return receipts" you are seeing. Some MTAs (or MUAs for that matter) just plain don't preserve the watermark headers as they should. Capturing a few should be an easy config matter... perhaps you already have them? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 9 08:20:43 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 9 08:20:51 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B94DCB20200003E00004134@gwmail.medicine.wisc.edu> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> <4B94DCB20200003E00004134@gwmail.medicine.wisc.edu> Message-ID: <223f97701003090020h26f0c58q9ed4a5296ae34bb7@mail.gmail.com> On 8 March 2010 18:17, Michael Masse wrote: > > >>>> Mark Sapiro mark@msapiro.net> 3/6/2010 11:19 AM >> > > My ISP redirects all port 25 connects to its own servers so even if I > know what I'm doing, I can't use your MTA for my outgoing mail for this > account. > > I've heard of ISP's doing this with port 25, but not 587 which is a standard > alternative port for smtp submittal.? Are there ISP's redirecting 587 as > well? None that I know of... And doing so would entirely defeat the prupose of "blocking" port 25... Doing that (as an ISP) is a service to us all, so that mass-mailer crap just can't function. IIRC the swedish ISPs were among the first to do this on a large scale... Made telia.se move from one of the worst "spam sources" to one of the least affected;-). Since the alternative port come with an authentication setup, it fits the purpose perfectly... And hence the ISPs just plain don't have any valid reason to block it. > -Mike > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From simonmjones at gmail.com Tue Mar 9 11:24:04 2010 From: simonmjones at gmail.com (Simon Jones) Date: Tue Mar 9 11:24:19 2010 Subject: sig - per domain In-Reply-To: <4B7D9D6F.1080707@glendown.de> References: <70572c511002180315q52bfdb7fj4270ceffda0c3022@mail.gmail.com> <4B7D9D6F.1080707@glendown.de> Message-ID: <70572c511003090324r221d6cceie89e82f19ec5bf0e@mail.gmail.com> On 18 February 2010 20:05, Garry wrote: > On 18.02.2010 12:15, Simon Jones wrote: >> has anyone configured mailscanner to send out different sigs >> (/etc/MailScanner/reports/en) for different domain names handled by >> the system? ?i.e. could I use sig-1 for domain.com and use a different >> sig for anotherdomain.com? ?or even switch the sigs off for particular >> domains that don't need it. >> > Not much too it - just use a file-rule in the Mailscanner.conf: > > Inline HTML Signature = %rules-dir%/sig-html.rules > Inline Text Signature = %rules-dir%/sig-txt.rules > > then in the rules file do something like this: > > From: ? *@domain1.com ? ? ? ? ? ? ? ? ? %report-dir%/inline.sig.domain1.txt > From: ? *@domain2.com ? ? ? ? ? ? ? ? ? %report-dir%/inline.sig.domain2.txt > > -garry > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Thanks lads, I just checked up on this - apologies for late response. I'll go write some rules! Si. From v.matys at grumpa.net Tue Mar 9 12:18:57 2010 From: v.matys at grumpa.net (Viktor Matys - Grumpa.Net) Date: Tue Mar 9 12:19:10 2010 Subject: eset av doesn't appear in log and notices Message-ID: <4B963CB1.6050407@grumpa.net> Hello, I installed Eset antivirus 3 for fileservers on Debian Lenny with MailScanner 4.74. I added "esets" into directive Virus Scanner, so it looks this way: Virus Scanners = clamav esets If I test it by sending a testing e-mail with eicar.com, I can see in log: Mar 9 12:22:49 host1 MailScanner[25504]: Viruses marked as silent: ClamAV: eicar.com contains Eicar-Test-Signature but nothing about Eset. Also the notification e-mail contains: ClamAV: eicar.com contains Eicar-Test-Signature MailScanner: Executable DOS/Windows programs are dangerous in email (eicar.com) and nothing about eset again. I try to run eset wrapper by hand and the result is o.k.: # /etc/MailScanner/wrapper/esets-wrapper /usr/sbin /root/eicar.com Scan started at: Tue 09 Mar 2010 12:40:28 PM CET name="/root/eicar.com", threat="Eicar test file", action="", info="" Scan completed at: Tue 09 Mar 2010 12:40:28 PM CET Scan time: 0 sec (0:00:00) Total: files - 1, objects 1 Infected: files - 1, objects 1 Cleaned: files - 0, objects 0 # echo $? 50 This looks fine. So, where is the mistake? Thanks for your kind advices :o) Viktor Matys From campbell at cnpapers.com Tue Mar 9 12:47:48 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 9 12:48:10 2010 Subject: OT: Outlook oddities In-Reply-To: <223f97701003090013u62292d0bv48a445459a4070bc@mail.gmail.com> References: <4B950F5D.20904@cnpapers.com> <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> <4B952F90.8030202@cnpapers.com> <223f97701003090013u62292d0bv48a445459a4070bc@mail.gmail.com> Message-ID: <4B964374.3000301@cnpapers.com> Glenn Steen wrote: > On 8 March 2010 18:10, Steve Campbell wrote: > >> Glenn Steen wrote: >> >>> On 8 March 2010 15:53, Steve Campbell wrote: >>> >>> >>>> Just wondering if anyone ever experiences email sent by Outlook senders >>>> that >>>> have no "From" in the envelop? The headers seem to have the proper "From" >>>> entry. These get caught quite often by MS (actually SA) with a "no >>>> watermark >>>> or sender address". They are sent from our users, which normally get >>>> whitelisted by IP address. The problem doesn't always happen even from >>>> the >>>> same sender. >>>> >>>> Thanks and sorry for the OT >>>> >>>> Steve Campbell >>>> >>>> >>>> >>> The empty sender (MAIL FROM:<>) is a valid sender reserved for the >>> mail system itself. Typically used for delivery reports (or rather >>> "non-delivery":-). Since all mail coming into your system having an >>> empty sender need be in response to a mail sent from you, MailScanner >>> (not SA) adds a watermark header... The "returning MTA" is supposed to >>> preserve that in the reply/DSN/NDN, so MailScanner checks for that and >>> stamps any mail lacking a watermark, or having a forged one, as spam. >>> >>> So you need look a bit harder on from where you get these, and in what >>> situations;-). It's probably doing just the thing it should:-);-) >>> >>> Cheers >>> >>> >> Yep, I agree it looks like valid mail and all and that the headers and >> envelop are probably valid for certain types of email. But... >> >> All of our users are NATted to one IP address from our internal network to >> the outgoing mailserver. These emails show that they have arrived properly >> from that internal network. These are real emails sent from our users. They >> just don't have the "From" in them and, as you stated, they don't have the >> proper Return-Path (it's blank). They show only one hop to the mailserver >> and it's from the proper NATted IP. >> >> So I guess the question is: Why, if all email from our users takes the same >> path, do only Outlook users exhibit this problem and only occasionally? It >> never shows up from Thunderbird, OE, or any other mail client. >> >> I'll dig a little deeper, but was just hoping some of you had run across >> this before. >> >> Thanks for the reply. >> >> steve >> >> > It could be some "automatic" thing ... some of the software we use > internally use a "mapisend" utility to send mail via OutLook (The MAPI > interface, of course)... And that software might be ... either through > flawed programming/knowledge or perhaps some type of misconfig, > abusing the "empty sender" feature of SMTP. > > But I'd look at capturing some of them and scrutinizing the actual > content. It might be either "out of office" or "return receipts" you > are seeing. Some MTAs (or MUAs for that matter) just plain don't > preserve the watermark headers as they should. > Capturing a few should be an easy config matter... perhaps you already > have them? > > Cheers > Glenn, I think I have them since MS quarantined them. Another strange thing about all this is that I whitelist our senders by IP address, the email is sent through that IP, and yet, MS has decided to block it anyway - sort of not honoring the whitelisted IP. I'm guessing this is due to the watermark not being inserted somewhere. Thanks for the help. If I find out anymore, I'll post it. steve From glenn.steen at gmail.com Tue Mar 9 13:19:52 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 9 13:20:01 2010 Subject: OT: Outlook oddities In-Reply-To: <4B964374.3000301@cnpapers.com> References: <4B950F5D.20904@cnpapers.com> <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> <4B952F90.8030202@cnpapers.com> <223f97701003090013u62292d0bv48a445459a4070bc@mail.gmail.com> <4B964374.3000301@cnpapers.com> Message-ID: <223f97701003090519m291e406fv724033576ef7c95b@mail.gmail.com> On 9 March 2010 13:47, Steve Campbell wrote: > > > Glenn Steen wrote: >> >> On 8 March 2010 18:10, Steve Campbell wrote: >> >>> >>> Glenn Steen wrote: >>> >>>> >>>> On 8 March 2010 15:53, Steve Campbell wrote: >>>> >>>> >>>>> >>>>> Just wondering if anyone ever experiences email sent by Outlook senders >>>>> that >>>>> have no "From" in the envelop? The headers seem to have the proper >>>>> "From" >>>>> entry. These get caught quite often by MS (actually SA) with a "no >>>>> watermark >>>>> or sender address". They are sent from our users, which normally get >>>>> whitelisted by IP address. The problem doesn't always happen even from >>>>> the >>>>> same sender. >>>>> >>>>> Thanks and sorry for the OT >>>>> >>>>> Steve Campbell >>>>> >>>>> >>>>> >>>> >>>> The empty sender (MAIL FROM:<>) is a valid sender reserved for the >>>> mail system itself. Typically used for delivery reports (or rather >>>> "non-delivery":-). Since all mail coming into your system having an >>>> empty sender need be in response to a mail sent from you, MailScanner >>>> (not SA) adds a watermark header... The "returning MTA" is supposed to >>>> preserve that in the reply/DSN/NDN, so MailScanner checks for that and >>>> stamps any mail lacking a watermark, or having a forged one, as spam. >>>> >>>> So you need look a bit harder on from where you get these, and in what >>>> situations;-). It's probably doing just the thing it should:-);-) >>>> >>>> Cheers >>>> >>>> >>> >>> Yep, I agree it looks like valid mail and all and that the headers and >>> envelop are probably valid for certain types of email. But... >>> >>> All of our users are NATted to one IP address from our internal network >>> to >>> the outgoing mailserver. These emails show that they have arrived >>> properly >>> from that internal network. These are real emails sent from our users. >>> They >>> just don't have the "From" in them and, as you stated, they don't have >>> the >>> proper Return-Path (it's blank). They show only one hop to the mailserver >>> and it's from the proper NATted IP. >>> >>> So I guess the question is: Why, if all email from our users takes the >>> same >>> path, do only Outlook users exhibit this problem and only occasionally? >>> It >>> never shows up from Thunderbird, OE, or any other mail client. >>> >>> I'll dig a little deeper, but was just hoping some of you had run across >>> this before. >>> >>> Thanks for the reply. >>> >>> steve >>> >>> >> >> It could be some "automatic" thing ... some of the software we use >> internally use a "mapisend" utility to send mail via OutLook (The MAPI >> interface, of course)... And that software might be ... either through >> flawed programming/knowledge or perhaps some type of misconfig, >> abusing the "empty sender" feature of SMTP. >> >> But I'd look at capturing some of them and scrutinizing the actual >> content. It might be either "out of office" or "return receipts" you >> are seeing. Some MTAs (or MUAs for that matter) just plain don't >> preserve the watermark headers as they should. >> Capturing a few should be an easy config matter... perhaps you already >> have them? >> >> Cheers >> > > Glenn, > > I think I have them since MS quarantined them. Another strange thing about > all this is that I whitelist our senders by IP address, the email is sent > through that IP, and yet, MS has decided to block it anyway - sort of not > honoring the whitelisted IP. I'm guessing this is due to the watermark not > being inserted somewhere. > > Thanks for the help. If I find out anymore, I'll post it. > > steve > Depends on how you whitelist, on what settings you apply the whitelist ruleset(s). You'd need apply one for the watermark setting (sorry, to busy/lazy to look it up for you;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Tue Mar 9 13:38:45 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 9 13:38:59 2010 Subject: OT: Outlook oddities In-Reply-To: <223f97701003090519m291e406fv724033576ef7c95b@mail.gmail.com> References: <4B950F5D.20904@cnpapers.com> <223f97701003080842u6b8ddd37kf8da7f2ed83eded4@mail.gmail.com> <4B952F90.8030202@cnpapers.com> <223f97701003090013u62292d0bv48a445459a4070bc@mail.gmail.com> <4B964374.3000301@cnpapers.com> <223f97701003090519m291e406fv724033576ef7c95b@mail.gmail.com> Message-ID: <4B964F65.4080904@cnpapers.com> Glenn Steen wrote: > On 9 March 2010 13:47, Steve Campbell wrote: > >> Glenn Steen wrote: >> >>> On 8 March 2010 18:10, Steve Campbell wrote: >>> >>> >>>> Glenn Steen wrote: >>>> >>>> >>>>> On 8 March 2010 15:53, Steve Campbell wrote: >>>>> >>>>> >>>>> >>>>>> Just wondering if anyone ever experiences email sent by Outlook senders >>>>>> that >>>>>> have no "From" in the envelop? The headers seem to have the proper >>>>>> "From" >>>>>> entry. These get caught quite often by MS (actually SA) with a "no >>>>>> watermark >>>>>> or sender address". They are sent from our users, which normally get >>>>>> whitelisted by IP address. The problem doesn't always happen even from >>>>>> the >>>>>> same sender. >>>>>> >>>>>> Thanks and sorry for the OT >>>>>> >>>>>> Steve Campbell >>>>>> >>>>>> >>>>>> >>>>>> >>>>> The empty sender (MAIL FROM:<>) is a valid sender reserved for the >>>>> mail system itself. Typically used for delivery reports (or rather >>>>> "non-delivery":-). Since all mail coming into your system having an >>>>> empty sender need be in response to a mail sent from you, MailScanner >>>>> (not SA) adds a watermark header... The "returning MTA" is supposed to >>>>> preserve that in the reply/DSN/NDN, so MailScanner checks for that and >>>>> stamps any mail lacking a watermark, or having a forged one, as spam. >>>>> >>>>> So you need look a bit harder on from where you get these, and in what >>>>> situations;-). It's probably doing just the thing it should:-);-) >>>>> >>>>> Cheers >>>>> >>>>> >>>>> >>>> Yep, I agree it looks like valid mail and all and that the headers and >>>> envelop are probably valid for certain types of email. But... >>>> >>>> All of our users are NATted to one IP address from our internal network >>>> to >>>> the outgoing mailserver. These emails show that they have arrived >>>> properly >>>> from that internal network. These are real emails sent from our users. >>>> They >>>> just don't have the "From" in them and, as you stated, they don't have >>>> the >>>> proper Return-Path (it's blank). They show only one hop to the mailserver >>>> and it's from the proper NATted IP. >>>> >>>> So I guess the question is: Why, if all email from our users takes the >>>> same >>>> path, do only Outlook users exhibit this problem and only occasionally? >>>> It >>>> never shows up from Thunderbird, OE, or any other mail client. >>>> >>>> I'll dig a little deeper, but was just hoping some of you had run across >>>> this before. >>>> >>>> Thanks for the reply. >>>> >>>> steve >>>> >>>> >>>> >>> It could be some "automatic" thing ... some of the software we use >>> internally use a "mapisend" utility to send mail via OutLook (The MAPI >>> interface, of course)... And that software might be ... either through >>> flawed programming/knowledge or perhaps some type of misconfig, >>> abusing the "empty sender" feature of SMTP. >>> >>> But I'd look at capturing some of them and scrutinizing the actual >>> content. It might be either "out of office" or "return receipts" you >>> are seeing. Some MTAs (or MUAs for that matter) just plain don't >>> preserve the watermark headers as they should. >>> Capturing a few should be an easy config matter... perhaps you already >>> have them? >>> >>> Cheers >>> >>> >> Glenn, >> >> I think I have them since MS quarantined them. Another strange thing about >> all this is that I whitelist our senders by IP address, the email is sent >> through that IP, and yet, MS has decided to block it anyway - sort of not >> honoring the whitelisted IP. I'm guessing this is due to the watermark not >> being inserted somewhere. >> >> Thanks for the help. If I find out anymore, I'll post it. >> >> steve >> >> > Depends on how you whitelist, on what settings you apply the whitelist > ruleset(s). You'd need apply one for the watermark setting (sorry, to > busy/lazy to look it up for you;-) > > Cheers > OK, I'm not following you on this last one. Since there isn't a watermark, I don't think that would matter. I'll do the looking up since, after all, this is my problem. But I do whitelist the IP that the email came from, and that was not honored. My thoughts were that a whitelist is a whitelist, and other than some "virus" problem, it would be whitelisted, and since it wasn't blacklisted for any reason, and no virus was detected, I'm failing to see why the From IP was not causing the email to be whitelisted. I'm certainly not seeing something here. I'll look at what's available on the server, as most of this is based on what MailWatch is providing. Maybel there will be a clue from the df/qf files. Again, thanks for the time and effort, Glenn steve From eliott100 at gmail.com Tue Mar 9 17:00:21 2010 From: eliott100 at gmail.com (Eliott) Date: Tue Mar 9 17:00:30 2010 Subject: MailScanner does net perform file extensions checks Message-ID: Hi Everyone! I have a specific MS implementation, version 4.70.7. I noticed that although virus and spam filtering works, it just delivers .exe file attachments. (The filename.rules.conf is the default version, so it should be denied automatically I tried setting Deny Filenames = \.exe$ but that does not help. Just to debug a set Log Permitted Filenames to yes, just to see anything in the logs, but I see no relevant log messages. Does anybody have ideas why it's happening? regards Eliott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100309/ff1362ac/attachment.html From alex at rtpty.com Tue Mar 9 17:26:24 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Tue Mar 9 17:26:53 2010 Subject: MailScanner does net perform file extensions checks In-Reply-To: References: Message-ID: <51071725-1268155592-cardhu_decombobulator_blackberry.rim.net-1136325669-@bda942.bisx.prod.on.blackberry> Something else is kicking in before that rule. I guess "scan messages" but it could be something else. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Eliott Date: Tue, 9 Mar 2010 18:00:21 To: Subject: MailScanner does net perform file extensions checks -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From eliott100 at gmail.com Wed Mar 10 07:38:06 2010 From: eliott100 at gmail.com (Eliott) Date: Wed Mar 10 07:38:15 2010 Subject: MailScanner does net perform file extensions checks In-Reply-To: <51071725-1268155592-cardhu_decombobulator_blackberry.rim.net-1136325669-@bda942.bisx.prod.on.blackberry> References: <51071725-1268155592-cardhu_decombobulator_blackberry.rim.net-1136325669-@bda942.bisx.prod.on.blackberry> Message-ID: Is there an easy way to debug? for me Scan Messages is simply set to yes. On Tue, Mar 9, 2010 at 6:26 PM, Alex Neuman van der Hans wrote: > Something else is kicking in before that rule. I guess "scan messages" but > it could be something else. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Eliott > Date: Tue, 9 Mar 2010 18:00:21 > To: > Subject: MailScanner does net perform file extensions checks > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/75a964cb/attachment.html From jonas at vrt.dk Wed Mar 10 09:05:55 2010 From: jonas at vrt.dk (Jonas) Date: Wed Mar 10 09:06:07 2010 Subject: eset av doesn't appear in log and notices In-Reply-To: <4B963CB1.6050407@grumpa.net> References: <4B963CB1.6050407@grumpa.net> Message-ID: <09F23668E315FD4597C13D73E5123ADF3F2B1A@SCTSBS.sct.dk> I can onyl help by stating im running allmost identical setup Debian lenny and 4.78.9 My eset is from a .deb with version 3.0.15 and name "Eset security for linux server" My mailscanner.conf looks like: Virus Scanners = clamd esets f-secure Debug looks like: Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 1 infections name="./1/eicar.com", threat="Eicar test file", action="", info="" Virus Scanning: esets found 1 infections Virus Scanning: F-Secure found virus EICAR_Test_File ./1/eicar.com: Infected: EICAR_Test_File [FSE] Virus Scanning: F-Secure found virus EICAR-Test-File ./1/eicar.com: Infected: EICAR-Test-File [AVP] Virus Scanning: F-Secure found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 3 viruses Im not sure what cuodl be wrong in ur case unfortunately... Best regards Jonas A. Larsen > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Viktor Matys - Grumpa.Net > Sent: 9. marts 2010 13:19 > To: mailscanner@lists.mailscanner.info > Subject: eset av doesn't appear in log and notices > > Hello, > > I installed Eset antivirus 3 for fileservers on Debian Lenny with MailScanner > 4.74. I added "esets" into directive Virus Scanner, so it looks this way: > > Virus Scanners = clamav esets > > If I test it by sending a testing e-mail with eicar.com, I can see in log: > > Mar 9 12:22:49 host1 MailScanner[25504]: Viruses marked as silent: > ClamAV: eicar.com contains Eicar-Test-Signature > > but nothing about Eset. > > Also the notification e-mail contains: > > ClamAV: eicar.com contains Eicar-Test-Signature > MailScanner: Executable DOS/Windows programs are dangerous in email > (eicar.com) > > and nothing about eset again. > > I try to run eset wrapper by hand and the result is o.k.: > > # /etc/MailScanner/wrapper/esets-wrapper /usr/sbin /root/eicar.com > > Scan started at: Tue 09 Mar 2010 12:40:28 PM CET > name="/root/eicar.com", threat="Eicar test file", action="", info="" > > Scan completed at: Tue 09 Mar 2010 12:40:28 PM CET > Scan time: 0 sec (0:00:00) > Total: files - 1, objects 1 > Infected: files - 1, objects 1 > Cleaned: files - 0, objects 0 > > # echo $? > 50 > > > This looks fine. So, where is the mistake? > > Thanks for your kind advices :o) > > Viktor Matys > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From v.matys at grumpa.net Wed Mar 10 13:36:24 2010 From: v.matys at grumpa.net (Viktor Matys - Grumpa.Net) Date: Wed Mar 10 13:36:44 2010 Subject: eset av doesn't appear in log and notices In-Reply-To: <4B963CB1.6050407@grumpa.net> References: <4B963CB1.6050407@grumpa.net> Message-ID: <4B97A058.9060902@grumpa.net> So I solved it myself. The only problem was in user rights on /usr/sbin/esets_scan which originally are 4750. User root, group esets. I allowed others to run it too by changing rights to 4751. I hope it is not too dangerous. I also tried to add user postfix into group esets (my mailscanner runs as user postfix), but it didn't help. Best Regards Viktor From J.Ede at birchenallhowden.co.uk Wed Mar 10 13:50:54 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Mar 10 13:51:18 2010 Subject: How to detect forged From and Reply-to addresses from your own domain In-Reply-To: <4B928EB7.1030206@msapiro.net> References: <4B90C83402000000000F1974@gw.caspercollege.edu> <4B91307E.2020105@ecs.soton.ac.uk> <4B9105F402000000000F19E3@gw.caspercollege.edu> <4B928EB7.1030206@msapiro.net> Message-ID: <1213490F1F316842A544A850422BFA9635C1E58338@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mark Sapiro > Sent: 06 March 2010 17:20 > To: MailScanner discussion > Cc: Daniel Straka > Subject: Re: How to detect forged From and Reply-to addresses from your > own domain > > On 11:59 AM, Daniel Straka wrote: > > Jules, > > > > This is working quite well on the MailScanner server that only > > receives messages. What might be the drawbacks to leaving this rule > > in place? I haven't seen any FP's yet and it's marked a thousand > > messages as spam already. If there's not really any drawbacks...would > > there be a similar rule for a MailScanner server that receives and > > sends mail for our domain? > > > For drawbacks to Jules' suggestion (possibly to the whole idea), > consider the following: > > You are my employer. > > I set up a pop3 or imap account on my MUA at home to access my work > mail. > > My ISP redirects all port 25 connects to its own servers so even if I > know what I'm doing, I can't use your MTA for my outgoing mail for this > account. > In that case set up your mail server to accept authenticated traffic on port 587 and use that for sending email Jason > Now, all my replies from home to my co-workers will be seen as spam > because they are From: my work address, but the sending MTA is my home > ISP. > > The same problem exists if SPF is used. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bbecken at aafp.org Wed Mar 10 15:35:55 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 10 15:36:43 2010 Subject: MailScanner reinstall option Message-ID: I was doing a system update this morning on Centos 5.4 and MailScanner 4.79.11. Previously you could run # ./install.sh reinstall and MailScanner would uninstall the perl modules and you could 'Ctrl-Z" the install, run yum update to update your system and then 'fg' to bring the install script back to the foreground and let the install script finish the install. The install script in 4.79.11 no longer says it 'deletes' the Perl modules so I'm wondering what the current thought is for upgrading perl on CentOS is at the moment. thanks Brad From bbecken at aafp.org Wed Mar 10 16:59:00 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 10 16:59:55 2010 Subject: Updating to perl-IO-Compress Message-ID: I'm running CentOS 5.4 Final I ran a yum update this morning and found that perl-Compress-Zlib was being replaced by perl-IO-Compress. I went ahead and did the update and then discovered that MailScanner 4.79.11 would not start. Doh! A MailScanner --lint is below showing the resulting error if you update to perl-IO-Compress. I restored my system by removing (yum remove perl-IO-Compress) and then re-installing MailScanner. thanks and don't get caught like I did. # yum update Dependencies Resolved ========================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================== Installing: perl-IO-Compress noarch 2.024-1.el5.rf rpmforge 242 k replacing perl-Compress-Zlib.i386 1.41-2 # MailScanner --lint is only avaliable with the XS version at /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/MailScanner/MailScanner/SA.pm line 42. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/SA.pm line 42. Compilation failed in require at /usr/sbin/MailScanner line 110. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 110. From ecasarero at gmail.com Wed Mar 10 17:14:59 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Mar 10 17:15:28 2010 Subject: OT: Building a mailserver Message-ID: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> I apologize for this OT but i'm a little lost and any comment would be really appreciated. I need to design an email solution for 50.000 users with an 80Mb quota (doing basic math i've to start with 4Tb storage). After doing heavy internet research i saw a few options for this scene. - Use zimbra in its Open Source Edition (or a similar product) - Use postfix/virtualusers/mysql/courier/webmail with NFS to share maildir among N servers i found several "isp config" style how to's/docs the problem i see is in scaling, with this solutions i will always have 1 NFS (with backup but only 1 for all the users), is there any open source solution that allow me to "partitionate" users from the same domain through independent servers? Or any other idea? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/7dacf0bb/attachment.html From steve.freegard at fsl.com Wed Mar 10 17:42:34 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Mar 10 17:42:53 2010 Subject: OT: Building a mailserver In-Reply-To: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> References: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> Message-ID: <4B97DA0A.4020200@fsl.com> On 10/03/10 17:14, Eduardo Casarero wrote: > the problem i see is in scaling, with this solutions i will always have > 1 NFS (with backup but only 1 for all the users), is there any open > source solution that allow me to "partitionate" users from the same > domain through independent servers? > I have used Perdition for this before: http://www.vergenet.net/linux/perdition/ You can then have as many back-end mailstores as you like; your users and webmail front-ends connect to Perdition and it redirects them to the correct back-end as per their account set-up. Cheers, Steve. From jancarel.putter at gmail.com Wed Mar 10 17:53:57 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 10 17:54:06 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: i was sitting in the same boat today, however i wasnt as lucky...busy rebuilding the box...;{ On Wed, Mar 10, 2010 at 6:59 PM, Brad Beckenhauer wrote: > I'm running CentOS 5.4 Final > > I ran a yum update this morning and found that perl-Compress-Zlib was being > replaced by perl-IO-Compress. I went ahead and did the update and then > discovered that MailScanner 4.79.11 would not start. Doh! > > A MailScanner --lint is below showing the resulting error if you update to > perl-IO-Compress. > > I restored my system by removing (yum remove perl-IO-Compress) and then > re-installing MailScanner. > > thanks and don't get caught like I did. > > # yum update > Dependencies Resolved > > ========================================================================================================================================== > Package Arch Version > Repository Size > > ========================================================================================================================================== > Installing: > perl-IO-Compress noarch 2.024-1.el5.rf > rpmforge 242 k > replacing perl-Compress-Zlib.i386 1.41-2 > > > > > # MailScanner --lint > is only avaliable with the XS version at > /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at /usr/lib/MailScanner/MailScanner/SA.pm > line 42. > BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/SA.pm > line 42. > Compilation failed in require at /usr/sbin/MailScanner line 110. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 110. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/dd4d9229/attachment.html From Garrod.Alwood at lorodoes.com Wed Mar 10 17:53:45 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Wed Mar 10 17:59:48 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: , Message-ID: Just noticing something here, but MailScanner 4.79.11 is built off perl 5.10 and you guys are using 5.8.8 from what it looks like. I'm just wondering if that could also be a contributing factor as well. Garrod M. Alwood Consultant garrod.alwood@lorodoes.com 904.738.4988 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of JC Putter [jancarel.putter@gmail.com] Sent: Wednesday, March 10, 2010 12:53 PM To: MailScanner discussion Subject: Re: Updating to perl-IO-Compress i was sitting in the same boat today, however i wasnt as lucky...busy rebuilding the box...;{ On Wed, Mar 10, 2010 at 6:59 PM, Brad Beckenhauer > wrote: I'm running CentOS 5.4 Final I ran a yum update this morning and found that perl-Compress-Zlib was being replaced by perl-IO-Compress. I went ahead and did the update and then discovered that MailScanner 4.79.11 would not start. Doh! A MailScanner --lint is below showing the resulting error if you update to perl-IO-Compress. I restored my system by removing (yum remove perl-IO-Compress) and then re-installing MailScanner. thanks and don't get caught like I did. # yum update Dependencies Resolved ========================================================================================================================================== Package Arch Version Repository Size ========================================================================================================================================== Installing: perl-IO-Compress noarch 2.024-1.el5.rf rpmforge 242 k replacing perl-Compress-Zlib.i386 1.41-2 # MailScanner --lint is only avaliable with the XS version at /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/MailScanner/MailScanner/SA.pm line 42. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/SA.pm line 42. Compilation failed in require at /usr/sbin/MailScanner line 110. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 110. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/99f89183/attachment.html From uxbod at splatnix.net Wed Mar 10 18:16:34 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Mar 10 18:17:01 2010 Subject: OT: Building a mailserver In-Reply-To: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> Message-ID: <2868106.389.1268244994446.JavaMail.root@office.splatnix.net> ----- "Eduardo Casarero" wrote: I apologize for this OT but i'm a little lost and any comment would be really appreciated. I need to design an email solution for 50.000 users with an 80Mb quota (doing basic math i've to start with 4Tb storage). After doing heavy internet research i saw a few options for this scene. - Use zimbra in its Open Source Edition (or a similar product) - Use postfix/virtualusers/mysql/courier/webmail with NFS to share maildir among N servers i found several "isp config" style how to's/docs the problem i see is in scaling, with this solutions i will always have 1 NFS (with backup but only 1 for all the users), is there any open source solution that allow me to "partitionate" users from the same domain through independent servers? Or any other idea? A multi-mailstore will work fine with Zimbra FOSS version; and MailScanner will quite happily sit in-front of it and perform LDAP lookups. If you need a hand give me a shout :) -- Thanks, Phil (Zimbra Community Moderator) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/2a572309/attachment.html From ecasarero at gmail.com Wed Mar 10 18:51:56 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Mar 10 18:52:25 2010 Subject: OT: Building a mailserver In-Reply-To: <4B97DA0A.4020200@fsl.com> References: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> <4B97DA0A.4020200@fsl.com> Message-ID: <7d9b3cf21003101051x1b78073ra3dd914263daf42@mail.gmail.com> 2010/3/10 Steve Freegard > On 10/03/10 17:14, Eduardo Casarero wrote: > > the problem i see is in scaling, with this solutions i will always have > >> 1 NFS (with backup but only 1 for all the users), is there any open >> source solution that allow me to "partitionate" users from the same >> domain through independent servers? >> >> > I have used Perdition for this before: > http://www.vergenet.net/linux/perdition/ > > You can then have as many back-end mailstores as you like; your users and > webmail front-ends connect to Perdition and it redirects them to the correct > back-end as per their account set-up. > > Cheers, > Steve. > But how do you split inbound smtp traffic to the correct backend? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/4e5487c3/attachment.html From ecasarero at gmail.com Wed Mar 10 18:53:44 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Mar 10 18:54:15 2010 Subject: OT: Building a mailserver In-Reply-To: <2868106.389.1268244994446.JavaMail.root@office.splatnix.net> References: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> <2868106.389.1268244994446.JavaMail.root@office.splatnix.net> Message-ID: <7d9b3cf21003101053if69014v4212d8cc3665fb26@mail.gmail.com> 2010/3/10 --[ UxBoD ]-- > ----- "Eduardo Casarero" wrote: > > I apologize for this OT but i'm a little lost and any comment would be > really appreciated. > > I need to design an email solution for 50.000 users with an 80Mb quota > (doing basic math i've to start with 4Tb storage). > > After doing heavy internet research i saw a few options for this scene. > > - Use zimbra in its Open Source Edition (or a similar product) > > - Use postfix/virtualusers/mysql/courier/webmail with NFS to share maildir > among N servers i found several "isp config" style how to's/docs > > the problem i see is in scaling, with this solutions i will always have 1 > NFS (with backup but only 1 for all the users), is there any open source > solution that allow me to "partitionate" users from the same domain through > independent servers? > > Or any other idea? > > A multi-mailstore will work fine with Zimbra FOSS version; and MailScanner > will quite happily sit in-front of it and perform LDAP lookups. If you need > a hand give me a shout :) > Yes i know Zimbra will work, but i only need webmail/pop3 without all the collaboration stuff of zimbra, but it will be an option if i cant find another solution. thanks > > -- > Thanks, Phil (Zimbra Community Moderator) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/7e7bc161/attachment.html From ka at pacific.net Wed Mar 10 19:20:41 2010 From: ka at pacific.net (Ken A) Date: Wed Mar 10 19:21:10 2010 Subject: OT: Building a mailserver In-Reply-To: <7d9b3cf21003101051x1b78073ra3dd914263daf42@mail.gmail.com> References: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> <4B97DA0A.4020200@fsl.com> <7d9b3cf21003101051x1b78073ra3dd914263daf42@mail.gmail.com> Message-ID: <4B97F109.4090902@pacific.net> On 3/10/2010 12:51 PM, Eduardo Casarero wrote: > But how do you split inbound smtp traffic to the correct backend? > ldap routing, as Phil suggested. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net From maillists at conactive.com Wed Mar 10 19:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 10 19:31:30 2010 Subject: MailScanner reinstall option In-Reply-To: References: Message-ID: Brad Beckenhauer wrote on Wed, 10 Mar 2010 09:35:55 -0600: > The install script in 4.79.11 no longer says it 'deletes' the Perl > modules so I'm wondering what the current thought is for upgrading perl > on CentOS is at the moment. Very simple. Do not run the install.sh script. There is no need for the included perl modules on CentOS. They are all available either from CentOS repos or rpmforge. Just install them and then install the mailscanner.rpm itself. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Mar 10 19:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 10 19:31:30 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: > 2.024-1.el5.rf Hm, the last one I can yum list on my systems is 2.020-1.el5.rf I wonder if check_obsoletes = 1 helped here. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From alex at rtpty.com Wed Mar 10 19:38:19 2010 From: alex at rtpty.com (Alex Neuman) Date: Wed Mar 10 19:38:32 2010 Subject: MailScanner reinstall option In-Reply-To: References: Message-ID: <29012363-E8A3-4EB1-B5CC-F3C369DCF3A3@rtpty.com> Could this be made into a --forCentOS option of sorts, that would yum -y install/upgrade whatever's necessary? On Mar 10, 2010, at 2:31 PM, Kai Schaetzl wrote: > Very simple. Do not run the install.sh script. There is no need for the > included perl modules on CentOS. They are all available either from CentOS > repos or rpmforge. Just install them and then install the mailscanner.rpm > itself. From steve.freegard at fsl.com Wed Mar 10 19:39:32 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Mar 10 19:39:49 2010 Subject: OT: Building a mailserver In-Reply-To: <4B97F109.4090902@pacific.net> References: <7d9b3cf21003100914nfc8845alf885173650a30735@mail.gmail.com> <4B97DA0A.4020200@fsl.com> <7d9b3cf21003101051x1b78073ra3dd914263daf42@mail.gmail.com> <4B97F109.4090902@pacific.net> Message-ID: <4B97F574.7060808@fsl.com> On 10/03/10 19:20, Ken A wrote: > On 3/10/2010 12:51 PM, Eduardo Casarero wrote: > >> But how do you split inbound smtp traffic to the correct backend? >> > > ldap routing, as Phil suggested. > Doesn't have to be LDAP; if you use Postfix as the MTA you can use the same database and routing that is used for Perdition to direct the mail to the correct mail store. Cheers, Steve. From campbell at cnpapers.com Wed Mar 10 19:51:38 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 10 19:51:52 2010 Subject: OT submission port question Message-ID: <4B97F84A.8080809@cnpapers.com> Sort of related to Mailscanner, but more sendmailish. I've had to start using the submission port with authentication for our roaming sales staff (isn't it always the sales staff that causes problems?). I've basically just added the port 587 and indicated it needed authentication to my normal sendmail configuration. This eliminates outside users from using me as a relay but allows the sales staff to use our server as if they were on-site. No problem up to this point. The main problem is that now these emails go through MS. And because I whitelist based on our internal IPs, these roaming IPs from which the sales staff is sending get trapped and quarantined sometimes since they're treated as non-local senders. Can someone make a recommendation on how to handle these roamers when using MS, please? Maybe a way to drop them into mqueue instead of mqueue.in! Thanks Steve Campbell From bbecken at aafp.org Wed Mar 10 20:01:43 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 10 20:02:30 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: On 3/10/2010 1:31 PM, Kai Schaetzl wrote: > Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: > >> 2.024-1.el5.rf > > Hm, the last one I can yum list on my systems is 2.020-1.el5.rf > I wonder if check_obsoletes = 1 helped here. > > Kai > Using rpmforge repo and it currently is showing: perl-IO-Compress noarch 2.024-1.el5.rf replacing perl-Compress-Zlib.i386 1.41-2 From alex at rtpty.com Wed Mar 10 20:10:14 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Wed Mar 10 20:10:28 2010 Subject: OT submission port question Message-ID: <1044057868-1268251815-cardhu_decombobulator_blackberry.rim.net-2129306041-@bda942.bisx.prod.on.blackberry> Create and add a unique header for auth'd users. Have MS act on it. Msg me off list if you need details. ------Original Message------ From: Steve Campbell Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: OT submission port question Sent: Mar 10, 2010 2:51 PM Sort of related to Mailscanner, but more sendmailish. I've had to start using the submission port with authentication for our roaming sales staff (isn't it always the sales staff that causes problems?). I've basically just added the port 587 and indicated it needed authentication to my normal sendmail configuration. This eliminates outside users from using me as a relay but allows the sales staff to use our server as if they were on-site. No problem up to this point. The main problem is that now these emails go through MS. And because I whitelist based on our internal IPs, these roaming IPs from which the sales staff is sending get trapped and quarantined sometimes since they're treated as non-local senders. Can someone make a recommendation on how to handle these roamers when using MS, please? Maybe a way to drop them into mqueue instead of mqueue.in! Thanks Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From sunny.forro at compcoind.com Wed Mar 10 21:13:22 2010 From: sunny.forro at compcoind.com (Sunny Forro) Date: Wed Mar 10 21:13:35 2010 Subject: OT submission port question References: <4B97F84A.8080809@cnpapers.com> Message-ID: Steve, If you're using sendmail, there's a decent solution called poprelay (http://poprelay.sourceforge.net/). It's a POP-before-SMTP script that creates a simple hashed db for sendmail to check against before accepting mail for relay. Properly installed and configured, it doesn't have to interfere with any other whitelisting you do, either. Of course, this only works if they're actually POPing to the box they're sending out through. Settings on the client couldn't be simpler, and setup is pretty dang easy as well. Sunny P.S. - Around here "sales" is a four-letter word. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Wednesday, March 10, 2010 2:52 PM To: mailscanner@lists.mailscanner.info Subject: OT submission port question Sort of related to Mailscanner, but more sendmailish. I've had to start using the submission port with authentication for our roaming sales staff (isn't it always the sales staff that causes problems?). I've basically just added the port 587 and indicated it needed authentication to my normal sendmail configuration. This eliminates outside users from using me as a relay but allows the sales staff to use our server as if they were on-site. No problem up to this point. The main problem is that now these emails go through MS. And because I whitelist based on our internal IPs, these roaming IPs from which the sales staff is sending get trapped and quarantined sometimes since they're treated as non-local senders. Can someone make a recommendation on how to handle these roamers when using MS, please? Maybe a way to drop them into mqueue instead of mqueue.in! Thanks Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Wed Mar 10 21:28:04 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Wed Mar 10 21:28:20 2010 Subject: OT submission port question In-Reply-To: References: <4B97F84A.8080809@cnpapers.com> Message-ID: <1469717502-1268256487-cardhu_decombobulator_blackberry.rim.net-1830701824-@bda942.bisx.prod.on.blackberry> This is for relay - not for skipping rules. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: "Sunny Forro" Date: Wed, 10 Mar 2010 16:13:22 To: MailScanner discussion Subject: RE: OT submission port question Steve, If you're using sendmail, there's a decent solution called poprelay (http://poprelay.sourceforge.net/). It's a POP-before-SMTP script that creates a simple hashed db for sendmail to check against before accepting mail for relay. Properly installed and configured, it doesn't have to interfere with any other whitelisting you do, either. Of course, this only works if they're actually POPing to the box they're sending out through. Settings on the client couldn't be simpler, and setup is pretty dang easy as well. Sunny P.S. - Around here "sales" is a four-letter word. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve Campbell Sent: Wednesday, March 10, 2010 2:52 PM To: mailscanner@lists.mailscanner.info Subject: OT submission port question Sort of related to Mailscanner, but more sendmailish. I've had to start using the submission port with authentication for our roaming sales staff (isn't it always the sales staff that causes problems?). I've basically just added the port 587 and indicated it needed authentication to my normal sendmail configuration. This eliminates outside users from using me as a relay but allows the sales staff to use our server as if they were on-site. No problem up to this point. The main problem is that now these emails go through MS. And because I whitelist based on our internal IPs, these roaming IPs from which the sales staff is sending get trapped and quarantined sometimes since they're treated as non-local senders. Can someone make a recommendation on how to handle these roamers when using MS, please? Maybe a way to drop them into mqueue instead of mqueue.in! Thanks Steve Campbell -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jancarel.putter at gmail.com Wed Mar 10 21:53:17 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 10 21:53:26 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: Ok i need help, i reinstalled mailscanner but still getting ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer wrote: > On 3/10/2010 1:31 PM, Kai Schaetzl wrote: > >> Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: >> >> 2.024-1.el5.rf >>> >> >> Hm, the last one I can yum list on my systems is 2.020-1.el5.rf >> I wonder if check_obsoletes = 1 helped here. >> >> Kai >> >> > Using rpmforge repo and it currently is showing: > > perl-IO-Compress noarch 2.024-1.el5.rf > > replacing perl-Compress-Zlib.i386 1.41-2 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/5d6b6e3e/attachment.html From wick at bobwickline.com Wed Mar 10 22:00:49 2010 From: wick at bobwickline.com (Bob Wickline) Date: Wed Mar 10 22:01:41 2010 Subject: Updating to perl-IO-Compress Message-ID: <4b9816b8.100bca0a.26b7.6cb2@mx.google.com> Maybe you are getting the module from non-standard directory. Run 'perl -V' and see what paths perl is looking for modules. Sent from my HTC -----Original Message----- From: JC Putter Sent: Wednesday, March 10, 2010 15:53 To: MailScanner discussion Subject: Re: Updating to perl-IO-Compress Ok i need help, i reinstalled mailscanner but still getting ? ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer wrote: On 3/10/2010 1:31 PM, Kai Schaetzl wrote: Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: 2.024-1.el5.rf Hm, the last one I can yum list on my systems is 2.020-1.el5.rf I wonder if check_obsoletes = 1 helped here. Kai Using rpmforge repo and it currently is showing: perl-IO-Compress ? ? ? noarch ? ? ?2.024-1.el5.rf ? ? replacing ?perl-Compress-Zlib.i386 1.41-2 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100310/caf49205/attachment-0001.html From bbecken at aafp.org Wed Mar 10 22:10:32 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 10 22:11:15 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: On 3/10/2010 3:53 PM, JC Putter wrote: > Ok i need help, i reinstalled mailscanner but still getting > ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > I reinstalled MailScanner using the following command line: install.sh inturn the inturn option will "force uninstall of each Perl module immediately before installing". I used that option as the 'reinstall' option did not seem to be working (see my other post). > > On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer > wrote: > > On 3/10/2010 1:31 PM, Kai Schaetzl wrote: > > Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: > > 2.024-1.el5.rf > > > Hm, the last one I can yum list on my systems is 2.020-1.el5.rf > I wonder if check_obsoletes = 1 helped here. > > Kai > > > Using rpmforge repo and it currently is showing: > > perl-IO-Compress noarch 2.024-1.el5.rf > > replacing perl-Compress-Zlib.i386 1.41-2 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From jancarel.putter at gmail.com Wed Mar 10 22:21:36 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 10 22:21:45 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: thanks busy giving it a try On Thu, Mar 11, 2010 at 12:10 AM, Brad Beckenhauer wrote: > On 3/10/2010 3:53 PM, JC Putter wrote: > >> Ok i need help, i reinstalled mailscanner but still getting >> ERROR: You must upgrade your perl IO module to at least >> **** ERROR: version 1.2301 or MailScanner will not work! >> >> I reinstalled MailScanner using the following command line: > > install.sh inturn > > the inturn option will "force uninstall of each Perl module immediately > before installing". I used that option as the 'reinstall' option did not > seem to be working (see my other post). > > > >> On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer > > wrote: >> >> On 3/10/2010 1:31 PM, Kai Schaetzl wrote: >> >> Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: >> >> 2.024-1.el5.rf >> >> >> Hm, the last one I can yum list on my systems is 2.020-1.el5.rf >> I wonder if check_obsoletes = 1 helped here. >> >> Kai >> >> >> Using rpmforge repo and it currently is showing: >> >> perl-IO-Compress noarch 2.024-1.el5.rf >> >> replacing perl-Compress-Zlib.i386 1.41-2 >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/c2fd1223/attachment.html From jancarel.putter at gmail.com Wed Mar 10 22:26:14 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 10 22:26:24 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: the installer crashed saying "missing perl-IO-1.2301-5.i386.rpm. On Thu, Mar 11, 2010 at 12:21 AM, JC Putter wrote: > thanks busy giving it a try > > > On Thu, Mar 11, 2010 at 12:10 AM, Brad Beckenhauer wrote: > >> On 3/10/2010 3:53 PM, JC Putter wrote: >> >>> Ok i need help, i reinstalled mailscanner but still getting >>> ERROR: You must upgrade your perl IO module to at least >>> **** ERROR: version 1.2301 or MailScanner will not work! >>> >>> I reinstalled MailScanner using the following command line: >> >> install.sh inturn >> >> the inturn option will "force uninstall of each Perl module immediately >> before installing". I used that option as the 'reinstall' option did not >> seem to be working (see my other post). >> >> >> >>> On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer >> > wrote: >>> >>> On 3/10/2010 1:31 PM, Kai Schaetzl wrote: >>> >>> Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 -0600: >>> >>> 2.024-1.el5.rf >>> >>> >>> Hm, the last one I can yum list on my systems is 2.020-1.el5.rf >>> I wonder if check_obsoletes = 1 helped here. >>> >>> Kai >>> >>> >>> Using rpmforge repo and it currently is showing: >>> >>> perl-IO-Compress noarch 2.024-1.el5.rf >>> >>> replacing perl-Compress-Zlib.i386 1.41-2 >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/52dccd71/attachment.html From maillists at conactive.com Wed Mar 10 22:31:16 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 10 22:31:30 2010 Subject: OT submission port question In-Reply-To: References: <4B97F84A.8080809@cnpapers.com> Message-ID: Sunny Forro wrote on Wed, 10 Mar 2010 16:13:22 -0500: > If you're using sendmail, there's a decent solution called > poprelay 1. POP-before-SMTP is seriously outdated 2. it doesn't solve his problem Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From bbecken at aafp.org Wed Mar 10 22:41:59 2010 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Mar 10 22:42:46 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: On 3/10/2010 4:26 PM, JC Putter wrote: > the installer crashed saying "missing perl-IO-1.2301-5.i386.rpm. the MailScanner installer installs the perl-IO package. Did you remove the perl-IO-Compress package install by the yum update process? The MS installer will show an error when it tries to compile the perl-IO package. See if the package is installed: # rpm -qa perl-IO-Compress Remove the perl-IO-Compress package # yum remove perl-IO-Compress reinstall MS I'm leaving for the day.. Good luck. > > On Thu, Mar 11, 2010 at 12:21 AM, JC Putter > wrote: > > thanks busy giving it a try > > > On Thu, Mar 11, 2010 at 12:10 AM, Brad Beckenhauer > wrote: > > On 3/10/2010 3:53 PM, JC Putter wrote: > > Ok i need help, i reinstalled mailscanner but still getting > ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > I reinstalled MailScanner using the following command line: > > install.sh inturn > > the inturn option will "force uninstall of each Perl module > immediately before installing". I used that option as the > 'reinstall' option did not seem to be working (see my other post). > > > > On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer > > >> wrote: > > On 3/10/2010 1:31 PM, Kai Schaetzl wrote: > > Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 > -0600: > > 2.024-1.el5.rf > > > Hm, the last one I can yum list on my systems is > 2.020-1.el5.rf > I wonder if check_obsoletes = 1 helped here. > > Kai > > > Using rpmforge repo and it currently is showing: > > perl-IO-Compress noarch 2.024-1.el5.rf > > replacing perl-Compress-Zlib.i386 1.41-2 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > > Support MailScanner development - buy the book off the > website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From alex at rtpty.com Wed Mar 10 23:02:40 2010 From: alex at rtpty.com (Alex Neuman) Date: Wed Mar 10 23:02:53 2010 Subject: OT submission port question In-Reply-To: References: <4B97F84A.8080809@cnpapers.com> Message-ID: that's what I meant... On Mar 10, 2010, at 5:31 PM, Kai Schaetzl wrote: > Sunny Forro wrote on Wed, 10 Mar 2010 16:13:22 -0500: > >> If you're using sendmail, there's a decent solution called >> poprelay > > 1. POP-before-SMTP is seriously outdated > 2. it doesn't solve his problem > > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jancarel.putter at gmail.com Thu Mar 11 01:07:54 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Thu Mar 11 01:08:02 2010 Subject: Updating to perl-IO-Compress In-Reply-To: References: Message-ID: Thanks for all you help Brad, got it working...phew! On Thu, Mar 11, 2010 at 12:41 AM, Brad Beckenhauer wrote: > On 3/10/2010 4:26 PM, JC Putter wrote: > >> the installer crashed saying "missing perl-IO-1.2301-5.i386.rpm. >> > > the MailScanner installer installs the perl-IO package. > > Did you remove the perl-IO-Compress package install by the yum update > process? > > The MS installer will show an error when it tries to compile the perl-IO > package. > > See if the package is installed: > # rpm -qa perl-IO-Compress > > Remove the perl-IO-Compress package > # yum remove perl-IO-Compress > > reinstall MS > > I'm leaving for the day.. Good luck. > > >> On Thu, Mar 11, 2010 at 12:21 AM, JC Putter > > wrote: >> >> thanks busy giving it a try >> >> >> On Thu, Mar 11, 2010 at 12:10 AM, Brad Beckenhauer > > wrote: >> >> On 3/10/2010 3:53 PM, JC Putter wrote: >> >> Ok i need help, i reinstalled mailscanner but still getting >> ERROR: You must upgrade your perl IO module to at least >> **** ERROR: version 1.2301 or MailScanner will not work! >> >> I reinstalled MailScanner using the following command line: >> >> install.sh inturn >> >> the inturn option will "force uninstall of each Perl module >> immediately before installing". I used that option as the >> 'reinstall' option did not seem to be working (see my other post). >> >> >> >> On Wed, Mar 10, 2010 at 10:01 PM, Brad Beckenhauer >> >> >> wrote: >> >> On 3/10/2010 1:31 PM, Kai Schaetzl wrote: >> >> Brad Beckenhauer wrote on Wed, 10 Mar 2010 10:59:00 >> -0600: >> >> 2.024-1.el5.rf >> >> >> Hm, the last one I can yum list on my systems is >> 2.020-1.el5.rf >> I wonder if check_obsoletes = 1 helped here. >> >> Kai >> >> >> Using rpmforge repo and it currently is showing: >> >> perl-IO-Compress noarch 2.024-1.el5.rf >> >> replacing perl-Compress-Zlib.i386 1.41-2 >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> > > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read >> http://wiki.mailscanner.info/posting >> >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/06810a27/attachment.html From jancarel.putter at gmail.com Thu Mar 11 01:13:45 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Thu Mar 11 01:13:54 2010 Subject: OT submission port question In-Reply-To: References: <4B97F84A.8080809@cnpapers.com> Message-ID: if i may jump in here, i recently also had such an issue with smtp auth, i dont know you situation but i am using rbl check in SA, which trigger alot of my remote clients thats using a mobile broadband modem, i changed my SA rbl rules and added "nothefirsthop" On Thu, Mar 11, 2010 at 1:02 AM, Alex Neuman wrote: > that's what I meant... > > On Mar 10, 2010, at 5:31 PM, Kai Schaetzl wrote: > > > Sunny Forro wrote on Wed, 10 Mar 2010 16:13:22 -0500: > > > >> If you're using sendmail, there's a decent solution called > >> poprelay > > > > 1. POP-before-SMTP is seriously outdated > > 2. it doesn't solve his problem > > > > Kai > > > > -- > > Get your web at Conactive Internet Services: http://www.conactive.com > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/d9ce27ed/attachment.html From lists at tippingmar.com Thu Mar 11 02:40:13 2010 From: lists at tippingmar.com (Mark Nienberg) Date: Thu Mar 11 02:40:30 2010 Subject: OT submission port question In-Reply-To: <4B97F84A.8080809@cnpapers.com> References: <4B97F84A.8080809@cnpapers.com> Message-ID: <4B98580D.4010108@tippingmar.com> On 3/10/2010 11:51 AM, Steve Campbell wrote: > Sort of related to Mailscanner, but more sendmailish. > > I've had to start using the submission port with authentication for > our roaming sales staff (isn't it always the sales staff that causes > problems?). I've basically just added the port 587 and indicated it > needed authentication to my normal sendmail configuration. This > eliminates outside users from using me as a relay but allows the sales > staff to use our server as if they were on-site. No problem up to this > point. > > The main problem is that now these emails go through MS. And because I > whitelist based on our internal IPs, these roaming IPs from which the > sales staff is sending get trapped and quarantined sometimes since > they're treated as non-local senders. > > Can someone make a recommendation on how to handle these roamers when > using MS, please? Maybe a way to drop them into mqueue instead of > mqueue.in! > > Here is one way to recognize authenticated messages and compensate for them with spamassassin rules. http://article.gmane.org/gmane.mail.virus.mailscanner/21074 Mark Nienberg From ram at netcore.co.in Thu Mar 11 05:39:11 2010 From: ram at netcore.co.in (ram) Date: Thu Mar 11 05:39:22 2010 Subject: How do I bounce back all mails over 50 recipients Message-ID: <1268285951.5529.22.camel@darkstar.netcore.co.in> I have a requirement that mails with over 50 recipients should be outright rejected or bounced back I assumed this would have been pretty simple to configure in MailScanner or my MTA ( postfix) I do not want the mails to reach even the first 49 recipients if mail is marked to 50 Thanks Ram From micoots at yahoo.com Thu Mar 11 07:02:19 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 11 07:02:30 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268285951.5529.22.camel@darkstar.netcore.co.in> Message-ID: <936140.12055.qm@web33301.mail.mud.yahoo.com> Hi, --- On Thu, 11/3/10, ram wrote: > From: ram > Subject: How do I bounce back all mails over 50 recipients > To: "MailScanner discussion" > Received: Thursday, 11 March, 2010, 4:39 PM > I have a requirement that mails > with? over 50 recipients should be > outright rejected or bounced back > I assumed this would have been pretty simple to configure > in MailScanner > or my MTA ( postfix) My guess is this is a postfix setting. I know with Sendmail it's in the sendmail.mc as: define(`confMAX_RCPTS_PER_MESSAGE', `80')dnl which limits to 80. Regards, Michael. > I do not want the mails to reach even the first 49 > recipients if mail is > marked to 50 > > > > Thanks > Ram > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From lyndonl at mexcom.co.za Thu Mar 11 07:14:56 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Thu Mar 11 07:16:02 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268285951.5529.22.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> Message-ID: <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> On 11 Mar 2010, at 7:39 AM, ram wrote: > I have a requirement that mails with over 50 recipients should be > outright rejected or bounced back > I assumed this would have been pretty simple to configure in MailScanner > or my MTA ( postfix) > its not an option I have used before but this might do it smtpd_recipient_limit (default: 1000) The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. you would use the below in your main.cf file smtpd_recipient_limit = 50 > I do not want the mails to reach even the first 49 recipients if mail is > marked to 50 > > > > Thanks > Ram > > > > -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za From ram at netcore.co.in Thu Mar 11 07:50:25 2010 From: ram at netcore.co.in (ram) Date: Thu Mar 11 07:50:43 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> Message-ID: <1268293825.5529.55.camel@darkstar.netcore.co.in> On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: > On 11 Mar 2010, at 7:39 AM, ram wrote: > > > I have a requirement that mails with over 50 recipients should be > > outright rejected or bounced back > > I assumed this would have been pretty simple to configure in MailScanner > > or my MTA ( postfix) > > > its not an option I have used before but this might do it > > smtpd_recipient_limit (default: 1000) > The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. > > you would use the below in your main.cf file > smtpd_recipient_limit = 50 > This works , but the first 50 recipients get the message , the rest get rejected Can I reject all message for all recipients -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/9f7323b2/attachment.html From lyndonl at mexcom.co.za Thu Mar 11 08:37:50 2010 From: lyndonl at mexcom.co.za (Lyndon Labuschagne) Date: Thu Mar 11 08:38:44 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268293825.5529.55.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> <1268293825.5529.55.camel@darkstar.netcore.co.in> Message-ID: <4EE33EF6-E743-437A-8799-1140B99973A5@mexcom.co.za> On 11 Mar 2010, at 9:50 AM, ram wrote: > > On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: > This works , but the first 50 recipients get the message , the rest get rejected > > Can I reject all message for all recipients > I hope I am wrong but i dont think you can by default, you may be able to use some sort of header_check rule to REJECT but I have no idea how one would do that > > -- > This message has been scanned for viruses and dangerous content by the > Mexcom MailScanner, and appears to be clean. > Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit > http://www.mexcom.co.za or mail sales@mexcom.co.za > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by the Mexcom MailScanner, and appears to be clean. Should you wish to secure your mail, call sales @ 011-801-4000, alternatively visit http://www.mexcom.co.za or mail sales@mexcom.co.za -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/8550de75/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 11 10:13:38 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 11 10:13:56 2010 Subject: ANNOUNCE: BarricadeMX plus has been released References: <4B98C252.9040802@ecs.soton.ac.uk> Message-ID: We are very pleased to announce that BarricadeMX plus, the replacement for our DefenderMX with BarricadeMX products, is now available for single or multiple clustered gateways. BarricadeMX plus is our commercial software that integrates BarricadeMX, MailWatch, MailScanner, SpamAssassin, ClamAV and all related applications with a Postgres configuration database. It also provides a web interface for site administrators, domain administrators and end user logins. Since all Fort Systems Ltd products are now distributed in RPM format, installation and maintenance are quick, easy and trouble free. A set of instructional videos which demonstrate the features of BarricadeMX plus may be found at http://www.fsl.com/index.php/barricademx/barricademx-plus/support Additional information on BarricadeMX plus and other MailScanner based products is available on our web site. For quotations, support, customization of MailScanner or additional information please contact us directly at info@fsl.com. Thanks, Steve -- Steve Swaney steve@fsl.com 202 595-7760 ext: 601 www.fsl.com The most accurate and cost effective anti-spam solutions available -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Thu Mar 11 10:34:06 2010 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 11 10:34:39 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <4EE33EF6-E743-437A-8799-1140B99973A5@mexcom.co.za> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> <1268293825.5529.55.camel@darkstar.netcore.co.in> <4EE33EF6-E743-437A-8799-1140B99973A5@mexcom.co.za> Message-ID: <4B98C71E.4040905@farrows.org> On 11/03/2010 08:37, Lyndon Labuschagne wrote: > > On 11 Mar 2010, at 9:50 AM, ram wrote: > >> >> On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: > >> This works , but the first 50 recipients get the message , the rest >> get rejected >> >> Can I reject all message for all recipients >> > I hope I am wrong but i dont think you can by default, you may be > able to use some sort of header_check rule to REJECT but I have no > idea how one would do that yes you can, its done at the MTA level, if you are using sendmail you can add this to your sendmail.mc file: eg: for 50 recipients: define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From jancarel.putter at gmail.com Thu Mar 11 10:39:30 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Thu Mar 11 10:39:40 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268285951.5529.22.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> Message-ID: smtpd_recipient_limit in postfix On Thu, Mar 11, 2010 at 7:39 AM, ram wrote: > I have a requirement that mails with over 50 recipients should be > outright rejected or bounced back > I assumed this would have been pretty simple to configure in MailScanner > or my MTA ( postfix) > > > I do not want the mails to reach even the first 49 recipients if mail is > marked to 50 > > > > Thanks > Ram > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/dee2d6c6/attachment.html From alex at rtpty.com Thu Mar 11 10:52:10 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Mar 11 10:52:31 2010 Subject: How do I bounce back all mails over 50 recipients Message-ID: <1301609988-1268304737-cardhu_decombobulator_blackberry.rim.net-585305813-@bda942.bisx.prod.on.blackberry> Rejection at the mta level would only work when you get to 50 local (as opposed to total) recipients. If you want to reject because of more than 50 total recipients regardless of whether they're on your server or not, you need a milter that looks at the actual message. Bouncing is bad. Oh, and BCC and recipient splitting makes your requirement ineffective. Whoever thought it up didn't sit down and think about how the whole smtp process works. ------Original Message------ From: ram Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: How do I bounce back all mails over 50 recipients Sent: Mar 11, 2010 12:39 AM I have a requirement that mails with over 50 recipients should be outright rejected or bounced back I assumed this would have been pretty simple to configure in MailScanner or my MTA ( postfix) I do not want the mails to reach even the first 49 recipients if mail is marked to 50 Thanks Ram -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From alex at rtpty.com Thu Mar 11 10:55:20 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Mar 11 10:55:35 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <936140.12055.qm@web33301.mail.mud.yahoo.com> References: <1268285951.5529.22.camel@darkstar.netcore.co.in><936140.12055.qm@web33301.mail.mud.yahoo.com> Message-ID: <195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry> That works for 80 local users in one transaction. It will deal with local users sending out to more than 80 people, but not foreign users sending to more than 80 total but less than 80 on his server, or foreign users who sent to his server using bcc to less than 50 people. If the sender splits recipients it will not trigger either. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: Michael Mansour Date: Wed, 10 Mar 2010 23:02:19 To: MailScanner discussion Subject: Re: How do I bounce back all mails over 50 recipients Hi, --- On Thu, 11/3/10, ram wrote: > From: ram > Subject: How do I bounce back all mails over 50 recipients > To: "MailScanner discussion" > Received: Thursday, 11 March, 2010, 4:39 PM > I have a requirement that mails > with? over 50 recipients should be > outright rejected or bounced back > I assumed this would have been pretty simple to configure > in MailScanner > or my MTA ( postfix) My guess is this is a postfix setting. I know with Sendmail it's in the sendmail.mc as: define(`confMAX_RCPTS_PER_MESSAGE', `80')dnl which limits to 80. Regards, Michael. > I do not want the mails to reach even the first 49 > recipients if mail is > marked to 50 > > > > Thanks > Ram > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ram at netcore.co.in Thu Mar 11 13:13:27 2010 From: ram at netcore.co.in (ram) Date: Thu Mar 11 13:13:44 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <936140.12055.qm@web33301.mail.mud.yahoo.com> <195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry> Message-ID: <1268313207.5529.86.camel@darkstar.netcore.co.in> On Thu, 2010-03-11 at 10:55 +0000, Alex Neuman van der Hans wrote: > That works for 80 local users in one transaction. It will deal with local users sending out to more than 80 people, but not foreign users sending to more than 80 total but less than 80 on his server, or foreign users who sent to his server using bcc to less than 50 people. If the sender splits recipients it will not trigger either. > -- If the sender is going to split it . then forget thats ok. I think it should be trivial to bounce back from inside Mailscanner on rcpt count. Just that how do I generate an NDR and send the mail back > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Michael Mansour > Date: Wed, 10 Mar 2010 23:02:19 > To: MailScanner discussion > Subject: Re: How do I bounce back all mails over 50 recipients > > Hi, > > --- On Thu, 11/3/10, ram wrote: > > > From: ram > > Subject: How do I bounce back all mails over 50 recipients > > To: "MailScanner discussion" > > Received: Thursday, 11 March, 2010, 4:39 PM > > I have a requirement that mails > > with over 50 recipients should be > > outright rejected or bounced back > > I assumed this would have been pretty simple to configure > > in MailScanner > > or my MTA ( postfix) > > My guess is this is a postfix setting. > > I know with Sendmail it's in the sendmail.mc as: > > define(`confMAX_RCPTS_PER_MESSAGE', `80')dnl > > which limits to 80. > > Regards, > > Michael. > > > I do not want the mails to reach even the first 49 > > recipients if mail is > > marked to 50 > > > > > > > > Thanks > > Ram > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at rtpty.com Thu Mar 11 13:24:30 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Mar 11 13:24:52 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268313207.5529.86.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in><936140.12055.qm@web33301.mail.mud.yahoo.com><195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry><1268313207.5529.86.camel@darkstar.netcore.co.in> Message-ID: <1429530601-1268313872-cardhu_decombobulator_blackberry.rim.net-710560150-@bda942.bisx.prod.on.blackberry> So all a spammer would have to do is send his/her spam to 50 people on your server and spoof the "from" address... Your server would receive it, refuse to deliver it and bounce it to the spoofed address, thus enabling the spammer to send email through your server. I don't think that's what you want. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 -----Original Message----- From: ram Date: Thu, 11 Mar 2010 18:43:27 To: MailScanner discussion Subject: Re: How do I bounce back all mails over 50 recipients On Thu, 2010-03-11 at 10:55 +0000, Alex Neuman van der Hans wrote: > That works for 80 local users in one transaction. It will deal with local users sending out to more than 80 people, but not foreign users sending to more than 80 total but less than 80 on his server, or foreign users who sent to his server using bcc to less than 50 people. If the sender splits recipients it will not trigger either. > -- If the sender is going to split it . then forget thats ok. I think it should be trivial to bounce back from inside Mailscanner on rcpt count. Just that how do I generate an NDR and send the mail back > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: Michael Mansour > Date: Wed, 10 Mar 2010 23:02:19 > To: MailScanner discussion > Subject: Re: How do I bounce back all mails over 50 recipients > > Hi, > > --- On Thu, 11/3/10, ram wrote: > > > From: ram > > Subject: How do I bounce back all mails over 50 recipients > > To: "MailScanner discussion" > > Received: Thursday, 11 March, 2010, 4:39 PM > > I have a requirement that mails > > with over 50 recipients should be > > outright rejected or bounced back > > I assumed this would have been pretty simple to configure > > in MailScanner > > or my MTA ( postfix) > > My guess is this is a postfix setting. > > I know with Sendmail it's in the sendmail.mc as: > > define(`confMAX_RCPTS_PER_MESSAGE', `80')dnl > > which limits to 80. > > Regards, > > Michael. > > > I do not want the mails to reach even the first 49 > > recipients if mail is > > marked to 50 > > > > > > > > Thanks > > Ram > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From peter at farrows.org Thu Mar 11 13:30:10 2010 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 11 13:29:55 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1429530601-1268313872-cardhu_decombobulator_blackberry.rim.net-710560150-@bda942.bisx.prod.on.blackberry> References: <1268285951.5529.22.camel@darkstar.netcore.co.in><936140.12055.qm@web33301.mail.mud.yahoo.com><195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry><1268313207.5529.86.camel@darkstar.netcore.co.in> <1429530601-1268313872-cardhu_decombobulator_blackberry.rim.net-710560150-@bda942.bisx.prod.on.blackberry> Message-ID: <4B98F062.7040001@farrows.org> On 11/03/2010 13:24, Alex Neuman van der Hans wrote: > So all a spammer would have to do is send his/her spam to 50 people on your server and spoof the "from" address... Your server would receive it, refuse to deliver it and bounce it to the spoofed address, thus enabling the spammer to send email through your server. > > I don't think that's what you want. > -- > > Alex Neuman van der Hans > Reliant Technologies > > +507 6781-9505 > +507 832-6725 > BB PIN: 20EA17C5 > > > -----Original Message----- > From: ram > Date: Thu, 11 Mar 2010 18:43:27 > To: MailScanner discussion > Subject: Re: How do I bounce back all mails over 50 recipients > > > On Thu, 2010-03-11 at 10:55 +0000, Alex Neuman van der Hans wrote: > >> That works for 80 local users in one transaction. It will deal with local users sending out to more than 80 people, but not foreign users sending to more than 80 total but less than 80 on his server, or foreign users who sent to his server using bcc to less than 50 people. If the sender splits recipients it will not trigger either. >> -- >> > If the sender is going to split it . then forget thats ok. > I think it should be trivial to bounce back from inside Mailscanner on > rcpt count. Just that how do I generate an NDR and send the mail back > > > > > > > > > > > >> Alex Neuman van der Hans >> Reliant Technologies >> >> +507 6781-9505 >> +507 832-6725 >> BB PIN: 20EA17C5 >> >> >> -----Original Message----- >> From: Michael Mansour >> Date: Wed, 10 Mar 2010 23:02:19 >> To: MailScanner discussion >> Subject: Re: How do I bounce back all mails over 50 recipients >> >> Hi, >> >> --- On Thu, 11/3/10, ram wrote: >> >> >>> From: ram >>> Subject: How do I bounce back all mails over 50 recipients >>> To: "MailScanner discussion" >>> Received: Thursday, 11 March, 2010, 4:39 PM >>> I have a requirement that mails >>> with over 50 recipients should be >>> outright rejected or bounced back >>> I assumed this would have been pretty simple to configure >>> in MailScanner >>> or my MTA ( postfix) >>> >> My guess is this is a postfix setting. >> >> I know with Sendmail it's in the sendmail.mc as: >> >> define(`confMAX_RCPTS_PER_MESSAGE', `80')dnl >> >> which limits to 80. >> >> Regards, >> >> Michael. >> >> >>> I do not want the mails to reach even the first 49 >>> recipients if mail is >>> marked to 50 >>> >>> >>> >>> Thanks >>> Ram >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the >>> website! >>> >>> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > The safest thing to do is simply to bin it in this instance, sending NDRs just generates back scatter as Alex pointed out... -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From ram at netcore.co.in Thu Mar 11 15:13:20 2010 From: ram at netcore.co.in (ram) Date: Thu Mar 11 15:13:31 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <4B98F062.7040001@farrows.org> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <936140.12055.qm@web33301.mail.mud.yahoo.com> <195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry> <1268313207.5529.86.camel@darkstar.netcore.co.in> <1429530601-1268313872-cardhu_decombobulator_blackberry.rim.net-710560150-@bda942.bisx.prod.on.blackberry> <4B98F062.7040001@farrows.org> Message-ID: <1268320400.5529.92.camel@darkstar.netcore.co.in> > The safest thing to do is simply to bin it in this instance, sending > NDRs just generates back scatter as Alex pointed out... > Ok, How do I discard the mail if it contains more than 50 rcpts -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/7eb1e755/attachment.html From ms-list at alexb.ch Thu Mar 11 15:31:09 2010 From: ms-list at alexb.ch (Alex Broens) Date: Thu Mar 11 15:31:16 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268320400.5529.92.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <936140.12055.qm@web33301.mail.mud.yahoo.com> <195844781-1268304920-cardhu_decombobulator_blackberry.rim.net-504169115-@bda942.bisx.prod.on.blackberry> <1268313207.5529.86.camel@darkstar.netcore.co.in> <1429530601-1268313872-cardhu_decombobulator_blackberry.rim.net-710560150-@bda942.bisx.prod.on.blackberry> <4B98F062.7040001@farrows.org> <1268320400.5529.92.camel@darkstar.netcore.co.in> Message-ID: <4B990CBD.2070500@alexb.ch> On 2010-03-11 16:13, ram wrote: >> The safest thing to do is simply to bin it in this instance, sending >> NDRs just generates back scatter as Alex pointed out... >> > > > > > Ok, > How do I discard the mail if it contains more than 50 rcpts > > > you may want to look at milter-limit From mmcintosh at infowall.com Thu Mar 11 15:41:56 2010 From: mmcintosh at infowall.com (Mark McIntosh) Date: Thu Mar 11 15:41:02 2010 Subject: signature issue In-Reply-To: References: <4B98C252.9040802@ecs.soton.ac.uk> Message-ID: <4B990F44.6090308@infowall.com> Hello All, I am just wondering if it is possible to get rid of the repeating signatures. As I email back and forth these keep getting added on. I thought there was a setting in the new version that was capable of stopping this behavior. relevant items from MailScanner.conf Allow Multiple HTML Signatures = no Dont Sign HTML If Headers Exist = # In-Reply-To: References: MailScanner 4.79 Centos 5.4 Mail Watch 1.4 Clamav 9.3 Spam Assassin 3.3 Mark McIntosh This message has been scanned for viruses and dangerous content by *_MailScanner_* , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by *_MailScanner_* , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by *_MailScanner_* , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by *MailScanner* , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Thu Mar 11 20:14:32 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 11 20:14:41 2010 Subject: signature issue In-Reply-To: <4B990F44.6090308@infowall.com> References: <4B98C252.9040802@ecs.soton.ac.uk> <4B990F44.6090308@infowall.com> Message-ID: <72cf361e1003111214o3e006e31k275953367cbc85de@mail.gmail.com> On 11 March 2010 15:41, Mark McIntosh wrote: > Hello All, > > > I am just wondering if it is possible to get rid of the repeating > signatures. As I email back and forth these keep getting added on. I thought > there was a setting in the new version that was capable of stopping this > behavior. > > relevant items from MailScanner.conf > > Allow Multiple HTML Signatures = no > Dont Sign HTML If Headers Exist = # In-Reply-To: References: > > > MailScanner 4.79 > Centos 5.4 > Mail Watch 1.4 > Clamav 9.3 > Spam Assassin 3.3 > > > Mark McIntosh > > > > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , and > is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , and > is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , and > is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! mark try removing the # in the Dont Sign HTML If Headers Exist = # In-Reply-To: References: -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/c5e7dc4c/attachment.html From micoots at yahoo.com Thu Mar 11 20:58:47 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 11 20:58:57 2010 Subject: Stopping storage from "SpamAssassin Rule Actions" Message-ID: <779144.59113.qm@web33301.mail.mud.yahoo.com> Hi, I have this rule in place: SpamAssassin Rule Actions = SpamScore>18=>delete,not-deliver,forward highspam@domain.com but I still have those messages with SpamScore > 18 stored in MailWatch. What can I do via the "SpamAssassin Rule Actions" setting to make sure those messages are not stored. I've tried "not-store" and "delete" but they're still being stored. Thanks. Michael. From micoots at yahoo.com Fri Mar 12 00:31:26 2010 From: micoots at yahoo.com (Michael Mansour) Date: Fri Mar 12 00:31:36 2010 Subject: CustomFunction rulesfiles Message-ID: <351507.260.qm@web33302.mail.mud.yahoo.com> Hi, Can someone confirm for me please, that the following settings can be made into the filename of a ruleset: Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Required SpamAssassin Score = &SQLSpamScores High SpamAssassin Score = &SQLHighSpamScores Always Looked Up Last = &MailWatchLogging ? The reason I'm asking is I'd like to organise for another set of CustomFunctions to log into another MailWatch DB for certain domains. Thanks. Michael. From ssilva at sgvwater.com Fri Mar 12 00:44:53 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 12 00:45:17 2010 Subject: Stopping storage from "SpamAssassin Rule Actions" In-Reply-To: <779144.59113.qm@web33301.mail.mud.yahoo.com> References: <779144.59113.qm@web33301.mail.mud.yahoo.com> Message-ID: on 3-11-2010 12:58 PM Michael Mansour spake the following: > Hi, > > I have this rule in place: > > SpamAssassin Rule Actions = SpamScore>18=>delete,not-deliver,forward highspam@domain.com > > but I still have those messages with SpamScore > 18 stored in MailWatch. > > What can I do via the "SpamAssassin Rule Actions" setting to make sure those messages are not stored. I've tried "not-store" and "delete" but they're still being stored. > > Thanks. > > Michael. > > > > They will still be logged in Mailwatch, but they shouldn't be actually stored in the quarantine... Do they still have a release button? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/9512d7ad/signature.bin From ssilva at sgvwater.com Fri Mar 12 00:49:51 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 12 00:50:13 2010 Subject: Stopping storage from "SpamAssassin Rule Actions" In-Reply-To: <779144.59113.qm@web33301.mail.mud.yahoo.com> References: <779144.59113.qm@web33301.mail.mud.yahoo.com> Message-ID: on 3-11-2010 12:58 PM Michael Mansour spake the following: > Hi, > > I have this rule in place: > > SpamAssassin Rule Actions = SpamScore>18=>delete,not-deliver,forward highspam@domain.com > > but I still have those messages with SpamScore > 18 stored in MailWatch. > > What can I do via the "SpamAssassin Rule Actions" setting to make sure those messages are not stored. I've tried "not-store" and "delete" but they're still being stored. > > Thanks. > > Michael. > > > > But not-store is the proper word looking at mine. I have; SpamAssassin Rule Actions = SpamScore>25=>not-store for messages with high scores to keep my quarantine smaller. They still log in mailwatch, but the release tab is gone since the message is not there -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100311/3c0550fa/signature.bin From micoots at yahoo.com Fri Mar 12 01:49:04 2010 From: micoots at yahoo.com (Michael Mansour) Date: Fri Mar 12 01:49:15 2010 Subject: Stopping storage from "SpamAssassin Rule Actions" In-Reply-To: Message-ID: <809311.86892.qm@web33305.mail.mud.yahoo.com> Hi Scott, --- On Fri, 12/3/10, Scott Silva wrote: > From: Scott Silva > Subject: Re: Stopping storage from "SpamAssassin Rule Actions" > To: mailscanner@lists.mailscanner.info > Received: Friday, 12 March, 2010, 11:49 AM > on 3-11-2010 12:58 PM Michael Mansour > spake the following: > > Hi, > > > > I have this rule in place: > > > > SpamAssassin Rule Actions = > SpamScore>18=>delete,not-deliver,forward highspam@domain.com > > > > but I still have those messages with SpamScore > 18 > stored in MailWatch. > > > > What can I do via the "SpamAssassin Rule Actions" > setting to make sure those messages are not stored. I've > tried "not-store" and "delete" but they're still being > stored. > > > > Thanks. > > > > Michael. > > > >? ? ??? > But not-store is the proper word looking at mine. > I have; > SpamAssassin Rule Actions = SpamScore>25=>not-store > for messages with high scores to keep my quarantine > smaller. > > They still log in mailwatch, but the release tab is gone > since the message is > not there I've changed mine back to not-store and will test again. When I had it like that before I still had the "release" button below and the message stored on the MX server, which is why I tried "delete" and it still did the same thing, so thought I'd ask on the list. I don't mind the message headers and information being stored in MailWatch, I'm just trying to avoid the storage of the (very highspam) mail on the mail servers after they've been analysed and reported. I quarantine all mail into MailWatch, clean, normal spam, high spam. I've got SA rules in place which bump up the SA score so high scoring spam is now _very_ high scoring spam, and that spam never has false positives so I don't want them stored. I'll report back later today to see if the "not-stored" option works this time. Thanks. Michael. > -----Inline Attachment Follows----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From khawaja.jawad at gmail.com Fri Mar 12 06:44:35 2010 From: khawaja.jawad at gmail.com (Jawad Khawaja) Date: Fri Mar 12 06:44:44 2010 Subject: MailScanner in Transparent Mode???? Message-ID: Hi, Can MailScanner be deployed in a Transparnt mode. Transparent Mode works like this...... 1. Client will send email to xyz@xyz.com by pointing his own SMTP server address in his client software. 2. Gateway device will forward all port 25 traffic to MailScanner. 3. MailScanner should scan email and should deliver to gateway device without changing any header information (i want destination domain should see my customer Ip rather than mailscanner IP) Any suggestion .....? Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100312/dbb4a416/attachment.html From mmcintosh at infowall.com Fri Mar 12 06:52:36 2010 From: mmcintosh at infowall.com (Mark McIntosh Infowall) Date: Fri Mar 12 06:52:53 2010 Subject: signature issue In-Reply-To: <72cf361e1003111214o3e006e31k275953367cbc85de@mail.gmail.com> References: <4B98C252.9040802@ecs.soton.ac.uk> <4B990F44.6090308@infowall.com> <72cf361e1003111214o3e006e31k275953367cbc85de@mail.gmail.com> Message-ID: <4B99E4B4.60505@infowall.com> Martin Hepworth wrote: > > > On 11 March 2010 15:41, Mark McIntosh > wrote: > > Hello All, > > > I am just wondering if it is possible to get rid of the repeating > signatures. As I email back and forth these keep getting added on. I > thought there was a setting in the new version that was capable of > stopping this behavior. > > relevant items from MailScanner.conf > > Allow Multiple HTML Signatures = no > Dont Sign HTML If Headers Exist = # In-Reply-To: References: > > > MailScanner 4.79 > Centos 5.4 > Mail Watch 1.4 > Clamav 9.3 > Spam Assassin 3.3 > > > Mark McIntosh > > > > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , > and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , > and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *_MailScanner_* , > and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > mark > > try removing the # in the > > Dont Sign HTML If Headers Exist = # In-Reply-To: References: > > > > -- > Martin Hepworth > Oxford, UK > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > Thx it cant be that easy unbelievable. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From fmgre-liste01 at yahoo.fr Fri Mar 12 09:14:23 2010 From: fmgre-liste01 at yahoo.fr (gnafou) Date: Fri Mar 12 09:14:32 2010 Subject: plain HTML messages are tagged '{Dangerous Content?} Message-ID: <568078.78701.qm@web23107.mail.ird.yahoo.com> Hello, I ve been seeing some HTML messages tagged 'Dangerous Content' .. then they are quanrantinized Is there a way to have more verbosity in the log to understand the factual reasons of the dangerousity (? ) Thanks Fred From MailScanner at ecs.soton.ac.uk Fri Mar 12 11:53:48 2010 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 12 11:53:59 2010 Subject: 10 years of MailScanner References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: MailScanner is just about to reach its 10th anniversary. Yes, believe it or not, I took on this crazy idea 10 years ago! How time flies. We are planning a big news release and celebration here at work to commemorate this. What I need from you guys are some comments and "sound bites" saying what you think of MailScanner, what you like about it, why you use it. I'm looking for a real variety of comments from all over the world, East and West, big sites and small, so if you've got something to say then I want to hear it! So get commenting folks! Many thanks, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From supunr at lankacom.net Fri Mar 12 12:05:53 2010 From: supunr at lankacom.net (Supun Rathnayake) Date: Fri Mar 12 12:06:12 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4B9A2E21.6020000@lankacom.net> High Jules, Congratulations !!!! I have no words to express our sincere thanks for initiating and developing this wonderful email scanner. What I like more is the phase you all are developing the software that is bug fixing and adding new features. I also admire the flexibility of configuration options you have made available and that made us really comfortable in delivering a perfect customized solutions required by many customers. wish you good luck in your future development and keep up the great work !! With Best Regards, Supun Rathnayake Lanka communication Services (Pvt) Ltd. 65C, Dharmapala Mawatha, Colombo 07. Sri Lanka. Tel: +94-11-2437545 http://www.lankacom.net http://blog.lankacom.net On 03/12/2010 05:23 PM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. I'm looking for a real variety of comments from all over the > world, East and West, big sites and small, so if you've got something > to say then I want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > From sonidhaval at gmail.com Fri Mar 12 12:16:21 2010 From: sonidhaval at gmail.com (Dhaval Soni) Date: Fri Mar 12 12:16:31 2010 Subject: 10 years of MailScanner In-Reply-To: <4B9A2E21.6020000@lankacom.net> References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <4B9A2E21.6020000@lankacom.net> Message-ID: <5e7ce1ac1003120416r1b0948bfpf620d164d11c9972@mail.gmail.com> Dear Jules, Great to hear news...! Congratulations...! You are doing great job and hats off on your efforts and your software - MailScanner..! On Fri, Mar 12, 2010 at 5:35 PM, Supun Rathnayake wrote: > High Jules, > > Congratulations !!!! > > I have no words to express our sincere thanks for initiating and developing > this wonderful email scanner. > > What I like more is the phase you all are developing the software that is > bug fixing and adding new features. > > I also admire the flexibility of configuration options you have made > available and that made us really > comfortable in delivering a perfect customized solutions required by many > customers. > > wish you good luck in your future development and keep up the great work !! > > > With Best Regards, > > Supun Rathnayake > > Lanka communication Services (Pvt) Ltd. > 65C, Dharmapala Mawatha, > Colombo 07. > Sri Lanka. > Tel: +94-11-2437545 > http://www.lankacom.net > http://blog.lankacom.net > > > > On 03/12/2010 05:23 PM, Julian Field wrote: > >> MailScanner is just about to reach its 10th anniversary. >> >> Yes, believe it or not, I took on this crazy idea 10 years ago! How time >> flies. >> >> We are planning a big news release and celebration here at work to >> commemorate this. >> >> What I need from you guys are some comments and "sound bites" saying what >> you think of MailScanner, what you like about it, why you use it. I'm >> looking for a real variety of comments from all over the world, East and >> West, big sites and small, so if you've got something to say then I want to >> hear it! >> >> So get commenting folks! >> >> Many thanks, >> >> Jules >> >> -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Kind regards, Dhaval Soni Red Hat Certified Architect RHCE No: 804007900325939 Cell: +91-966 20 29 620 ***************************** Wiki: https://fedoraproject.org/wiki/User:Sonidhaval INDIA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100312/3c3e02b4/attachment.html From adelgado at laubat.com Fri Mar 12 12:23:17 2010 From: adelgado at laubat.com (Delgado Moreno, Alex) Date: Fri Mar 12 12:23:30 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: Hi Jules, Congratulations!!!!!!!! I expect you and MailScanner to be with us a lot more years. Have a nice anniversary.... Alex Delgado Resp. Informatica Industrias Laubat, S.A. Tel. +0034937283603 -----Mensaje original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] En nombre de Julian Field Enviado el: viernes, 12 de marzo de 2010 12:54 Para: MailScanner discussion Asunto: 10 years of MailScanner MailScanner is just about to reach its 10th anniversary. Yes, believe it or not, I took on this crazy idea 10 years ago! How time flies. We are planning a big news release and celebration here at work to commemorate this. What I need from you guys are some comments and "sound bites" saying what you think of MailScanner, what you like about it, why you use it. I'm looking for a real variety of comments from all over the world, East and West, big sites and small, so if you've got something to say then I want to hear it! So get commenting folks! Many thanks, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que est? limpio. "En cumplimiento de la Ley Organica de Proteccion de Datos de Caracter Personal (LOPD), le informamos de que sus datos de contacto han sido incorporados en ficheros de titularidad de INDUSTRIAS LAUBAT, S.A., que corresponden a la finalidad de servir de directorio o agenda de contactos asi como para facilitar la gestion administrativa y comercial desarrollada por la empresa. Ud. tiene la posibilidad de ejercer los derechos de acceso, rectificacion, cancelacion y oposicion previstos en la ley mediante correo electronico a lopd@laubat.com" From steveb_clamav at sanesecurity.com Fri Mar 12 12:26:30 2010 From: steveb_clamav at sanesecurity.com (Steve Basford) Date: Fri Mar 12 12:26:46 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <5384ea40c216eaeaddb4b65e65189de9.squirrel@saturn.dataflame.net> > MailScanner is just about to reach its 10th anniversary. Congrats Julian!! You need a cake... obviously... h t t x://4.bp.blogspot.com/_uYLeGaENxug/Sbp5Sp6J97I/AAAAAAAAAq4/4qPotXItEzc/s400/SpamCake.jpg Cheers, Steve Sanesecurity www.sanesecurity.co.uk From bonivart at opencsw.org Fri Mar 12 12:37:04 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Fri Mar 12 12:37:34 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <625385e31003120437t3eb594c2h89c4127d85facb7c@mail.gmail.com> On Fri, Mar 12, 2010 at 12:53 PM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. I have used it at various sites, large and small, since 2003 and it's great. I'm not just thinking about the flexibility of MailScanner itself but also your support that beats all commercial ones I have encountered. Happy anniversary! -- /peter From Denis.Beauchemin at USherbrooke.ca Fri Mar 12 13:15:02 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Mar 12 13:15:45 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4B9A3E56.6000900@USherbrooke.ca> Hello Jules, Again, many thanks for the great software and many more for the excellent support you gave us since the early days. MailScanner is really flexible and when it isn't enough, you extend it some more! The mailing list is also quite helpful with almost no people to add to a kill-list ;) I believe this is also something you built right. Happy 10th anniversary to MailScanner, you and all the people who helped you make it this great success! Denis Le 2010-03-12 06:53, Julian Field a ?crit : > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. I'm looking for a real variety of comments from all over the > world, East and West, big sites and small, so if you've got something > to say then I want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5574 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100312/d5235982/smime.bin From zaeem.arshad at gmail.com Fri Mar 12 14:05:47 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Fri Mar 12 14:05:57 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <3e1809421003120605r21189cccx3e27983f14dfbdbc@mail.gmail.com> It's a fantastic product. Very reliable, highly configurable and easy to use. MailScanner allowed us to save valuable CAPEX and OPEX bringing a smile on the faces of our management and peace of admin for the admins. Thank you Jules and the community for this wonderful product. Best wishes -- Zaeem Arshad Manager Network Operations Cyber Internet Services From raubvogel at gmail.com Fri Mar 12 15:36:17 2010 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri Mar 12 15:36:27 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <2c6cf52a1003120736t4c45e885l719e3b302bb73a8a@mail.gmail.com> I have been using mailscanner for two years or so. Before it I always thought about using spamassassin but always thought it to be a bit more annoying to setup that I would like to. But, with mailscanner, things changed. I can set that up in less than 10 minutes and have it not only doing spam checking but also virus detection. In my book that is nice. But, it did not stop it: mailscanner allows me to pick more means of processing spam- and virus-filled emails that I would care to. And does that smoothly. And updates rather nicely. All I have to do nowadays is keep an eye for the ever diminishing list of misplaced emails. The support I have here, even with spamassassin and postfix issues, is amazing. In all honesty, I do not think there is a similar product, be it commercial or not, that delivers the quality and effectiveness of mailscanner. From ka at pacific.net Fri Mar 12 16:32:10 2010 From: ka at pacific.net (Ken A) Date: Fri Mar 12 16:32:42 2010 Subject: MailScanner in Transparent Mode???? In-Reply-To: References: Message-ID: <4B9A6C8A.3080709@pacific.net> MailScanner itself does no mail routing, or changing of received headers. Those are done by your smtp servers. You may want something more like qsmtpd or assp? MailScanner has a queue -> scan batch -> forward architecture, so it's not suited to work with a transparent proxy. Ken On 3/12/2010 12:44 AM, Jawad Khawaja wrote: > Hi, > > Can MailScanner be deployed in a Transparnt mode. > > Transparent Mode works like this...... > > 1. Client will send email to xyz@xyz.com by pointing his own SMTP server > address in his client software. > 2. Gateway device will forward all port 25 traffic to MailScanner. > 3. MailScanner should scan email and should deliver to gateway device > without changing any header information (i want destination domain should > see my customer Ip rather than mailscanner IP) > > Any suggestion .....? > > Regards > > -- Ken Anderson Pacific Internet - http://www.pacific.net From mrm at medicine.wisc.edu Fri Mar 12 16:43:42 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Mar 12 16:44:05 2010 Subject: Resurgence of old school phishing? Message-ID: <4B9A1ADE0200003E000045EA@gwmail.medicine.wisc.edu> I've been seeing an increase in the old school type of phishing where a link provided does not go to where the user is led to believe. MS was always great at catching these in the past, but recently some have been slipping through. I don't know if what I'm seeing is anything new or not, but I don't know enough about MS's phishing detection engine to determine what to do about this at this point. The ones that are getting through contain something like this: validate your account by CLICKING HERE and the "CLICKING HERE" portion ends up being clickable. I always thought to create an html link you needed an href. Something like: validate you account by CLICKING HERE I'm really not sure how the email client knows what portion is clickable in the first example, but 3 separate clients all do the same thing. Has this always been the case? Does MS account for it? -Mike From Kevin_Miller at ci.juneau.ak.us Fri Mar 12 17:23:43 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 12 17:23:58 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C149F868684@city-exchange07> Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. > I'm looking for a real variety of comments from all over the world, > East and West, big sites and small, so if you've got something to say > then I want to hear it! > > So get commenting folks! > > Many thanks, Wow, 10 years. Congratulations! MailScanner is an incredible asset to me. I watch the spamassassin mailing list and often see queries for help and think to myself 'Oh, simple, in MailScanner just - oh wait. They're just using spamassasin, not MailScanner.' It adds such flexibility to managing email that it almost boggles the mind. And the features keep coming! With every release there's some new functionality that scratches someone's itch but coupled with excellent comments in the config file and the sane defaults it isn't hard to tune it to one's own environment. I can't imagine running an antispam/virus gateway without it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From igueths at lava-net.com Fri Mar 12 18:05:31 2010 From: igueths at lava-net.com (Igor Gueths) Date: Fri Mar 12 17:41:41 2010 Subject: 10 years of MailScanner In-Reply-To: <4B9A3E56.6000900@USherbrooke.ca> References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <4B9A3E56.6000900@USherbrooke.ca> Message-ID: <20100312180530.GA16561@lava-net.com> MailScanner has been extremely useful in my fight against spam, here on my relatively small installation. Keep up the great work, and happy anniversary! -- Igor -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100312/efb4d310/attachment.bin From maillists at conactive.com Fri Mar 12 18:31:14 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 12 18:31:28 2010 Subject: Resurgence of old school phishing? In-Reply-To: <4B9A1ADE0200003E000045EA@gwmail.medicine.wisc.edu> References: <4B9A1ADE0200003E000045EA@gwmail.medicine.wisc.edu> Message-ID: Michael Masse wrote on Fri, 12 Mar 2010 10:43:42 -0600: > I'm really not sure how the email client knows what portion is clickable > in the first example, but 3 separate clients all do the same thing. Instead of letting us poke in the dark, why don't you upload the complete source to pastebin.com? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mrm at medicine.wisc.edu Fri Mar 12 18:44:52 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Fri Mar 12 18:45:15 2010 Subject: Resurgence of old school phishing? In-Reply-To: References: <4B9A1ADE0200003E000045EA@gwmail.medicine.wisc.edu> Message-ID: <4B9A37440200003E00004610@gwmail.medicine.wisc.edu> >>> On 3/12/2010 at 12:31 PM, in message , Kai Schaetzl wrote: > > Instead of letting us poke in the dark, why don't you upload the complete > source > to pastebin.com? > > Kai Never mind.. I wasn't looking at the html portion of the source. duh... From ssilva at sgvwater.com Fri Mar 12 21:02:36 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 12 21:03:06 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: on 3-12-2010 3:53 AM Julian Field spake the following: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use it. > I'm looking for a real variety of comments from all over the world, East > and West, big sites and small, so if you've got something to say then I > want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > Happy Anniversary! Here are some sound bytes!!! MailScanner... The best thing since sliced bread!! MailScanner... Just like deodorant, you wish EVERYONE was using it! MailScanner... Keeping sysadmins hair intact for a decade! MailScanner... If only my car was this reliable! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100312/5a86e717/signature.bin From Kevin_Miller at ci.juneau.ak.us Fri Mar 12 21:32:54 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 12 21:33:57 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C149F868689@city-exchange07> Scott Silva wrote: > > MailScanner... If only my car was this reliable! Driving a Toyota? :-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From lists at tippingmar.com Fri Mar 12 23:38:40 2010 From: lists at tippingmar.com (Mark Nienberg) Date: Fri Mar 12 23:38:57 2010 Subject: Very long filenames Message-ID: <4B9AD080.5040606@tippingmar.com> This is in filename.rules.conf # Due to a bug in Outlook Express, you can make the 2nd from last extension # be what is used to run the file. So very long filenames must be denied, # regardless of the final extension. deny .{150,} Very long filename, possible OE attack Very long filenames are good signs of attacks against Microsoft e-mail packages And I got this postmaster report regarding an incoming message: The following e-mails were found to have: Bad Filename Detected Sender:notreally@some.com IP Address: 33.117.222.88 Recipient: tome@something.com Subject: The Subject was here MessageID: o2CJ0b7T008444 Quarantine: /var/spool/MailScanner/quarantine/20100312/o2CJ0b7T008444 Report: MailScanner: Very long filenames are good signs of attacks against Microsoft e-mail packages (PA - 231 N. La.pdf) And in the quarantine I see this: [root@tesla o2CJ0b7T008444]# ll total 5.5M -rw------- 1 root root 4.8M Mar 12 11:00 dfo2CJ0b7T008444 -rw------- 1 root root 680k Mar 12 11:00 PA - 231 N. La.pdf -rw------- 1 root root 2.1k Mar 12 11:00 qfo2CJ0b7T008444 So my question is why the message was quarantined when the attachment filename is only 18 characters long? Thanks, Mark Nienberg From micoots at yahoo.com Sat Mar 13 05:08:25 2010 From: micoots at yahoo.com (Michael Mansour) Date: Sat Mar 13 05:08:35 2010 Subject: 10 years of MailScanner In-Reply-To: Message-ID: <124626.57995.qm@web33301.mail.mud.yahoo.com> Hi Jules, Congrats on 10 years. You know I don't even remember when I first started using MailScanner, maybe a scan of the list archives will tell me the first time I asked a question? but it's been many many years. I've been around since before spam existed, when it was a good thing to have an Open Relay to help deliver peoples emails (we helped like this in the old BBS days). But when spam got too much, when it went crazy the first time I got over 100 spam emails a day in my inbox, I needed to look for a solution. I originally started using it just to filter email for my domain, then as things started to grow (business-wise) I extended it's use for many other domains. I now use it to supply email filtering services for many business customers, maybe hundreds, I don't bother counting them, either hosting their email locally or filtering and relaying. It's been rock solid for many years, an "Open Source business grade solution". When taking on a new client, they typically have a commercial product they've bought yet still get inundated with garbage coming into their business networks. We typically review the commercial product they're using before migration, I won't mention any names but it never ceases to amaze me how "bad" some of these commercial products are, yet looking at their websites they tout themselves as the best spam fighting tools on the market. Glossy brochures don't replace good tools. I don't see myself moving from it ever, as long as spam exists it'll have a place in a providers spam fighting arsenal. If only MailScanner could work for fax, SMS and mobile phone spam :) that's starting to take root these days and telecoms providers don't care about it. Users still pay, why should they. Maybe that's a good sound bite? MailScanner... for providers that care about their users. MailScanner... where the glossy brochure matches the quality tool Good work mate and thanks for the continued effort in developing the product further. There's not too many people that realise the time of time investment required to continue such a project for 10 years. No one can say to you you're lazy ;) Michael. --- On Sat, 13/3/10, Scott Silva wrote: > From: Scott Silva > Subject: Re: 10 years of MailScanner > To: mailscanner@lists.mailscanner.info > Received: Saturday, 13 March, 2010, 8:02 AM > on 3-12-2010 3:53 AM Julian Field > spake the following: > > MailScanner is just about to reach its 10th > anniversary. > > > > Yes, believe it or not, I took on this crazy idea 10 > years ago! How time > > flies. > > > > We are planning a big news release and celebration > here at work to > > commemorate this. > > > > What I need from you guys are some comments and "sound > bites" saying > > what you think of MailScanner, what? you like > about it, why you use it. > > I'm looking for a real variety of comments from all > over the world, East > > and West, big sites and small, so if you've got > something to say then I > > want to hear it! > > > > So get commenting folks! > > > > Many thanks, > > > > Jules > > > Happy Anniversary! Here are some sound bytes!!! > > MailScanner... The best thing since sliced bread!! > > MailScanner... Just like deodorant, you wish EVERYONE was > using it! > > MailScanner... Keeping sysadmins hair intact for a decade! > > MailScanner... If only my car was this reliable! > > > > > -----Inline Attachment Follows----- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From J.Ede at birchenallhowden.co.uk Sat Mar 13 11:33:50 2010 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Mar 13 11:34:16 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <1213490F1F316842A544A850422BFA9635C1E58468@BHLSBS.bhl.local> I think should definitely have a big party to celebrate! MailScanner has made good, reliable email filtering possible without being overly complicated to use. I've found that it's done everything we have ever needed it to do, and on the odd occasion when we wanted something extra then Julian has managed to add the new feature within days. AlImost always when I'm asked can we do this or that with our MailScanner system then the answer is yes and I just need to add/edit a ruleset or a couple of other config lines to make it possible. Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 12 March 2010 11:54 > To: MailScanner discussion > Subject: 10 years of MailScanner > > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use it. > I'm looking for a real variety of comments from all over the world, > East > and West, big sites and small, so if you've got something to say then I > want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mmmm82 at gmail.com Sat Mar 13 12:16:44 2010 From: mmmm82 at gmail.com (Monis Monther) Date: Sat Mar 13 12:16:53 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <837e17ab1003130416h16923dffudd1f026c127453ac@mail.gmail.com> Congratulations Jules: I have been using MailScanner for a couple of years now , I think its very flexible, easy to configure and has many many wonderfull features, you can always add more to it and I have no doubt that you will, hope that it becomes Linux's standard rather than plain smapassassin. Just to let you know that my implementations are in Egypt , yes its now a growing market here in the middle east and I chose MailScanner over Amavisd and other commercial products. Finally I would like to thank this mailing list for the great support they provide and would mark how quickly resonces are when something is posted. Wish all the team working on this project an endless success. Best Regards Monis On Fri, Mar 12, 2010 at 1:53 PM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying what > you think of MailScanner, what you like about it, why you use it. I'm > looking for a real variety of comments from all over the world, East and > West, big sites and small, so if you've got something to say then I want to > hear it! > > So get commenting folks! > > Many thanks, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100313/1e144dfd/attachment.html From zaeem.arshad at gmail.com Sat Mar 13 13:00:07 2010 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Sat Mar 13 13:00:19 2010 Subject: MailScanner in Transparent Mode???? In-Reply-To: References: Message-ID: <3e1809421003130500m3541961em159cbda3a0b47f2f@mail.gmail.com> On Fri, Mar 12, 2010 at 11:44 AM, Jawad Khawaja wrote: > Hi, > > Can MailScanner be deployed in a Transparnt mode. > > Transparent Mode works like this...... > > 1. Client will send email to xyz@xyz.com by pointing his own SMTP server > address in his client software. > 2. Gateway device will forward all port 25 traffic to MailScanner. > 3. MailScanner should scan email and should deliver to gateway device > without changing any header information (i want destination domain should > see my customer Ip rather than mailscanner IP) > You need the scrubbing of headers at the gateway device because that's your last exit point. I am not really sure if it's such a good idea. Could you explain why would you want do such a thing? -- Zaeem From mark at msapiro.net Sat Mar 13 18:16:47 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sat Mar 13 18:17:01 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4B9BD68F.7040304@msapiro.net> On 11:59 AM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. Congratulations! > Yes, believe it or not, I took on this crazy idea 10 years ago! How time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. Well deserved! > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use it. > I'm looking for a real variety of comments from all over the world, East > and West, big sites and small, so if you've got something to say then I > want to hear it! I run a relatively small server supporting just three domains. When I was first setting this up, I installed MailScanner on the recommendation of a friend. I love it. Actually, all things equal, I would prefer a solution that would allow me to not accept mail at incoming SMTP time, but all things are not equal. I do employ greylisting and of course I don't accept mail that would not be deliverable, but for the rest, I find the comprehensiveness, flexibility and configurability of MailScanner via simple rule sets to far outweigh this drawback. Jules' support of MailScanner and responsiveness to problems, suggestions and requests are outstanding, at least 11 on a 10 scale. I would not want to run a mail server without MailScanner. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From lists at tippingmar.com Sun Mar 14 04:42:44 2010 From: lists at tippingmar.com (Mark Nienberg) Date: Sun Mar 14 04:43:05 2010 Subject: Very long filenames In-Reply-To: <4B9AD080.5040606@tippingmar.com> References: <4B9AD080.5040606@tippingmar.com> Message-ID: <4B9C6944.3020909@tippingmar.com> On 3/12/10 3:38 PM, Mark Nienberg wrote: > > So my question is why the message was quarantined when the attachment > filename is only 18 characters long? > And my answer is that the filename really is very long, but MailScanner truncates it in the report and in the quarantine. Mark From james at gray.net.au Sun Mar 14 07:52:24 2010 From: james at gray.net.au (James Gray) Date: Sun Mar 14 07:52:49 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <1D69D7B0-CF87-4C95-A639-DF690E7917AA@gray.net.au> On 12/03/2010, at 10:53 PM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time flies. > > We are planning a big news release and celebration here at work to commemorate this. > > What I need from you guys are some comments and "sound bites" saying what you think of MailScanner, what you like about it, why you use it. I'm looking for a real variety of comments from all over the world, East and West, big sites and small, so if you've got something to say then I want to hear it! > > So get commenting folks! Hi Jules, Congratulations! MailScanner has been such a big part of my professional and personal system administration and engineering over the last 8 years, I can't imagine life without it. It scales from SOHO setups to large corporate and ISP networks. It really is the "swiss army knife" of mail filtering and in my experience the most flexible, scalable, reliable, accurate and extendable mail filtering solution available; both in the closed and open source offerings. It's a tribute to your hard work primarily, and that of the MailScanner community. Here's to another 10 years of quality code and product offerings. Well done! James -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100314/26b26f51/smime.bin From xavier.montagutelli at unilim.fr Sun Mar 14 13:09:54 2010 From: xavier.montagutelli at unilim.fr (Xavier Montagutelli) Date: Sun Mar 14 13:10:05 2010 Subject: Virus and messages not cleaned with "Still Deliver Silent Viruses = yes" Message-ID: <201003141409.54181.xavier.montagutelli@unilim.fr> We have been using MS for many years. Our policy is to deliver every messages, even when a virus is found. So we have : Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Quarantine Silent Viruses = yes Virus Modify Subject = yes Virus Subject Text = {Virus?} Untill migrating to version 4.79.11-1, it was working as expected, messages with viruses were cleaned (attachments replaced with a warning) and delivered to the receiver. Now, after migrating both the system (from Red Hat 4.? to 4.8) and MS from 4.70.7-1 to 4.79.11-1, the virus stays in the message. It *is* detected by MS : the virus is quarantined, the subject is modified. But the attachments is not replaced any more ! Can someone confrm that it should work ? Any suggestion would be appreciated. -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 75 95 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex From hvdkooij at vanderkooij.org Sun Mar 14 15:20:01 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 14 15:21:29 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: References: <1268285951.5529.22.camel@darkstar.netcore.co.in> Message-ID: <4B9CFEA1.3080409@vanderkooij.org> On 11/03/10 11:39, JC Putter wrote: > smtpd_recipient_limit in postfix Unfortunatly it will not work. The smtpd_recipient_limit parameter (default: 1000) controls how many recipients the Postfix smtpd(8) server will take per delivery. The default limit is more than any reasonable SMTP client would send. The limit exists to protect the local mail system against a run-away client. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. From pparsons at columbiafuels.com Sun Mar 14 16:26:40 2010 From: pparsons at columbiafuels.com (Philip Parsons) Date: Sun Mar 14 16:28:25 2010 Subject: 10 years of MailScanner References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <1D69D7B0-CF87-4C95-A639-DF690E7917AA@gray.net.au> Message-ID: <7C62BFED4DC0CE488F93865D83A61E640199FB79@sprocket.columbiafuels.com> On 12/03/2010, at 10:53 PM, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time flies. > > We are planning a big news release and celebration here at work to commemorate this. > > What I need from you guys are some comments and "sound bites" saying what you think of MailScanner, what you like about it, why you use it. I'm looking for a real variety of comments from all over the world, East and West, big sites and small, so if you've got something to say then I want to hear it! > > So get commenting folks! Hi Jules, 10 Years wow Congrats ! 6 years ago I went looking for a product to be able to put in front of our exchanges servers as everyone knew back then you really did not want exchange 5.5 out in the wild. I came across this product called mailscanner and no more than an hour later I had it up an working and have never looked back. I have now expanded it out to 5 other comapnys small and large. Still to this day I still call it the best thing since slisted bread. The coding and the features is what makes this so great. We have kept up with patchs with no issues and the addons that people from around the globe say this would be nice to have and the next realease has it. Thank you. Philip Parsons Corporate Team Lead, IT and Telecommunications Columbia Fuels Inc. A Division of Parkland Industries LP 2nd Floor 2659 Douglas St Victoria BC, V8T 5M2 Phone: (250) 391-3638 Cell: (250) 883-5972 www.columbiafuels.com www.parkland.ca pparsons@columbiafuels.com IMPORTANT NOTICE This e-mail is confidential, may be legally privileged, and is for the intended recipient only. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4668 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100314/1d87e242/attachment.bin From maillists at conactive.com Sun Mar 14 17:31:21 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Mar 14 17:31:32 2010 Subject: Virus and messages not cleaned with "Still Deliver Silent Viruses = yes" In-Reply-To: <201003141409.54181.xavier.montagutelli@unilim.fr> References: <201003141409.54181.xavier.montagutelli@unilim.fr> Message-ID: Xavier Montagutelli wrote on Sun, 14 Mar 2010 14:09:54 +0100: > Can someone confrm that it should work ? I remember someone having the same problem as you some weeks ago. There is no point in delivering a virus-infected message. A message that contains a virus is always a fake *in total*. It is not a legit message that has a virus file attached. >From Still Deliver Silent Viruses comment: # Still deliver (after cleaning) messages that contained viruses listed # in the above option ("Silent Viruses") to the recipient? # Setting this to "yes" is good when you are testing everything, and # because it shows management that MailScanner is protecting them, # but it is bad because they have to filter/delete all the incoming virus # warnings. # # Note: Once you have deployed this into "production" use, you should set # Note: this option to "no" so you don't bombard thousands of people with # Note: useless messages they don't want! > But the attachments is not > replaced any more ! Yes, I agree, according to the comment for this option the file should get replaced by a warning. I think it stopped working like this when the virusscan was moved before the spamscan and I think there is a reason, too. As I said, doing so doesn't make sense. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From xavier.montagutelli at unilim.fr Sun Mar 14 19:25:17 2010 From: xavier.montagutelli at unilim.fr (Xavier Montagutelli) Date: Sun Mar 14 19:25:33 2010 Subject: Virus and messages not cleaned with "Still Deliver Silent Viruses = yes" In-Reply-To: References: <201003141409.54181.xavier.montagutelli@unilim.fr> Message-ID: <4B9D381D.6090100@unilim.fr> Hello Kai, Le 14/03/2010 18:31, Kai Schaetzl a ?crit : > Xavier Montagutelli wrote on Sun, 14 Mar 2010 14:09:54 +0100: > > >> Can someone confrm that it should work ? >> > I remember someone having the same problem as you some weeks ago. > There is no point in delivering a virus-infected message. A message that > contains a virus is always a fake *in total*. It is not a legit message > that has a virus file attached. > > >From Still Deliver Silent Viruses comment: > # Still deliver (after cleaning) messages that contained viruses listed > # in the above option ("Silent Viruses") to the recipient? > # Setting this to "yes" is good when you are testing everything, and > # because it shows management that MailScanner is protecting them, > # but it is bad because they have to filter/delete all the incoming virus > # warnings. > # > # Note: Once you have deployed this into "production" use, you should set > # Note: this option to "no" so you don't bombard thousands of people with > # Note: useless messages they don't want! > > >> But the attachments is not >> replaced any more ! >> > Yes, I agree, according to the comment for this option the file should get > replaced by a warning. I think it stopped working like this when the > virusscan was moved before the spamscan and I think there is a reason, > too. Thank you for this information. And sorry if I missed the thread on the ML. > As I said, doing so doesn't make sense. > This policy is not decided only from a technical point of view. We don't want to block e-mails for our users without letting them know, or at least the sender, that's part of our internal rules. Nonetheless, only speaking with a technical view, antiviruses can also produce false positives. And viruses do not spread heavily through e-mails nowadays (spams are more problematics). That's why putting the e-mail in quarantine (which is equivalent to "dropping" the mail) is not what we want to do here. A better approach could be to switch the AV from MailScanner to a milter (we use sendmail), to scan for viruses during the SMTP session. But I don't want to make such a big change in our infrastructure so quickly. Can someone confirm that this setting doesn't work anymore ? -- Xavier From vanhorn at whidbey.com Sun Mar 14 21:08:05 2010 From: vanhorn at whidbey.com (G. Armour Van Horn) Date: Sun Mar 14 21:08:16 2010 Subject: No warnings for one user Message-ID: <4B9D5035.9060702@whidbey.com> I have a user that doesn't want the MailScanner warnings to appear in his e-mail, because he sometimes wants to forward them and he thinks they are ugly. As I have other users that need to pass specific filename and filetype matches, I know how to setup the multiple rule files to establish this on a per-domain basis, although in this case I might not need multiple files. So two questions: First, should I use "Find Phishing Fraud = No" or "Highlight Phishing Fraud = No"? Mostly the question here is whether or not turning off "Find Phishing" also turns off the numeric and stricter tests. Second, what would the rule syntax be? Would this do it? To sillyuser allow Van -- ---------------------------------------------------------- Sign up now for Quotes of the Day, a handful of quotations on a theme delivered every morning. Enlightenment! Daily, for free! mailto:twisted@whidbey.com?subject=Subscribe_QOTD For photography, web design, hosting, and maintenance, visit Van's home page: http://www.domainvanhorn.com/van/ ----------------------------------------------------------- From mmcintosh at infowall.com Sun Mar 14 23:35:35 2010 From: mmcintosh at infowall.com (Mark McIntosh) Date: Sun Mar 14 23:35:56 2010 Subject: ScamNailer question Message-ID: <4B9D72C7.6060102@infowall.com> Hello All, I am just wondering as ScamNailer sends me an email every hour and really I just want it to send me one when it actually updates. (as shown below) Has anyone tried this?? Also does ScamNailer have its own forum and should I be asking there ?? Mark McIntosh /etc/cron.hourly/ScamNailer-2.09: Reading status from /var/cache/ScamNailer/status Checking that /var/cache/ScamNailer/cache/2010-110 exists... ok Checking that /var/cache/ScamNailer/cache/2010-110.17 exists... ok I am working with: Current: 2010-110 - 20 and Status: 2010-110 - 17 No base update required Update required Retrieving http://www.mailscanner.tv/emails.2010-110.18 Retrieving http://www.mailscanner.tv/emails.2010-110.19 Retrieving http://www.mailscanner.tv/emails.2010-110.20 /var/cache/ScamNailer/cache/2010-110.20 Updating live file /var/cache/ScamNailer/phishing.emails.list Deleting cached file: 2010-110.17.... ok Reloading MailScanner workers: MailScanner: [ OK ] Outgoing postfix: [ OK ] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mmcintosh at infowall.com Mon Mar 15 00:25:03 2010 From: mmcintosh at infowall.com (Mark McIntosh) Date: Mon Mar 15 00:25:21 2010 Subject: 10 years of MailScanner In-Reply-To: <4B9BD68F.7040304@msapiro.net> References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <4B9BD68F.7040304@msapiro.net> Message-ID: <4B9D7E5F.2020108@infowall.com> Mark Sapiro wrote: > On 11:59 AM, Julian Field wrote: > >> MailScanner is just about to reach its 10th anniversary. >> > > > Congratulations! > > > >> Yes, believe it or not, I took on this crazy idea 10 years ago! How time >> flies. >> >> We are planning a big news release and celebration here at work to >> commemorate this. >> > > > Well deserved! > > > >> What I need from you guys are some comments and "sound bites" saying >> what you think of MailScanner, what you like about it, why you use it. >> I'm looking for a real variety of comments from all over the world, East >> and West, big sites and small, so if you've got something to say then I >> want to hear it! >> Congratulations !!! I have been using MailScanner for the last two years, I bought the book and signed up for the mailing list. I have run many kinds of mail servers; Domino, Exchange, Scalix etc.....and I have never found anything more appropriate to put in front of your mail server than MailScanner. Not only does it perform fantastically but the mailing list has without me ever having to ask a question at times already has an answer in the archives. As well the polite and thoughtful answers to any kind of MailScanner assistance has proved to be better than any other product out there. Cheers Mark McIntosh Baltimore Maryland From micoots at yahoo.com Mon Mar 15 02:07:25 2010 From: micoots at yahoo.com (Michael Mansour) Date: Mon Mar 15 02:07:36 2010 Subject: ScamNailer question In-Reply-To: <4B9D72C7.6060102@infowall.com> Message-ID: <805667.53896.qm@web33305.mail.mud.yahoo.com> Hi, --- On Mon, 15/3/10, Mark McIntosh wrote: > From: Mark McIntosh > Subject: ScamNailer question > To: "MailScanner discussion" > Received: Monday, 15 March, 2010, 10:35 AM > Hello All, > > I am just wondering as ScamNailer sends me an email every > hour and really I just want it to send me one when it > actually updates. (as shown below) Has anyone tried this?? > Also does ScamNailer have its own forum and should I be > asking there ?? > > Mark McIntosh > > /etc/cron.hourly/ScamNailer-2.09: > > Reading status from /var/cache/ScamNailer/status > Checking that /var/cache/ScamNailer/cache/2010-110 > exists... ok > Checking that /var/cache/ScamNailer/cache/2010-110.17 > exists... ok > I am working with: Current: 2010-110 - 20 and Status: > 2010-110 - 17 > No base update required > Update required > Retrieving http://www.mailscanner.tv/emails.2010-110.18 > Retrieving http://www.mailscanner.tv/emails.2010-110.19 > Retrieving http://www.mailscanner.tv/emails.2010-110.20 > /var/cache/ScamNailer/cache/2010-110.20 > Updating live file > /var/cache/ScamNailer/phishing.emails.list > Deleting cached file: 2010-110.17.... ok > Reloading MailScanner workers: > ? ? ? ? MailScanner:? ? > ???[? OK? ] > ???Outgoing postfix:? ? > ???[? OK? ] I actually just have this in my /etc/cron.d/scamnailer.cron file: 0 * * * * root /usr/local/bin/ScamNailer 2>&1 > /dev/null Regards, Michael. From gcle at smcaus.com.au Mon Mar 15 02:48:24 2010 From: gcle at smcaus.com.au (Gerard Cleary) Date: Mon Mar 15 02:48:52 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <201003151348.24624.gcle@smcaus.com.au> On Fri, 12 Mar 2010 22:53:48 Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time > flies. > Hi Julian, Happy 10th birthday to MailScanner. Its a compliment to you and the MailScanner software that users are so passionate and enthusiastic about it after all those years. MailScanner is great for newbie mail administrators because its default configurations just work. Its also a godsend for highly experienced administrators because there are so many configuration options that allow them to customise their mail system to the nth degree. Finally, the extra bonus that comes with MailScanner (and much better than steak knives!) is the wonderful support available on the MailScanner mailing list. Its easily the most active mailling list that I subscribe to and I have learned a huge amount since I started looking after a Linux mail server about 8 years ago. Thank you again for making me look so good in my job of mail administrator. Gerard. -- Gerard Cleary SMC Systems Administration Ph: +61 2 9354 8222 From glenn.steen at gmail.com Mon Mar 15 10:05:40 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 15 10:05:49 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <223f97701003150305w6f2611bfm390e6e38e1646eed@mail.gmail.com> On 12 March 2010 12:53, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying what > you think of MailScanner, what ?you like about it, why you use it. I'm > looking for a real variety of comments from all over the world, East and > West, big sites and small, so if you've got something to say then I want to > hear it! > > So get commenting folks! > > Many thanks, > > Jules > Sound bites... Hmm. How about: "With unsurpassed accuracy, inventiveness and finess through sevceral years, MailScanner has helped safeguard the Swedish pensioners money!" ... Hm... Perhaps not that catchy:-). Still true. And as Peter so eloquently points out, the product would be nothing without your stellar support effort! Looking forward to the next decade with both you and MailScanner. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 15 10:58:11 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 15 10:58:19 2010 Subject: CustomFunction rulesfiles In-Reply-To: <351507.260.qm@web33302.mail.mud.yahoo.com> References: <351507.260.qm@web33302.mail.mud.yahoo.com> Message-ID: <223f97701003150358l23b8d3d7x2fb27d4e7cfabd38@mail.gmail.com> On 12 March 2010 01:31, Michael Mansour wrote: > Hi, > > Can someone confirm for me please, that the following settings can be made into the filename of a ruleset: > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Spam = &SQLBlacklist > Required SpamAssassin Score = &SQLSpamScores > High SpamAssassin Score = &SQLHighSpamScores > Always Looked Up Last = &MailWatchLogging > > ? > > The reason I'm asking is I'd like to organise for another set of CustomFunctions to log into another MailWatch DB for certain domains. > > Thanks. > > Michael. > I don't think you can... Why not do it the other way around? Iterate over a "ruleset" and instantiate connections to the needed DBs... and select which connection handle you operate on inside the custom functions... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 15 11:49:05 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 15 11:49:15 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <1268293825.5529.55.camel@darkstar.netcore.co.in> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> <1268293825.5529.55.camel@darkstar.netcore.co.in> Message-ID: <223f97701003150449x4c8fbdf0j1699101a246b7f1c@mail.gmail.com> On 11 March 2010 08:50, ram wrote: > > On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: > > On 11 Mar 2010, at 7:39 AM, ram wrote: > >> I have a requirement that mails with over 50 recipients should be >> outright rejected or bounced back >> I assumed this would have been pretty simple to configure in MailScanner >> or my MTA ( postfix) >> > its not an option I have used before but this might do it > > smtpd_recipient_limit (default: 1000) > The maximal number of recipients that the Postfix SMTP server accepts per > message delivery request. > > you would use the below in your main.cf file > smtpd_recipient_limit = 50 > > This works , but the first 50 recipients get the message , the rest get > rejected > > Can I reject all message for all recipients > No, not really. The RFCs demand that any MTA who reject an RCPT TO: do not change state. That is, it is required to remain in the state where it will wait for more recipients or the DATA command. What you could try do is drastically lower some other limits, like the smtpd_recipient_overshoot_limit, so that the recipients after 50 count as errors, and then set smtpd_soft_error_limit and smtpd_hard_error_limit so that the conversation is discarded before a message is actually sent. ... But think this throuigh carefully before doing it, and is possible test it thoroughly... it could potentially have some undesired effects for your normal mail flow. Say that you adjust them to: smtod_recipient_limit = 47 smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 4 ... then mail up to 50 reci?pients would be OK, but *any* error past that (including, but not limited to, that 51:st recipient) would be ... delayed and .... "fatal" to the conversation;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 15 11:55:29 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 15 11:55:38 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <223f97701003150449x4c8fbdf0j1699101a246b7f1c@mail.gmail.com> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> <1268293825.5529.55.camel@darkstar.netcore.co.in> <223f97701003150449x4c8fbdf0j1699101a246b7f1c@mail.gmail.com> Message-ID: <223f97701003150455i27451ec4jbeb32dad679331e0@mail.gmail.com> On 15 March 2010 12:49, Glenn Steen wrote: > On 11 March 2010 08:50, ram wrote: >> >> On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: >> >> On 11 Mar 2010, at 7:39 AM, ram wrote: >> >>> I have a requirement that mails with ?over 50 recipients should be >>> outright rejected or bounced back >>> I assumed this would have been pretty simple to configure in MailScanner >>> or my MTA ( postfix) >>> >> its not an option I have used before but this might do it >> >> smtpd_recipient_limit (default: 1000) >> The maximal number of recipients that the Postfix SMTP server accepts per >> message delivery request. >> >> you would use the below in your main.cf file >> smtpd_recipient_limit = 50 >> >> This works , but the first 50 recipients get the message , the rest get >> rejected >> >> Can I reject all message for all recipients >> > No, not really. The RFCs demand that any MTA who reject an RCPT TO: do > not change state. That is, it is required to remain in the state where > it will wait for more recipients or the DATA command. > > What you could try do is drastically lower some other limits, like the > smtpd_recipient_overshoot_limit, so that the recipients after 50 count > as errors, and then set smtpd_soft_error_limit and > smtpd_hard_error_limit so that the conversation is discarded before a > message is actually sent. ... But think this throuigh carefully before > doing it, and is possible test it thoroughly... it could potentially > have some undesired effects for your normal mail flow. > Say that you adjust them to: > smtod_recipient_limit = 47 > smtpd_soft_error_limit = 3 > smtpd_hard_error_limit = 4 > ... then mail up to 50 reci?pients would be OK, but *any* error past > that (including, but not limited to, that 51:st recipient) would be > ... delayed and .... "fatal" to the conversation;-). > > Cheers ... And no, I haven't played with this, so it might all be hogwash:-). Try Alex Borens suggestion, that seems the most sane one to me. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maxsec at gmail.com Mon Mar 15 12:01:10 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Mar 15 12:01:20 2010 Subject: No warnings for one user In-Reply-To: <4B9D5035.9060702@whidbey.com> References: <4B9D5035.9060702@whidbey.com> Message-ID: <72cf361e1003150501v30605830s3e3c7cb111a7fcf@mail.gmail.com> Van have a look in the wiki on the 'overloading' rules section. On 14 March 2010 21:08, G. Armour Van Horn wrote: > I have a user that doesn't want the MailScanner warnings to appear in his > e-mail, because he sometimes wants to forward them and he thinks they are > ugly. As I have other users that need to pass specific filename and filetype > matches, I know how to setup the multiple rule files to establish this on a > per-domain basis, although in this case I might not need multiple files. > > So two questions: > > First, should I use "Find Phishing Fraud = No" or "Highlight Phishing Fraud > = No"? Mostly the question here is whether or not turning off "Find > Phishing" also turns off the numeric and stricter tests. > > Second, what would the rule syntax be? Would this do it? > To sillyuser allow > > Van > > -- > ---------------------------------------------------------- > Sign up now for Quotes of the Day, a handful of quotations > on a theme delivered every morning. > Enlightenment! Daily, for free! > mailto:twisted@whidbey.com?subject=Subscribe_QOTD > > For photography, web design, hosting, and maintenance, > visit Van's home page: http://www.domainvanhorn.com/van/ > ----------------------------------------------------------- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100315/e14db558/attachment.html From glenn.steen at gmail.com Mon Mar 15 12:34:55 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 15 12:35:04 2010 Subject: How do I bounce back all mails over 50 recipients In-Reply-To: <223f97701003150449x4c8fbdf0j1699101a246b7f1c@mail.gmail.com> References: <1268285951.5529.22.camel@darkstar.netcore.co.in> <18FF287B-5B57-4732-B7CB-EBA7F7073BA3@mexcom.co.za> <1268293825.5529.55.camel@darkstar.netcore.co.in> <223f97701003150449x4c8fbdf0j1699101a246b7f1c@mail.gmail.com> Message-ID: <223f97701003150534l6bc2321cq33e1656b79bbf1f2@mail.gmail.com> On 15 March 2010 12:49, Glenn Steen wrote: > On 11 March 2010 08:50, ram wrote: >> >> On Thu, 2010-03-11 at 09:14 +0200, Lyndon Labuschagne wrote: >> >> On 11 Mar 2010, at 7:39 AM, ram wrote: >> >>> I have a requirement that mails with ?over 50 recipients should be >>> outright rejected or bounced back >>> I assumed this would have been pretty simple to configure in MailScanner >>> or my MTA ( postfix) >>> >> its not an option I have used before but this might do it >> >> smtpd_recipient_limit (default: 1000) >> The maximal number of recipients that the Postfix SMTP server accepts per >> message delivery request. >> >> you would use the below in your main.cf file >> smtpd_recipient_limit = 50 >> >> This works , but the first 50 recipients get the message , the rest get >> rejected >> >> Can I reject all message for all recipients >> > No, not really. The RFCs demand that any MTA who reject an RCPT TO: do > not change state. That is, it is required to remain in the state where > it will wait for more recipients or the DATA command. > > What you could try do is drastically lower some other limits, like the > smtpd_recipient_overshoot_limit, so that the recipients after 50 count > as errors, and then set smtpd_soft_error_limit and > smtpd_hard_error_limit so that the conversation is discarded before a > message is actually sent. ... But think this throuigh carefully before > doing it, and is possible test it thoroughly... it could potentially > have some undesired effects for your normal mail flow. > Say that you adjust them to: > smtod_recipient_limit = 47 smtpd_recipient_overshoot_limit = 1 > smtpd_soft_error_limit = 3 > smtpd_hard_error_limit = 4 > ... then mail up to 50 reci?pients would be OK, but *any* error past > that (including, but not limited to, that 51:st recipient) would be > ... delayed and .... "fatal" to the conversation;-). > > Cheers ,,, I really should read before hitting send...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pedro at romehosting.com Mon Mar 15 13:09:09 2010 From: pedro at romehosting.com (Dave Gattis) Date: Mon Mar 15 13:09:27 2010 Subject: Blocking Countries using an RBL. Message-ID: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> Anyone know of an RBL that will block countries known for SPAM and can be easily integrated into Spamassassin or MailScanner? Dave From mkercher at nfsmith.com Mon Mar 15 15:50:31 2010 From: mkercher at nfsmith.com (Mike Kercher) Date: Mon Mar 15 15:51:14 2010 Subject: Blocking Countries using an RBL. References: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> Message-ID: <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> That would be kinda dangerous to assume all email from a country is spam. The US is #1 according to SpamHaus. If you want to block an entire country, you could add the TLD to your MTA access list. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Gattis Sent: Monday, March 15, 2010 8:09 AM To: mailscanner@lists.mailscanner.info Subject: Blocking Countries using an RBL. Anyone know of an RBL that will block countries known for SPAM and can be easily integrated into Spamassassin or MailScanner? Dave From e.mink at remote.nl Mon Mar 15 16:05:07 2010 From: e.mink at remote.nl (Eric Mink) Date: Mon Mar 15 16:05:33 2010 Subject: Blocking Countries using an RBL. References: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> Message-ID: This is a good tool. http://fixingtheweb.com/country/countryiptablesdemo.php Eric -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Mike Kercher Verzonden: maandag 15 maart 2010 16:51 Aan: MailScanner discussion Onderwerp: RE: Blocking Countries using an RBL. That would be kinda dangerous to assume all email from a country is spam. The US is #1 according to SpamHaus. If you want to block an entire country, you could add the TLD to your MTA access list. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Gattis Sent: Monday, March 15, 2010 8:09 AM To: mailscanner@lists.mailscanner.info Subject: Blocking Countries using an RBL. Anyone know of an RBL that will block countries known for SPAM and can be easily integrated into Spamassassin or MailScanner? Dave -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From e.mink at remote.nl Mon Mar 15 16:08:24 2010 From: e.mink at remote.nl (Eric Mink) Date: Mon Mar 15 16:08:52 2010 Subject: Blocking Countries using an RBL. References: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> Message-ID: Or even better : http://blacklist.linuxadmin.org/ Eric Mink ? Remote IT - Services -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Mike Kercher Verzonden: maandag 15 maart 2010 16:51 Aan: MailScanner discussion Onderwerp: RE: Blocking Countries using an RBL. That would be kinda dangerous to assume all email from a country is spam. The US is #1 according to SpamHaus. If you want to block an entire country, you could add the TLD to your MTA access list. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave Gattis Sent: Monday, March 15, 2010 8:09 AM To: mailscanner@lists.mailscanner.info Subject: Blocking Countries using an RBL. Anyone know of an RBL that will block countries known for SPAM and can be easily integrated into Spamassassin or MailScanner? Dave -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From alex at rtpty.com Mon Mar 15 16:12:35 2010 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 15 16:12:48 2010 Subject: Blocking Countries using an RBL. In-Reply-To: <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> References: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> Message-ID: <38587754-89B2-46E0-8360-732F8966455A@rtpty.com> That, unfortunately wouldn't cover ".com" domains hosted in a specific country. Search for IP by country RBL's, or create a custom function using Geo::IP, for example. On Mar 15, 2010, at 10:50 AM, Mike Kercher wrote: > That would be kinda dangerous to assume all email from a country is > spam. The US is #1 according to SpamHaus. If you want to block an > entire country, you could add the TLD to your MTA access list. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave > Gattis > Sent: Monday, March 15, 2010 8:09 AM > To: mailscanner@lists.mailscanner.info > Subject: Blocking Countries using an RBL. > > Anyone know of an RBL that will block countries known for SPAM and can > be easily integrated into Spamassassin or MailScanner? > Dave > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mark at msapiro.net Mon Mar 15 17:07:20 2010 From: mark at msapiro.net (Mark Sapiro) Date: Mon Mar 15 17:07:33 2010 Subject: ScamNailer question In-Reply-To: <4B9D72C7.6060102@infowall.com> References: <4B9D72C7.6060102@infowall.com> Message-ID: <4B9E6948.6020106@msapiro.net> On 11:59 AM, Mark McIntosh wrote: > > I am just wondering as ScamNailer sends me an email every hour and > really I just want it to send me one when it actually updates. (as shown > below) Has anyone tried this?? Also does ScamNailer have its own forum > and should I be asking there ?? The script does support a --quiet argument, but that will suppress all output, even if there is an update. You could always make this 'semi quiet' by removing the 'unless $quiet' qualifier from some prints that are only done for an actual update. I don't think there is a separate ScamNailer list. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Kevin_Miller at ci.juneau.ak.us Mon Mar 15 17:41:28 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Mar 15 17:41:43 2010 Subject: No warnings for one user In-Reply-To: <4B9D5035.9060702@whidbey.com> References: <4B9D5035.9060702@whidbey.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F868694@city-exchange07> G. Armour Van Horn wrote: > I have a user that doesn't want the MailScanner warnings to appear in > his e-mail, because he sometimes wants to forward them and he thinks > they are ugly. As I have other users that need to pass specific > filename and filetype matches, I know how to setup the multiple rule > files to establish this on a per-domain basis, although in this case > I might not need multiple files. > > So two questions: > > First, should I use "Find Phishing Fraud = No" or "Highlight Phishing > Fraud = No"? Mostly the question here is whether or not turning off > "Find Phishing" also turns off the numeric and stricter tests. > > Second, what would the rule syntax be? Would this do it? > To sillyuser allow I would tell the silly user that the delete key is his friend. The warnings *are* ugly. Getting malware is uglier. It's really not that hard to hightlight the warning and press delete when he forwards. If they're legitimate links from a regular source such as a newsletter, you can add them to the whitelist and weed a good portion of them out. They're there for a good reason though. If users paid more attention to such things we wouldn't have to be so draconian. Just my tuppence worth... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bonivart at opencsw.org Fri Mar 12 23:48:01 2010 From: bonivart at opencsw.org (Peter Bonivart) Date: Mon Mar 15 17:51:51 2010 Subject: Very long filenames In-Reply-To: <4B9AD080.5040606@tippingmar.com> References: <4B9AD080.5040606@tippingmar.com> Message-ID: <625385e31003121548o3aa068fakf0053351cf0ac9e@mail.gmail.com> On Sat, Mar 13, 2010 at 12:38 AM, Mark Nienberg wrote: > So my question is why the message was quarantined when the attachment > filename is only 18 characters long? The name has been sanitized. Look in the df-file if you want to see what it originally was. -- /peter From cfisk at qwicnet.com Mon Mar 15 19:32:30 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 15 19:32:48 2010 Subject: Blocking Countries using an RBL. In-Reply-To: <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> Message-ID: > That would be kinda dangerous to assume all email from a > country is > spam. The US is #1 according to SpamHaus. If you want > to block an > entire country, you could add the TLD to your MTA access > list. None of the businesses we handle email for handle orders for customers outside the US, Canada and Mexico, so we have been looking for an easy way to block mail from overseas. If you find an easy to use DNSBL for this I would love to know about it! Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Mon Mar 15 19:45:57 2010 From: alex at rtpty.com (Alex Neuman) Date: Mon Mar 15 19:46:07 2010 Subject: Blocking Countries using an RBL. In-Reply-To: References: <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> Message-ID: <24e3d2e41003151245y7491a99axaabf31f4db1cc4d4@mail.gmail.com> What about foreign spammers using US servers, or US customers who host their email elsewhere for economic or legal reasons? On 3/15/10, Christopher Fisk wrote: >> That would be kinda dangerous to assume all email from a >> country is >> spam. The US is #1 according to SpamHaus. If you want >> to block an >> entire country, you could add the TLD to your MTA access >> list. > > None of the businesses we handle email for handle orders for customers > outside the US, Canada and Mexico, so we have been looking for an easy way > to block mail from overseas. If you find an easy to use DNSBL for this I > would love to know about it! > > > Christopher Fisk > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Sent from my mobile device -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 BB Pin: 20EA17C5 alex@rtpty.com Skype: alexneuman From cfisk at qwicnet.com Mon Mar 15 19:58:04 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 15 19:58:34 2010 Subject: Blocking Countries using an RBL. In-Reply-To: <24e3d2e41003151245y7491a99axaabf31f4db1cc4d4@mail.gmail.com> Message-ID: > What about foreign spammers using US servers, or US > customers who host > their email elsewhere for economic or legal reasons? 1: The RBL wouldn't block them 2: The RBL would block them I am not actually looking to do a carpet blocking, mostly just non-english stuff. I actually have an RWL (Which I update with IP Addresses of servers that are on blacklists as we need to) so the few companies we encounter like that would be easy to resolve. Is there a good method to block non-english messages? Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Mon Mar 15 20:07:53 2010 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Mar 15 20:08:09 2010 Subject: Blocking Countries using an RBL. Message-ID: <1363681657-1268683673-cardhu_decombobulator_blackberry.rim.net-1819335918-@bda942.bisx.prod.on.blackberry> By the character set? Unfortunately that would create another problem: telling English messages encoded in other character sets, and chinese engrish spam that's been hitting some people lately which reads like "hello acquaintance, I found this interesting location on the intarwebs that sells (insert popular electronic device)". ------Original Message------ From: Christopher Fisk Sender: mailscanner-bounces@lists.mailscanner.info To: MailScanner discussion ReplyTo: MailScanner discussion Subject: re[2]: Blocking Countries using an RBL. Sent: Mar 15, 2010 2:58 PM > What about foreign spammers using US servers, or US > customers who host > their email elsewhere for economic or legal reasons? 1: The RBL wouldn't block them 2: The RBL would block them I am not actually looking to do a carpet blocking, mostly just non-english stuff. I actually have an RWL (Which I update with IP Addresses of servers that are on blacklists as we need to) so the few companies we encounter like that would be easy to resolve. Is there a good method to block non-english messages? Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 832-6725 BB PIN: 20EA17C5 From drew.marshall at trunknetworks.com Mon Mar 15 20:53:03 2010 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Mon Mar 15 20:53:20 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <1CCD231F-C78C-44D8-8EC0-CA2D6CA5C0AE@trunknetworks.com> On 12 Mar 2010, at 11:53, Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. I'm looking for a real variety of comments from all over the > world, East and West, big sites and small, so if you've got > something to say then I want to hear it! > > So get commenting folks! > > Many thanks, > > Jules Initially I couldn't believe it's been 10 years but then I thought about when I started using MailScanner and realised it must be! My first MS installation was on an old PC that I decided I would use to dip my toe in the *nix world, see what all this open source stuff was all about and that would have been ~9 years ago, just before Postfix became supported by MS! From the end of the dial up modem, I decided I needed something to scan emails for viruses so I searched for a mailscanner! Never did I realised my small typo would open up such a great Pandora's box of software! Version 3. something was downloaded and I spent the next 4 hours finding Perl modules to make it work (I was running Slackware so none of this package manage stuff and the easy install tarball wasn't even a twinkle in Jule's eye!). However, work it did and it has continued to work ever since. I have upgraded a few times since 3.x (You will be pleased to know) but the whole experience hasn't been totally hassle free, oh no. There have been many times when keeping up Jules' work rate has frankly been neigh on impossible! I would proudly look at my machine(s) and think that's good up to date now and blow me if there wasn't a new release just days afterwards fixing, improving or adding new features. Being a new toy junkie, I just had to have them so time to up date again.... So a 'sound bite'. Well how could I sum up a piece of software that has been one of my best friends for so long, that I have grown to trust and who's age (Let a lone birthday) I didn't even know? I am really not sure. MailScanner has and continues to be one of my most valued pieces of software proving flexibility and reliability, which coupled with speed and ease of use means that practically every email requirement can be catered for and without needing to learn complex commands. Providing you can read and have a little time to set up the many hundreds of configuration options you can work MailScanner and for that we must thank Jules. It was quite an idea 10 years ago and it's one fine piece of software 10 years on! Happy Birthday MailScanner and thank you Jules! Drew PS Jules, you might want to top up your Amazon wish list. It's a bit light. I keep threatening that I'll use it but have never had a boss who understood enough to carry it through. Now I am the boss, it's time to put some actions to my words and a birthday seems a reasonable opportunity to me! -- Drew Marshall Director Trunk Networks Limited email/sip: drew.marshall@trunknetworks.com mob: +44 7870 220770 tel: +44 33 33 44 33 22 web: www.trunknetworks.com -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ From ssilva at sgvwater.com Mon Mar 15 21:01:59 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 15 21:02:23 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: on 3-12-2010 1:02 PM Scott Silva spake the following: > on 3-12-2010 3:53 AM Julian Field spake the following: >> MailScanner is just about to reach its 10th anniversary. >> >> Yes, believe it or not, I took on this crazy idea 10 years ago! How time >> flies. >> >> We are planning a big news release and celebration here at work to >> commemorate this. >> >> What I need from you guys are some comments and "sound bites" saying >> what you think of MailScanner, what you like about it, why you use it. >> I'm looking for a real variety of comments from all over the world, East >> and West, big sites and small, so if you've got something to say then I >> want to hear it! >> >> So get commenting folks! >> >> Many thanks, >> >> Jules >> > Happy Anniversary! Here are some sound bytes!!! > > MailScanner... The best thing since sliced bread!! > > MailScanner... Just like deodorant, you wish EVERYONE was using it! > > MailScanner... Keeping sysadmins hair intact for a decade! > > MailScanner... If only my car was this reliable! > > > > Just dug back in the archive and my first post here was May 17, 2004! Wow... How time flies!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100315/e5913e5b/signature.bin From maillists at conactive.com Mon Mar 15 22:31:17 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Mar 15 22:31:31 2010 Subject: Blocking Countries using an RBL. In-Reply-To: References: Message-ID: Christopher Fisk wrote on Mon, 15 Mar 2010 15:58:04 -0400: > Is there a good method to block non-english messages? Yes, spamassassin. Apart from that about your general blocking of mail from certain countries. This is something you want to do at MTA level, not with MS. There are or have been several RBLs for that (google for blackhole) and you can use GeoIP for your own database or use milter- greylist with GeoIP support. Lots of options, you just have to know what you want ;-) Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From jakari at bithose.com Tue Mar 16 02:20:37 2010 From: jakari at bithose.com (Jameel Akari) Date: Tue Mar 16 02:21:00 2010 Subject: Blocking Countries using an RBL. In-Reply-To: <38587754-89B2-46E0-8360-732F8966455A@rtpty.com> References: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> <5469E9438768604295D982A26FF206F510417C@houpex02.nfsmith.info> <38587754-89B2-46E0-8360-732F8966455A@rtpty.com> Message-ID: <4B9EEAF5.20802@bithose.com> Alex Neuman wrote: > That, unfortunately wouldn't cover ".com" domains hosted in a specific country. > > Search for IP by country RBL's, or create a custom function using Geo::IP, for example. > The Trend Micro ERS (formerly RBL+) list has netblocks by (purported) country of origin; it's been fairly effective for me at work. You can select various IPs by country, or entire countries, and then whitelist senders as needed. I use it in Sendmail with a custom 550 message directing legit senders to a web form where they can plead their case. ;) I suspect it could be plugged into SA rules and scored upon as well. It is, however a for-pay feed. I can't recall the pricing offhand. -- Jameel Akari >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Dave >> Gattis >> Sent: Monday, March 15, 2010 8:09 AM >> To: mailscanner@lists.mailscanner.info >> Subject: Blocking Countries using an RBL. >> >> Anyone know of an RBL that will block countries known for SPAM and can >> be easily integrated into Spamassassin or MailScanner? >> Dave >> >> From glenn.steen at gmail.com Tue Mar 16 08:38:40 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 16 08:38:48 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <223f97701003160138i54171c90y9fc6318f9b56f331@mail.gmail.com> On 15 March 2010 22:01, Scott Silva wrote: > on 3-12-2010 1:02 PM Scott Silva spake the following: >> on 3-12-2010 3:53 AM Julian Field spake the following: >>> MailScanner is just about to reach its 10th anniversary. >>> >>> Yes, believe it or not, I took on this crazy idea 10 years ago! How time >>> flies. >>> >>> We are planning a big news release and celebration here at work to >>> commemorate this. >>> >>> What I need from you guys are some comments and "sound bites" saying >>> what you think of MailScanner, what ?you like about it, why you use it. >>> I'm looking for a real variety of comments from all over the world, East >>> and West, big sites and small, so if you've got something to say then I >>> want to hear it! >>> >>> So get commenting folks! >>> >>> Many thanks, >>> >>> Jules >>> >> Happy Anniversary! Here are some sound bytes!!! >> >> MailScanner... The best thing since sliced bread!! >> >> MailScanner... Just like deodorant, you wish EVERYONE was using it! >> >> MailScanner... Keeping sysadmins hair intact for a decade! >> >> MailScanner... If only my car was this reliable! >> >> >> >> > Just dug back in the archive and my first post here was May 17, 2004! ?Wow... > How time flies!!! > Well, this had me thinking... So I just had to do the same:-). I used MailScanner for approximately a year before hitting a bug I couldn't fix myself (the imfamous inode reuse problem, endemic to Postfix:-). First post (to the MW list, then a week or so later to this list) was early november 2004. So the pensioners, all unknowing, have been benefiting (if there is such a word:-) for at least 7 years. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at rtpty.com Tue Mar 16 10:25:10 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 16 10:25:24 2010 Subject: 10 years of MailScanner In-Reply-To: <223f97701003160138i54171c90y9fc6318f9b56f331@mail.gmail.com> References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <223f97701003160138i54171c90y9fc6318f9b56f331@mail.gmail.com> Message-ID: <8AC92816-92C6-40C3-90BE-7E36648F22AB@rtpty.com> Not to mention the fact that it causes swapping! :-) On Mar 16, 2010, at 3:38 AM, Glenn Steen wrote: > endemic to Postfix:-). From Denis.Beauchemin at USherbrooke.ca Tue Mar 16 12:14:24 2010 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Mar 16 12:14:41 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4B9F7620.7010507@USherbrooke.ca> Le 2010-03-15 17:01, Scott Silva a ?crit : > on 3-12-2010 1:02 PM Scott Silva spake the following: > >> on 3-12-2010 3:53 AM Julian Field spake the following: >> >>> MailScanner is just about to reach its 10th anniversary. >>> >>> Yes, believe it or not, I took on this crazy idea 10 years ago! How time >>> flies. >>> >>> We are planning a big news release and celebration here at work to >>> commemorate this. >>> >>> What I need from you guys are some comments and "sound bites" saying >>> what you think of MailScanner, what you like about it, why you use it. >>> I'm looking for a real variety of comments from all over the world, East >>> and West, big sites and small, so if you've got something to say then I >>> want to hear it! >>> >>> So get commenting folks! >>> >>> Many thanks, >>> >>> Jules >>> >>> >> Happy Anniversary! Here are some sound bytes!!! >> >> MailScanner... The best thing since sliced bread!! >> >> MailScanner... Just like deodorant, you wish EVERYONE was using it! >> >> MailScanner... Keeping sysadmins hair intact for a decade! >> >> MailScanner... If only my car was this reliable! >> >> >> >> >> > Just dug back in the archive and my first post here was May 17, 2004! Wow... > How time flies!!! > > Mine was 2003-11-14 ! I wouldn't have believed it was so many years ago! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5574 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100316/aba512be/smime.bin From campbell at cnpapers.com Tue Mar 16 12:52:36 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 16 12:52:52 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <4B9F7F14.20604@cnpapers.com> Back on December 13, 2002, I had problems with signing on to the mailing list. Mr. Field, as I called him then, very graciously helped me get through that little problem. He has since helped with many other problems I had encountered or created myself, patiently putting up with my mistakes and assisting each time. I've learned loads about sendmail and the email system in general from the tools he has provided. The fact that I've used this tool almost exclusively for my email protector since before the date mentioned earlier speaks volumes for how I feel about MailScanner. It's a heck of a tool. Julian, just another little thank you and to MS, happy birthday! Steve Campbell Julian Field wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. I'm looking for a real variety of comments from all over the > world, East and West, big sites and small, so if you've got something > to say then I want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > From jaearick at colby.edu Tue Mar 16 13:25:50 2010 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Mar 16 13:26:06 2010 Subject: 10 years of mailscanner Message-ID: Julian, I looked in the GMane archives and found my earliest posting to the MailScanner list was 2003-10-13. Wow, time flies! I installed MailScanner sometime that Fall after getting burned by the worm du jour that brought our sendmail system to its knees. After that, bliss. No more worm/virus problems. Your continued improvement of MailScanner has kept a ton of spam away too. Your support via the list beats any other product out there. Many thanks, and keep up the good work (keep healthy too)! Jeff Earickson Colby College From micoots at yahoo.com Tue Mar 16 13:56:43 2010 From: micoots at yahoo.com (Michael Mansour) Date: Tue Mar 16 13:56:53 2010 Subject: Blocking Countries using an RBL. In-Reply-To: <5662383b347409055de2ba4f1f7900e1.squirrel@mail.romehosting.com> Message-ID: <100909.49671.qm@web33305.mail.mud.yahoo.com> Hi Dave, --- On Tue, 16/3/10, Dave Gattis wrote: > From: Dave Gattis > Subject: Blocking Countries using an RBL. > To: mailscanner@lists.mailscanner.info > Received: Tuesday, 16 March, 2010, 12:09 AM > Anyone know of an RBL that will block > countries known for SPAM and can be > easily integrated into Spamassassin or MailScanner? I personally wouldn't block but quarantine and whitelist thereafter. You could use milter-greylist with GeoIP support (I do) which allows me to blacklist some countries (which I do) and greylist others. Regards, Michael. > Dave > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From uxbod at splatnix.net Tue Mar 16 14:01:51 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 16 14:02:13 2010 Subject: 10 years of MailScanner In-Reply-To: <7583752.66.1268747892842.JavaMail.root@office.splatnix.net> Message-ID: <5529622.68.1268748111338.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: > MailScanner is just about to reach its 10th anniversary. > > Yes, believe it or not, I took on this crazy idea 10 years ago! How > time > flies. > > We are planning a big news release and celebration here at work to > commemorate this. > > What I need from you guys are some comments and "sound bites" saying > what you think of MailScanner, what you like about it, why you use > it. > I'm looking for a real variety of comments from all over the world, > East > and West, big sites and small, so if you've got something to say then > I > want to hear it! > > So get commenting folks! > > Many thanks, > > Jules > Well it would appear I am well behind a lot of you on the first post made as mine was 6 May 2006. MailScanner has been rock solid, apart from a couple of glitches, and when those times raise there head Jules is like a rampaging bull in getting it fixed. Through my experience I could quite easily name a number of commercial products, costing tens of thousands, that do not get close to the hit rate that MS achieves. Absolute testimony to Jules professionalism and care for the community. Happy 10th Birthday MailScanner and make sure you look after Jules. -- Thanks - Phil From ka at pacific.net Tue Mar 16 15:42:39 2010 From: ka at pacific.net (Ken A) Date: Tue Mar 16 15:42:54 2010 Subject: 10 years of mailscanner In-Reply-To: References: Message-ID: <4B9FA6EF.5060008@pacific.net> We're a small ISP in Northern Calif, and have use MailScanner as part of our anti-spam strategy since late 2002. It's been a great asset in the fight against spam. The MailScanner community, led by Julian Field, is by far one of the best, most helpful communities one can find online. Thanks to all who have put time and effort into MailScanner! Happy 10! Ken Anderson Pacific.Net On 3/16/2010 8:25 AM, Jeff A. Earickson wrote: > Julian, > > I looked in the GMane archives and found my earliest posting to the > MailScanner > list was 2003-10-13. Wow, time flies! I installed MailScanner sometime that > Fall after getting burned by the worm du jour that brought our sendmail > system > to its knees. > > After that, bliss. No more worm/virus problems. Your continued improvement > of MailScanner has kept a ton of spam away too. Your support via the > list beats any other product out there. > > Many thanks, and keep up the good work (keep healthy too)! > > Jeff Earickson > Colby College -- Ken Anderson Pacific Internet - http://www.pacific.net From drew.marshall at trunknetworks.com Tue Mar 16 14:52:53 2010 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Tue Mar 16 16:09:26 2010 Subject: 10 years of MailScanner In-Reply-To: <4B9F7620.7010507@USherbrooke.ca> References: <4B9A2B4C.7040108@ecs.soton.ac.uk> <4B9F7620.7010507@USherbrooke.ca> Message-ID: On 16 Mar 2010, at 12:14, Denis Beauchemin wrote: >> Just dug back in the archive and my first post here was May 17, >> 2004! Wow... >> How time flies!!! >> >> > Mine was 2003-11-14 ! I wouldn't have believed it was so many years > ago! I had to do the same and the earliest post I can find is 14th December 2003! I didn't brave the mailing list for a year or two of MS use (I suspect that I felt I couldn't add anything to the party. Not sure I ever really have but you need some noise at a party otherwise it has no atmosphere!). I'm starting to feel quite old! Mind you, I suspect there would be few of us that have matured quite as well as MailScanner ;-) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ From alex at rtpty.com Tue Mar 16 17:31:14 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 16 17:31:28 2010 Subject: 10 years of mailscanner In-Reply-To: References: Message-ID: <3B6BA1C5-7DA9-499B-9D3C-81F8612714B2@rtpty.com> My "frist post" (in Slashdot style reference) is at: http://article.gmane.org/gmane.mail.virus.mailscanner/9659/match= and it indicates it was made "5 years, 51 weeks, 5 days, 17 hours and 5 minutes ago" - I think that makes me a relative newcomer! Thanks for all the help you guys have been providing - for free - to this "comparative newbie"! From rlopezcnm at gmail.com Tue Mar 16 21:53:32 2010 From: rlopezcnm at gmail.com (Robert Lopez) Date: Tue Mar 16 21:53:41 2010 Subject: ScamNailer "add addresses of your own" questions Message-ID: Trying this subject from the past again... Pre-renaming to ScamNailer we had phishing.bad.sites.conf (and phishing.safe.sites.conf) where it was possible to force local additions. Then with early ScamNailer there was anti-phishing.addresses for local_extras. ScamNailer-2.09 seems to have no provision for local extras at all (bad or safe). So, what is supposed to be done with the phishing.addresses we find locally? Is there an address to send them to in order they be added to the cron loaded updates or do I have to try to jam them into phishing.emails.list each time it is created? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From khawaja.jawad at gmail.com Wed Mar 17 12:13:59 2010 From: khawaja.jawad at gmail.com (Jawad Khawaja) Date: Wed Mar 17 12:14:08 2010 Subject: MailScanner in Transparent Mode???? Message-ID: Is this possible to configure MailScanner to stop spam in transparent mode. i don't want any of my customer to point my server as smtp relay server. MailScanner just scan message for anti-virus and anti-spam and forward email with originating customer's IP address mean no header source change.... Regards khawaja -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100317/8948f9d6/attachment.html From steve.freegard at fsl.com Wed Mar 17 12:24:36 2010 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Mar 17 12:24:53 2010 Subject: MailScanner in Transparent Mode???? In-Reply-To: References: Message-ID: <4BA0CA04.5040908@fsl.com> On 17/03/10 12:13, Jawad Khawaja wrote: > Is this possible to configure MailScanner to stop spam in transparent > mode. i don't want any of my customer to point my server as smtp relay > server. No. > MailScanner just scan message for anti-virus and anti-spam and forward > email with originating customer's IP address mean no header source > change.... > The answer hasn't changed since you last asked this question. Regards, Steve. From mikael at syska.dk Wed Mar 17 12:27:47 2010 From: mikael at syska.dk (Mikael Syska) Date: Wed Mar 17 12:28:00 2010 Subject: MailScanner in Transparent Mode???? In-Reply-To: References: Message-ID: <6beca9db1003170527y5f5c6e4bq6796fa3d71724e94@mail.gmail.com> Hi, Why not answer the questions asked in the other mail you send to the list ? mvh On Wed, Mar 17, 2010 at 1:13 PM, Jawad Khawaja wrote: > Is this possible to configure MailScanner to stop spam in transparent mode. > i don't want any of my customer to point my server as smtp relay server. > > MailScanner just scan message for anti-virus and anti-spam and forward email > with originating customer's IP address mean no header source change.... > > Regards > khawaja > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From prandal at herefordshire.gov.uk Wed Mar 17 16:51:17 2010 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Mar 17 16:51:31 2010 Subject: 10 years of MailScanner In-Reply-To: References: <4B9A2B4C.7040108@ecs.soton.ac.uk> Message-ID: <76415AED4CCF214F80FD9B0DA9A9EE4525AA45@HC-MBX01.herefordshire.gov.uk> Well done, Jules. I first installed MailScanner back in 2003, and haven't looked back. In those days, less than 10% of of our incoming emails were spam. Now it is up to 90%+ (most being caught by the zen.spamhaus.org blacklist). Our MX boxes are two Dell 2950s with 4GB RAM, CentOS 5.4 x64, sendmail, and SA 3.3.0. Julian's and the mailing list's support has been second to none. I can't praise it highly enough. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 12 March 2010 11:54 To: MailScanner discussion Subject: 10 years of MailScanner MailScanner is just about to reach its 10th anniversary. Yes, believe it or not, I took on this crazy idea 10 years ago! How time flies. We are planning a big news release and celebration here at work to commemorate this. What I need from you guys are some comments and "sound bites" saying what you think of MailScanner, what you like about it, why you use it. I'm looking for a real variety of comments from all over the world, East and West, big sites and small, so if you've got something to say then I want to hear it! So get commenting folks! Many thanks, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From campbell at cnpapers.com Wed Mar 17 18:04:20 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 17 18:04:35 2010 Subject: OT: Outlook oddities #2 Message-ID: <4BA119A4.3090204@cnpapers.com> Starting this up again, as I have more info but no answers. After comparing headers and anything else I could find, other than the To: and From: being in different order sometimes (To: comes first sometimes, From: others), I finally found a commonality in all of the emails that show up to MS and Mailwatch as having no From: address in the envelop from Outlook. Maybe someone can tell me what it means when the Subject line has the word "Read: " instead of the plain old vanilla "Re: " in it. Googling hasn't helped since I can't seem to find the right search string. Does this have anything to do with Return Receipts? These are all emails that the Outlook user is "Replying" to some email. Thanks for helping Steve Campbell From Kevin_Miller at ci.juneau.ak.us Wed Mar 17 18:28:52 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 17 18:29:10 2010 Subject: Outlook oddities #2 In-Reply-To: <4BA119A4.3090204@cnpapers.com> References: <4BA119A4.3090204@cnpapers.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> Steve Campbell wrote: > Starting this up again, as I have more info but no answers. > > After comparing headers and anything else I could find, other than the > To: and From: being in different order sometimes (To: comes first > sometimes, From: others), I finally found a commonality in all of the > emails that show up to MS and Mailwatch as having no From: address in > the envelop from Outlook. > > Maybe someone can tell me what it means when the Subject line has the > word "Read: " instead of the plain old vanilla "Re: " in it. Googling > hasn't helped since I can't seem to find the right search string. > Does this have anything to do with Return Receipts? These are all > emails that the Outlook user is "Replying" to some email. Yes, they're return receipts. I just pulled up the a gazillion of them in MailWatch. Told the report function to find messages that contained "Read:" in the subject. I only glanced at a couple, but they were read receipts. The interesting thing was there weere also "Not Read": messages. It appears that when the messages were deleted w/o being read, that also generated a notice. I'd never seen that before, but then I virtually never use read receipts and don't automatically allow them. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From campbell at cnpapers.com Wed Mar 17 18:56:27 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 17 18:56:41 2010 Subject: Outlook oddities #2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> Message-ID: <4BA125DB.7040407@cnpapers.com> Kevin Miller wrote: > Steve Campbell wrote: > >> Starting this up again, as I have more info but no answers. >> >> After comparing headers and anything else I could find, other than the >> To: and From: being in different order sometimes (To: comes first >> sometimes, From: others), I finally found a commonality in all of the >> emails that show up to MS and Mailwatch as having no From: address in >> the envelop from Outlook. >> >> Maybe someone can tell me what it means when the Subject line has the >> word "Read: " instead of the plain old vanilla "Re: " in it. Googling >> hasn't helped since I can't seem to find the right search string. >> Does this have anything to do with Return Receipts? These are all >> emails that the Outlook user is "Replying" to some email. >> > > Yes, they're return receipts. I just pulled up the a gazillion of them in MailWatch. Told the report function to find messages that contained "Read:" in the subject. I only glanced at a couple, but they were read receipts. The interesting thing was there weere also "Not Read": messages. It appears that when the messages were deleted w/o being read, that also generated a notice. I'd never seen that before, but then I virtually never use read receipts and don't automatically allow them. > > HTH... > > ...Kevin > Thanks Kevin, The warning in MW indicates "no watermark or sender address" so I think I can do a hex dump on the quarantined file and see what's causing the corruption. I'm still a little confused about having the address whitelisted from which these users are sending, and why SA complains since it isn't supposed to be checking these because of that. Then there's the confusion over what Outlook is really doing to them. I'll keep looking and report if I ever find out what's going on. steve From campbell at cnpapers.com Wed Mar 17 19:22:37 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 17 19:22:54 2010 Subject: Outlook oddities #2 In-Reply-To: <4BA125DB.7040407@cnpapers.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> Message-ID: <4BA12BFD.1040009@cnpapers.com> Correction:!!! It's the return receipts themselves that are botched, not the reply to any mail that has requested an RR. And it's only Outlook that is doing the botching. So the solution isn't as important as I thought. steve Steve Campbell wrote: > > > Kevin Miller wrote: >> Steve Campbell wrote: >> >>> Starting this up again, as I have more info but no answers. >>> >>> After comparing headers and anything else I could find, other than the >>> To: and From: being in different order sometimes (To: comes first >>> sometimes, From: others), I finally found a commonality in all of the >>> emails that show up to MS and Mailwatch as having no From: address in >>> the envelop from Outlook. >>> Maybe someone can tell me what it means when the Subject line has the >>> word "Read: " instead of the plain old vanilla "Re: " in it. Googling >>> hasn't helped since I can't seem to find the right search string. >>> Does this have anything to do with Return Receipts? These are all >>> emails that the Outlook user is "Replying" to some email. >> >> Yes, they're return receipts. I just pulled up the a gazillion of >> them in MailWatch. Told the report function to find messages that >> contained "Read:" in the subject. I only glanced at a couple, but >> they were read receipts. The interesting thing was there weere also >> "Not Read": messages. It appears that when the messages were deleted >> w/o being read, that also generated a notice. I'd never seen that >> before, but then I virtually never use read receipts and don't >> automatically allow them. >> >> HTH... >> >> ...Kevin >> > > Thanks Kevin, > > The warning in MW indicates "no watermark or sender address" so I > think I can do a hex dump on the quarantined file and see what's > causing the corruption. > > I'm still a little confused about having the address whitelisted from > which these users are sending, and why SA complains since it isn't > supposed to be checking these because of that. > > Then there's the confusion over what Outlook is really doing to them. > > I'll keep looking and report if I ever find out what's going on. > > steve > From Kevin_Miller at ci.juneau.ak.us Wed Mar 17 19:45:01 2010 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 17 19:45:13 2010 Subject: Outlook oddities #2 In-Reply-To: <4BA125DB.7040407@cnpapers.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> Message-ID: <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> Steve Campbell wrote: > The warning in MW indicates "no watermark or sender address" so I > think I can do a hex dump on the quarantined file and see what's > causing the corruption. > > I'm still a little confused about having the address whitelisted from > which these users are sending, and why SA complains since it isn't > supposed to be checking these because of that. I never noticed it before, but all the whitelisted entries have SA scores associated with them. Apparently SA runs regardless, but just passes them if whitelisted... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From jeff.mills at sydneytech.com.au Wed Mar 17 22:14:02 2010 From: jeff.mills at sydneytech.com.au (Jeff Mills) Date: Wed Mar 17 22:14:15 2010 Subject: Office Documents - No Programs allowed Message-ID: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> I know this has been discussed, but I can't find a definitive answer in the archives. I have an issue with word documents being picked up as programs by mailscanner. MailMaster: No programs allowed (ELF) (MullumbimbyISBOSInstall.doc) # file MullumbimbyISBOSInstall.doc MullumbimbyISBOSInstall.doc: CDF V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: Self Service, Author: User, Template: Normal.dot, Last Saved By: f309604, Revision Number: 7, Name of Creating Application: Microsoft Office Word, Total Editing Time: 33:00, Last Printed: Sun Dec 20 06:52:00 2009, Create Time/Date: Wed Mar 10 04:15:00 2010, Last Saved Time/Date: Thu Mar 11 01:28:00 2010, Number of Pages: 1, Number of Words: 449, Number of Characters: 2561, Security: 0 # file -i MullumbimbyISBOSInstall.doc MullumbimbyISBOSInstall.doc: application/msword; charset=binary Is it the charset=binary that is causing this issue? If so, what, if anything, can be done to sort it? Thanks, Jeff From Amelein at dantumadiel.eu Thu Mar 18 07:43:38 2010 From: Amelein at dantumadiel.eu (Arjan Melein) Date: Thu Mar 18 07:43:55 2010 Subject: Betr.: Office Documents - No Programs allowed In-Reply-To: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> References: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> Message-ID: <4BA1E7BA0200008E00013920@10.1.0.206> I had the same, comented out the ELF line in the filetypes and the number of false matches has gone down, but now it picks em up as AVI files every now and then. - Arjan >>> Op 17-3-2010 om 23:14 is door "Jeff Mills" geschreven: > I know this has been discussed, but I can't find a definitive answer in > the archives. > > I have an issue with word documents being picked up as programs by > mailscanner. > > MailMaster: No programs allowed (ELF) (MullumbimbyISBOSInstall.doc) > > > # file MullumbimbyISBOSInstall.doc > MullumbimbyISBOSInstall.doc: CDF V2 Document, Little Endian, Os: > Windows, Version 5.1, Code page: 1252, Title: Self Service, Author: > User, Template: Normal.dot, Last Saved By: f309604, Revision Number: 7, > Name of Creating Application: Microsoft Office Word, Total Editing Time: > 33:00, Last Printed: Sun Dec 20 06:52:00 2009, Create Time/Date: Wed Mar > 10 04:15:00 2010, Last Saved Time/Date: Thu Mar 11 01:28:00 2010, Number > of Pages: 1, Number of Words: 449, Number of Characters: 2561, Security: > 0 > > # file -i MullumbimbyISBOSInstall.doc > MullumbimbyISBOSInstall.doc: application/msword; charset=binary > > > Is it the charset=binary that is causing this issue? > If so, what, if anything, can be done to sort it? > > Thanks, > Jeff > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Mar 18 08:49:07 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 18 08:49:15 2010 Subject: Outlook oddities #2 In-Reply-To: <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> Message-ID: <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> On 17 March 2010 20:45, Kevin Miller wrote: > Steve Campbell wrote: >> The warning in MW indicates "no watermark or sender address" so I >> think I can do a hex dump on the quarantined file and see what's >> causing the corruption. >> >> I'm still a little confused about having the address whitelisted from >> which these users are sending, and why SA complains since it isn't >> supposed to be checking these because of that. > > I never noticed it before, but all the whitelisted entries have SA scores associated with them. ?Apparently SA runs regardless, but just passes them if whitelisted... > > ...Kevin If you have the "Always include SA score" setting (probably named slightly different... Bad memory day:-), MS will have to run SA for everything, whether it is used as a "sorting criterion" or not. That Steve has problems with the watermark feature (which is an MS feature) marking some return receipts as spam ... kind of suggest the sollution itself, doesn't it? Juts put a similar ruleset on that as you have for the spam whitelist ... and presto, problem solved;-). The settings to look at/put a ruleset on are (one of, depending on the effect you want): Check Watermarks With No Sender (to simply check/not check watermarks for the whitelisted IP addresses) Treat Invalid Watermarks With No Sender as Spam (to choose a different action... "nothing" seems appropriate for the whitelisted ones:-) But don't use "Use Watermarking" for the whitelist, since that would effectively turn the feature off for relayed mail;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 18 08:58:10 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 18 08:58:18 2010 Subject: Office Documents - No Programs allowed In-Reply-To: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> References: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> Message-ID: <223f97701003180158g50f1ebfcu9861010d784b1930@mail.gmail.com> On 17 March 2010 23:14, Jeff Mills wrote: > I know this has been discussed, but I can't find a definitive answer in > the archives. > > I have an issue with word documents being picked up as programs by > mailscanner. > > MailMaster: No programs allowed (ELF) (MullumbimbyISBOSInstall.doc) > > > # file MullumbimbyISBOSInstall.doc > MullumbimbyISBOSInstall.doc: CDF V2 Document, Little Endian, Os: > Windows, Version 5.1, Code page: 1252, Title: Self Service, Author: > User, Template: Normal.dot, Last Saved By: f309604, Revision Number: 7, > Name of Creating Application: Microsoft Office Word, Total Editing Time: > 33:00, Last Printed: Sun Dec 20 06:52:00 2009, Create Time/Date: Wed Mar > 10 04:15:00 2010, Last Saved Time/Date: Thu Mar 11 01:28:00 2010, Number > of Pages: 1, Number of Words: 449, Number of Characters: 2561, Security: > 0 > > # file -i MullumbimbyISBOSInstall.doc > MullumbimbyISBOSInstall.doc: application/msword; charset=binary > > > Is it the charset=binary that is causing this issue? > If so, what, if anything, can be done to sort it? > It is the "Title: Self Service" part that spooks MS... Perhaps the RE is a tad ... trusting...Haven't looked at the particular code ... recently... so I would't know for sure:-). Jules probably does though:) Look at changing over to file -i ... seems to be the reasonable way to go, if the odd FP irks you. I'm not sure that file -i doesn't come with a higher FN rate though. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 18 09:03:05 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 18 09:03:14 2010 Subject: Betr.: Office Documents - No Programs allowed In-Reply-To: <4BA1E7BA0200008E00013920@10.1.0.206> References: <556B68BE19272143ADE2500D9CC858BD579282@stssvr01.Sts.local> <4BA1E7BA0200008E00013920@10.1.0.206> Message-ID: <223f97701003180203g4df76a38h81a86cbc978cd3ff@mail.gmail.com> On 18 March 2010 08:43, Arjan Melein wrote: > I had the same, comented out the ELF line in the filetypes and the number of false matches has gone down, but now it picks em up as AVI files every now and then. > > - > Arjan > The "problem" is more with your version of file than with MS ... it simply returns a bit too much information, specifically information that varies wildly (Title:, Author: etc). You could either look at changing over entirely to file -i (sorry don't remember how to do that, you'll have to look it up yourselves;-), or you could wrap your file command in a small wrapper that ... sanitizes the file output... A small perl, awk or sed script should do:-). Cheers -- -- Glenn >>>> Op 17-3-2010 om 23:14 is door "Jeff Mills" > geschreven: >> I know this has been discussed, but I can't find a definitive answer in >> the archives. >> >> I have an issue with word documents being picked up as programs by >> mailscanner. >> >> MailMaster: No programs allowed (ELF) (MullumbimbyISBOSInstall.doc) >> >> >> # file MullumbimbyISBOSInstall.doc >> MullumbimbyISBOSInstall.doc: CDF V2 Document, Little Endian, Os: >> Windows, Version 5.1, Code page: 1252, Title: Self Service, Author: >> User, Template: Normal.dot, Last Saved By: f309604, Revision Number: 7, >> Name of Creating Application: Microsoft Office Word, Total Editing Time: >> 33:00, Last Printed: Sun Dec 20 06:52:00 2009, Create Time/Date: Wed Mar >> 10 04:15:00 2010, Last Saved Time/Date: Thu Mar 11 01:28:00 2010, Number >> of Pages: 1, Number of Words: 449, Number of Characters: 2561, Security: >> 0 >> >> # file -i MullumbimbyISBOSInstall.doc >> MullumbimbyISBOSInstall.doc: application/msword; charset=binary >> >> >> Is it the charset=binary that is causing this issue? >> If so, what, if anything, can be done to sort it? >> >> Thanks, >> Jeff >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Thu Mar 18 12:45:20 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Mar 18 12:45:35 2010 Subject: Outlook oddities #2 In-Reply-To: <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> Message-ID: <4BA22060.3090301@cnpapers.com> Thanks Glenn, Glenn Steen wrote: > On 17 March 2010 20:45, Kevin Miller wrote: > >> Steve Campbell wrote: >> >>> The warning in MW indicates "no watermark or sender address" so I >>> think I can do a hex dump on the quarantined file and see what's >>> causing the corruption. >>> >>> I'm still a little confused about having the address whitelisted from >>> which these users are sending, and why SA complains since it isn't >>> supposed to be checking these because of that. >>> >> I never noticed it before, but all the whitelisted entries have SA scores associated with them. Apparently SA runs regardless, but just passes them if whitelisted... >> Kevin, I'm not sure this is true in this case. The IP is whitelisted, but the SA stuff is short-circuited by the From: and watermark problems. No SA score is shown on these RR thingys. Thanks. >> ...Kevin >> > > If you have the "Always include SA score" setting (probably named > slightly different... Bad memory day:-), MS will have to run SA for > everything, whether it is used as a "sorting criterion" or not. > > I do have that set, but apparantly, the watermark section takes precedence over the SA section. > That Steve has problems with the watermark feature (which is an MS > feature) marking some return receipts as spam ... kind of suggest the > sollution itself, doesn't it? Juts put a similar ruleset on that as > you have for the spam whitelist ... and presto, problem solved;-). > > I had already considered this as a "workaround" but was hoping to find a solution to the real problem (Outlook). Of course I'm still wondering what is going on that makes a RR differ from normal mail sent and why something is missing or corrupt to make MS/SA think there is a problem in the first place. Based on what I see, the From is corrupt or something and the watermark isn't there. I might be looking at the files at the wrong time (in the timeline of the email). But shouldn't these RRs go through the same process as a normally sent email? > The settings to look at/put a ruleset on are (one of, depending on the > effect you want): > Check Watermarks With No Sender (to simply check/not check watermarks > for the whitelisted IP addresses) > Treat Invalid Watermarks With No Sender as Spam (to choose a different > action... "nothing" seems appropriate for the whitelisted ones:-) > But don't use "Use Watermarking" for the whitelist, since that would > effectively turn the feature off for relayed mail;-). > > Cheers > I'm going to try and see what the above will accomplish. Again, thanks for the help. steve From glenn.steen at gmail.com Thu Mar 18 17:35:35 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 18 17:35:44 2010 Subject: Outlook oddities #2 In-Reply-To: <4BA22060.3090301@cnpapers.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> <4BA22060.3090301@cnpapers.com> Message-ID: <223f97701003181035h5ae93acfy183b73a0734c58fc@mail.gmail.com> On 18 March 2010 13:45, Steve Campbell wrote: > Thanks Glenn, > > Glenn Steen wrote: >> >> On 17 March 2010 20:45, Kevin Miller wrote: >> >>> >>> Steve Campbell wrote: >>> >>>> >>>> The warning in MW indicates "no watermark or sender address" so I >>>> think I can do a hex dump on the quarantined file and see what's >>>> causing the corruption. >>>> >>>> I'm still a little confused about having the address whitelisted from >>>> which these users are sending, and why SA complains since it isn't >>>> supposed to be checking these because of that. >>>> >>> >>> I never noticed it before, but all the whitelisted entries have SA scores >>> associated with them. ?Apparently SA runs regardless, but just passes them >>> if whitelisted... >>> > > Kevin, > > I'm not sure this is true in this case. The IP is whitelisted, but the SA > stuff is short-circuited by the From: and watermark problems. No SA score is > shown on these RR thingys. > > Thanks. >>> >>> ...Kevin >>> >> >> If you have the "Always include SA score" setting (probably named >> slightly different... Bad memory day:-), MS will have to run SA for >> everything, whether it is used as a "sorting criterion" or not. >> >> > > I do have that set, but apparantly, the watermark section takes precedence > over the SA section. >> >> That Steve has problems with the watermark feature (which is an MS >> feature) marking some return receipts as spam ... kind of suggest the >> sollution itself, doesn't it? Juts put a similar ruleset on that as >> you have for the spam whitelist ... and presto, problem solved;-). >> >> > > I had already considered this as a "workaround" but was hoping to find a > solution to the real problem (Outlook). Of course I'm still wondering what > is going on that makes a RR differ from normal mail sent and why something > is missing or corrupt to make MS/SA think there is a problem in the first > place. > > Based on what I see, the From is corrupt or something and the watermark > isn't there. I might be looking at the files at the wrong time (in the > timeline of the email). But shouldn't these RRs go through the same process > as a normally sent email? All "MAILER-DAEMON"-type mails have an empty sender. This is stipulated in the RFC(s). Spammers tend to abuse this, so hence the watermark feature ... to battle that. It does so by checking adding a "watermark header" to all outgoing mail. When some MTA "on the net" have a need to return a message, the watermark header must be preserved (stipulated by the same RFCs), so that MS can check all the "empty senders" mails for a valid watermark. Normally this works nicely. But when an agent misbehave, like yours do, then the sender will be empty, but the watermark will not be preserved... Leading to MS treating it as spam (or whatever you've configured it to do:-). So the problem, in a nutshell, is that your internal server/clients aren't preserving all headers for the RRs. DSN/NDNs are probably not affected, but you can do a simple search in MailWatch to see if they are... I know for certain that MS Exchange 2k3 will abuse this for OoO type messages... But I don't care that much about those:) If anything, look at stopping RRs altogether. I do by so by intentionally breaking RFC-compliance... I let Postfix "ignore" those headers;-). >> >> The settings to look at/put a ruleset on are (one of, depending on the >> effect you want): >> Check Watermarks With No Sender (to simply check/not check watermarks >> for the whitelisted IP addresses) >> Treat Invalid Watermarks With No Sender as Spam (to choose a different >> action... "nothing" seems appropriate for the whitelisted ones:-) >> But don't use "Use Watermarking" for the whitelist, since that would >> effectively turn the feature off for relayed mail;-). >> >> Cheers >> > > I'm going to try and see what the above will accomplish. Again, thanks for > the help. > > steve > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Thu Mar 18 18:01:07 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 18 18:01:33 2010 Subject: Outlook oddities #2 In-Reply-To: <4BA22060.3090301@cnpapers.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> <4BA22060.3090301@cnpapers.com> Message-ID: > Kevin, > > I'm not sure this is true in this case. The IP is whitelisted, but the > SA stuff is short-circuited by the From: and watermark problems. No SA > score is shown on these RR thingys. > A return receipt won't have a watermark because it is not the original message sent back. It is a new generated message going out the first time. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100318/1f4ca8ed/signature.bin From campbell at cnpapers.com Thu Mar 18 18:05:03 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Mar 18 18:05:18 2010 Subject: Outlook oddities #2 In-Reply-To: <223f97701003181035h5ae93acfy183b73a0734c58fc@mail.gmail.com> References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> <4BA22060.3090301@cnpapers.com> <223f97701003181035h5ae93acfy183b73a0734c58fc@mail.gmail.com> Message-ID: <4BA26B4F.6060400@cnpapers.com> Glenn Steen wrote: > On 18 March 2010 13:45, Steve Campbell wrote: > >> Thanks Glenn, >> >> Glenn Steen wrote: >> >>> On 17 March 2010 20:45, Kevin Miller wrote: >>> >>> >>>> Steve Campbell wrote: >>>> >>>> >>>>> The warning in MW indicates "no watermark or sender address" so I >>>>> think I can do a hex dump on the quarantined file and see what's >>>>> causing the corruption. >>>>> >>>>> I'm still a little confused about having the address whitelisted from >>>>> which these users are sending, and why SA complains since it isn't >>>>> supposed to be checking these because of that. >>>>> >>>>> >>>> I never noticed it before, but all the whitelisted entries have SA scores >>>> associated with them. Apparently SA runs regardless, but just passes them >>>> if whitelisted... >>>> >>>> >> Kevin, >> >> I'm not sure this is true in this case. The IP is whitelisted, but the SA >> stuff is short-circuited by the From: and watermark problems. No SA score is >> shown on these RR thingys. >> >> Thanks. >> >>>> ...Kevin >>>> >>>> >>> If you have the "Always include SA score" setting (probably named >>> slightly different... Bad memory day:-), MS will have to run SA for >>> everything, whether it is used as a "sorting criterion" or not. >>> >>> >>> >> I do have that set, but apparantly, the watermark section takes precedence >> over the SA section. >> >>> That Steve has problems with the watermark feature (which is an MS >>> feature) marking some return receipts as spam ... kind of suggest the >>> sollution itself, doesn't it? Juts put a similar ruleset on that as >>> you have for the spam whitelist ... and presto, problem solved;-). >>> >>> >>> >> I had already considered this as a "workaround" but was hoping to find a >> solution to the real problem (Outlook). Of course I'm still wondering what >> is going on that makes a RR differ from normal mail sent and why something >> is missing or corrupt to make MS/SA think there is a problem in the first >> place. >> >> Based on what I see, the From is corrupt or something and the watermark >> isn't there. I might be looking at the files at the wrong time (in the >> timeline of the email). But shouldn't these RRs go through the same process >> as a normally sent email? >> > All "MAILER-DAEMON"-type mails have an empty sender. This is > stipulated in the RFC(s). > Spammers tend to abuse this, so hence the watermark feature ... to > battle that. It does so by checking adding a "watermark header" to all > outgoing mail. When some MTA "on the net" have a need to return a > message, the watermark header must be preserved (stipulated by the > same RFCs), so that MS can check all the "empty senders" mails for a > valid watermark. > Normally this works nicely. > > But when an agent misbehave, like yours do, then the sender will be > empty, but the watermark will not be preserved... Leading to MS > treating it as spam (or whatever you've configured it to do:-). > > So the problem, in a nutshell, is that your internal server/clients > aren't preserving all headers for the RRs. DSN/NDNs are probably not > affected, but you can do a simple search in MailWatch to see if they > are... I know for certain that MS Exchange 2k3 will abuse this for OoO > type messages... But I don't care that much about those:) > > If anything, look at stopping RRs altogether. I do by so by > intentionally breaking RFC-compliance... I let Postfix "ignore" those > headers;-). > > >>> The settings to look at/put a ruleset on are (one of, depending on the >>> effect you want): >>> Check Watermarks With No Sender (to simply check/not check watermarks >>> for the whitelisted IP addresses) >>> Treat Invalid Watermarks With No Sender as Spam (to choose a different >>> action... "nothing" seems appropriate for the whitelisted ones:-) >>> But don't use "Use Watermarking" for the whitelist, since that would >>> effectively turn the feature off for relayed mail;-). >>> >>> Cheers >>> >>> >> I'm going to try and see what the above will accomplish. Again, thanks for >> the help. >> >> steve >> >> > > Cheers > I wasn't aware that these RRs weren't treated as normal "Reply To" messages. Turns out, after doing more digging, that Outlook 10 and Outlook 12 handles these properly. Outlook 11, which is common on a lot of our machines, breaks things. Some Outlook 9 problems are showing up, but I don't have enough info to say that all 9's are broken. So the problem definition is mostly Outlook odd-numbered versions produce odd results. Outlook, itself, is an odd program. Apparently, some oddball programmer at Microsoft forgot to include fixes from version 10, which fixed version 9, into version 11, and remembered it for version 12. Guess by now you've figured out that the next version of Outlook is going to be broken just because of karma. For some reason, no one is requesting these RRs today, so I'm not getting a lot to monitor for fixage. Thanks for all the help. steve From brian at tyler.com Thu Mar 18 20:04:47 2010 From: brian at tyler.com (Brian Cullins) Date: Thu Mar 18 20:05:24 2010 Subject: Spamassassin Not working Message-ID: <020401cac6d6$42c24790$c846d6b0$@com> After upgrading to Spamassassin 3.3.0, it is now broken. MailScanner scans mail and delivers it as if the "Use Spamassassin" pref is set to "No". I have reverted to the older version of SA and even installed the latest beta of MS and it is still broken...any ideas? Thanks, Brian Cullins -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100318/2241cd3c/attachment.html From ecasarero at gmail.com Thu Mar 18 20:18:14 2010 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Mar 18 20:18:43 2010 Subject: Spamassassin Not working In-Reply-To: <020401cac6d6$42c24790$c846d6b0$@com> References: <020401cac6d6$42c24790$c846d6b0$@com> Message-ID: <7d9b3cf21003181318s35a4124vee7ee03effef1189@mail.gmail.com> did you test spamassassin alone? 2010/3/18 Brian Cullins > After upgrading to Spamassassin 3.3.0, it is now broken. MailScanner > scans mail and delivers it as if the "Use Spamassassin" pref is set to "No". > I have reverted to the older version of SA and even installed the latest > beta of MS and it is still broken...any ideas? > > > > *Thanks,* > > *Brian Cullins* > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100318/4e2eb56e/attachment.html From mikes at hartwellcorp.com Thu Mar 18 21:27:48 2010 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Thu Mar 18 22:21:24 2010 Subject: Hang problem when building message batch Message-ID: <3BF93070B3D1B047BA7ABF612958950D072407BE@hcex.hartwellcorp.com> I'm having trouble with MailScanner 'hanging'. The master process says "waiting for children" and the child processes say "waiting for messages". If I run in debug mode using "MailScanner --debug" I get the following output: ------------ [root@hcfw1 MailScanner]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... ------------ At this point it 'hangs' and never comes back with a prompt. I am running version 4.79.11 on a Cent-OS 5.4 system using sendmail as the MTA. My config file is below: %org-name% = Hartwell %org-long-name% = Hartwell Corporation %web-site% = www.hartwellcorp.com %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 3 Run As User = mail Run As Group = root Queue Scan Interval = 5 Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 14400 MTA = sendmail Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100000000 Max Unsafe Bytes Per Scan = 50000000 Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = %rules-dir%/scan.messages.rules Reject Message = no Maximum Processing Attempts = 6 Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = 0 Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 4 Find Archives By Content = yes Unpack Microsoft Documents = yes Zip Attachments = no Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Add Text Of Doc = no Antiword = /usr/bin/antiword -f Antiword Timeout = 50 Unzip Maximum Files Per Archive = 0 Unzip Maximum File Size = 50k Unzip Filenames = *.txt *.ini *.log *.csv Unzip MimeType = text/plain Virus Scanning = yes Virus Scanners = auto Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish* Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = yes Check Filenames In Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /usr/local/Sophos/ide Sophos Lib Dir = /usr/local/Sophos/lib Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 5 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = no Fpscand Port = 10200 Dangerous Content Scanning = %rules-dir%/content.scanning.rules Allow Partial Messages = yes Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = Known Web Bug Servers = msgtag.com Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Archives Are = zip rar ole Allow Filenames = Deny Filenames = Filename Rules = Allow Filetypes = Allow File MIME Types = Deny Filetypes = Deny File MIME Types = Filetype Rules = Archives: Allow Filenames = Archives: Deny Filenames = Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf Archives: Allow Filetypes = Archives: Allow File MIME Types = Archives: Deny Filetypes = Archives: Deny File MIME Types = Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = yes Envelope From Header = X-Envelope-From: Envelope To Header = X-Envelope-To: ID Header = X-%org-name%-MailScanner-ID: IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: Spam Score Character = s SpamScore Number Instead Of Stars = yes Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact MIS for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = add Place New Headers At Top Of Message = no Hostname = the %org-name% MailScanner Sign Messages Already Processed = no Sign Clean Messages = %rules-dir%/disclaimer.rules Attach Image To Signature = no Attach Image To HTML Message Only = yes Allow Multiple HTML Signatures = no Dont Sign HTML If Headers Exist = # In-Reply-To: References: Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact MIS for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = yes Virus Subject Text = {Virus?} Filename Modify Subject = no Filename Subject Text = {Filename?} Content Modify Subject = yes Content Subject Text = {Content} Size Modify Subject = yes Size Subject Text = {Size} Disarmed Modify Subject = yes Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = no Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {MailScanner} Warning Is Attachment = no Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = us-ascii Archive Mail = Missing Mail Archive Is = directory Send Notices = no Notices Include Full Headers = no Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = # ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 30 Max Spam Check Size = 500000 Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = delete Check Watermarks To Skip Spam Checks = yes Watermark Secret = camj@g Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Use SpamAssassin = yes Max SpamAssassin Size = 30000 Required SpamAssassin Score = 8 High SpamAssassin Score = 8 SpamAssassin Auto Whitelist = no SpamAssassin Timeout = 240 Max SpamAssassin Timeouts = 20 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 86400 Wait During Bayes Rebuild = yes Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20000 Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver High Scoring Spam Actions = deliver Non Spam Actions = deliver SpamAssassin Rule Actions = Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = yes Log Non Spam = yes Log Delivery And Non-Delivery = yes Log Permitted Filenames = yes Log Permitted Filetypes = yes Log Permitted File MIME Types = yes Log Silent Viruses = no Log Dangerous HTML Tags = no Log SpamAssassin Rule Actions = no SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Local State Dir = # /var/lib SpamAssassin Default Rules Dir = MCP Checks = no First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Read IP Address From Received Header = no Spam Score Number Format = %5.2f MailScanner Version Number = 4.79.11 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /var/spool/MailScanner/incoming/Locks Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Syslog Socket Type = Automatic Syntax Check = yes Minimum Code Status = supported include /etc/MailScanner/conf.d/* -- Michael St. Laurent IT Department Hartwell Corporation -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From marc at marcsnet.com Thu Mar 18 22:44:24 2010 From: marc at marcsnet.com (Marc Lucke) Date: Thu Mar 18 22:44:45 2010 Subject: Spamassassin Not working In-Reply-To: <020401cac6d6$42c24790$c846d6b0$@com> References: <020401cac6d6$42c24790$c846d6b0$@com> Message-ID: <4BA2ACC8.507@marcsnet.com> I don't know if this will help or not Brian but I recently did what I think might be the same thing. It took me a very long time (stupid me!) to run: MailScanner --lint When I did this it complained that the bayes stuff was all of 3.2.5 so I went to spamassassin's web page and download the tarball for 3.2.5 and installed that - it was only for Perl, not the RPM. I can't quite recall (it was late when I did it) but I don't think I bothered trying to get rid of 3.3.0 first. I think my problem may have been also solved by making sure the RPM version matched the Perl version - but I run CentOS5 and didn't want to screw with all of that, so settled for 3.2.5 Mind you, my spamassassin was working, just ignoring bayes. Try lint if you haven't. It will tell you what's going on. Brian Cullins wrote: > > After upgrading to Spamassassin 3.3.0, it is now broken. MailScanner > scans mail and delivers it as if the "Use Spamassassin" pref is set to > "No". I have reverted to the older version of SA and even installed > the latest beta of MS and it is still broken...any ideas? > > > > */Thanks,/* > > */Brian Cullins/* > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. From mikael at syska.dk Thu Mar 18 22:53:18 2010 From: mikael at syska.dk (Mikael Syska) Date: Thu Mar 18 22:53:33 2010 Subject: Hang problem when building message batch In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D072407BE@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D072407BE@hcex.hartwellcorp.com> Message-ID: <6beca9db1003181553r5c6cc113t6a57e98d1b736e6@mail.gmail.com> Hi, What does MailScanner --lint says ? maybe also try MailScanner --debug-sa On Thu, Mar 18, 2010 at 10:27 PM, Michael St. Laurent wrote: > I'm having trouble with MailScanner 'hanging'. ?The master process says > "waiting for children" and the child processes say "waiting for > messages". ?If I run in debug mode using "MailScanner --debug" I get the > following output: > > ------------ > [root@hcfw1 MailScanner]# MailScanner --debug > > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > > ------------ > At this point it 'hangs' and never comes back with a prompt. > > I am running version 4.79.11 on a Cent-OS 5.4 system using sendmail as > the MTA. > > My config file is below: > > %org-name% = Hartwell > %org-long-name% = Hartwell Corporation > %web-site% = www.hartwellcorp.com > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/en > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > Max Children = 3 > Run As User = mail > Run As Group = root > Queue Scan Interval = 5 > Incoming Queue Dir = /var/spool/mqueue.in > Outgoing Queue Dir = /var/spool/mqueue > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 14400 > MTA = sendmail > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 800 > Scan Messages = %rules-dir%/scan.messages.rules > Reject Message = no > Maximum Processing Attempts = 6 > Processing Attempts Database = > /var/spool/MailScanner/incoming/Processing.db > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = 0 > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 4 > Find Archives By Content = yes > Unpack Microsoft Documents = yes > Zip Attachments = no > Attachments Zip Filename = MessageAttachments.zip > Attachments Min Total Size To Zip = 100k > Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg > .mpe .mpeg .mp3 .rpm .htm .html .eml > Add Text Of Doc = no > Antiword = /usr/bin/antiword -f > Antiword Timeout = 50 > Unzip Maximum Files Per Archive = 0 > Unzip Maximum File Size = 50k > Unzip Filenames = *.txt *.ini *.log *.csv > Unzip MimeType = text/plain > Virus Scanning = yes > Virus Scanners = auto > Virus Scanner Timeout = 300 > Deliver Disinfected Files = no > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ > Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: > Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* *Phish* > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = yes > Check Filenames In Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /usr/local/Sophos/ide > Sophos Lib Dir = /usr/local/Sophos/lib > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* > /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 5 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = # /var/lock/subsys/clamd > Clamd Use Threads = no > ClamAV Full Message Scan = no > Fpscand Port = 10200 > Dangerous Content Scanning = %rules-dir%/content.scanning.rules > Allow Partial Messages = yes > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf > Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = > Known Web Bug Servers = msgtag.com > Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Archives Are = zip rar ole > Allow Filenames = > Deny Filenames = > Filename Rules = > Allow Filetypes = > Allow File MIME Types = > Deny Filetypes = > Deny File MIME Types = > Filetype Rules = > Archives: Allow Filenames = > Archives: Deny Filenames = > Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf > Archives: Allow Filetypes = > Archives: Allow File MIME Types = > Archives: Deny Filetypes = > Archives: Deny File MIME Types = > Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = yes > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt > Stored Bad Content Message Report = > %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Signature Image Filename = %report-dir%/sig.jpg > Signature Image Filename = signature.jpg > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = yes > Envelope From Header = X-Envelope-From: > Envelope To Header = X-Envelope-To: > ID Header = X-%org-name%-MailScanner-ID: > IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol: > Spam Score Character = s > SpamScore Number Instead Of Stars = yes > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Information Header Value = Please contact MIS for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = yes > Multiple Headers = add > Place New Headers At Top Of Message = no > Hostname = the %org-name% MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = %rules-dir%/disclaimer.rules > Attach Image To Signature = no > Attach Image To HTML Message Only = yes > Allow Multiple HTML Signatures = no > Dont Sign HTML If Headers Exist = # In-Reply-To: References: > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact MIS for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Modify Subject = no # end > Scanned Subject Text = {Scanned} > Virus Modify Subject = yes > Virus Subject Text = {Virus?} > Filename Modify Subject = no > Filename Subject Text = {Filename?} > Content Modify Subject = yes > Content Subject Text = {Content} > Size Modify Subject = yes > Size Subject Text = {Size} > Disarmed Modify Subject = yes > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = no > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = yes > High Scoring Spam Subject Text = {MailScanner} > Warning Is Attachment = no > Attachment Warning Filename = %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = us-ascii > Archive Mail = > Missing Mail Archive Is = directory > Send Notices = no > Notices Include Full Headers = no > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus > Scanner\nwww.mailscanner.info > Notices From = MailScanner > Notices To = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam List = # ORDB-RBL SBL+XBL # MAPS-RBL+ costs money (except .ac.uk) > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 3 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > Is Definitely Spam = no > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 30 > Max Spam Check Size = 500000 > Use Watermarking = yes > Add Watermark = yes > Check Watermarks With No Sender = yes > Treat Invalid Watermarks With No Sender as Spam = delete > Check Watermarks To Skip Spam Checks = yes > Watermark Secret = camj@g > Watermark Lifetime = 604800 > Watermark Header = X-%org-name%-MailScanner-Watermark: > Use SpamAssassin = yes > Max SpamAssassin Size = 30000 > Required SpamAssassin Score = 8 > High SpamAssassin Score = 8 > SpamAssassin Auto Whitelist = no > SpamAssassin Timeout = 240 > Max SpamAssassin Timeouts = 20 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 86400 > Wait During Bayes Rebuild = yes > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20000 > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = deliver > High Scoring Spam Actions = deliver > Non Spam Actions = deliver > SpamAssassin Rule Actions = > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = yes > Log Non Spam = yes > Log Delivery And Non-Delivery = yes > Log Permitted Filenames = yes > Log Permitted Filetypes = yes > Log Permitted File MIME Types = yes > Log Silent Viruses = no > Log Dangerous HTML Tags = no > Log SpamAssassin Rule Actions = no > SpamAssassin Temporary Dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin User State Dir = > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Local State Dir = # /var/lib > SpamAssassin Default Rules Dir = > MCP Checks = no > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = deliver > High Scoring MCP Actions = deliver > Bounce MCP As Attachment = no > MCP Modify Subject = yes > MCP Subject Text = {MCP?} > High Scoring MCP Modify Subject = yes > High Scoring MCP Subject Text = {MCP?} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100000 > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Read IP Address From Received Header = no > Spam Score Number Format = %5.2f > MailScanner Version Number = 4.79.11 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = no > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /var/spool/MailScanner/incoming/Locks > Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions > Lock Type = > Syslog Socket Type = > Automatic Syntax Check = yes > Minimum Code Status = supported > include /etc/MailScanner/conf.d/* > > -- > Michael St. Laurent > IT Department > Hartwell Corporation > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From drew.marshall at trunknetworks.com Fri Mar 19 07:48:50 2010 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Fri Mar 19 07:49:02 2010 Subject: Spamassassin Not working In-Reply-To: <020401cac6d6$42c24790$c846d6b0$@com> References: <020401cac6d6$42c24790$c846d6b0$@com> Message-ID: On 18 Mar 2010, at 20:04, Brian Cullins wrote: > After upgrading to Spamassassin 3.3.0, it is now broken. MailScanner > scans mail and delivers it as if the "Use Spamassassin" pref is set > to "No". I have reverted to the older version of SA and even > installed the latest beta of MS and it is still broken...any ideas? SA 3.3 comes with no rules in it's installation package. Have you run sa-update yet? If not you will have no rules to score mail against, which will cause the effect you have seen. The other one you need to also check is the SpamAssassin Local State Dir = line in MailScanner.conf has the correct path to the rules that have been downloaded. In FreeBSD this is /var/db/spamassassin but I would think in most variations of Linux it's going to be /var/lib/ spamassassin I used to get away with this line being one directory higher but I think the structure changed slightly with the latest SA (Or it possibly never worked properly ;-) ). Hope this helps Drew -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100319/867aad44/attachment.html From maillists at conactive.com Fri Mar 19 12:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Mar 19 12:31:32 2010 Subject: Spamassassin Not working In-Reply-To: <4BA2ACC8.507@marcsnet.com> References: <020401cac6d6$42c24790$c846d6b0$@com> <4BA2ACC8.507@marcsnet.com> Message-ID: For the record, SA 3.3.x works just fine on CentOS and with MailScanner and I encourage upgrading to it. It's worth it, I think it scores slightly better than 3.2.5. upgrade instructions: read and understand the update and release notes for SA 3.3.0 install all necessary perl modules via rpmforge rebuild the src.rpm available from the SA download page install the two resulting rpms Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Fri Mar 19 13:03:30 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 19 13:03:38 2010 Subject: Outlook oddities #2 In-Reply-To: References: <4BA119A4.3090204@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F86869F@city-exchange07> <4BA125DB.7040407@cnpapers.com> <4A09477D575C2C4B86497161427DD94C149F8686A1@city-exchange07> <223f97701003180149l7dc4d067y652e988d067d587b@mail.gmail.com> <4BA22060.3090301@cnpapers.com> Message-ID: <223f97701003190603s59d6c725l4ed1e02e5a605fc7@mail.gmail.com> On 18 March 2010 19:01, Scott Silva wrote: > >> Kevin, >> >> I'm not sure this is true in this case. The IP is whitelisted, but the >> SA stuff is short-circuited by the From: and watermark problems. No SA >> score is shown on these RR thingys. >> > A return receipt won't have a watermark because it is not the original message > sent back. It is a new generated message going out the first time. > Yes, but they MAY/SHOULD include the original message headers (RFC3798)... Yeah, not mandatory == depend on implementation... And they would be in a separate MIME container... Sigh. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From logs at comp-wiz.com Fri Mar 19 13:05:39 2010 From: logs at comp-wiz.com (Vernon Webb) Date: Fri Mar 19 13:06:33 2010 Subject: Emails Randomly Reaching Destination Message-ID: <001201cac764$e0891e20$a19b5a60$@com> I have an issue I have been struggling with for some time. I know this might be a bit off topic here, but figured this would be the best group to ask as who is more knowledgeable about this kind of stuff than you guys? When sending emails out they sometimes reach their destination and sometimes not. We host our emails with a company called XO that offers a service that checks for SPAM (I'd rather have a Linux setup with MailScanner etc, but this is what the client wants) and then relays the email to our Exchange server. When sending out emails they go directly from our Exchange server to its destination. One of the thing I've discovered is that the XO email servers has a clustered server setup and when I use mxoolbox.com to see if the IPs are blacklisted I find that on many occasions they are listed on RBL list sometimes as many as 3 and 4 times, but sometimes not at all depending on which server in the clustered rotation is up at the time. I see this as a problem, however I am being assured that the domain name that I am sending the email from has nothing to do with whether or not an email reaches its destination, but rather the IP address. Naturally I have tested the IP address of our Exchange server and it is not black listed. So my question is, why would the email reach its destinations only sometimes unless somehow there is a dnsresolver involved that is checking the email's actual domain name as well as the IP address. I'm thinking that this is actually the case butu I could be wrong. Anyone have any comments/suggestions on resolving this issue? Thanks ~V -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100319/54c5f0a4/attachment.html From glenn.steen at gmail.com Fri Mar 19 13:37:00 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 19 13:37:11 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: <001201cac764$e0891e20$a19b5a60$@com> References: <001201cac764$e0891e20$a19b5a60$@com> Message-ID: <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> On 19 March 2010 14:05, Vernon Webb wrote: > I have an issue I have been struggling with for some time. I know this might > be a bit off topic here, but figured this would be the best group to ask as > who is more knowledgeable about this kind of stuff than you guys? > > > > When sending emails out they sometimes reach their destination and sometimes > not. We host our emails with a company called XO that offers a service that > checks for SPAM (I?d rather have a Linux setup with MailScanner etc, but > this is what the client wants) and then relays the email to our Exchange > server.? When sending out emails they go directly from our Exchange server > to its destination. > > > > One of the thing I?ve discovered is that the XO email servers has a > clustered server setup and when I use mxoolbox.com to see if the IPs are > blacklisted ?I find that on many occasions they are listed on RBL list > sometimes as many as 3 and 4 times, but sometimes not at all depending on > which server in the clustered rotation is up at the time. I see this as a > problem, however I am being assured that the domain name that I am sending > the email from has nothing to do with whether or not an email reaches its > destination, but rather the IP address. Naturally I have tested the IP > address of our Exchange server and it is not black listed. So my question > is, why would the email reach its destinations only sometimes unless somehow > there is a dnsresolver ?involved that is checking the email?s actual domain > name as well as the IP address. I?m thinking that this is actually the case > butu I could be wrong. > > > > Anyone have any comments/suggestions on resolving this issue? > > > > Thanks > > ~V > I'd skip trying for a "general solution", and instead look at the specific messages gone missing. What if anything, is common among them? Can you identify any specifics about the sent messages (like type of attachments etc)? If you simulate an MTA, using telnet on port 25 to one of the parties that have dropped your mail, what kind of responses do you see? Are any/all of the "droppers" other Exchange servers (If M-Sexchange "detect" another M-Sexchange server... they just might stop talking ESMTP... Urgh!)? I wouldn't let Exchange talk directly to the internet... Use a smarthost and something sensible in between... That way you'd at least get some logs to look at:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From logs at comp-wiz.com Fri Mar 19 14:50:26 2010 From: logs at comp-wiz.com (Vernon Webb) Date: Fri Mar 19 14:51:19 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> References: <001201cac764$e0891e20$a19b5a60$@com> <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> Message-ID: <003701cac773$846c7fb0$8d457f10$@com> I guess I really didn't ask the question that I wanted to ask (well I did, but)... Is the domain name checked at all when receiving emails or is it based solely on the IP address of the originating IP that determines if it is RBLed or not? ~V -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Friday, March 19, 2010 9:37 AM To: MailScanner discussion Subject: Re: Emails Randomly Reaching Destination On 19 March 2010 14:05, Vernon Webb wrote: > I have an issue I have been struggling with for some time. I know this might > be a bit off topic here, but figured this would be the best group to ask as > who is more knowledgeable about this kind of stuff than you guys? > > > > When sending emails out they sometimes reach their destination and sometimes > not. We host our emails with a company called XO that offers a service that > checks for SPAM (I?d rather have a Linux setup with MailScanner etc, but > this is what the client wants) and then relays the email to our Exchange > server.? When sending out emails they go directly from our Exchange server > to its destination. > > > > One of the thing I?ve discovered is that the XO email servers has a > clustered server setup and when I use mxoolbox.com to see if the IPs are > blacklisted ?I find that on many occasions they are listed on RBL list > sometimes as many as 3 and 4 times, but sometimes not at all depending on > which server in the clustered rotation is up at the time. I see this as a > problem, however I am being assured that the domain name that I am sending > the email from has nothing to do with whether or not an email reaches its > destination, but rather the IP address. Naturally I have tested the IP > address of our Exchange server and it is not black listed. So my question > is, why would the email reach its destinations only sometimes unless somehow > there is a dnsresolver ?involved that is checking the email?s actual domain > name as well as the IP address. I?m thinking that this is actually the case > butu I could be wrong. > > > > Anyone have any comments/suggestions on resolving this issue? > > > > Thanks > > ~V > I'd skip trying for a "general solution", and instead look at the specific messages gone missing. What if anything, is common among them? Can you identify any specifics about the sent messages (like type of attachments etc)? If you simulate an MTA, using telnet on port 25 to one of the parties that have dropped your mail, what kind of responses do you see? Are any/all of the "droppers" other Exchange servers (If M-Sexchange "detect" another M-Sexchange server... they just might stop talking ESMTP... Urgh!)? I wouldn't let Exchange talk directly to the internet... Use a smarthost and something sensible in between... That way you'd at least get some logs to look at:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by comp-wiz.com, and is believed to be clean. From alex at rtpty.com Fri Mar 19 15:02:57 2010 From: alex at rtpty.com (Alex Neuman) Date: Fri Mar 19 15:03:09 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: <003701cac773$846c7fb0$8d457f10$@com> References: <001201cac764$e0891e20$a19b5a60$@com> <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> <003701cac773$846c7fb0$8d457f10$@com> Message-ID: RBL's started out as "ip only". There are some new RBL's out there that will work with domains. On Mar 19, 2010, at 9:50 AM, Vernon Webb wrote: > Is the domain name checked at all when receiving emails or is it based > solely on the IP address of the originating IP that determines if it is > RBLed or not? From glenn.steen at gmail.com Fri Mar 19 16:08:12 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 19 16:08:21 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: References: <001201cac764$e0891e20$a19b5a60$@com> <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> <003701cac773$846c7fb0$8d457f10$@com> Message-ID: <223f97701003190908m3c34e7efreb5a580b33fdb17@mail.gmail.com> On 19 March 2010 16:02, Alex Neuman wrote: > RBL's started out as "ip only". > > There are some new RBL's out there that will work with domains. > > On Mar 19, 2010, at 9:50 AM, Vernon Webb wrote: > >> Is the domain name checked at all when receiving emails or is it based >> solely on the IP address of the originating IP that determines if it is >> RBLed or not? > If you look at the relevant RFCs (5321, 2821, 1123 and 821), you'll see that the reasoning there is more along the line that you MAY lookup the reverse, but MUST NOT reject based on that info... Wouldn't stop some from doing so anyway, but... Unless the "other firms blacklisted servers" also are some kind of smarthost (or similar), they shouldn't come into play. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maxsec at gmail.com Fri Mar 19 16:44:18 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Mar 19 16:44:27 2010 Subject: Fwd: ANNOUNCE: Apache SpamAssassin 3.3.1 available In-Reply-To: <20100319163133.4DDF82206B@wasabi> References: <20100319163133.4DDF82206B@wasabi> Message-ID: <72cf361e1003190944j1149280br8c178ca11bb5327d@mail.gmail.com> FYI ---------- Forwarded message ---------- From: Justin Mason Date: 19 March 2010 16:31 Subject: ANNOUNCE: Apache SpamAssassin 3.3.1 available To: users@spamassassin.apache.org, dev@spamassassin.apache.org, announce@spamassassin.apache.org Release Notes -- Apache SpamAssassin -- Version 3.3.1 Introduction ------------ This is a minor release, adding a new URIBL network rule (URIBL_DBL_SPAM, for the Spamhaus DBL). Downloading and availability ---------------------------- Downloads are available from: http://spamassassin.apache.org/downloads.cgi md5sum of archive files: bb977900c3b2627db13e9f44f9b5bfc8 Mail-SpamAssassin-3.3.1.tar.bz2 5a93f81fda315411560ff5da099382d2 Mail-SpamAssassin-3.3.1.tar.gz 4cfeb3449cee173085deef06e3090543 Mail-SpamAssassin-3.3.1.zip 3e6ae5a39b9dd2de7ec05a2b315c396b Mail-SpamAssassin-rules-3.3.1.r923114.tgz sha1sum of archive files: f5748043eb286b1acb456093039a55db00c6f25e Mail-SpamAssassin-3.3.1.tar.bz2 8b32a857cc89c8d057442400bc00f33fd703ce06 Mail-SpamAssassin-3.3.1.tar.gz 9fc7c8bfd153d49d60fbeba99d0a4272609e3a26 Mail-SpamAssassin-3.3.1.zip 7aeeb7abb2d727bb35d3a0927a1390ad3cddad59 Mail-SpamAssassin-rules-3.3.1.r923114.tgz Note that the *-rules-*.tgz files are only necessary if you cannot, or do not wish to, run "sa-update" after install to download the latest fresh rules. The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://www.apache.org/dist/spamassassin/KEYS The key information is: pub 4096R/F7D39814 2009-12-02 Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814 uid SpamAssassin Project Management Committee < private@spamassassin.apache.org> uid SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) sub 4096R/7B3265A5 2009-12-02 See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.3.0 ------------------------------------ bug 6335: add Spamhaus DBL as URIBL_DBL_SPAM rule Bug 6370: update ImageInfo plugin to latest release bug 6215, bug 6294: RCVD_IN_CSS rule was broken. the check_rbl_sub() syntax was incorrect, resulting in missing hits bug 6361: list 2tld and 3tld sub-domain hosters for URIBL/SURBL/DBL queries; NOTE for SARE users: This file replaces the SARE file http://www.rulesemporium.com/rules/90_2tld.cf, which will be deprecated as from 2010-05-01. Bug 6369, 6356, 6373: WIN32 support for spamd improved Bug 6267: Solaris 10 requires --syslog-socket=native bug 6304 spamd is spawning and killing processes too often - Added spamd adjustments to info level and more information for administrators + small fix to Makefile.PL Bug 6310: sa-learn --import gives Insecure dependency in open Bug 6313: -Q or -q AND -x should not result in creation of a ~/.spamassassin dir; plus: taint issues fixed Bug 6342: make test failure on if_can under perl 5.6 Bug 6340: Impossible to find user home directory of VPOPMAIL alias Bug 6072, 6343: POD warnings, documentation fixes Bug 6304 (trivial), reduce sysadmin's stress level by lowercasing the 'INTERRUPTED' in a logged message: spamd: handled cleanup of child pid [...] due to SIGCHLD: INTERRUPTED Bug 6329: POSIX::strftime in call under Win32 ActivePerl causes Perl to hang up; formatting option %e is not in a POSIX standard, use %d instead and edit Bug 6322: In DKIM ADSP eval test check_dkim_adsp() the '*' is handled incorrectly Bug 6327: Fix calling argument in utility used to determine DCC's homedir Bug 6316: DCC.pm, wrong options for dcc_proc, (plus: avoid a warning on undef in logger when dccifd socket is not provided) Bug 6287: improved DKIM plugin debugging Bug 6321 - _TOKENSUMMARY_ not working in 3.3.0 (Plugin/Bayes.pm looks-up a tag from wrong location) Bug 6312 - uninitialized value $start_time in spamd bug 5761: trivial doc fix: document SPAMD_LOCALHOST test-control env variable About Apache SpamAssassin ------------------------- Apache SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify spam. SpamAssassin uses a variety of mechanisms including mail header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. In addition, Apache SpamAssassin has a modular architecture that allows other technologies to be quickly incorporated as an addition or as a replacement for existing methods. Apache SpamAssassin typically runs on a server, classifies and labels spam before it reaches your mailbox, while allowing other components of a mail system to act on its results. Most of the Apache SpamAssassin is written in Perl, with heavily traversed code paths carefully optimized. Benefits are portability, robustness and facilitated maintenance. It can run on a wide variety of POSIX platforms. The server and the Perl library feels at home on Unix and Linux platforms, and reportedly also works on MS Windows systems under ActivePerl. For more information, visit http://spamassassin.apache.org/ About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 100 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 2,500+ contributors. For more information, visit http://www.apache.org/ -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100319/52a2b50a/attachment.html From brian at tyler.com Fri Mar 19 21:19:51 2010 From: brian at tyler.com (Brian Cullins) Date: Fri Mar 19 21:22:14 2010 Subject: Spamassassin Not working In-Reply-To: References: <020401cac6d6$42c24790$c846d6b0$@com> Message-ID: <00c401cac7a9$e9be8c60$bd3ba520$@com> I reverted to 3.2.5 and it works now. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Drew Marshall Sent: Friday, March 19, 2010 2:49 AM To: MailScanner discussion Subject: Re: Spamassassin Not working On 18 Mar 2010, at 20:04, Brian Cullins wrote: After upgrading to Spamassassin 3.3.0, it is now broken. MailScanner scans mail and delivers it as if the "Use Spamassassin" pref is set to "No". I have reverted to the older version of SA and even installed the latest beta of MS and it is still broken...any ideas? SA 3.3 comes with no rules in it's installation package. Have you run sa-update yet? If not you will have no rules to score mail against, which will cause the effect you have seen. The other one you need to also check is the SpamAssassin Local State Dir = line in MailScanner.conf has the correct path to the rules that have been downloaded. In FreeBSD this is /var/db/spamassassin but I would think in most variations of Linux it's going to be /var/lib/spamassassin I used to get away with this line being one directory higher but I think the structure changed slightly with the latest SA (Or it possibly never worked properly ;-) ). Hope this helps Drew -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100319/94467c57/attachment.html From maillists at conactive.com Sat Mar 20 15:31:18 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Mar 20 15:31:30 2010 Subject: ANNOUNCE: Apache SpamAssassin 3.3.1 available In-Reply-To: <72cf361e1003190944j1149280br8c178ca11bb5327d@mail.gmail.com> References: <20100319163133.4DDF82206B@wasabi> <72cf361e1003190944j1149280br8c178ca11bb5327d@mail.gmail.com> Message-ID: FYI: works fine with MS on CentOS. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Sat Mar 20 19:51:08 2010 From: mark at msapiro.net (Mark Sapiro) Date: Sat Mar 20 19:51:23 2010 Subject: Emails Randomly Reaching Destination References: 223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com Message-ID: <4BA5272C.3060406@msapiro.net> Vernon Webb wrote: > Is the domain name checked at all when receiving emails or is it based > solely on the IP address of the originating IP that determines if it is > RBLed or not? What domain name? The domain of the server's HELO/EHLO? The domain of the MAIL FROM (envelope sender)? The domain from an rDNS lookup of the IP? The domain of an MX record associated with one of the previous domains? It would seem that all but the last of these domains would probably be your domain, not the domain of any XO servers, and therefore not a blacklisted domain in any case, and while it is not possible to know what tests any specific mail recipient might apply, it doesn't seem likely that servers would be not accepting/delivering mail based on some MX server with such a tenuous connection to the actual sender. Furthermore, the EHLO/HELO and MAIL FROM domains are easily spoofed so why would a recipient server look at those rather than the sender's IP which is the most reliable identifying information it has? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gcle at smcaus.com.au Sun Mar 21 22:03:20 2010 From: gcle at smcaus.com.au (Gerard Cleary) Date: Sun Mar 21 22:03:47 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: <001201cac764$e0891e20$a19b5a60$@com> References: <001201cac764$e0891e20$a19b5a60$@com> Message-ID: <201003220903.20547.gcle@smcaus.com.au> On Sat, 20 Mar 2010 00:05:39 Vernon Webb wrote: > When sending emails out they sometimes reach their destination and > sometimes not. > We have a Linux mail server which runs milter-greylist among other things. Some of our smaller (~20 users) customers reported your scenario with perhaps 50% of their eMails getting through. An analysis of our mail logs showed that their mail server (invariably MS Exchange) was not handling bounces properly. I checked the MS Knowledge Base and found greylisting mentioned in conjunction with an Exchange setting called Glitch-Retry-Interval. I sent the MS Knowledge Base document to the customer who usually has to call in IT resources to change the Exchange configuration files. When this 1 minute change is made to the Exchange Server, their eMails get to us 100% of the time. My conclusion is that MS Exchange doesn't handle bounces "out of the box". HTH. Gerard. -- From housey at sme-ecom.co.uk Mon Mar 22 10:55:16 2010 From: housey at sme-ecom.co.uk (Paul) Date: Mon Mar 22 10:56:12 2010 Subject: Release Problem with Message ID Message-ID: <4BA74C94.9090702@sme-ecom.co.uk> Hi Im am using MailScanner 4.78.17, rpm install on Centos 5 and sendmail as my mta I have recently had a problem where customers that are using Exchange 2007 were not getting the messages they released from quarantine (I just copy the qf and df files to the mail queue). I tracked this down to Exchange treating the released message as a duplicate as it had the same Message-ID as the message advising an attachment had been blocked. I have Quarantine Whole Messages As Queue Files = yes and I can see in my quarantine files are indeed quarantined as qf and df files. I can see other people have had the same problem and the advice was to make use of the following config option in MailScanner.conf Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: I have set it to Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Message-Id: Message-ID: and restarted MailScanner But the message ID is not being removed - I can manually view the file in quarantine and its still there. When looking at the Message ID in the raw qf file it actually appears as H??Message-ID: So I also tried Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Message-Id: Message-ID: H??Message-ID: But it still not did get removed. Any ideas? Can someone confirm this works in 4.78.17 Kind Regards Paul From glenn.steen at gmail.com Mon Mar 22 19:46:59 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 22 19:47:09 2010 Subject: Release Problem with Message ID In-Reply-To: <4BA74C94.9090702@sme-ecom.co.uk> References: <4BA74C94.9090702@sme-ecom.co.uk> Message-ID: <223f97701003221246ve3baa29i5197dffcf677852a@mail.gmail.com> On 22 March 2010 11:55, Paul wrote: > Hi > > Im am using MailScanner 4.78.17, rpm install on Centos 5 and sendmail as my > mta > > I have recently had a problem where customers that are using Exchange 2007 > were not getting the messages they released from quarantine (I just copy the > qf and df files to the mail queue). > > I tracked this down to Exchange treating the released message as a duplicate > as it had the same Message-ID as the message advising an attachment had been > blocked. > > I have > > Quarantine Whole Messages As Queue Files = yes > > and I can see in my quarantine files are indeed quarantined as qf and df > files. > > I can see other people have had the same problem and the advice was to make > use of the following config option in MailScanner.conf > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > > I have set it to > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Message-Id: > Message-ID: > > and restarted MailScanner > > But the message ID is not being removed - I can manually view the file in > quarantine and its still there. > > When looking at the Message ID in the raw qf file it actually appears as > > H??Message-ID: > > So I also tried > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Message-Id: > Message-ID: H??Message-ID: > > But it still not did get removed. > > Any ideas? Can someone confirm this works in 4.78.17 > > Kind Regards > > Paul > This isn't actually an MS problem, as you've demonstrated... Easiest way to circumvent it all is to do as MailWatch (plain vanilla, not the sendmail command thing) does, and construct a separate message where the release message is attached. The shortcoming of Exchange stems from the underlying database... And Message-ID being a primary key, sort of. Cheers -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Andrew.Chester at ukuvuma.co.za Tue Mar 23 04:51:19 2010 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Tue Mar 23 04:17:10 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) Message-ID: I am out of the office until 2010/03/24. I will respond to your message when I return. In case of emergency, please log a call on our helpdesk at http://www.ukuvuma.co.za/Public/Helpdesk.nsf. Note: This is an automated response to your message "Office Documents - No Programs allowed" sent on 3/18/10 0:14:02. This is the only notification you will receive while this person is away. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From markus at markusoft.se Tue Mar 23 09:53:07 2010 From: markus at markusoft.se (Markus Nilsson) Date: Tue Mar 23 09:52:36 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <1632517.28.1269337914890.JavaMail.markus@cronlabworkstation1> Message-ID: <5413348.30.1269337983614.JavaMail.markus@cronlabworkstation1> Hi, I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for Maximum Attachment Size = I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! Does postfix somehow approximate the message size? If so, is it possible to help postifix with this approximization? Or am I completely missing something else out? Any help greatly appreciated! BR Markus From e.mink at remote.nl Tue Mar 23 13:38:55 2010 From: e.mink at remote.nl (Eric Mink) Date: Tue Mar 23 13:39:24 2010 Subject: Slackware 13 and Mailscanner Message-ID: Hi all, I`ve installed Mailscanner on a Slackware 13 machine and looks like it`s working properly. Now the problem is that some mail are send to quarantine without a SA score. Has anybody experienced this before? Lint test is not giving any errors Kind regards, Eric Mink Remote IT - Services Pascalweg 1, Postbus 256 8000 AG Zwolle Telefoon: 038 - 428 44 44 Fax: 038 - 428 44 40 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/e10d14c2/attachment.html From lhaig at haigmail.com Tue Mar 23 13:43:42 2010 From: lhaig at haigmail.com (Lance Haig) Date: Tue Mar 23 13:43:59 2010 Subject: Backups. Message-ID: <4BA8C58E.7030600@haigmail.com> Hi, I am looking to backup my configs for my MailScanner server. and was wondering if /etc/MailScanner is the only directory that I need to backup? I use MailScanner on CentOS and Postfix with greylisting etc.. I have just had a thought that /etc/postfix should also be backed up. I would appreciate any suggestions. Lance -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From izghitu at gmail.com Tue Mar 23 13:55:37 2010 From: izghitu at gmail.com (George) Date: Tue Mar 23 13:55:46 2010 Subject: Backups. In-Reply-To: <4BA8C58E.7030600@haigmail.com> References: <4BA8C58E.7030600@haigmail.com> Message-ID: <948a6d891003230655g67073bdaycc860949e19f531c@mail.gmail.com> Hi, If you have any custom plugins you might want to backup /usr/lib/MailScanner/CustomFunctions too but usually /etc/MailScanner and /etc/postfix contains everything you need. On Tue, Mar 23, 2010 at 3:43 PM, Lance Haig wrote: > Hi, > > I am looking to backup my configs for my MailScanner server. and was > wondering if /etc/MailScanner is the only directory that I need to backup? > > I use MailScanner on CentOS and Postfix with greylisting etc.. > > I have just had a thought that /etc/postfix should also be backed up. > > > I would appreciate any suggestions. > > Lance > > -- > This message was scanned by Better Hosted and is believed to be clean. > http://www.betterhosted.com > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Server Surgeon Support support@serversurgeon.com http://www.serversurgeon.com System Administration Services Toll Free 1-877-E-SURGEON (877-378-7436) International 623-374-6848 Get the system support you need when you need it. From lhaig at haigmail.com Tue Mar 23 13:59:26 2010 From: lhaig at haigmail.com (Lance Haig) Date: Tue Mar 23 13:59:45 2010 Subject: Backups. In-Reply-To: <948a6d891003230655g67073bdaycc860949e19f531c@mail.gmail.com> References: <4BA8C58E.7030600@haigmail.com> <948a6d891003230655g67073bdaycc860949e19f531c@mail.gmail.com> Message-ID: <4BA8C93E.4070808@haigmail.com> Great stuff. I was hoping I had at least a bit of sane thought. Lance On 23/03/2010 13:55, George wrote: > Hi, > > If you have any custom plugins you might want to backup > /usr/lib/MailScanner/CustomFunctions too but usually /etc/MailScanner > and /etc/postfix contains everything you need. > > On Tue, Mar 23, 2010 at 3:43 PM, Lance Haig wrote: > >> Hi, >> >> I am looking to backup my configs for my MailScanner server. and was >> wondering if /etc/MailScanner is the only directory that I need to backup? >> >> I use MailScanner on CentOS and Postfix with greylisting etc.. >> >> I have just had a thought that /etc/postfix should also be backed up. >> >> >> I would appreciate any suggestions. >> >> Lance >> >> -- >> This message was scanned by Better Hosted and is believed to be clean. >> http://www.betterhosted.com >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > -- This message was scanned by Better Hosted and is believed to be clean. http://www.betterhosted.com From uxbod at splatnix.net Tue Mar 23 14:01:03 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 23 14:01:26 2010 Subject: Backups. In-Reply-To: <12337486.342.1269352837405.JavaMail.root@office.splatnix.net> Message-ID: <8834031.344.1269352863880.JavaMail.root@office.splatnix.net> ----- "Lance Haig" wrote: > Hi, > > I am looking to backup my configs for my MailScanner server. and was > wondering if /etc/MailScanner is the only directory that I need to > backup? > > I use MailScanner on CentOS and Postfix with greylisting etc.. > > I have just had a thought that /etc/postfix should also be backed up. > > > I would appreciate any suggestions. > > Lance > /etc/MailScanner /etc/postfix /etc/mail/spamassassin /usr/lib/MailScanner /var/lib/spamassassin From alex at rtpty.com Tue Mar 23 15:26:34 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 23 15:26:50 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) In-Reply-To: References: Message-ID: I guess we have until tomorrow to raid his office. I'd have to check if it's already tomorrow there, though... On Mar 22, 2010, at 11:51 PM, Andrew Chester wrote: > > I am out of the office until 2010/03/24. > > I will respond to your message when I return. > In case of emergency, please log a call on our helpdesk at > http://www.ukuvuma.co.za/Public/Helpdesk.nsf. > > > Note: This is an automated response to your message "Office Documents - No > Programs allowed" sent on 3/18/10 0:14:02. > > This is the only notification you will receive while this person is away. > > > > CONFIDENTIALITY CLAUSE > This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mrm at medicine.wisc.edu Tue Mar 23 15:31:25 2010 From: mrm at medicine.wisc.edu (Michael Masse) Date: Tue Mar 23 15:31:48 2010 Subject: Emails Randomly Reaching Destination In-Reply-To: <003701cac773$846c7fb0$8d457f10$@com> References: <001201cac764$e0891e20$a19b5a60$@com> <223f97701003190637p9613a21p55c9a6f1eee3b872@mail.gmail.com> <003701cac773$846c7fb0$8d457f10$@com> Message-ID: <4BA8987D0200003E00004CFF@gwmail.medicine.wisc.edu> >>> On 3/19/2010 at 9:50 AM, in message <003701cac773$846c7fb0$8d457f10$@com>, "Vernon Webb" wrote: > I guess I really didn't ask the question that I wanted to ask (well I did, > but)... > > Is the domain name checked at all when receiving emails or is it based > solely on the IP address of the originating IP that determines if it is > RBLed or not? > > ~V Sites that utilize SPF will look at the domain name. If you're SPF record isn't quite right that could explain why some mails go through and others don't, but that would more then likely be the case site by site. -Mike From Phil.Udel at SalemCorp.com Tue Mar 23 15:53:52 2010 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Mar 23 15:54:24 2010 Subject: Question on Rule list with 2 conditions Message-ID: <4772F38FCC634FA9BBB8DF1D32E84921@salemcorp.com> Is it possible to do something like this in the spam.blacklist.rules : From: BillyBob @yahoo.com and To: MyName @MyDomain.com yes Thanks Phillip Udel Senior Systems Administrator Admin@SalemCorp.com (800) 877-2536 Ext 212 |^^^^^^^^^^^^^^^^^^^^^| | www.Salemcorp.com | ||'|"\,__ |_..._...__________====||_|__|..; "(@)'(@)"""""""""""|(@) (@)***(@) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/43a821a4/attachment.html From ssilva at sgvwater.com Tue Mar 23 16:01:08 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 23 16:01:30 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) In-Reply-To: References: Message-ID: OOPS... You violated his iron-clad disclaimer by reading the message. The internet police will be knocking soon at your door... > I guess we have until tomorrow to raid his office. I'd have to check if it's already tomorrow there, though... > > On Mar 22, 2010, at 11:51 PM, Andrew Chester wrote: > >> I am out of the office until 2010/03/24. >> >> I will respond to your message when I return. >> In case of emergency, please log a call on our helpdesk at >> http://www.ukuvuma.co.za/Public/Helpdesk.nsf. >> >> >> Note: This is an automated response to your message "Office Documents - No >> Programs allowed" sent on 3/18/10 0:14:02. >> >> This is the only notification you will receive while this person is away. >> >> >> >> CONFIDENTIALITY CLAUSE >> This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/4c375f30/signature.bin From markus at markusoft.se Tue Mar 23 16:07:49 2010 From: markus at markusoft.se (Markus Nilsson) Date: Tue Mar 23 16:04:33 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <5413348.30.1269337983614.JavaMail.markus@cronlabworkstation1> Message-ID: <21310417.124.1269360466256.JavaMail.markus@cronlabworkstation1> Hi again, I've done a little bit of searching around in the source, enabled some debug prints etc, and can't find anywhere that the C-record metadata read from the original queuefile is edited. Am I missing something here, or is MailScanner ignoring any changes made to the mail in respect to size, and just lets the queue file keep its original C record? I would really need my postfix instance to give a correct estimation of the message size to the receiving mailserver when starting delivert since I am stripping away any large attachments, and the mails are quite smaller after being processed by MS! /BR Markus ----- Original Message ----- From: "Markus Nilsson" To: mailscanner@lists.mailscanner.info Sent: tisdag, 23 mar 2010 10:53:07 Subject: Attachment stripping - wrong postfix message size Hi, I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for Maximum Attachment Size = I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! Does postfix somehow approximate the message size? If so, is it possible to help postifix with this approximization? Or am I completely missing something else out? Any help greatly appreciated! BR Markus -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cfisk at qwicnet.com Tue Mar 23 16:08:36 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Tue Mar 23 16:08:53 2010 Subject: Question on Rule list with 2 conditions In-Reply-To: <4772F38FCC634FA9BBB8DF1D32E84921@salemcorp.com> Message-ID: > Is it possible to do something like this in the > spam.blacklist.rules : > > From: BillyBob@yahoo.com and To: MyName@MyDomain.com yes I believe you can nest rulesets, so set the From: BillyBob to read a ruleset and in that ruleset make To: MyName whitelist and the Default No. Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at SalemCorp.com Tue Mar 23 16:34:01 2010 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Mar 23 16:34:52 2010 Subject: Question on Rule list with 2 conditions In-Reply-To: References: <4772F38FCC634FA9BBB8DF1D32E84921@salemcorp.com> Message-ID: Can you use a Domain name in the To; Parm with a spam.blacklist.rules? Basically I have once User/Boss that wants all the normal black list entries, but also wants to add his Special one's. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Christopher Fisk Sent: Tuesday, March 23, 2010 12:09 PM To: MailScanner discussion Subject: re: Question on Rule list with 2 conditions > Is it possible to do something like this in the > spam.blacklist.rules : > > From: BillyBob@yahoo.com and To: MyName@MyDomain.com yes I believe you can nest rulesets, so set the From: BillyBob to read a ruleset and in that ruleset make To: MyName whitelist and the Default No. Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From maxsec at gmail.com Tue Mar 23 17:08:32 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Mar 23 17:08:41 2010 Subject: Slackware 13 and Mailscanner In-Reply-To: References: Message-ID: <72cf361e1003231008w6f22922bxb416403e0b5eb8ab@mail.gmail.com> Anything in the logs that explain what's happening to a message in the quarantine. (also look at logging options - see the wiki for how to be verbose in the message headers etc). Martin On 23 March 2010 13:38, Eric Mink wrote: > Hi all, > > > > I`ve installed Mailscanner on a Slackware 13 machine and looks like it`s > working properly. > > > > Now the problem is that some mail are send to quarantine without a SA > score. Has anybody experienced this before? > > > > Lint test is not giving any errors > > > > > > *Kind regards,* > > * * > > *Eric Mink*** > > > > *Remote IT - Services* > > Pascalweg 1, Postbus 256 > > 8000 AG Zwolle > > > > *Telefoon:* 038 - 428 44 44 > > *Fax:* 038 - 428 44 40 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/b30431b4/attachment.html From maxsec at gmail.com Tue Mar 23 17:10:58 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Mar 23 17:11:07 2010 Subject: Question on Rule list with 2 conditions In-Reply-To: References: <4772F38FCC634FA9BBB8DF1D32E84921@salemcorp.com> Message-ID: <72cf361e1003231010yec8fdfbp14ca1ec9331c68f1@mail.gmail.com> yup see examples in the rules dir and also the wiki - you can even overload rule files. martin On 23 March 2010 16:34, Phil Udel wrote: > Can you use a Domain name in the To; Parm with a spam.blacklist.rules? > Basically I have once User/Boss that wants all the normal black list > entries, but also wants to add his Special one's. > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Christopher > Fisk > Sent: Tuesday, March 23, 2010 12:09 PM > To: MailScanner discussion > Subject: re: Question on Rule list with 2 conditions > > > Is it possible to do something like this in the > > spam.blacklist.rules : > > > > From: BillyBob@yahoo.com and To: MyName@MyDomain.com yes > > I believe you can nest rulesets, so set the From: BillyBob to read a > ruleset > and in that ruleset make To: MyName whitelist and the Default No. > > > Christopher Fisk > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/7600c033/attachment.html From nguyenquocviet.2010 at gmail.com Tue Mar 23 17:40:45 2010 From: nguyenquocviet.2010 at gmail.com (quocviet nguyen) Date: Tue Mar 23 17:40:58 2010 Subject: problem ./check_mailscanner Message-ID: Hi, - I install MailScanner-install-4.39.6-1. tar follow INSTALL file. Everything is good. - But, when I type ./check_mailscanner , mymachine is very slow - I don't know what happen. Anything ideas please send to me!!! - Thanks -- viet -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/708e635e/attachment.html From mikael at syska.dk Tue Mar 23 18:35:16 2010 From: mikael at syska.dk (Mikael Syska) Date: Tue Mar 23 18:35:29 2010 Subject: problem ./check_mailscanner In-Reply-To: References: Message-ID: <6beca9db1003231135l5e21be1bm242301508b05980a@mail.gmail.com> Hi, Where have you found such old release ... Newest is around: Version 4.79 1st February 2010 That version is like 5 years old ... I would not use it ... and I dont think you will get any support for that release. First thing do do ... upgrade, LOTS of bugs fixed. Also ... your description of the problem does not help very much. OS and SA versions amoung other things that you feel we should know to help you. mvh Mikael Syska On Tue, Mar 23, 2010 at 6:40 PM, quocviet nguyen wrote: > Hi, > - I install MailScanner-install-4.39.6-1. > tar follow INSTALL file. Everything is good. > - But, when I type ./check_mailscanner , mymachine is very slow > -? I don't know what happen. Anything ideas please send to me!!! > - Thanks > > > > -- > viet > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From maillists at conactive.com Tue Mar 23 19:31:19 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Mar 23 19:31:30 2010 Subject: problem ./check_mailscanner In-Reply-To: References: Message-ID: Quocviet nguyen wrote on Tue, 23 Mar 2010 09:40:45 -0800: > - I install MailScanner-install-4.39.6-1. Can you confirm that version number please? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From campbell at cnpapers.com Tue Mar 23 20:05:12 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 23 20:05:27 2010 Subject: I'm confused about my bayes expiration steps Message-ID: <4BA91EF8.80303@cnpapers.com> One of those tests that I never run unless there's a problem is the SpamAssassin Bayes Database Info from withing MailWatch. So I ran it today just for the heck of it. All of my data seems to indicate nothing has happened since around May, 2008. Looking at my files in /etc/MailScanner/bayes shows the files are being updated properly. But the bayes_seen file is getting a little large. So going through the MS.conf file, I find I rebuild bayes once a day. I look in my spam.assassin.prefs.conf file and a comment say I expire by a cron job. I can't find the cron job to see if it's working. So I see a few problems: MW isn't pointing to a proper set of bayes files. MS must not be set up right to either rebuild or expire my bayes files. I must not have moved something for that cron file to exist. I'm running version 4.75.11. Everything seems to run OK, but I got a feeling I'm going to hit a bump in the road on that bayes_seen file one day. Any thoughts, anyone? thanks steve campbell From maxsec at gmail.com Tue Mar 23 20:15:54 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Mar 23 20:16:03 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <4BA91EF8.80303@cnpapers.com> References: <4BA91EF8.80303@cnpapers.com> Message-ID: <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> Steve delete the bayes info, let it rebuild itself, no worries :-) On 23 March 2010 20:05, Steve Campbell wrote: > One of those tests that I never run unless there's a problem is the > SpamAssassin Bayes Database Info from withing MailWatch. So I ran it today > just for the heck of it. All of my data seems to indicate nothing has > happened since around May, 2008. > > Looking at my files in /etc/MailScanner/bayes shows the files are being > updated properly. > > But the bayes_seen file is getting a little large. So going through the > MS.conf file, I find I rebuild bayes once a day. I look in my > spam.assassin.prefs.conf file and a comment say I expire by a cron job. I > can't find the cron job to see if it's working. > > So I see a few problems: > > MW isn't pointing to a proper set of bayes files. > MS must not be set up right to either rebuild or expire my bayes files. > I must not have moved something for that cron file to exist. > > I'm running version 4.75.11. Everything seems to run OK, but I got a > feeling I'm going to hit a bump in the road on that bayes_seen file one day. > > Any thoughts, anyone? > > > thanks > > steve campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100323/1887d88e/attachment.html From lnhaig at gmail.com Tue Mar 23 23:49:02 2010 From: lnhaig at gmail.com (Lance Haig) Date: Tue Mar 23 23:49:29 2010 Subject: Backups. In-Reply-To: <8834031.344.1269352863880.JavaMail.root@office.splatnix.net> References: <8834031.344.1269352863880.JavaMail.root@office.splatnix.net> Message-ID: <4BA9536E.2020608@gmail.com> Thanks On 03/23/2010 02:01 PM, --[ UxBoD ]-- wrote: > ----- "Lance Haig" wrote: > > >> Hi, >> >> I am looking to backup my configs for my MailScanner server. and was >> wondering if /etc/MailScanner is the only directory that I need to >> backup? >> >> I use MailScanner on CentOS and Postfix with greylisting etc.. >> >> I have just had a thought that /etc/postfix should also be backed up. >> >> >> I would appreciate any suggestions. >> >> Lance >> >> > /etc/MailScanner > /etc/postfix > /etc/mail/spamassassin > /usr/lib/MailScanner > /var/lib/spamassassin > From glenn.steen at gmail.com Wed Mar 24 08:52:13 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 24 08:52:23 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) In-Reply-To: References: Message-ID: <223f97701003240152s7ac12032y4ecd164450ee9507@mail.gmail.com> On 23 March 2010 17:01, Scott Silva wrote: > OOPS... You violated his iron-clad disclaimer by reading the message. The > internet police will be knocking soon at your door... > Not only Alex door... You seem to have read it too...:-):-) I, on the other hand, will be fine ... since I usse my ESP powers to divine the content...:-D Cheers -- -- Glenn > >> I guess we have until tomorrow to raid his office. I'd have to check if it's already tomorrow there, though... >> >> On Mar 22, 2010, at 11:51 PM, Andrew Chester wrote: >> >>> I am out of the office until 2010/03/24. >>> >>> I will respond to your message when I return. >>> In case of emergency, please log a call on our helpdesk at >>> http://www.ukuvuma.co.za/Public/Helpdesk.nsf. >>> >>> >>> Note: This is an automated response to your message ?"Office Documents - No >>> Programs allowed" sent on 3/18/10 0:14:02. >>> >>> This is the only notification you will receive while this person is away. >>> >>> >>> >>> CONFIDENTIALITY CLAUSE >>> This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 24 08:58:39 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 24 08:58:49 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <21310417.124.1269360466256.JavaMail.markus@cronlabworkstation1> References: <5413348.30.1269337983614.JavaMail.markus@cronlabworkstation1> <21310417.124.1269360466256.JavaMail.markus@cronlabworkstation1> Message-ID: <223f97701003240158w3de4c70ei8cb6978e9f133ebf@mail.gmail.com> On 23 March 2010 17:07, Markus Nilsson wrote: > Hi again, > > I've done a little bit of searching around in the source, enabled some debug prints etc, and can't find anywhere that the C-record metadata read from the original queuefile is edited. Am I missing something here, or is MailScanner ignoring any changes made to the mail in respect to size, and just lets the queue file keep its original C record? > > I would really need my postfix instance to give a correct estimation of the message size to the receiving mailserver when starting delivert since I am stripping away any large attachments, and the mails are quite smaller after being processed by MS! > > > /BR > Markus Hej Markus, Well... you might be right about the size thing, I haven't revisited that part in a while (and don't really have time to do so either, sorry). The thing that stikes me as somewhat odd though ... is why you would want to do anything like this...? I've alwasy kept my "max sizes" in sync, to the best of my ability. That way I never _need_ anything like that, since I've already rejected any message violating the message size limit. That being said, it'd be a Good Thing if Jules could be persuaded to take a look at the relevant code, or point you in the correct direction (ie where the update of the C record is "hidden":-). Cheers -- -- Glenn > ----- Original Message ----- > From: "Markus Nilsson" > To: mailscanner@lists.mailscanner.info > Sent: tisdag, 23 mar 2010 10:53:07 > Subject: Attachment stripping - wrong postfix message size > > Hi, > > I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for > > Maximum Attachment Size = > > I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. > > If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! > > Does postfix somehow approximate the message size? > If so, is it possible to help postifix with this approximization? > Or am I completely missing something else out? > > Any help greatly appreciated! > > BR > Markus > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From drew.marshall at trunknetworks.com Wed Mar 24 09:28:26 2010 From: drew.marshall at trunknetworks.com (Drew Marshall) Date: Wed Mar 24 09:28:45 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) In-Reply-To: <223f97701003240152s7ac12032y4ecd164450ee9507@mail.gmail.com> References: <223f97701003240152s7ac12032y4ecd164450ee9507@mail.gmail.com> Message-ID: <4C554664-C5EB-46E7-BB81-43FF79318956@trunknetworks.com> On 24 Mar 2010, at 08:52, Glenn Steen wrote: > On 23 March 2010 17:01, Scott Silva wrote: >> OOPS... You violated his iron-clad disclaimer by reading the >> message. The >> internet police will be knocking soon at your door... >> > > Not only Alex door... You seem to have read it too...:-):-) > I, on the other hand, will be fine ... since I usse my ESP powers to > divine the content...:-D Thing is I tried to call to tell him but he wasn't in... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content. Our email policy can be found at www.trunknetworks.com/policy Trunk Networks Limited is registered in Scotland with registration number: SC351063 Registered Office 55-57 West High Street Inverurie AB51 3QQ From markus at markusoft.se Wed Mar 24 09:59:34 2010 From: markus at markusoft.se (Markus Nilsson) Date: Wed Mar 24 09:58:22 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <27612506.18.1269423714521.JavaMail.markus@cronlabworkstation1> Message-ID: <24467850.20.1269424770206.JavaMail.markus@cronlabworkstation1> On 23 March 2010 17:07, Markus Nilsson wrote: > Hi again, > > I've done a little bit of searching around in the source, enabled some debug prints etc, and can't find anywhere that the C-record metadata read from the original queuefile is edited. Am I missing something here, or is MailScanner ignoring any changes made to the mail in respect to size, and just lets the queue file keep its original C record? > > I would really need my postfix instance to give a correct estimation of the message size to the receiving mailserver when starting delivert since I am stripping away any large attachments, and the mails are quite smaller after being processed by MS! > > > /BR > Markus Hej Markus, Well... you might be right about the size thing, I haven't revisited that part in a while (and don't really have time to do so either, sorry). The thing that stikes me as somewhat odd though ... is why you would want to do anything like this...? I've alwasy kept my "max sizes" in sync, to the best of my ability. That way I never _need_ anything like that, since I've already rejected any message violating the message size limit. That being said, it'd be a Good Thing if Jules could be persuaded to take a look at the relevant code, or point you in the correct direction (ie where the update of the C record is "hidden":-). Cheers -- -- Glenn Hej Glenn!, I want to do this because I don't reject the mail, I let it by with reduced size. I am then able to let the recipient download the attachment seperatley. In that way the message get through, and the attachment is retrievable, even if the recipient (a server out of my control) has rules that would reject large emails. But since it seems that my postfix instance believes that the email has the original size, it reports that size to the receiving mail server, which rejects it. I'm now into the Postfix.pm code, the sub PreDataString. I have successfully changed the C record to use $message->{size} as the message_size, but since the postfix queue file format is "intentionally undocumented" (sigh) it is hard to realize if I have ruined something else, I'm by no means sure what all fields mean... My code change, in Postfix.pm, PreDataString sub: foreach (@{$message->{metadata}}) { /^(.)(.*)$/; ($type, $data) = ($1, $2); $TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp #print STDERR "PreData1 Type $type Data $data\n"; + if($type eq 'C') + { + if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) + { + print STDERR "Size: " . $message->{size} . "\n"; + print STDERR "Data: (" . $data . ")\n"; + print STDERR "$1;$2;$3;$4\n"; + print STDERR "" . $data ."\n"; + $data = "" . $1 . $message->{size} . $2 . $message->{size}; + print STDERR "" . $data . "\n"; + } + else + { + print STDERR "No match (" . $data . ") Leaving as is\n"; + } } Please give me a hint if I should keep my hands off this code, or if this could be safe. I'm thinking of setting a flag in the message struct to tell if this change should be done or not, to only update the ones that really needs it. BR/ Markus > ----- Original Message ----- > From: "Markus Nilsson" > To: mailscanner@lists.mailscanner.info > Sent: tisdag, 23 mar 2010 10:53:07 > Subject: Attachment stripping - wrong postfix message size > > Hi, > > I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for > > Maximum Attachment Size = > > I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. > > If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! > > Does postfix somehow approximate the message size? > If so, is it possible to help postifix with this approximization? > Or am I completely missing something else out? > > Any help greatly appreciated! > > BR > Markus > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From campbell at cnpapers.com Wed Mar 24 12:57:10 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 24 12:57:26 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> Message-ID: <4BAA0C26.3070404@cnpapers.com> I don't understand why, but that fixed it. Thanks. steve Martin Hepworth wrote: > Steve > > delete the bayes info, let it rebuild itself, no worries :-) > > On 23 March 2010 20:05, Steve Campbell > wrote: > > One of those tests that I never run unless there's a problem is > the SpamAssassin Bayes Database Info from withing MailWatch. So I > ran it today just for the heck of it. All of my data seems to > indicate nothing has happened since around May, 2008. > > Looking at my files in /etc/MailScanner/bayes shows the files are > being updated properly. > > But the bayes_seen file is getting a little large. So going > through the MS.conf file, I find I rebuild bayes once a day. I > look in my spam.assassin.prefs.conf file and a comment say I > expire by a cron job. I can't find the cron job to see if it's > working. > > So I see a few problems: > > MW isn't pointing to a proper set of bayes files. > MS must not be set up right to either rebuild or expire my bayes > files. > I must not have moved something for that cron file to exist. > > I'm running version 4.75.11. Everything seems to run OK, but I got > a feeling I'm going to hit a bump in the road on that bayes_seen > file one day. > > Any thoughts, anyone? > > > thanks > > steve campbell > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Martin Hepworth > Oxford, UK From nguyenquocviet.2010 at gmail.com Wed Mar 24 13:21:16 2010 From: nguyenquocviet.2010 at gmail.com (quocviet nguyen) Date: Wed Mar 24 13:21:25 2010 Subject: problem ./check_mailscanner Message-ID: - I config MailScanner.conf : Run As User = postfix Run As Group = postdrop Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix - vi /etc/postfix/header_checks;Add line: /^Received:/ HOLD - In main.cf file;Add line header_checks = regexp:/etc/postfix/header_checks - Then cd /opt/MailScanner/bin run ./check_mailsanner - I send any mail; vi /var/log/maillog : Messages found but no hashed queue directories. Please enable hashed queues for incoming and deferred with a depth of 1 or 2. See the Postfix documentation for hash_queue_names and hash_queue_depth - I fix this problem by adding two line into main.cf file: hash_queue_names = hold hash_queue_depth = 1 - Then run again ./check_mailscanner - Result is My machine is pause(break down), can't do anything - Who Know what is happen? please tell me. Thanks -- viet -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/25df6878/attachment.html From maxsec at gmail.com Wed Mar 24 13:33:10 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 24 13:33:19 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <4BAA0C26.3070404@cnpapers.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> <4BAA0C26.3070404@cnpapers.com> Message-ID: <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> Bayes DB's sometimes seem to get corrupted and need rebuilding, esp if using the default 'database'. more reliable is the SDBM (and quicker too) - see the MS wiki for a how-to. Martin On 24 March 2010 12:57, Steve Campbell wrote: > I don't understand why, but that fixed it. > > Thanks. > > steve > > Martin Hepworth wrote: > >> Steve >> >> delete the bayes info, let it rebuild itself, no worries :-) >> >> On 23 March 2010 20:05, Steve Campbell > campbell@cnpapers.com>> wrote: >> >> One of those tests that I never run unless there's a problem is >> the SpamAssassin Bayes Database Info from withing MailWatch. So I >> ran it today just for the heck of it. All of my data seems to >> indicate nothing has happened since around May, 2008. >> >> Looking at my files in /etc/MailScanner/bayes shows the files are >> being updated properly. >> >> But the bayes_seen file is getting a little large. So going >> through the MS.conf file, I find I rebuild bayes once a day. I >> look in my spam.assassin.prefs.conf file and a comment say I >> expire by a cron job. I can't find the cron job to see if it's >> working. >> >> So I see a few problems: >> >> MW isn't pointing to a proper set of bayes files. >> MS must not be set up right to either rebuild or expire my bayes >> files. >> I must not have moved something for that cron file to exist. >> >> I'm running version 4.75.11. Everything seems to run OK, but I got >> a feeling I'm going to hit a bump in the road on that bayes_seen >> file one day. >> >> Any thoughts, anyone? >> >> >> thanks >> >> steve campbell >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> Martin Hepworth >> Oxford, UK >> > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/a4804667/attachment.html From maxsec at gmail.com Wed Mar 24 13:45:10 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 24 13:45:19 2010 Subject: problem ./check_mailscanner In-Reply-To: References: Message-ID: <72cf361e1003240645l11e58a9bl13d522312d367c74@mail.gmail.com> Viet versions of MailSCanner and postfix please. Also if you run MailScanner in debug (/opt/MailScanner/bin/MailScanner --debug) do you get any more clues? martin On 24 March 2010 13:21, quocviet nguyen wrote: > - I config MailScanner.conf : > > Run As User = postfix > Run As Group = postdrop > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > - vi /etc/postfix/header_checks;Add line: > /^Received:/ HOLD > > - In main.cf file;Add line > header_checks = regexp:/etc/postfix/header_checks > > - Then cd /opt/MailScanner/bin > run ./check_mailsanner > - I send any mail; vi /var/log/maillog : > Messages found but no hashed queue directories. Please enable hashed queues > for incoming and deferred with a depth of 1 or 2. See the Postfix > documentation for hash_queue_names and hash_queue_depth > - I fix this problem by adding two line into main.cf file: > hash_queue_names = hold > hash_queue_depth = 1 > - Then run again ./check_mailscanner > - Result is My machine is pause(break down), can't do anything > - Who Know what is happen? please tell me. > > > Thanks > > -- > viet > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/ffb7daab/attachment.html From campbell at cnpapers.com Wed Mar 24 13:56:45 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 24 13:56:58 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> <4BAA0C26.3070404@cnpapers.com> <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> Message-ID: <4BAA1A1D.9060003@cnpapers.com> Martin Hepworth wrote: > Bayes DB's sometimes seem to get corrupted and need rebuilding, esp if > using the default 'database'. > > more reliable is the SDBM (and quicker too) - see the MS wiki for a > how-to. > > Martin > > I didn't see where it was compatible with Mailwatch if I switch. Any clues? As best as I recall, MW uses a spamassassin command to retrieve info. Since I just wiped my databases, I don't have a lot to lose, and will give it a try. Thanks again, steve From maxsec at gmail.com Wed Mar 24 14:02:01 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 24 14:02:09 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <4BAA1A1D.9060003@cnpapers.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> <4BAA0C26.3070404@cnpapers.com> <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> <4BAA1A1D.9060003@cnpapers.com> Message-ID: <72cf361e1003240702ka3f192ch50797e25beef7d86@mail.gmail.com> On 24 March 2010 13:56, Steve Campbell wrote: > > > Martin Hepworth wrote: > >> Bayes DB's sometimes seem to get corrupted and need rebuilding, esp if >> using the default 'database'. >> >> more reliable is the SDBM (and quicker too) - see the MS wiki for a >> how-to. >> >> Martin >> >> >> I didn't see where it was compatible with Mailwatch if I switch. Any > clues? > > As best as I recall, MW uses a spamassassin command to retrieve info. Since > I just wiped my databases, I don't have a lot to lose, and will give it a > try. > > Thanks again, > > steve > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Steve no problems with MW, as you say MW just calls the SA command line stuff which of course knows about the SDBM once you've configured it. When I moved to SDBM it was hugely faster and alot more reliable. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/4fcbca7c/attachment.html From sanhoyos1 at gmail.com Wed Mar 24 14:10:04 2010 From: sanhoyos1 at gmail.com (Santiago Hoyos) Date: Wed Mar 24 14:10:18 2010 Subject: Check spam when from and to are same. Message-ID: Hi every all, My mail system is getting a lot of spam where the from and to is the same and the filters are not what is stopping. Any idea to solve this problem? Good day, -- Santiago Hoyos Restrepo .- From campbell at cnpapers.com Wed Mar 24 14:10:49 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 24 14:11:06 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <72cf361e1003240702ka3f192ch50797e25beef7d86@mail.gmail.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> <4BAA0C26.3070404@cnpapers.com> <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> <4BAA1A1D.9060003@cnpapers.com> <72cf361e1003240702ka3f192ch50797e25beef7d86@mail.gmail.com> Message-ID: <4BAA1D69.5090107@cnpapers.com> Looks good so far. Thanks, Martin. Martin Hepworth wrote: > > > On 24 March 2010 13:56, Steve Campbell > wrote: > > > > Martin Hepworth wrote: > > Bayes DB's sometimes seem to get corrupted and need > rebuilding, esp if using the default 'database'. > > more reliable is the SDBM (and quicker too) - see the MS wiki > for a how-to. > > Martin > > > I didn't see where it was compatible with Mailwatch if I switch. > Any clues? > > As best as I recall, MW uses a spamassassin command to retrieve > info. Since I just wiped my databases, I don't have a lot to lose, > and will give it a try. > > Thanks again, > > steve > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Steve > > no problems with MW, as you say MW just calls the SA command line > stuff which of course knows about the SDBM once you've configured it. > > When I moved to SDBM it was hugely faster and alot more reliable. > > -- > Martin Hepworth > Oxford, UK From mikea at mikea.ath.cx Wed Mar 24 14:22:12 2010 From: mikea at mikea.ath.cx (mikea) Date: Wed Mar 24 14:22:23 2010 Subject: Check spam when from and to are same. In-Reply-To: References: Message-ID: <20100324142212.GA38638@mikea.ath.cx> On Wed, Mar 24, 2010 at 09:10:04AM -0500, Santiago Hoyos wrote: > Hi every all, > > My mail system is getting a lot of spam where the from and to is the same > and the filters are not what is stopping. > > Any idea to solve this problem? I screen mail for that using rules that check the originating relay and the "From:" address. If the "From:" address is in one of our domains and the originating relay isn't one of our outbound mailers, then the mail fails. That works for us because I know all the outbound mailer IP addresses, but it does occasionally fail mail from the New York Times and other sites which forge the "From:" address when snding articles from their website. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From maxsec at gmail.com Wed Mar 24 14:22:39 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Mar 24 14:22:48 2010 Subject: Check spam when from and to are same. In-Reply-To: References: Message-ID: <72cf361e1003240722h656b0a02pe1a5d5f5a951dad3@mail.gmail.com> On 24 March 2010 14:10, Santiago Hoyos wrote: > Hi every all, > > My mail system is getting a lot of spam where the from and to is the same > and the filters are not what is stopping. > > Any idea to solve this problem? > > Good day, > > -- > Santiago Hoyos Restrepo .- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Is this to primary domain you handle? If yes then have to whitelisted the entire domain and not trusted ip-addresses for you mailservers? what do the spam score for this show? - you can put scores into the header (from http://wiki.mailscanner.info/doku.php?id=maq:index) - Always add the SA info into email headers to see what the score and rule hits are ( helps with debug), in MailScanner.conf make sure the follow are set thus: Spam Score Number Format = %5.2f Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Score Number Format = %5.2f What version of SA? Have you run sa-update recently? If outgoing mail is sent via MailScanner do you use the anti-forgery settings? This can help alot. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/e1331979/attachment.html From jancarel.putter at gmail.com Wed Mar 24 14:40:13 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 24 14:40:22 2010 Subject: Perl Modules Message-ID: are the required perl modules listed on the website still the same? http://www.mailscanner.info/perl.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/8bdc60fb/attachment.html From jancarel.putter at gmail.com Wed Mar 24 14:41:53 2010 From: jancarel.putter at gmail.com (JC Putter) Date: Wed Mar 24 14:42:02 2010 Subject: Check spam when from and to are same. In-Reply-To: References: Message-ID: sounds like backscatter, check your mta docs and implement spf On Wed, Mar 24, 2010 at 4:10 PM, Santiago Hoyos wrote: > Hi every all, > > My mail system is getting a lot of spam where the from and to is the same > and the filters are not what is stopping. > > Any idea to solve this problem? > > Good day, > > -- > Santiago Hoyos Restrepo .- > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/0ddcadfd/attachment.html From campbell at cnpapers.com Wed Mar 24 14:44:54 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Mar 24 14:47:33 2010 Subject: I'm confused about my bayes expiration steps In-Reply-To: <72cf361e1003240702ka3f192ch50797e25beef7d86@mail.gmail.com> References: <4BA91EF8.80303@cnpapers.com> <72cf361e1003231315y6028eaddu6a9cba0cc67634cd@mail.gmail.com> <4BAA0C26.3070404@cnpapers.com> <72cf361e1003240633t427bd5cdtb7ff6841a9e080fe@mail.gmail.com> <4BAA1A1D.9060003@cnpapers.com> <72cf361e1003240702ka3f192ch50797e25beef7d86@mail.gmail.com> Message-ID: <4BAA2566.8010309@cnpapers.com> I moved back to the old way. Apparently, the new stuff is just a little too strong for my pee-wee type machine, as the load never dropped below 4.00. Thanks anyway for all the help. I learned something new this year, so I'm happy. steve Martin Hepworth wrote: > > > On 24 March 2010 13:56, Steve Campbell > wrote: > > > > Martin Hepworth wrote: > > Bayes DB's sometimes seem to get corrupted and need > rebuilding, esp if using the default 'database'. > > more reliable is the SDBM (and quicker too) - see the MS wiki > for a how-to. > > Martin > > > I didn't see where it was compatible with Mailwatch if I switch. > Any clues? > > As best as I recall, MW uses a spamassassin command to retrieve > info. Since I just wiped my databases, I don't have a lot to lose, > and will give it a try. > > Thanks again, > > steve > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Steve > > no problems with MW, as you say MW just calls the SA command line > stuff which of course knows about the SDBM once you've configured it. > > When I moved to SDBM it was hugely faster and alot more reliable. > > -- > Martin Hepworth > Oxford, UK From maillists at conactive.com Wed Mar 24 15:31:24 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 24 15:31:33 2010 Subject: problem ./check_mailscanner In-Reply-To: References: Message-ID: Again: Can you confirm that version number please? Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Mar 24 15:31:24 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Mar 24 15:31:34 2010 Subject: Check spam when from and to are same. In-Reply-To: References: Message-ID: Santiago Hoyos wrote on Wed, 24 Mar 2010 09:10:04 -0500: > Any idea to solve this problem? This is becoming an FAQ. Please search this list and the SA list for several answers. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From ssilva at sgvwater.com Wed Mar 24 18:48:22 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 24 18:48:49 2010 Subject: AUTO: Andrew Chester is out of the office. (returning 2010/03/24) In-Reply-To: <223f97701003240152s7ac12032y4ecd164450ee9507@mail.gmail.com> References: <223f97701003240152s7ac12032y4ecd164450ee9507@mail.gmail.com> Message-ID: on 3-24-2010 1:52 AM Glenn Steen spake the following: > On 23 March 2010 17:01, Scott Silva wrote: >> OOPS... You violated his iron-clad disclaimer by reading the message. The >> internet police will be knocking soon at your door... >> > > Not only Alex door... You seem to have read it too...:-):-) > I, on the other hand, will be fine ... since I usse my ESP powers to > divine the content...:-D > > Cheers I laugh at the internet police!!! HA HA... Now for a Scotch and a Cubano!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/a84976b8/signature.bin From e.mink at remote.nl Wed Mar 24 19:39:08 2010 From: e.mink at remote.nl (Eric Mink) Date: Wed Mar 24 19:40:00 2010 Subject: Check spam when from and to are same. References: Message-ID: Or set up a spf txt record in your dns zone ________________________________ Van: mailscanner-bounces@lists.mailscanner.info namens Kai Schaetzl Verzonden: wo 24-3-2010 16:31 Aan: mailscanner@lists.mailscanner.info Onderwerp: Re: Check spam when from and to are same. Santiago Hoyos wrote on Wed, 24 Mar 2010 09:10:04 -0500: > Any idea to solve this problem? This is becoming an FAQ. Please search this list and the SA list for several answers. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/38c49d1c/attachment.html From e.mink at remote.nl Wed Mar 24 19:39:31 2010 From: e.mink at remote.nl (Eric Mink) Date: Wed Mar 24 19:41:45 2010 Subject: Check spam when from and to are same. References: Message-ID: Here is a wizard you can use http://old.openspf.org/wizard.html You can specify which mailserver can send mail with your domain. ________________________________ Van: mailscanner-bounces@lists.mailscanner.info namens Kai Schaetzl Verzonden: wo 24-3-2010 16:31 Aan: mailscanner@lists.mailscanner.info Onderwerp: Re: Check spam when from and to are same. Santiago Hoyos wrote on Wed, 24 Mar 2010 09:10:04 -0500: > Any idea to solve this problem? This is becoming an FAQ. Please search this list and the SA list for several answers. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100324/9c7e8f0c/attachment.html From micoots at yahoo.com Thu Mar 25 00:26:14 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 25 00:26:23 2010 Subject: SpamAssassin Rule Actions ignores Whitelist entries - BUG? Message-ID: <300108.29490.qm@web33303.mail.mud.yahoo.com> Hi, I've just discovered that the "SpamAssassin Rule Actions" seems to ignore whitelisted emails. As discussed in earlier posts, I have "SpamAssassin Rule Actions" set to: SpamAssassin Rule Actions = SpamScore>18=>not-store,not-deliver,forward highspam@domain.com However, even if the email is whitelisted (From or To addresses), if the whitelisted email has a score above 18, it _still_ goes through the rule above and gets emailed to highspam@domain.com For me this is a nasty bug as I ended up spam reporting emails that were destined to me from spam defending systems (like spamcop) and got my account suspended until it's fixed. Anyone else experienced this problem? I've actually had quite a bit of issues working with this "SpamAssassin Rule Actions" system (ie. it doesn't work through a rules files, the "not-store" still stores) so I'm not sure I should keep using it now. The MailScanner version I'm using is: mailscanner-4.79.11-1.noarch Michael. From micoots at yahoo.com Thu Mar 25 02:27:04 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 25 02:27:14 2010 Subject: MCP notifications when blocking Message-ID: <766954.49698.qm@web33307.mail.mud.yahoo.com> Hi, I have MCP enabled for a couple of domains. One of them has asked that: 1. emails "From" their domain that trigger an MCP block, generates a "notice" 2. that the notice goes to an email address they've provided Obviously so they can see if the message blocked from them by MCP is valid or not. I've spent quite some time trying to figure out how to do this but am not sure. Anyone have any suggestions? Michael. From uxbod at splatnix.net Thu Mar 25 08:08:06 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 25 08:08:30 2010 Subject: Problem Message Message-ID: <13412319.434.1269504486404.JavaMail.root@office.splatnix.net> Hi, Every hour I am receiving the following from our gateway: -------------------------------------------------- Archive: Number of messages: 1 Tries Message Last Tried ===== ======= ========== 6 533483988365.A3CD1 Wed Mar 24 22:45:07 2010 -------------------------------------------------- I have checked the /var/spool directory and that message is actually which the quarantine. Looking at the content I checked earlier alerts and indeed a virus was stopped with exactly the same content. For some reason it is not being removed from the Processing database. I am running MS 4.79.11. -- Thanks, Phil From glenn.steen at gmail.com Thu Mar 25 09:00:25 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 25 09:00:34 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <24467850.20.1269424770206.JavaMail.markus@cronlabworkstation1> References: <27612506.18.1269423714521.JavaMail.markus@cronlabworkstation1> <24467850.20.1269424770206.JavaMail.markus@cronlabworkstation1> Message-ID: <223f97701003250200q5903bd86v95974a905472bea6@mail.gmail.com> On 24 March 2010 10:59, Markus Nilsson wrote: > On 23 March 2010 17:07, Markus Nilsson wrote: >> Hi again, >> >> I've done a little bit of searching around in the source, enabled some debug prints etc, and can't find anywhere that the C-record metadata read from the original queuefile is edited. Am I missing something here, or is MailScanner ignoring any changes made to the mail in respect to size, and just lets the queue file keep its original C record? >> >> I would really need my postfix instance to give a correct estimation of the message size to the receiving mailserver when starting delivert since I am stripping away any large attachments, and the mails are quite smaller after being processed by MS! >> >> >> /BR >> Markus > > Hej Markus, > > Well... you might be right about the size thing, I haven't revisited > that part in a while (and don't really have time to do so either, > sorry). > The thing that stikes me as somewhat odd though ... is why you would > want to do anything like this...? I've alwasy kept my "max sizes" in > sync, to the best of my ability. That way I never _need_ anything like > that, since I've already rejected any message violating the message > size limit. > > That being said, it'd be a Good Thing if Jules could be persuaded to > take a look at the relevant code, or point you in the correct > direction (ie where the update of the C record is "hidden":-). > > Cheers > -- > -- Glenn > > > > Hej Glenn!, > > I want to do this because I don't reject the mail, I let it by with reduced > size. I am then able to let the recipient download the attachment seperatley. > In that way the message get through, and the attachment is retrievable, even > if the recipient (a server out of my control) has rules that would reject large > emails. But since it seems that my postfix instance believes that the email > has the original size, it reports that size to the receiving mail server, > which rejects it. > > I'm now into the Postfix.pm code, the sub PreDataString. > > I have successfully changed the C record to use $message->{size} as the message_size, > but since the postfix queue file format is "intentionally undocumented" (sigh) it is > hard to realize if I have ruined something else, I'm by no means sure what all fields mean... > > My code change, in Postfix.pm, PreDataString sub: > > ? ?foreach (@{$message->{metadata}}) { > ? ? ?/^(.)(.*)$/; > ? ? ?($type, $data) = ($1, $2); > ? ? ?$TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp > ? ? ?#print STDERR "PreData1 Type $type Data $data\n"; > + ? ? ?if($type eq 'C') > + ? ? ?{ > + ? ? ? ?if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) > + ? ? ? ?{ > + ? ? ? ? ?print STDERR "Size: " . $message->{size} . "\n"; > + ? ? ? ? ?print STDERR "Data: (" . $data . ")\n"; > + ? ? ? ? ?print STDERR "$1;$2;$3;$4\n"; > + ? ? ? ? ?print STDERR "" . $data ."\n"; > + ? ? ? ? ?$data = "" . $1 . $message->{size} . $2 . $message->{size}; > + ? ? ? ? ?print STDERR "" . $data . "\n"; > + ? ? ? ?} > + ? ? ? ?else > + ? ? ? ?{ > + ? ? ? ? ?print STDERR "No match (" . $data . ") Leaving as is\n"; > + ? ? ? ?} > ? ? ?} > > Please give me a hint if I should keep my hands off this code, or if this > could be safe. I'm thinking of setting a flag in the message struct to > tell if this change should be done or not, to only update the ones that > really needs it. > Well, since this should be done as late as possible (just before creating the new queue file), I sort of think you're at the right end. Again, I haven't got the time to even check this code with/for you (am in the middle of a big move ... work is relocating approximately 700 meters (Skeppsbron -> Regeringsgatan), but for all the work we need do... it could be on the other side of the planet:-)... I presume you have this running on a testbed, and that it isn't creating bad queue files? The overhead for that code would be marginal, so ... the check might actually cost you more that treating all alike:-). I would probably have "solved" this by a more ... fascist... method... simply mandating the message size limit to the customers. But then, I don't run any ISP or message cleaning service:-). Cheers -- -- Glenn > > BR/ > Markus > > >> ----- Original Message ----- >> From: "Markus Nilsson" >> To: mailscanner@lists.mailscanner.info >> Sent: tisdag, 23 mar 2010 10:53:07 >> Subject: Attachment stripping - wrong postfix message size >> >> Hi, >> >> I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for >> >> Maximum Attachment Size = >> >> I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. >> >> If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! >> >> Does postfix somehow approximate the message size? >> If so, is it possible to help postifix with this approximization? >> Or am I completely missing something else out? >> >> Any help greatly appreciated! >> >> BR >> Markus >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From markus at markusoft.se Thu Mar 25 09:29:56 2010 From: markus at markusoft.se (Markus Nilsson) Date: Thu Mar 25 09:30:07 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <223f97701003250200q5903bd86v95974a905472bea6@mail.gmail.com> Message-ID: <30176715.6.1269509392439.JavaMail.markus@cronlabworkstation1> On 24 March 2010 10:59, Markus Nilsson wrote: > On 23 March 2010 17:07, Markus Nilsson wrote: >> Hi again, >> >> I've done a little bit of searching around in the source, enabled some debug prints etc, and can't find anywhere that the C-record metadata read from the original queuefile is edited. Am I missing something here, or is MailScanner ignoring any changes made to the mail in respect to size, and just lets the queue file keep its original C record? >> >> I would really need my postfix instance to give a correct estimation of the message size to the receiving mailserver when starting delivert since I am stripping away any large attachments, and the mails are quite smaller after being processed by MS! >> >> >> /BR >> Markus > > Hej Markus, > > Well... you might be right about the size thing, I haven't revisited > that part in a while (and don't really have time to do so either, > sorry). > The thing that stikes me as somewhat odd though ... is why you would > want to do anything like this...? I've alwasy kept my "max sizes" in > sync, to the best of my ability. That way I never _need_ anything like > that, since I've already rejected any message violating the message > size limit. > > That being said, it'd be a Good Thing if Jules could be persuaded to > take a look at the relevant code, or point you in the correct > direction (ie where the update of the C record is "hidden":-). > > Cheers > -- > -- Glenn > > > > Hej Glenn!, > > I want to do this because I don't reject the mail, I let it by with reduced > size. I am then able to let the recipient download the attachment seperatley. > In that way the message get through, and the attachment is retrievable, even > if the recipient (a server out of my control) has rules that would reject large > emails. But since it seems that my postfix instance believes that the email > has the original size, it reports that size to the receiving mail server, > which rejects it. > > I'm now into the Postfix.pm code, the sub PreDataString. > > I have successfully changed the C record to use $message->{size} as the message_size, > but since the postfix queue file format is "intentionally undocumented" (sigh) it is > hard to realize if I have ruined something else, I'm by no means sure what all fields mean... > > My code change, in Postfix.pm, PreDataString sub: > > ? ?foreach (@{$message->{metadata}}) { > ? ? ?/^(.)(.*)$/; > ? ? ?($type, $data) = ($1, $2); > ? ? ?$TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp > ? ? ?#print STDERR "PreData1 Type $type Data $data\n"; > + ? ? ?if($type eq 'C') > + ? ? ?{ > + ? ? ? ?if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) > + ? ? ? ?{ > + ? ? ? ? ?print STDERR "Size: " . $message->{size} . "\n"; > + ? ? ? ? ?print STDERR "Data: (" . $data . ")\n"; > + ? ? ? ? ?print STDERR "$1;$2;$3;$4\n"; > + ? ? ? ? ?print STDERR "" . $data ."\n"; > + ? ? ? ? ?$data = "" . $1 . $message->{size} . $2 . $message->{size}; > + ? ? ? ? ?print STDERR "" . $data . "\n"; > + ? ? ? ?} > + ? ? ? ?else > + ? ? ? ?{ > + ? ? ? ? ?print STDERR "No match (" . $data . ") Leaving as is\n"; > + ? ? ? ?} > ? ? ?} > > Please give me a hint if I should keep my hands off this code, or if this > could be safe. I'm thinking of setting a flag in the message struct to > tell if this change should be done or not, to only update the ones that > really needs it. > Well, since this should be done as late as possible (just before creating the new queue file), I sort of think you're at the right end. Again, I haven't got the time to even check this code with/for you (am in the middle of a big move ... work is relocating approximately 700 meters (Skeppsbron -> Regeringsgatan), but for all the work we need do... it could be on the other side of the planet:-)... I presume you have this running on a testbed, and that it isn't creating bad queue files? The overhead for that code would be marginal, so ... the check might actually cost you more that treating all alike:-). I would probably have "solved" this by a more ... fascist... method... simply mandating the message size limit to the customers. But then, I don't run any ISP or message cleaning service:-). Cheers -- -- Glenn Hi again, Thanks for your input!, and yes I am running it now on a testbed, and it works very well. The size that I change to is not correct, but close enough for the receiver to not reject it. The code under test looks like this (tiny changes) foreach (@{$message->{metadata}}) { /^(.)(.*)$/; ($type, $data) = ($1, $2); $TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp #print STDERR "PreData1 Type $type Data $data\n"; > if($type eq 'C' and $message->{rewriteCHeader} eq 'y') > { > if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) > { > $data = "" . $1 . $message->{size} . $2 . $message->{size}; > } > } I added the rewriteCHeader-flag, just as a precaution if there is something wrong with my code, I will only affect messages that I removed attachments from. What are the chances on getting something like this into SVN? :) Good luck with the move! And hope Stockholm is as sunny as Gothenburg today :) BR /Markus > >> ----- Original Message ----- >> From: "Markus Nilsson" >> To: mailscanner@lists.mailscanner.info >> Sent: tisdag, 23 mar 2010 10:53:07 >> Subject: Attachment stripping - wrong postfix message size >> >> Hi, >> >> I'm having a problem with a custom function for attachment stripping based on total attachment size. The custom function is made for >> >> Maximum Attachment Size = >> >> I successfully return 1 if the summed size of all attachments are larger than my configured value, and -1 otherwise. The custom function also stores the attachments in a safe place for later retrieval. I then want MailScanner/postifx to deliver the stripped mail to the recipient(s). MailScanner seems to do it right, but for some reason when postfix delivers the mail to the receiving mail server, it reports the message size as it was before the stripping, so that server might reject the mail even though it really isn't that big. >> >> If I configure the mailserver to accept larger sizes, the received mail has the correct size (small, all attachments stripped), so the reported size by postfix is not correct! >> >> Does postfix somehow approximate the message size? >> If so, is it possible to help postifix with this approximization? >> Or am I completely missing something else out? >> >> Any help greatly appreciated! >> >> BR >> Markus >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From e.mink at remote.nl Thu Mar 25 11:10:14 2010 From: e.mink at remote.nl (Eric Mink) Date: Thu Mar 25 11:10:44 2010 Subject: Slackware 13 and Mailscanner References: <72cf361e1003231008w6f22922bxb416403e0b5eb8ab@mail.gmail.com> Message-ID: When i look in the maillog : cat /var/log/maillog | grep talk2denixx@hotmail.com Mar 24 13:31:15 ibox sm-mta[19741]: o2OCVEhU019741: from=, size=2328, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=snt0-omc1-s17.snt0.hotmail.com [65.55.90.28] Mar 24 13:31:18 ibox sm-mta[19752]: o2OCVIIK019752: to=, delay=00:00:00, mailer=esmtp, pri=34154, stat=queued Mar 24 13:31:22 ibox sendmail[19764]: o2OCVIIK019752: to=, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, pri=124154, relay=mx2.hotmail.com. [65.54.188.126], dsn=2.0.0, stat=Sent ( Queued mail for delivery) Mar 24 13:33:29 ibox sm-mta[19792]: o2OCXTAl019792: from=, size=2416, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA, relay=snt0-omc1-s30.snt0.hotmail.com [65.55.90.41] Mails in quarantaine are the ones that are listed in rbl`s Spamassassin doesn`t seem to do anything. Met vriendelijk groet, Eric Mink Remote IT - Services Pascalweg 1, Postbus 256 8000 AG Zwolle Telefoon: 038 - 428 44 44 Fax: 038 - 428 44 40 E-mail: servicedesk@remote.nl Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Martin Hepworth Verzonden: dinsdag 23 maart 2010 18:09 Aan: MailScanner discussion Onderwerp: Re: Slackware 13 and Mailscanner Anything in the logs that explain what's happening to a message in the quarantine. (also look at logging options - see the wiki for how to be verbose in the message headers etc). Martin On 23 March 2010 13:38, Eric Mink wrote: Hi all, I`ve installed Mailscanner on a Slackware 13 machine and looks like it`s working properly. Now the problem is that some mail are send to quarantine without a SA score. Has anybody experienced this before? Lint test is not giving any errors Kind regards, Eric Mink Remote IT - Services Pascalweg 1, Postbus 256 8000 AG Zwolle Telefoon: 038 - 428 44 44 Fax: 038 - 428 44 40 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100325/cea129da/attachment.html From maillists at conactive.com Thu Mar 25 11:31:48 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Mar 25 11:32:01 2010 Subject: SpamAssassin Rule Actions ignores Whitelist entries - BUG? In-Reply-To: <300108.29490.qm@web33303.mail.mud.yahoo.com> References: <300108.29490.qm@web33303.mail.mud.yahoo.com> Message-ID: Michael Mansour wrote on Wed, 24 Mar 2010 17:26:14 -0700 (PDT): > However, even if the email is whitelisted (From or To addresses), > if the whitelisted email has a score above 18, it _still_ goes through > the rule above and gets emailed to highspam@domain.com you are talking of MS whitelisting, right? It works that way that whitelisted mail still gets spamchecked, it's just not used as a spam qualifier. This must have some historic reason, e.g. it was the easiest way to implement it and leave other stuff untouched. If you do not want to have the message "scored" you have to put it on the no scan list. However, this also excludes it from virus scanning. Maybe that's a temp solution for you? It makes sense to not use existing scores for whitelisted mail in the rule actions I suppose. But it's also possible that someone else then comes along and says he needs it ;-) I think the most convincing way would still be to stop spam-checking for whitelisted mail. It's just extra unnecessary cycles. Now, with virus and spam-checking order reversed that might be easier? Just speculating. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From maxsec at gmail.com Thu Mar 25 12:13:34 2010 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Mar 25 12:13:43 2010 Subject: Slackware 13 and Mailscanner In-Reply-To: References: <72cf361e1003231008w6f22922bxb416403e0b5eb8ab@mail.gmail.com> Message-ID: <72cf361e1003250513l747ea7c1ya22aee730e78771a@mail.gmail.com> Erik I see something missing - no mailscanner logs at all.. On 25 March 2010 11:10, Eric Mink wrote: > When i look in the maillog : > > > > cat /var/log/maillog | grep talk2denixx@hotmail.com > > Mar 24 13:31:15 ibox sm-mta[19741]: o2OCVEhU019741: from=< > talk2denixx@hotmail.com>, size=2328, class=0, nrcpts=1, > msgid=, proto=ESMTP, > daemon=MTA, relay=snt0-omc1-s17.snt0.hotmail.com [65.55.90.28] > > Mar 24 13:31:18 ibox sm-mta[19752]: o2OCVIIK019752: to=< > talk2denixx@hotmail.com>, delay=00:00:00, mailer=esmtp, pri=34154, > stat=queued > > Mar 24 13:31:22 ibox sendmail[19764]: o2OCVIIK019752: to=< > talk2denixx@hotmail.com>, delay=00:00:04, xdelay=00:00:01, mailer=esmtp, > pri=124154, relay=mx2.hotmail.com. [65.54.188.126], dsn=2.0.0, stat=Sent ( > Queued mail for delivery) > > Mar 24 13:33:29 ibox sm-mta[19792]: o2OCXTAl019792: from=< > talk2denixx@hotmail.com>, size=2416, class=0, nrcpts=1, > msgid=, proto=ESMTP, > daemon=MTA, relay=snt0-omc1-s30.snt0.hotmail.com [65.55.90.41] > > > > Mails in quarantaine are the ones that are listed in rbl`s > > > > Spamassassin doesn`t seem to do anything. > > > > *Met vriendelijk groet,* > > * * > > *Eric Mink*** > > > > *Remote IT - Services* > > Pascalweg 1, Postbus 256 > > 8000 AG Zwolle > > > > *Telefoon:* 038 - 428 44 44 > > *Fax:* 038 - 428 44 40 > > *E-mail:* servicedesk@remote.nl > > > > *Van:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *Namens *Martin Hepworth > *Verzonden:* dinsdag 23 maart 2010 18:09 > *Aan:* MailScanner discussion > *Onderwerp:* Re: Slackware 13 and Mailscanner > > > > Anything in the logs that explain what's happening to a message in the > quarantine. (also look at logging options - see the wiki for how to be > verbose in the message headers etc). > > Martin > > On 23 March 2010 13:38, Eric Mink wrote: > > Hi all, > > > > I`ve installed Mailscanner on a Slackware 13 machine and looks like it`s > working properly. > > > > Now the problem is that some mail are send to quarantine without a SA > score. Has anybody experienced this before? > > > > Lint test is not giving any errors > > > > > > *Kind regards,* > > * * > > *Eric Mink* > > > > *Remote IT - Services* > > Pascalweg 1, Postbus 256 > > 8000 AG Zwolle > > > > *Telefoon:* 038 - 428 44 44 > > *Fax:* 038 - 428 44 40 > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Martin Hepworth > Oxford, UK > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100325/b47a3690/attachment.html From campbell at cnpapers.com Thu Mar 25 15:33:34 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Mar 25 15:33:49 2010 Subject: Old age hits again - can't remember or find how to test a user... Message-ID: <4BAB824E.40204@cnpapers.com> Sorry to say all, I'm trying to find out why a user in the whitelist rule file wasn't whitelisted, and I can't remember how to test a user by command line to verify they should be whitelisted. Not able to find it in the wiki either since I must not be typing the right stuff. Can someone please tell me the format I use to do this from the command line? Thanks Steve Campbell From campbell at cnpapers.com Thu Mar 25 17:24:52 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Thu Mar 25 17:25:08 2010 Subject: Old age hits again - can't remember or find how to test a user... In-Reply-To: <4BAB824E.40204@cnpapers.com> References: <4BAB824E.40204@cnpapers.com> Message-ID: <4BAB9C64.7040107@cnpapers.com> Clarification: I'm trying to determine if MS deems a sending email address as whitelisted. There was a way to enter a set of parameters which you wanted to test from the command line, and the result would be what value MS would return for those parameters. Anyone remember this? Man, that first post was about as clear as mud. Sorry. steve Steve Campbell wrote: > Sorry to say all, I'm trying to find out why a user in the whitelist > rule file wasn't whitelisted, and I can't remember how to test a user > by command line to verify they should be whitelisted. Not able to find > it in the wiki either since I must not be typing the right stuff. > > Can someone please tell me the format I use to do this from the > command line? > > > Thanks > > Steve Campbell > From ssilva at sgvwater.com Thu Mar 25 18:19:06 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 25 18:19:30 2010 Subject: Problem Message In-Reply-To: <13412319.434.1269504486404.JavaMail.root@office.splatnix.net> References: <13412319.434.1269504486404.JavaMail.root@office.splatnix.net> Message-ID: on 3-25-2010 1:08 AM --[ UxBoD ]-- spake the following: > Hi, > > Every hour I am receiving the following from our gateway: > > -------------------------------------------------- > Archive: > > Number of messages: 1 > Tries Message Last Tried > ===== ======= ========== > 6 533483988365.A3CD1 Wed Mar 24 22:45:07 2010 > -------------------------------------------------- > > I have checked the /var/spool directory and that message is actually which the quarantine. Looking at the content I checked earlier alerts and indeed a virus was stopped with exactly the same content. > > For some reason it is not being removed from the Processing database. I am running MS 4.79.11. > I don't think they will get removed... They stay until you flush the database by deleting and restarting -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100325/cf23f0c1/signature.bin From uxbod at splatnix.net Thu Mar 25 18:31:06 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 25 18:31:29 2010 Subject: Problem Message In-Reply-To: Message-ID: <671223.453.1269541866398.JavaMail.root@office.splatnix.net> ----- "Scott Silva" wrote: > on 3-25-2010 1:08 AM --[ UxBoD ]-- spake the following: > > Hi, > > > > Every hour I am receiving the following from our gateway: > > > > -------------------------------------------------- > > Archive: > > > > Number of messages: 1 > > Tries Message Last Tried > > ===== ======= ========== > > 6 533483988365.A3CD1 Wed Mar 24 22:45:07 2010 > > -------------------------------------------------- > > > > I have checked the /var/spool directory and that message is actually > which the quarantine. Looking at the content I checked earlier alerts > and indeed a virus was stopped with exactly the same content. > > > > For some reason it is not being removed from the Processing > database. I am running MS 4.79.11. > > > I don't think they will get removed... They stay until you flush the > database > by deleting and restarting > > Hi Scott, Would you class this as a bug then ? If the message has been quarantined then I would believe it should be removed from the database. -- Thanks, Phil From dgottsc at emory.edu Thu Mar 25 19:18:16 2010 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Mar 25 19:19:20 2010 Subject: Scam Nailer - False Postives Message-ID: Is anyone getting false positive hits while using ScamNailer? It seems that a ScamNailer rule triggered on a email; however, none of the addresses listed in the ScamNailer script output are in the email's body or header fields. Any ideas what could cause this? Thanks. David Gottschalk UTS Email team david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From ssilva at sgvwater.com Thu Mar 25 19:56:39 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 25 19:57:01 2010 Subject: Problem Message In-Reply-To: <671223.453.1269541866398.JavaMail.root@office.splatnix.net> References: <671223.453.1269541866398.JavaMail.root@office.splatnix.net> Message-ID: on 3-25-2010 11:31 AM --[ UxBoD ]-- spake the following: > ----- "Scott Silva" wrote: >> database. I am running MS 4.79.11. >> I don't think they will get removed... They stay until you flush the >> database >> by deleting and restarting >> >> > Hi Scott, > > Would you class this as a bug then ? If the message has been quarantined then I would believe it should be removed from the database. I think it is a bug, and hope it gets fixed, but I just work around it right now. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100325/6100aad0/signature.bin From ssilva at sgvwater.com Thu Mar 25 19:57:31 2010 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 25 20:00:15 2010 Subject: Old age hits again - can't remember or find how to test a user... In-Reply-To: <4BAB9C64.7040107@cnpapers.com> References: <4BAB824E.40204@cnpapers.com> <4BAB9C64.7040107@cnpapers.com> Message-ID: on 3-25-2010 10:24 AM Steve Campbell spake the following: > Clarification: > > I'm trying to determine if MS deems a sending email address as > whitelisted. There was a way to enter a set of parameters which you > wanted to test from the command line, and the result would be what value > MS would return for those parameters. > > Anyone remember this? > > Man, that first post was about as clear as mud. Sorry. > > steve > > Steve Campbell wrote: >> Sorry to say all, I'm trying to find out why a user in the whitelist >> rule file wasn't whitelisted, and I can't remember how to test a user >> by command line to verify they should be whitelisted. Not able to find >> it in the wiki either since I must not be typing the right stuff. >> >> Can someone please tell me the format I use to do this from the >> command line? >> >> >> Thanks >> >> Steve Campbell >> > I knew what you meant, but couldn't answer it, so I kept my mouth shut. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100325/5ed41adf/signature.bin From micoots at yahoo.com Thu Mar 25 20:19:00 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 25 20:19:10 2010 Subject: SpamAssassin Rule Actions ignores Whitelist entries - BUG? In-Reply-To: Message-ID: <634044.22831.qm@web33307.mail.mud.yahoo.com> Hi, --- On Thu, 25/3/10, Kai Schaetzl wrote: > From: Kai Schaetzl > Subject: Re: SpamAssassin Rule Actions ignores Whitelist entries - BUG? > To: mailscanner@lists.mailscanner.info > Received: Thursday, 25 March, 2010, 10:31 PM > Michael Mansour wrote on Wed, 24 Mar > 2010 17:26:14 -0700 (PDT): > > > However, even if the email is whitelisted (From or To > addresses), > > if the whitelisted email has a score above 18, it > _still_ goes through > > the rule above and gets emailed to highspam@domain.com > > you are talking of MS whitelisting, right? It works that Yes, the whitelist entries are obtained from both MailScanner and MailWatch. > way that > whitelisted mail still gets spamchecked, it's just not used > as a spam > qualifier. This must have some historic reason, e.g. it was > the easiest > way to implement it and leave other stuff untouched. If you Yeah, that may have made sense historically before the "SpamAssassin Rule Actions" was implemented recently, now though it doesn't really make sense since a whitelist entry should mean that whatever checks done on that message thereafter have no effect on it. > do not want to > have the message "scored" you have to put it on the no scan > list. However, > this also excludes it from virus scanning. Maybe that's a > temp solution > for you? Ok, I'll look into that now and see if I can find the option for it. Thank. > It makes sense to not use existing scores for whitelisted > mail in the rule > actions I suppose. But it's also possible that someone else > then comes > along and says he needs it ;-) I recognise the smiley, but I can't see much point in that honestly. But if that was the case, another option could be added to MailScanner to allow the admin to turn that on or off or make it part of a ruleset. > I think the most convincing way would still be to stop > spam-checking for > whitelisted mail. It's just extra unnecessary cycles. Now, > with virus and > spam-checking order reversed that might be easier? Just > speculating. Yes I agree. Does Jules still read this mailing list? I don't see him post much these days, well at least not like he used to. Thanks. Michael. > Kai > > -- > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From micoots at yahoo.com Thu Mar 25 20:37:49 2010 From: micoots at yahoo.com (Michael Mansour) Date: Thu Mar 25 20:37:59 2010 Subject: Old age hits again - can't remember or find how to test a user... In-Reply-To: <4BAB9C64.7040107@cnpapers.com> Message-ID: <212265.83968.qm@web33304.mail.mud.yahoo.com> Hi, --- On Fri, 26/3/10, Steve Campbell wrote: > From: Steve Campbell > Subject: Re: Old age hits again - can't remember or find how to test a user... > To: "MailScanner discussion" > Received: Friday, 26 March, 2010, 4:24 AM > Clarification: > > I'm trying to determine if MS deems a sending email address > as whitelisted. There was a way to enter a set of parameters > which you wanted to test from the command line, and the > result would be what value MS would return for those > parameters. Maybe this helps? # MailScanner --help Usage: MailScanner [ -h|-v|--debug|--debug-sa|--lint ] | [ --processing | --processing= ] | [ -c|--changed ] | [ --id= ] | [ --inqueuedir= ] | [--value= --from= --to=, --to=, ...] --ip=, --virus= ] Michael. > Anyone remember this? > > Man, that first post was about as clear as mud. Sorry. > > steve > > Steve Campbell wrote: > > Sorry to say all, I'm trying to find out why a user in > the whitelist rule file wasn't whitelisted, and I can't > remember how to test a user by command line to verify they > should be whitelisted. Not able to find it in the wiki > either since I must not be typing the right stuff. > > > > Can someone please tell me the format I use to do this > from the command line? > > > > > > Thanks > > > > Steve Campbell > > > > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! From uxbod at splatnix.net Thu Mar 25 22:28:27 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 25 22:29:00 2010 Subject: Problem Message In-Reply-To: Message-ID: <10725466.465.1269556107687.JavaMail.root@office.splatnix.net> ----- "Scott Silva" wrote: > on 3-25-2010 11:31 AM --[ UxBoD ]-- spake the following: > > ----- "Scott Silva" wrote: > > >> database. I am running MS 4.79.11. > >> I don't think they will get removed... They stay until you flush > the > >> database > >> by deleting and restarting > >> > >> > > Hi Scott, > > > > Would you class this as a bug then ? If the message has been > quarantined then I would believe it should be removed from the > database. > I think it is a bug, and hope it gets fixed, but I just work around it > right now. > Will have a look at the code tomorrow then; it has been a while :) Hopefully give Jules a bit of a rest. -- Thanks, Phil From uxbod at splatnix.net Fri Mar 26 07:50:57 2010 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Mar 26 07:51:23 2010 Subject: Problem Message In-Reply-To: <10513139.476.1269589853148.JavaMail.root@office.splatnix.net> Message-ID: <17848950.479.1269589857370.JavaMail.root@office.splatnix.net> ----- "--[ UxBoD ]--" wrote: > ----- "Scott Silva" wrote: > > > on 3-25-2010 11:31 AM --[ UxBoD ]-- spake the following: > > > ----- "Scott Silva" wrote: > > > > >> database. I am running MS 4.79.11. > > >> I don't think they will get removed... They stay until you flush > > the > > >> database > > >> by deleting and restarting > > >> > > >> > > > Hi Scott, > > > > > > Would you class this as a bug then ? If the message has been > > quarantined then I would believe it should be removed from the > > database. > > I think it is a bug, and hope it gets fixed, but I just work around > it > > right now. > > > Will have a look at the code tomorrow then; it has been a while :) > Hopefully give Jules a bit of a rest. Well as the email actually said that is the messages in the processing archive; DOH! Anyway, unless you want to keep receiving notifications when MailScanner periodically restarts itself, and you have already dealt with the messages then I have created a patch for MS 4.79.11. A new option has been added called --delete-archive which connects to the SQLite database and deletes the rows from the Archive table. This saves having to stop MS, delete the DB, and then start MS back up again. -- Thanks, Phil -------------- next part -------------- A non-text attachment was scrubbed... Name: MSDeleteArchive.patch Type: text/x-patch Size: 2706 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100326/c0537186/MSDeleteArchive.bin From lingping.zeng at qq.com Fri Mar 26 10:00:56 2010 From: lingping.zeng at qq.com (=?ISO-8859-1?B?TGluZ1BpbmcgWmVuZw==?=) Date: Fri Mar 26 10:01:26 2010 Subject: Undefined subroutine &MailScanner::Config::ProcessYesNO called at /usr/lib/MailScanner/MailScanner/Config.pm line 2155. Message-ID: Hi sir, Configured mailwatch, restarted mailscanner, the following error and can not send mail, e-mail all in the queue(at /var/spool/postfix/hold/) tail -n 3 /var/log/maillog: Mar 26 17:54:09 mx01 MailScanner[23760]: MailScanner E-Mail Virus Scanner version 4.79.11 starting... Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file /etc/MailScanner/MailScanner.conf Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file /etc/MailScanner/conf.d/README # service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming postfix: [ OK ] outgoing postfix: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Undefined subroutine &MailScanner::Config::ProcessYesNO called at /usr/lib/MailScanner/MailScanner/Config.pm line 2155. ------------------ Best Regards & Thanks. LingPing Zeng http://blog.sina.com.cn/zenglingping -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100326/33424bf6/attachment.html From glenn.steen at gmail.com Fri Mar 26 11:36:37 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 26 11:36:45 2010 Subject: Attachment stripping - wrong postfix message size In-Reply-To: <30176715.6.1269509392439.JavaMail.markus@cronlabworkstation1> References: <223f97701003250200q5903bd86v95974a905472bea6@mail.gmail.com> <30176715.6.1269509392439.JavaMail.markus@cronlabworkstation1> Message-ID: <223f97701003260436i1123480ds62e3b17c535dd570@mail.gmail.com> On 25 March 2010 10:29, Markus Nilsson wrote: (snip) > > Hi again, > > Thanks for your input!, and yes I am running it now on a testbed, and > it works very well. The size that I change to is not correct, but close > enough for the receiver to not reject it. > Hm. That needs to be fixed then... Can't have half-measures:-). I would think that many do it as I, that is: see to it that the "first hurdle" is the tightest squeeze (to mix metaphores:-). So that might explain why such a discrepancy would go undetected for ... quite a long while:-). > The code under test looks like this (tiny changes) > > ? ? ?foreach (@{$message->{metadata}}) { > ? ? ? ?/^(.)(.*)$/; > ? ? ? ?($type, $data) = ($1, $2); > ? ? ? ?$TimestampFound++ if $type eq 'T'; # Must only ever have 1 timestamp > ? ? ? ?#print STDERR "PreData1 Type $type Data $data\n"; >> ? ? ? if($type eq 'C' and $message->{rewriteCHeader} eq 'y') >> ? ? ? { >> ? ? ? ? if ($data =~ m/(\D+)\d+(\D+\d+\D+\d+\D+\d+\D+)\d+/) >> ? ? ? ? { >> ? ? ? ? ? ? $data = "" . $1 . $message->{size} . $2 . $message->{size}; >> ? ? ? ? } >> ? ? ? } > > I added the rewriteCHeader-flag, just as a precaution if there is something wrong > with my code, I will only affect messages that I removed attachments from. > Ok. Might make sense where you're at, perhaps not if we make a more ... correct... change:-). I still can't promise you any time, and would really love ofr someone else to take a look (preferably Jules)... But I will try make the time, if noone else steps up. Don't hold your breath though;-). > What are the chances on getting something like this into SVN? :) Jules usually accept clean context-diff patches, or well laid arguments for how something should be done... It's his prerogative to choose to include/decline anything though. > > Good luck with the move! And hope Stockholm is as sunny as Gothenburg today :) > Well need all the luck we can get. In a "pre-move move", kind of like a 15-puzzle manouver to free up some equipment, we lost our SecurID server earlier this week to the infamous "stiktion problem"... and a combo with bad replicas... Sigh. Whatever more will go off to the bitbucket in the sky/netherworld? Oh well. The weather is at least acceptable (no rain/snow, some glimpses of sun and about 2 degrees C...:). > BR > /Markus > (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From campbell at cnpapers.com Fri Mar 26 11:47:39 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Mar 26 11:47:57 2010 Subject: Old age hits again - can't remember or find how to test a user... In-Reply-To: <212265.83968.qm@web33304.mail.mud.yahoo.com> References: <212265.83968.qm@web33304.mail.mud.yahoo.com> Message-ID: <4BAC9EDB.2020608@cnpapers.com> Michael, Thanks, I believe that's what I needed. I tried "man" and a few other things, but didn't think to try "help". steve Michael Mansour wrote: > Hi, > > --- On Fri, 26/3/10, Steve Campbell wrote: > > >> From: Steve Campbell >> Subject: Re: Old age hits again - can't remember or find how to test a user... >> To: "MailScanner discussion" >> Received: Friday, 26 March, 2010, 4:24 AM >> Clarification: >> >> I'm trying to determine if MS deems a sending email address >> as whitelisted. There was a way to enter a set of parameters >> which you wanted to test from the command line, and the >> result would be what value MS would return for those >> parameters. >> > > Maybe this helps? > > # MailScanner --help > Usage: > MailScanner [ -h|-v|--debug|--debug-sa|--lint ] | > [ --processing | --processing= ] | > [ -c|--changed ] | > [ --id= ] | > [ --inqueuedir= ] | > [--value= --from= > --to=, --to=, ...] > --ip=, --virus= ] > > > Michael. > > >> Anyone remember this? >> >> Man, that first post was about as clear as mud. Sorry. >> >> steve >> >> Steve Campbell wrote: >> >>> Sorry to say all, I'm trying to find out why a user in >>> >> the whitelist rule file wasn't whitelisted, and I can't >> remember how to test a user by command line to verify they >> should be whitelisted. Not able to find it in the wiki >> either since I must not be typing the right stuff. >> >>> Can someone please tell me the format I use to do this >>> >> from the command line? >> >>> Thanks >>> >>> Steve Campbell >>> >>> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the >> website! >> > > > > From glenn.steen at gmail.com Fri Mar 26 12:33:21 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 26 12:33:30 2010 Subject: MCP notifications when blocking In-Reply-To: <766954.49698.qm@web33307.mail.mud.yahoo.com> References: <766954.49698.qm@web33307.mail.mud.yahoo.com> Message-ID: <223f97701003260533j1624a9a0g88b24030d19eeea@mail.gmail.com> On 25 March 2010 03:27, Michael Mansour wrote: > Hi, > > I have MCP enabled for a couple of domains. > > One of them has asked that: > > 1. emails "From" their domain that trigger an MCP block, generates a "notice" > > 2. that the notice goes to an email address they've provided > > Obviously so they can see if the message blocked from them by MCP is valid or not. > > I've spent quite some time trying to figure out how to do this but am not sure. > > Anyone have any suggestions? > > Michael. > I think you could reach better results, and way more flexibility, with the newer SA rule hit actions. Having said that, what they want is a "forward someone@somewhe.re", right? Don't the MCP actions support that? I sure thought they did... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Mar 26 12:44:20 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 26 12:44:29 2010 Subject: Slackware 13 and Mailscanner In-Reply-To: References: <72cf361e1003231008w6f22922bxb416403e0b5eb8ab@mail.gmail.com> Message-ID: <223f97701003260544v3baff933u5fbb5f8d1de8815e@mail.gmail.com> On 25 March 2010 12:10, Eric Mink wrote: > When i look in the maillog : > > > > cat /var/log/maillog | grep talk2denixx@hotmail.com > (snip) What makes you think "grep" is the proper maillog analysis tool? It is not. For this, use your eyes, intellect and a good pager, like "less"... Then follow the ID (not some email address) through the logs. It is the MailScanner log entries that would be interresting. There are a number of functions that would lead to "spam tagging" without involving SA... RBLs used in MailScanner (just use one, at the most two... after that, it is better to use SA (parallell lookups) than MS (serial lookups)), failed watermarks ... The logs might actually tell you;-). Or, if you've implemented MailWatch... that will surely include anough clues in the detail page for the message;-). > > > Mails in quarantaine are the ones that are listed in rbl`s > Yes. And _where_ do you check them? In MS? > > > Spamassassin doesn`t seem to do anything. > Well, you might have set things so that if it is already marked as spam, you simply don't run SA on it... MS is a versatile and _very_ configurable tool... lots of ways of shooting ones foot to smithereens;-):-) > > > Met vriendelijk groet, > > > > Eric Mink Cheers-- -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Mar 26 13:06:08 2010 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 26 13:06:16 2010 Subject: Undefined subroutine &MailScanner::Config::ProcessYesNO called at /usr/lib/MailScanner/MailScanner/Config.pm line 2155. In-Reply-To: References: Message-ID: <223f97701003260606k6cebf6edud0c816ef15d12ebe@mail.gmail.com> On 26 March 2010 11:00, LingPing Zeng wrote: > Hi sir, > > Configured mailwatch, restarted mailscanner, the following error and can not > send mail, e-mail all in the queue(at /var/spool/postfix/hold/) > > tail -n 3 /var/log/maillog: > Mar 26 17:54:09 mx01 MailScanner[23760]: MailScanner E-Mail Virus Scanner > version 4.79.11 starting... > Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file > /etc/MailScanner/MailScanner.conf > Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file > /etc/MailScanner/conf.d/README > > # service MailScanner restart > Shutting down MailScanner daemons: > ???????? MailScanner:?????? [FAILED] > ???????? incoming postfix: [? OK? ] > ???????? outgoing postfix: [? OK? ] > Waiting for MailScanner to die gracefully? dead. > Starting MailScanner daemons: > ???????? incoming postfix: [? OK? ] > ???????? outgoing postfix: [? OK? ] > ???????? MailScanner: > Undefined subroutine &MailScanner::Config::ProcessYesNO called at > /usr/lib/MailScanner/MailScanner/Config.pm line 2155. > > ------------------ > > Best Regards & Thanks. > > LingPing Zeng > > http://blog.sina.com.cn/zenglingping > Most likely... is that you've botched your MailWatch.pm file, somehow... Perhaps used a windoze editor on it, or simply removed some ";" you shouldn't have. Check it with "perl -wc /path/to/MailWatch.pm". Perhaps you followed some outdated instructions on how to include MailWatch.pm in MailScanner, in which case you likely have just botched the Config.pm edit (that you no longer should have done... if ever!). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From lingping.zeng at qq.com Sat Mar 27 09:01:56 2010 From: lingping.zeng at qq.com (=?ISO-8859-1?B?TGluZ1BpbmcgWmVuZw==?=) Date: Sat Mar 27 09:02:23 2010 Subject: Undefined subroutine &MailScanner::Config::ProcessYesNO calledat /usr/lib/MailScanner/MailScanner/Config.pm line 2155. Message-ID: Hi Cheers: Thanks for you helps. I have used the VM installed a new CentOS, in the same environment to re-configured again, did not find the same problem, and then MailScanner.conf and Config.pm scp to a host in question, restart MailScanner OK. ------------------ Best Regards & Thanks. LingPing Zeng ------------------ Original ------------------ From: "Glenn Steen"; Date: Fri, Mar 26, 2010 09:06 PM To: "MailScanner discussion"; Subject: Re: Undefined subroutine &MailScanner::Config::ProcessYesNO calledat /usr/lib/MailScanner/MailScanner/Config.pm line 2155. On 26 March 2010 11:00, LingPing Zeng wrote: > Hi sir, > > Configured mailwatch, restarted mailscanner, the following error and can not > send mail, e-mail all in the queue(at /var/spool/postfix/hold/) > > tail -n 3 /var/log/maillog: > Mar 26 17:54:09 mx01 MailScanner[23760]: MailScanner E-Mail Virus Scanner > version 4.79.11 starting... > Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file > /etc/MailScanner/MailScanner.conf > Mar 26 17:54:09 mx01 MailScanner[23760]: Reading configuration file > /etc/MailScanner/conf.d/README > > # service MailScanner restart > Shutting down MailScanner daemons: > ???????? MailScanner:?????? [FAILED] > ???????? incoming postfix: [? OK? ] > ???????? outgoing postfix: [? OK? ] > Waiting for MailScanner to die gracefully? dead. > Starting MailScanner daemons: > ???????? incoming postfix: [? OK? ] > ???????? outgoing postfix: [? OK? ] > ???????? MailScanner: > Undefined subroutine &MailScanner::Config::ProcessYesNO called at > /usr/lib/MailScanner/MailScanner/Config.pm line 2155. > > ------------------ > > Best Regards & Thanks. > > LingPing Zeng > > http://blog.sina.com.cn/zenglingping > Most likely... is that you've botched your MailWatch.pm file, somehow... Perhaps used a windoze editor on it, or simply removed some ";" you shouldn't have. Check it with "perl -wc /path/to/MailWatch.pm". Perhaps you followed some outdated instructions on how to include MailWatch.pm in MailScanner, in which case you likely have just botched the Config.pm edit (that you no longer should have done... if ever!). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100327/6e22b560/attachment.html From bttterceira at net.sapo.pt Sat Mar 27 17:20:53 2010 From: bttterceira at net.sapo.pt (Ludgero Parreira) Date: Sat Mar 27 17:21:12 2010 Subject: HTML SPAM Message-ID: Hi all, every html mail going IN or OUT the server gets blocked by MailScanner, says it has found the message to be spam. I have checked to see if: perl -MHTML::Tagset -e 1 perl -MHTML::Parser -e 1 are installed, and they are. I have deleted spamassassin *.cf rules and also stopped spamassassin no luck. So I guess for some reason MailScanner won't accept html emails. I have double checked my MailScanner.conf and can't find a reason, anyone could help ? Tks in Advance. Ludgero Parreira From Garrod.Alwood at lorodoes.com Sat Mar 27 17:29:21 2010 From: Garrod.Alwood at lorodoes.com (Garrod M. Alwood) Date: Sat Mar 27 17:36:08 2010 Subject: HTML SPAM Message-ID: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> Look at the dangerous message part of mailscanner.conf Ludgero Parreira wrote: Hi all, every html mail going IN or OUT the server gets blocked by MailScanner, says it has found the message to be spam. I have checked to see if: perl -MHTML::Tagset -e 1 perl -MHTML::Parser -e 1 are installed, and they are. I have deleted spamassassin *.cf rules and also stopped spamassassin no luck. So I guess for some reason MailScanner won't accept html emails. I have double checked my MailScanner.conf and can't find a reason, anyone could help ? Tks in Advance. Ludgero Parreira -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bttterceira at net.sapo.pt Sat Mar 27 18:32:02 2010 From: bttterceira at net.sapo.pt (Ludgero Parreira) Date: Sat Mar 27 18:32:17 2010 Subject: HTML SPAM In-Reply-To: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> Message-ID: Hi, I don't see that option on MailScanner.conf ? Tks Ludgero Parreira On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood wrote: > dangerous -- A utilizar o cliente de correio revolucion?rio da Opera: http://www.opera.com/mail/ From mikael at syska.dk Sat Mar 27 20:51:40 2010 From: mikael at syska.dk (Mikael Syska) Date: Sat Mar 27 20:51:54 2010 Subject: HTML SPAM In-Reply-To: References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> Message-ID: <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> Hi, On Sat, Mar 27, 2010 at 7:32 PM, Ludgero Parreira wrote: > Hi, > > I don't see that option on MailScanner.conf ? Is that a question or a fact ? ... :-) But a good place to look would be in the Logs ... and see why MailScanner discarded the mail And I would probably set: Log Dangerous HTML Tags = yes and probably some more options ... MS Version ? > > Tks > Ludgero Parreira > > > On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood > wrote: > >> dangerous > > > -- > A utilizar o cliente de correio revolucion?rio da Opera: > http://www.opera.com/mail/ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! mvh From micoots at yahoo.com Sat Mar 27 22:05:24 2010 From: micoots at yahoo.com (Michael Mansour) Date: Sat Mar 27 22:05:34 2010 Subject: MCP notifications when blocking In-Reply-To: <223f97701003260533j1624a9a0g88b24030d19eeea@mail.gmail.com> Message-ID: <457620.77011.qm@web33302.mail.mud.yahoo.com> Hi Glenn, > > Hi, > > > > I have MCP enabled for a couple of domains. > > > > One of them has asked that: > > > > 1. emails "From" their domain that trigger an MCP > block, generates a "notice" > > > > 2. that the notice goes to an email address they've > provided > > > > Obviously so they can see if the message blocked from > them by MCP is valid or not. > > > > I've spent quite some time trying to figure out how to > do this but am not sure. > > > > Anyone have any suggestions? > > > > Michael. > > > I think you could reach better results, and way more > flexibility, with > the newer SA rule hit actions. Having said that, what they I realise this but if you read some posts from me over the last few weeks on this list I've had very poor results from the SA rule hit actions with no real fixes to make it work properly. For example, I can't use a rules file for it, I can't tell it to perform certain actions based on the SA score, etc. It sounds good in theory but in practice I haven't been able to make it work as advertised. > want is a > "forward someone@somewhe.re", > right? Don't the MCP actions support > that? I sure thought they did... That's not really what they want no. What they want is a notification when something is blocked, like the sender or recipient reports in MailScanner, not the actual message that was blocked being forwarded to them. This is getting all way too hard :) Michael. > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < > dot > com > work: glenn < dot > steen < at > ap1 < dot > > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > From bttterceira at net.sapo.pt Sun Mar 28 10:49:03 2010 From: bttterceira at net.sapo.pt (Ludgero Parreira) Date: Sun Mar 28 11:49:23 2010 Subject: HTML SPAM In-Reply-To: <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> Message-ID: Hi Mikael Syska, tks for the reply. I already tried to log the html, but no luck, It does not log that. MailScanner is login to maillog but nothing about html. Is there a way to turn off html checking ? tks Ludgero Parreira On Sat, 27 Mar 2010 20:51:40 -0000, Mikael Syska wrote: > Hi, > > On Sat, Mar 27, 2010 at 7:32 PM, Ludgero Parreira > wrote: >> Hi, >> >> I don't see that option on MailScanner.conf ? > > Is that a question or a fact ? ... :-) > > But a good place to look would be in the Logs ... and see why > MailScanner discarded the mail > > And I would probably set: > Log Dangerous HTML Tags = yes > > and probably some more options ... > > MS Version ? > >> >> Tks >> Ludgero Parreira >> >> >> On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood >> wrote: >> >>> dangerous >> >> >> -- >> A utilizar o cliente de correio revolucion?rio da Opera: >> http://www.opera.com/mail/ >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > mvh > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- A utilizar o cliente de correio revolucion?rio da Opera: http://www.opera.com/mail/ From bttterceira at net.sapo.pt Sun Mar 28 11:21:31 2010 From: bttterceira at net.sapo.pt (Ludgero Parreira) Date: Sun Mar 28 12:21:47 2010 Subject: HTML SPAM In-Reply-To: References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> Message-ID: hi all, I have resolved, it was some spamassassin rules that were being triggered. tks for the help. Ludgero Parreira On Sun, 28 Mar 2010 10:49:03 +0100, Ludgero Parreira wrote: > Hi Mikael Syska, > > tks for the reply. > > I already tried to log the html, but no luck, It does not log that. > > MailScanner is login to maillog but nothing about html. > > Is there a way to turn off html checking ? > > tks > Ludgero Parreira > > > > On Sat, 27 Mar 2010 20:51:40 -0000, Mikael Syska wrote: > >> Hi, >> >> On Sat, Mar 27, 2010 at 7:32 PM, Ludgero Parreira >> wrote: >>> Hi, >>> >>> I don't see that option on MailScanner.conf ? >> >> Is that a question or a fact ? ... :-) >> >> But a good place to look would be in the Logs ... and see why >> MailScanner discarded the mail >> >> And I would probably set: >> Log Dangerous HTML Tags = yes >> >> and probably some more options ... >> >> MS Version ? >> >>> >>> Tks >>> Ludgero Parreira >>> >>> >>> On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood >>> wrote: >>> >>>> dangerous >>> >>> >>> -- >>> A utilizar o cliente de correio revolucion?rio da Opera: >>> http://www.opera.com/mail/ >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> >> mvh >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- A utilizar o cliente de correio revolucion?rio da Opera: http://www.opera.com/mail/ From hvdkooij at vanderkooij.org Sun Mar 28 12:21:51 2010 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 28 12:22:26 2010 Subject: OT: VPS hosting with MailScanner capabilities Message-ID: <4BAF3BCF.70805@vanderkooij.org> Right. I guess a bit off-topic. But I am looking for a VPS hosting company to replace my physical server that I need to take out of the rack by the end of april. I would appreciate suggestions per private email and I will post a summary based on the responses Key factors to consider: - CentOS - Postfix - MailScanner - ClamAV - Apache My current hosting costs me about 30 euros excluding taxes and similar offers cost about 45 euros for my physical server. -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. From mikael at syska.dk Sun Mar 28 17:32:07 2010 From: mikael at syska.dk (Mikael Syska) Date: Sun Mar 28 17:32:22 2010 Subject: HTML SPAM In-Reply-To: References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> Message-ID: <6beca9db1003280932y23fd78earb2ad45c886a82228@mail.gmail.com> Hi, What SpamAssassin rules were so aggressive that it was stopping you from sending or receiving html mails ? mvh On Sun, Mar 28, 2010 at 11:21 AM, Ludgero Parreira wrote: > hi all, > > I have resolved, it was some spamassassin rules that were being triggered. > > tks for the help. > Ludgero Parreira > > > > On Sun, 28 Mar 2010 10:49:03 +0100, Ludgero Parreira > wrote: > >> Hi Mikael Syska, >> >> tks for the reply. >> >> I already tried to log the html, but no luck, It does not log that. >> >> MailScanner is login to maillog but nothing about html. >> >> Is there a way to turn off html checking ? >> >> tks >> Ludgero Parreira >> >> >> >> On Sat, 27 Mar 2010 20:51:40 -0000, Mikael Syska wrote: >> >>> Hi, >>> >>> On Sat, Mar 27, 2010 at 7:32 PM, Ludgero Parreira >>> wrote: >>>> >>>> Hi, >>>> >>>> I don't see that option on MailScanner.conf ? >>> >>> Is that a question or a fact ? ... :-) >>> >>> But a good place to look would be in the Logs ... and see why >>> MailScanner discarded the mail >>> >>> And I would probably set: >>> Log Dangerous HTML Tags = yes >>> >>> and probably some more options ... >>> >>> MS Version ? >>> >>>> >>>> Tks >>>> Ludgero Parreira >>>> >>>> >>>> On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood >>>> wrote: >>>> >>>>> dangerous >>>> >>>> >>>> -- >>>> A utilizar o cliente de correio revolucion?rio da Opera: >>>> http://www.opera.com/mail/ >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> mvh >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> > > > -- > A utilizar o cliente de correio revolucion?rio da Opera: > http://www.opera.com/mail/ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From bttterceira at net.sapo.pt Sun Mar 28 17:34:52 2010 From: bttterceira at net.sapo.pt (Ludgero Parreira) Date: Sun Mar 28 18:35:11 2010 Subject: HTML SPAM In-Reply-To: <6beca9db1003280932y23fd78earb2ad45c886a82228@mail.gmail.com> References: <6yh9w6vjn14w40aydn1yaei4.1269711287281@email.android.com> <6beca9db1003271351w2b239258g586bd3c1e2afd0d8@mail.gmail.com> <6beca9db1003280932y23fd78earb2ad45c886a82228@mail.gmail.com> Message-ID: Hi, besides Bayes, this here: http://wiki.apache.org/spamassassin/Rules/MIME_HTML_ONLY http://wiki.apache.org/spamassassin/Rules/TRACKER_ID http://wiki.apache.org/spamassassin/Rules/TVD_SPACE_RATIO There still active, I just decreased there scores. Tks Ludgero Parreira On Sun, 28 Mar 2010 17:32:07 +0100, Mikael Syska wrote: > Hi, > > What SpamAssassin rules were so aggressive that it was stopping you > from sending or receiving html mails ? > > mvh > > On Sun, Mar 28, 2010 at 11:21 AM, Ludgero Parreira > wrote: >> hi all, >> >> I have resolved, it was some spamassassin rules that were being >> triggered. >> >> tks for the help. >> Ludgero Parreira >> >> >> >> On Sun, 28 Mar 2010 10:49:03 +0100, Ludgero Parreira >> wrote: >> >>> Hi Mikael Syska, >>> >>> tks for the reply. >>> >>> I already tried to log the html, but no luck, It does not log that. >>> >>> MailScanner is login to maillog but nothing about html. >>> >>> Is there a way to turn off html checking ? >>> >>> tks >>> Ludgero Parreira >>> >>> >>> >>> On Sat, 27 Mar 2010 20:51:40 -0000, Mikael Syska >>> wrote: >>> >>>> Hi, >>>> >>>> On Sat, Mar 27, 2010 at 7:32 PM, Ludgero Parreira >>>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I don't see that option on MailScanner.conf ? >>>> >>>> Is that a question or a fact ? ... :-) >>>> >>>> But a good place to look would be in the Logs ... and see why >>>> MailScanner discarded the mail >>>> >>>> And I would probably set: >>>> Log Dangerous HTML Tags = yes >>>> >>>> and probably some more options ... >>>> >>>> MS Version ? >>>> >>>>> >>>>> Tks >>>>> Ludgero Parreira >>>>> >>>>> >>>>> On Sat, 27 Mar 2010 16:29:21 -0100, Garrod M. Alwood >>>>> wrote: >>>>> >>>>>> dangerous >>>>> >>>>> >>>>> -- >>>>> A utilizar o cliente de correio revolucion?rio da Opera: >>>>> http://www.opera.com/mail/ >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> mvh >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >>> >> >> >> -- >> A utilizar o cliente de correio revolucion?rio da Opera: >> http://www.opera.com/mail/ >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- A utilizar o cliente de correio revolucion?rio da Opera: http://www.opera.com/mail/ From davejones70 at gmail.com Sun Mar 28 20:02:56 2010 From: davejones70 at gmail.com (Dave Jones) Date: Sun Mar 28 20:03:06 2010 Subject: MCP notifications when blocking Message-ID: <161b1c931003281202n1d4cd19dr27966e5aaf8136dc@mail.gmail.com> On 25 March 2010 03:27, Michael Mansour wrote: > Hi, > > I have MCP enabled for a couple of domains. > > One of them has asked that: > > 1. emails "From" their domain that trigger an MCP block, generates a "notice" > > 2. that the notice goes to an email address they've provided > > Obviously so they can see if the message blocked from them by MCP is valid or not. > > I've spent quite some time trying to figure out how to do this but am not sure. > > Anyone have any suggestions? > > Michael. > I have the same issue as Michael. I would like to replace the MCP functionality with "SpamAssassin Rule Actions" with SA meta rules but I haven't found a way to send the recipient the report template %report-dir%/recipient.mcp.report.txt. The users would get confused with the "notify" spam message and not know it was blocked because of profanity or racial wording. I asked this same question last year but didn't get any answers. Has anyone found a way to do action "notify" to mimic the MCP "Recipient MCP Report"? If not, maybe this could be an enhancement request for a new action like "notify-mcp"? Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100328/2a9b83e4/attachment.html From cfisk at qwicnet.com Mon Mar 29 15:36:22 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 29 15:36:43 2010 Subject: Slightly OT: Why isn't this regex working in local.cf for my server? Message-ID: First: I *know* something similar has been asked, but I just can not find it in the archives and have been searching over an hour, so I have given up. I think my search skills are rusty. header LOCAL_AUTH_RCVD_QN Received =~ Authenticated sender: [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\) by mailserver\.mydomain\.tld score LOCAL_AUTH_RCVD_QN -100 describe LOCAL_AUTH_RCVD_QN Whitelist for Authenticated users The header I am matching on is as follows: Received : from MYSERV (unknown [###.###.###.###]) (Authenticated sender: user@domain.tld) by mailserver.mydomain.tld (Postfix) with ESMTPA id CED3719C1DB for ; Mon, 29 Mar 2010 10:22:09 -0400 (EDT) I assumed that I could match on just the middle part that won't really change except for the email address: "Authenticated sender: user@domain.tld) by mailserver.mydomain.tld" I found the regex [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4} on http://www.regular-expressions.info saying it would match 99% of email addresses. Is it possible I am not loading local.cf? It is in /etc/mail/spamassassin/local.cf Other cf files in that directory are loaded as far as I can tell. I think that this is just me not understanding how to do a proper regex. Am I missing a wildcard before and after my string? Thank you very much! Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cfisk at qwicnet.com Mon Mar 29 15:53:52 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 29 15:54:15 2010 Subject: Slightly OT: Why isn't this regex working in local.cf for my server? In-Reply-To: Message-ID: I figured it out right after I sent this. Figures. I needed to add / to the beginning of the rule and /i to the end of the rule. Christopher Fisk > First: I *know* something similar has been asked, but I > just can not find it in the archives and have been > searching over an hour, so I have given up. I think my > search skills are rusty. > header LOCAL_AUTH_RCVD_QN Received =~ Authenticated > sender: [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\) by > mailserver\.mydomain\.tld > score LOCAL_AUTH_RCVD_QN -100 > describe LOCAL_AUTH_RCVD_QN Whitelist for > Authenticated users > The header I am matching on is as follows: > Received : from MYSERV (unknown [###.###.###.###]) > (Authenticated sender: user@domain.tld) by > mailserver.mydomain.tld (Postfix) with ESMTPA id > CED3719C1DB for ; Mon, 29 Mar 2010 > 10:22:09 -0400 (EDT) > I assumed that I could match on just the middle part that > won't really change except for the email address: > "Authenticated sender: user@domain.tld) by > mailserver.mydomain.tld" > I found the regex [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4} > on http://www.regular-expressions.info saying it would > match 99% of email addresses. > Is it possible I am not loading local.cf? It is in > /etc/mail/spamassassin/local.cf Other cf files in that > directory are loaded as far as I can tell. I think that > this is just me not understanding how to do a proper > regex. > Am I missing a wildcard before and after my string? > Thank you very much! > Christopher Fisk > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From e.mink at remote.nl Mon Mar 29 15:54:17 2010 From: e.mink at remote.nl (Eric Mink) Date: Mon Mar 29 15:54:47 2010 Subject: Slightly OT: Why isn't this regex working in local.cf for my server? References: Message-ID: Maybe this link will help you out : http://home.comcast.net/~mkettler/sa/SA-rules-howto.txt -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens Christopher Fisk Verzonden: maandag 29 maart 2010 16:36 Aan: mailscanner@lists.mailscanner.info Onderwerp: Slightly OT: Why isn't this regex working in local.cf for my server? First: I *know* something similar has been asked, but I just can not find it in the archives and have been searching over an hour, so I have given up. I think my search skills are rusty. header LOCAL_AUTH_RCVD_QN Received =~ Authenticated sender: [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\) by mailserver\.mydomain\.tld score LOCAL_AUTH_RCVD_QN -100 describe LOCAL_AUTH_RCVD_QN Whitelist for Authenticated users The header I am matching on is as follows: Received : from MYSERV (unknown [###.###.###.###]) (Authenticated sender: user@domain.tld) by mailserver.mydomain.tld (Postfix) with ESMTPA id CED3719C1DB for ; Mon, 29 Mar 2010 10:22:09 -0400 (EDT) I assumed that I could match on just the middle part that won't really change except for the email address: "Authenticated sender: user@domain.tld) by mailserver.mydomain.tld" I found the regex [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4} on http://www.regular-expressions.info saying it would match 99% of email addresses. Is it possible I am not loading local.cf? It is in /etc/mail/spamassassin/local.cf Other cf files in that directory are loaded as far as I can tell. I think that this is just me not understanding how to do a proper regex. Am I missing a wildcard before and after my string? Thank you very much! Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cfisk at qwicnet.com Mon Mar 29 16:12:17 2010 From: cfisk at qwicnet.com (Christopher Fisk) Date: Mon Mar 29 16:12:38 2010 Subject: Slightly OT: Why isn't this regex working in local.cf for my server? In-Reply-To: Message-ID: > Maybe this link will help you out : > http://home.comcast.net/~mkettler/sa/SA-rules-howto.txt Yeah, read through that one. It looks like the case-insensitive flag worked for me, so I'm not sure where I had my type in the case. Christopher Fisk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paulo-m-roncon at ptinovacao.pt Tue Mar 30 02:24:23 2010 From: paulo-m-roncon at ptinovacao.pt (Paulo Roncon) Date: Tue Mar 30 02:24:35 2010 Subject: OT: mailscanner integrated in transparent smtp proxy Message-ID: Hi, this is OT but maybe someone can help me... I'm trying to come up with a transparent smtp proxy to filter outbound mails in a ISP like environment with mailscanner. After a bit of googling i have smtp transparency, but not ip transparency (SPF tests fail on the receiving end) has anyone worked in this problem? Tproxy? wccp? any ideias? thanks!! From alex at rtpty.com Tue Mar 30 03:15:02 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 30 03:15:21 2010 Subject: OT: mailscanner integrated in transparent smtp proxy In-Reply-To: References: Message-ID: <1442FEAE-3860-4596-B7F7-3FC24192218E@rtpty.com> You're breaking the standard. It's been said in the past... if you break it, you get to keep all the pieces. :-) On Mar 29, 2010, at 8:24 PM, Paulo Roncon wrote: > I'm trying to come up with a transparent smtp proxy to filter outbound mails in a ISP like environment with mailscanner. > After a bit of googling i have smtp transparency, but not ip transparency (SPF tests fail on the receiving end) > has anyone worked in this problem? > Tproxy? wccp? any ideias? From jayson at dolphin-it.co.za Tue Mar 30 11:21:15 2010 From: jayson at dolphin-it.co.za (Jayson Smuts) Date: Tue Mar 30 11:21:44 2010 Subject: OT: VPS hosting with MailScanner capabilities In-Reply-To: UID105752-1125323384 References: UID105752-1125323384 Message-ID: <4BB1ECBB.84C1.0016.0@dolphin-it.co.za> >>> Hugo van der Kooij 28-Mar-10 1:21 PM >>> Right. I guess a bit off-topic. But I am looking for a VPS hosting company to replace my physical server that I need to take out of the rack by the end of april. I would appreciate suggestions per private email and I will post a summary based on the responses Key factors to consider: - CentOS - Postfix - MailScanner - ClamAV - Apache My current hosting costs me about 30 euros excluding taxes and similar offers cost about 45 euros for my physical server. -- Hugo I would also like to know how well this performs, Maybe we should ask this on an ESVA mailing list Regards Jayson -------------- next part -------------- Skipped content of type multipart/related From maillists at conactive.com Tue Mar 30 12:31:16 2010 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Mar 30 12:31:26 2010 Subject: OT: mailscanner integrated in transparent smtp proxy In-Reply-To: References: Message-ID: Paulo Roncon wrote on Tue, 30 Mar 2010 02:24:23 +0100: > After a bit of googling i have smtp transparency, but not ip transparency > (SPF tests fail on the receiving end) > has anyone worked in this problem? I don't know what you mean. SPF identifies the IP's that are allowed to send. If your IP is not allowed to send then you have to add it to the SPF record. Quite simple. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com From nick at inticon.net.au Tue Mar 30 12:53:26 2010 From: nick at inticon.net.au (Nick Brown) Date: Tue Mar 30 12:53:50 2010 Subject: OT: mailscanner integrated in transparent smtp proxy In-Reply-To: References: Message-ID: <3A8E51B7-8C70-40B0-869F-DBA6BCF0D907@inticon.net.au> On 30/03/2010, at 12:24 PM, Paulo Roncon wrote: > Hi, > this is OT but maybe someone can help me... > > I'm trying to come up with a transparent smtp proxy to filter > outbound mails in a ISP like environment with mailscanner. > After a bit of googling i have smtp transparency, but not ip > transparency (SPF tests fail on the receiving end) > has anyone worked in this problem? > Tproxy? wccp? any ideias? > Putting aside the SPF standards, this seems like a horrible idea. To the best of my knowledge (At the very least here in Australia + NZ) it is common place for ISP's to block SMTP via port 25, 587 and to a lesser extent now 26. As our bread and butter is in hosting, it is a nightmare having to keep track of a plethora of ISP's SMTP relays and walk customers through updating their email client - however I would much prefer it stay this way as opposed to wasting hours trying to troubleshoot mail issues when as far as the client is concerned it is being relayed via us - only to find the ISP is mangling SMTP. Side note. Despite the annoyance - I think ISP's forcing customers to use an ISP supplied SMTP relay is a good thing. Nick. From alex at rtpty.com Tue Mar 30 13:11:54 2010 From: alex at rtpty.com (Alex Neuman) Date: Tue Mar 30 13:12:19 2010 Subject: OT: mailscanner integrated in transparent smtp proxy In-Reply-To: <3A8E51B7-8C70-40B0-869F-DBA6BCF0D907@inticon.net.au> References: <3A8E51B7-8C70-40B0-869F-DBA6BCF0D907@inticon.net.au> Message-ID: <70A9BE31-F020-4718-A79C-C95024B70B1B@rtpty.com> I agree. As long as the ISP supplied SMTP does authentication, it's a good thing. Mangling "behind the scenes" is frowned upon, precisely because it puts one more "unknown" into the mix when troubleshooting. On Mar 30, 2010, at 6:53 AM, Nick Brown wrote: > Side note. Despite the annoyance - I think ISP's forcing customers to use an ISP supplied SMTP relay is a good thing. From campbell at cnpapers.com Tue Mar 30 13:22:57 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 30 13:23:11 2010 Subject: OT: POP and virtual users Message-ID: <4BB1ED21.4090405@cnpapers.com> I've got a question about how POP works (if at all) with sendmail virtual users. Here's the situation: I've got a user that has an account on one of our hosted domains. That user's account is "mail@thedomain.com". For now, it's on another server, but I'm getting ready to move it to a more current server. I'll create a virtual user in the virtusertable "mail@thedomain.com mailxxx@thedomain.com" so as not to interfere with anything related to "mail" on the server. When I set up the account on the user's machine, I'm having problems seeing how I should set this up. They only use our server for incoming mail, and use another ISP for outgoing. So here's the snag. The account will remain mail@thedomain.com. Setting up their SMTP server is not a problem as it will stay the same. When I set up the POP server pointing to our server, when the MUA requests retrieval of mail, will POP use the virtual table entry "mail@thedomain.com" to retrieve mail from the mailxxx mailbox? These accounts are UNIX users on the server, BTW. If not, how is the best way to set up all of this? Up until now, I've not needed to worry about this problem, and the old server users linuxconf (really old, huh?) to handle this. I don't think the user really wants to change their email account name, and since they're paying for it, I kinda have to oblige. Thanks for any enlightenment. Steve Campbell From ka at pacific.net Tue Mar 30 17:50:11 2010 From: ka at pacific.net (Ken A) Date: Tue Mar 30 17:50:42 2010 Subject: OT: POP and virtual users In-Reply-To: <4BB1ED21.4090405@cnpapers.com> References: <4BB1ED21.4090405@cnpapers.com> Message-ID: <4BB22BC3.2030404@pacific.net> On 3/30/2010 7:22 AM, Steve Campbell wrote: > I've got a question about how POP works (if at all) with sendmail > virtual users. > > Here's the situation: > I've got a user that has an account on one of our hosted domains. That > user's account is "mail@thedomain.com". For now, it's on another server, > but I'm getting ready to move it to a more current server. I'll create a > virtual user in the virtusertable "mail@thedomain.com > mailxxx@thedomain.com" so as not to interfere with anything related to > "mail" on the server. Sendmail virtualuser table maps/resolves addressA@customerdomain.tld to addressB@localhost, assuming you are on a mail hub where pop3 lives. customerdomain.tld also needs to be in the local-host-names file. > > When I set up the account on the user's machine, I'm having problems > seeing how I should set this up. They only use our server for incoming > mail, and use another ISP for outgoing. So here's the snag. The account > will remain mail@thedomain.com. Setting up their SMTP server is not a > problem as it will stay the same. When I set up the POP server pointing > to our server, when the MUA requests retrieval of mail, will POP use the > virtual table entry "mail@thedomain.com" to retrieve mail from the > mailxxx mailbox? These accounts are UNIX users on the server, BTW. > No, the user would be checking the addressB unix account. There are other ways to do this, of course, but this is the standard sendmail virtual user setup. > If not, how is the best way to set up all of this? Up until now, I've > not needed to worry about this problem, and the old server users > linuxconf (really old, huh?) to handle this. I don't think the user > really wants to change their email account name, and since they're > paying for it, I kinda have to oblige. Users generally just care about their email addresses, but ymmv. Your pop server may be able to alias things for you too. http://wiki2.dovecot.org/VirtualUsers Ken > > Thanks for any enlightenment. > > Steve Campbell > -- Ken Anderson Pacific Internet - http://www.pacific.net From campbell at cnpapers.com Tue Mar 30 18:46:32 2010 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Mar 30 18:46:47 2010 Subject: OT: POP and virtual users In-Reply-To: <4BB22BC3.2030404@pacific.net> References: <4BB1ED21.4090405@cnpapers.com> <4BB22BC3.2030404@pacific.net> Message-ID: <4BB238F8.4020809@cnpapers.com> Ken A wrote: > > > On 3/30/2010 7:22 AM, Steve Campbell wrote: >> I've got a question about how POP works (if at all) with sendmail >> virtual users. >> >> Here's the situation: >> I've got a user that has an account on one of our hosted domains. That >> user's account is "mail@thedomain.com". For now, it's on another server, >> but I'm getting ready to move it to a more current server. I'll create a >> virtual user in the virtusertable "mail@thedomain.com >> mailxxx@thedomain.com" so as not to interfere with anything related to >> "mail" on the server. > > Sendmail virtualuser table maps/resolves addressA@customerdomain.tld > to addressB@localhost, assuming you are on a mail hub where pop3 > lives. customerdomain.tld also needs to be in the local-host-names file. > >> >> When I set up the account on the user's machine, I'm having problems >> seeing how I should set this up. They only use our server for incoming >> mail, and use another ISP for outgoing. So here's the snag. The account >> will remain mail@thedomain.com. Setting up their SMTP server is not a >> problem as it will stay the same. When I set up the POP server pointing >> to our server, when the MUA requests retrieval of mail, will POP use the >> virtual table entry "mail@thedomain.com" to retrieve mail from the >> mailxxx mailbox? These accounts are UNIX users on the server, BTW. >> > > No, the user would be checking the addressB unix account. There are > other ways to do this, of course, but this is the standard sendmail > virtual user setup. > > >> If not, how is the best way to set up all of this? Up until now, I've >> not needed to worry about this problem, and the old server users >> linuxconf (really old, huh?) to handle this. I don't think the user >> really wants to change their email account name, and since they're >> paying for it, I kinda have to oblige. > > Users generally just care about their email addresses, but ymmv. > Your pop server may be able to alias things for you too. > http://wiki2.dovecot.org/VirtualUsers > > Ken > >> >> Thanks for any enlightenment. >> >> Steve Campbell >> > Thanks Ken, So maybe I'm making this a little more complicated than it really is. I guess I never really thought much about what the setting in the properties of an email account really meant, since most of the time, all user's info remained the same. Just to verify what I think I finally am seeing, there are 3 entries in any account setup. The email address, the reply address, and the server name/password. The first two would/should be the email account that the world would see as a from and whom they would send email to (in essence, the lhs of the virtual table entry). The server name/password would be the name that is associated with the rhs of the virtual table entry. Since most of the time here, all 3 have the same "name" part, or the part before the "@", I never really considered how the 3 might be used in other situations, other than the reply address. This was the way I had planned on using this, but thought that maybe POP just might use the virtual table entry. The older linuxconf setup used a modified vpop to handle this. Thanks again, steve From ka at pacific.net Tue Mar 30 19:38:04 2010 From: ka at pacific.net (Ken A) Date: Tue Mar 30 19:38:31 2010 Subject: OT: POP and virtual users In-Reply-To: <4BB238F8.4020809@cnpapers.com> References: <4BB1ED21.4090405@cnpapers.com> <4BB22BC3.2030404@pacific.net> <4BB238F8.4020809@cnpapers.com> Message-ID: <4BB2450C.3030703@pacific.net> On 3/30/2010 12:46 PM, Steve Campbell wrote: > > > Ken A wrote: >> >> >> On 3/30/2010 7:22 AM, Steve Campbell wrote: >>> I've got a question about how POP works (if at all) with sendmail >>> virtual users. >>> >>> Here's the situation: >>> I've got a user that has an account on one of our hosted domains. That >>> user's account is "mail@thedomain.com". For now, it's on another server, >>> but I'm getting ready to move it to a more current server. I'll create a >>> virtual user in the virtusertable "mail@thedomain.com >>> mailxxx@thedomain.com" so as not to interfere with anything related to >>> "mail" on the server. >> >> Sendmail virtualuser table maps/resolves addressA@customerdomain.tld >> to addressB@localhost, assuming you are on a mail hub where pop3 >> lives. customerdomain.tld also needs to be in the local-host-names file. >> >>> >>> When I set up the account on the user's machine, I'm having problems >>> seeing how I should set this up. They only use our server for incoming >>> mail, and use another ISP for outgoing. So here's the snag. The account >>> will remain mail@thedomain.com. Setting up their SMTP server is not a >>> problem as it will stay the same. When I set up the POP server pointing >>> to our server, when the MUA requests retrieval of mail, will POP use the >>> virtual table entry "mail@thedomain.com" to retrieve mail from the >>> mailxxx mailbox? These accounts are UNIX users on the server, BTW. >>> >> >> No, the user would be checking the addressB unix account. There are >> other ways to do this, of course, but this is the standard sendmail >> virtual user setup. >> >> >>> If not, how is the best way to set up all of this? Up until now, I've >>> not needed to worry about this problem, and the old server users >>> linuxconf (really old, huh?) to handle this. I don't think the user >>> really wants to change their email account name, and since they're >>> paying for it, I kinda have to oblige. >> >> Users generally just care about their email addresses, but ymmv. >> Your pop server may be able to alias things for you too. >> http://wiki2.dovecot.org/VirtualUsers >> >> Ken >> >>> >>> Thanks for any enlightenment. >>> >>> Steve Campbell >>> >> > Thanks Ken, > > So maybe I'm making this a little more complicated than it really is. I > guess I never really thought much about what the setting in the > properties of an email account really meant, since most of the time, all > user's info remained the same. > > Just to verify what I think I finally am seeing, there are 3 entries in > any account setup. The email address, the reply address, and the server > name/password. The first two would/should be the email account that the > world would see as a from and whom they would send email to (in essence, > the lhs of the virtual table entry). The server name/password would be > the name that is associated with the rhs of the virtual table entry. right. > > Since most of the time here, all 3 have the same "name" part, or the > part before the "@", I never really considered how the 3 might be used > in other situations, other than the reply address. > > This was the way I had planned on using this, but thought that maybe POP > just might use the virtual table entry. The older linuxconf setup used a > modified vpop to handle this. RH 7.x ? We still have one or two of those around. Not doing mail though! :-) Ken > > Thanks again, > > steve > > > -- Ken Anderson Pacific Internet - http://www.pacific.net